Re: [smartos-discuss] Project-Fifo on a dedicated server on OVH

Wed, 06 Jan 2016 02:59:27 -0800

Sorry the diagram has been messed up.

Here it is : https://framabin.org/?d951c43fb3b04031#EzV7T3V5nl3NFo6tN0MO5XM7u2V0jOkY5PKQOuTwoE0=
DELEGLISE Alain
Architecte Infrastructure

ALTER WAY Nord
EuraTechnologies
165 avenue de Bretagne
59000 LILLE

tél +33 1 41 16 83 42



Membre du Pôle Nord, Pôle de l'Open-source et des Logiciels libres des Entreprises du Nord - Pas de Calais : http://www.polenord.info/
-- Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité
Le 06/01/2016 11:55, Alain Deléglise a écrit :
Hi,

thanks for your answers guys.

I've been using snoop and can only see outgoing traffic, it seems that
nothing comes back.

I presume that the "map" rules also add a masquerading ?

What i don't understand is how to add this "facing internet" vnic. As I
have my physical interface "e1000g0" configured via DHCP bu kimsufi
(OVH) I have to double/triple NAT ?

Internet    +-----------+            +------------+        +-------------+
DHCP        |           |            |            |        |             |
e1000g0     | Kimsufi   |  stub0     | Firewall   |?       | Client      |
   +--------> server    +------------> zone       +--------> zone        |
            |           |            |            |        |             |
            |           <------------+            <--------+             |
            +-----------+            +------------+        +-------------+


How can I configure this ?


On January 6, 2016 4:10:58 AM EST, "Alain Deléglise" <[email protected]> wrote:

Hi List,

I'm trying to achieve this also.

I've followed the offcial wiki, and the wiki from
https://docu.blackdot.be/snipets/solaris/smartos-nat, but I can't seem
to have traffic outgoing from the client zones.

I've activated the debug log of ipfilter, and see that packets are well
transmitted to the stub0 interface, but aren't going throught the
e1000g0 and then outside.

I'm installing this on a kimsufi with single public IP.

Do you have an idea on what's going on ?

Do you need more informations ?

Thanks,

I'm presuming you have created a nat zone for managing the traffic leaving your client and mapping it back to it coming in? If not, take a look at this guide [0].

Once you set up your nat zone, you'll have one etherstub, and two vnics; one vnic used for internet facing, one used by the client.

An easy diagnostic of what's going on with your traffic is setting up three terminals. One for the etherstubs, and one for each vnic. Use snoop on each device.

As you send traffic from your client VM, if your ipf.conf and ipnat.conf rules in the nat zone are correctly written, you'll see your traffic going out and being mapped (nat'ed) back in. Also, make sure IP forwarding is enabled on the etherstub (routeadm -u -e ipv4_forwarding)



[0] https://wiki.smartos.org/display/DOC/NAT+using+Etherstubs
























					Reply via email to