[crossbow-discuss] Crossbow virtual router and firewall
On Fri, Apr 17, 2009 at 03:01:47PM -0700, Gary Bainbridge wrote: > Thanks. I'll try SXCE. > > Do you know why it would work in SXCE but not Indiana? I suspect your just seeing the difference in the default configurations for SXCE and Indiana. SXCE installs with old-style network configuration (managed by network/physical:default) enabled; Indiana installs with NWAM (network/physical:nwam) enabled instead. An easier test would be to just disable network/physical:nwam and enable network/physical:default on your Indiana box. -renee
[crossbow-discuss] Crossbow virtual router and firewall
Thanks. I'll try SXCE. Do you know why it would work in SXCE but not Indiana? -- This message posted from opensolaris.org
[crossbow-discuss] Crossbow virtual router and firewall
Hi, I have done that but on SXCE instead of Indiana. I created a dedicated zone for ipnat/ipfilter services and a separate zone for dhcp-server service. For dhcp-server you will need to edit service's manifest in order to get it started in non global zone. -- This message posted from opensolaris.org
[crossbow-discuss] Crossbow virtual router and firewall
I want to run a non-global zone as a virtual router and run ipnat inside the non-global zone, however, when I try to enable routing it can't find route:default or network/ipfilter. I'm using exclusive IP inside the zones and using OpenSolaris 2008.11 build 110. I've tried sparse root and whole root zones without success. I've read blogs and posts and documentation where it states you can run a virtual router in a non-global zone and run ipnat inside the non-global zone but when I run 'routeadm -u -e ipv4-forwarding' I get an error that it can't find route:default. When Itry to enable ipfilter it doesn't exist, which is true, it doesn't exist in an svcs list. All of the detailed posts on vnics, etherstubs, and virtual networking use the global zone as a firewall which I can get to work, but I want my firewall/router in a non-global zone. Has anyone successfully enabled routing and ipfilter in a non-global zone and used it as a firewall/router and what did you do to get it working? -- This message posted from opensolaris.org
