Hi,
I recently rebuilt my machine with SXCE B106. I use an IP exclusive zone
as a firewall/router with two physical NICS (iprb external and an nge
internal) and ipf.conf and ipnat.conf files from the previous working
installation which was a B104 ip excusive zone on the same hardware.
When I performed a zfs upgrade, things stopped working for the
"firewall" zone. I could ping from the global zone or any other machine
on the internal network to the firewall zone's external nic, iprb0, but
no further, even though the default route for the firewall was set to my
DSL router's address and ipv4 forwarding was enabled.
# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing enabled enabled
IPv6 routing enabled enabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
ipnat.conf
map iprb0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map iprb0 192.168.1.0/24 -> 0/32 portmap auto
map iprb0 192.168.1.0/24 -> 0/32 proxy port 500 ipsec/udp
map iprb0 192.168.1.0/24 -> 0/32
ipf.conf
pass in on iprb0 from any to any keep state
pass out log on iprb0 from any to any keep state
pass in on nge0 from any to any keep state
pass out log on nge0 from any to any keep state
There is a redirect from 0.0.0.0/0 port 25 to an internal machine that
oddly works.
default route from the internal network is 192.168.1.2 (nge0) on the
firewall zone
I hope I'm missing something. Any ideas?
Thanks
John
