Hello, May I suggest visualizing the pfSense (I assume) firewall. Or adding another interface to your firewall. The former being my preferred method (saves energy).
Usama On Aug 19, 2014 11:47 AM, "G B via smartos-discuss" < [email protected]> wrote: > > Internet--->cable modem--->PF firewall (physical server) > | > physical switch|physical switch > / \ > / \ > internal dmz > / \ > Windows \ > /\ > mail web(multiple > domains each in a Zone) > > What I'd like to do since my mail and web servers are in Zones is get rid > of the physical switch for the dmz and make it a virtual switch. (sorry > for the poor ascii art) > > > On Monday, August 18, 2014 10:09 AM, Robert Mustacchi via smartos-discuss > <[email protected]> wrote: > > > On 08/16/2014 09:39 AM, G B via smartos-discuss wrote: > > > I'm stumped for the moment, so maybe somebody can alleviate my block. > > > > Currently I have a firewall with dmz and internal interfaces each going > to a physical switch. What I'd like to do is removed the dmz physical > switch and have my dmz servers go through a virtual switch, but that is > what has me stumped. > > > > I created an etherstub: # dladm create-etherstub vswitch0 > > > > Then I created a vnic: # dladm create-vnic -l vswitch0 vnic0 > > > > Next I intended to plug the CAT6 cable into vnic0, then I would create > another vnic and put that in a zone. But: > > > > 1) I'm not sure if that is correct > > 2) I'm unsure what the syntax is for the json file for the vnic > > > > Another thing is presently the physical nic on the server goes to the > physical dmz switch. Not sure what I'd change to eliminate the dmz > physical switch for the dmz server's physical nic. > > > So, I think it's worth clarifying a few things. While an etherstub is a > virtual switch, it's a virtual switch that only exists on the host, a > single vnic can only be created over a single device and therefore > there's no notion of plugging in a physical cable to a virtual nic. It's > also the case that every physical device has an implicit virtual switch. > > Would it be possible to draw a small network diagram of how you want > everything to look? It's not really that clear from the mail how you > want this to look. > > Robert > > > ------------------------------------------- > smartos-discuss > Archives: https://www.listbox.com/member/archive/184463/=now > RSS Feed: > https://www.listbox.com/member/archive/rss/184463/24559458-54d8e931 > Modify Your Subscription: https://www.listbox.com/member/?&; > Powered by Listbox: http://www.listbox.com > > > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/24697919-04ed9bf0> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
