Hello,
Below you will find my usbkey/config and pfsense config. Pretty self
explanatory I think. Hope it helps.
> [root@Host ~]# cat /usbkey/config
> #
> # This file was auto-generated and must be source-able by bash.
> #
> admin_nic=00:30:48:c8:ef:bb
> admin_ip=172.16.46.90
> admin_netmask=255.255.255.0
> admin_network=
> admin_gateway=172.16.46.90
> data_nic=00:30:48:c8:ef:bb
> headnode_default_gateway=172.16.46.200
> dns_resolvers=8.8.8.8,8.8.4.4
> dns_domain=yonge.nrk-inc.com
> ntp_hosts=0.smartos.pool.ntp.org
> compute_node_ntp_hosts=172.16.46.90
> hostname=Host
> out0_nic=00:30:48:c8:ef:ba
> wireless_nic=00:15:17:1d:0e:7a
>
>
>
>
>
> etherstub="vswitch0,vswitch1,vswitch2,vswitch3,vswitch4,vswitch5,vswitch6,vswitch7"
>
>
> root_authorized_keys_file=authorized_keys
{
>
> "alias": "pfSense",
>
> "hostname" : "pfsense",
>
> "brand": "kvm",
>
> "vcpus": 2,
>
> "vnc_port": 12213,
>
> "autoboot": true,
>
> "ram": 3072,
>
> "disks": [
>
> {
>
> "boot": true,
>
> "model": "virtio",
>
> "size": 40096
>
> }
>
> ],
>
> "nics": [
>
> {
>
> "nic_tag": "ext",
>
> "model": "virtio",
>
> "ip": "dhcp",
>
> "allow_restricted_traffic": true,
>
> "allow_ip_spoofing": true,
>
> "allow_mac_spoofing": true,
>
> "allow_dhcp_spoofing": true,
>
> "allow_unfiltered_promisc": true
>
> },
>
> {
>
> "nic_tag": "admin",
>
> "model": "virtio",
>
> "ip": "172.16.46.200",
>
> "netmask": "255.255.255.0",
>
> "gateway": "172.16.46.200",
>
> "primary": true,
>
> "allow_restricted_traffic": true,
>
> "allow_ip_spoofing": true,
>
> "allow_mac_spoofing": true,
>
> "allow_dhcp_spoofing": true,
>
> "allow_unfiltered_promisc": true
>
> },
>
> {
>
> "nic_tag": "vswitch0",
>
> "model": "virtio",
>
> "ip": "dhcp",
>
> "allow_restricted_traffic": true,
>
> "allow_ip_spoofing": true,
>
> "allow_mac_spoofing": true,
>
> "allow_dhcp_spoofing": true,
>
> "allow_unfiltered_promisc": true
>
> },
>
> {
>
> "nic_tag": "vswitch1",
>
> "model": "virtio",
>
> "ip": "dhcp",
>
> "allow_restricted_traffic": true,
>
> "allow_ip_spoofing": true,
>
> "allow_mac_spoofing": true,
>
> "allow_dhcp_spoofing": true,
>
> "allow_unfiltered_promisc": true
>
> },
>
> {
>
> "nic_tag": "vswitch2",
>
> "model": "virtio",
>
> "ip": "dhcp",
>
> "allow_restricted_traffic": true,
>
> "allow_ip_spoofing": true,
>
> "allow_mac_spoofing": true,
>
> "allow_dhcp_spoofing": true,
>
> "allow_unfiltered_promisc": true
>
> },
>
> {
>
> "nic_tag": "vswitch3",
>
> "model": "virtio",
>
> "ip": "dhcp",
>
> "allow_restricted_traffic": true,
>
> "allow_ip_spoofing": true,
>
> "allow_mac_spoofing": true,
>
> "allow_dhcp_spoofing": true,
>
> "allow_unfiltered_promisc": true
>
> },
>
> {
>
> "nic_tag": "wireless",
>
> "model": "virtio",
>
> "ip": "dhcp",
>
> "allow_restricted_traffic": true,
>
> "allow_ip_spoofing": true,
>
> "allow_mac_spoofing": true,
>
> "allow_dhcp_spoofing": true,
>
> "allow_unfiltered_promisc": true
>
> }
>
> ]
>
> }
>
>
>
On Mon, Dec 5, 2016 at 6:34 PM, G B via smartos-discuss <
[email protected]> wrote:
> I've wanted to put my firewall into a KVM or Zone for some time, then have
> my smtp and httpd servers which are now in a DMZ to be in other Zones. I'd
> keep my internal LAN on a physical switch. Would I need to create an
> etherstub and have a vnic for the KVM or Zone firewall and other Zones
> connected to the etherstub? For some reason I'm having a mental block of
> the best way to do this.
>
> Thanks.
>
> *smartos-discuss* | Archives
> <https://www.listbox.com/member/archive/184463/=now>
> <https://www.listbox.com/member/archive/rss/184463/24697919-04ed9bf0> |
> Modify
> <https://www.listbox.com/member/?&;>
> Your Subscription <http://www.listbox.com>
>
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
