Hi,
thanks for your answers guys.
I've been using snoop and can only see outgoing traffic, it seems that
nothing comes back.
I presume that the "map" rules also add a masquerading ?
What i don't understand is how to add this "facing internet" vnic. As I
have my physical interface "e1000g0" configured via DHCP bu kimsufi
(OVH) I have to double/triple NAT ?
Internet +-----------+ +------------+ +-------------+
DHCP | | | | | |
e1000g0 | Kimsufi | stub0 | Firewall |? | Client |
+--------> server +------------> zone +--------> zone |
| | | | | |
| <------------+ <--------+ |
+-----------+ +------------+ +-------------+
How can I configure this ?
> On January 6, 2016 4:10:58 AM EST, "Alain Deléglise"
> <[email protected]> wrote:
>> Hi List,
>>
>> I'm trying to achieve this also.
>>
>> I've followed the offcial wiki, and the wiki from
>> https://docu.blackdot.be/snipets/solaris/smartos-nat, but I can't seem
>> to have traffic outgoing from the client zones.
>>
>> I've activated the debug log of ipfilter, and see that packets are well
>> transmitted to the stub0 interface, but aren't going throught the
>> e1000g0 and then outside.
>>
>> I'm installing this on a kimsufi with single public IP.
>>
>> Do you have an idea on what's going on ?
>>
>> Do you need more informations ?
>>
>> Thanks,
> I'm presuming you have created a nat zone for managing the traffic leaving
> your client and mapping it back to it coming in? If not, take a look at this
> guide [0].
>
> Once you set up your nat zone, you'll have one etherstub, and two vnics; one
> vnic used for internet facing, one used by the client.
>
> An easy diagnostic of what's going on with your traffic is setting up three
> terminals. One for the etherstubs, and one for each vnic. Use snoop on each
> device.
>
> As you send traffic from your client VM, if your ipf.conf and ipnat.conf
> rules in the nat zone are correctly written, you'll see your traffic going
> out and being mapped (nat'ed) back in. Also, make sure IP forwarding is
> enabled on the etherstub (routeadm -u -e ipv4_forwarding)
>
>
>
> [0] https://wiki.smartos.org/display/DOC/NAT+using+Etherstubs
>
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
