Re: [zones-discuss] routing issues

Tue, 18 Aug 2009 12:29:12 -0700 

On 08/18/09 14:51, Robert Hartzell wrote:

Steffen Weiberle wrote:

On 08/18/09 13:58, Robert Hartzell wrote:

I have a host that's on two subnets:
    10.0.0.0/24 (all external facing services through a firewall)
    192.168.0.0/24 (internal lan)
I wish to move my external services into zones (dns, smtp, webstack) but am having problems which I believe are caused by routing issues. In the global zone 2 nics are assigned the address 10.0.0.2 & 192.168.0.100. So I create a vnic on the 10.0.0.0/24 subnet and then a zone, only one problem, no route out of the subnet. 


Shared or Exclusive IP Instance? I imagine exclusive, since you 
created a VNIC, although one does not require the other.



In this instance it's an exclusive ip instance but I have tried with a 
shared instance also, which produced the same results.




 > I believe this would be fixed by

enabling ipv4-routing & ipv4-forwarding  so I try:



Forwarding is only required if you want to move IP datagrams through 
the system, in one data link, out another.


Thanks for that info.



# routeadm -e ipv4-routing
Pattern 'route:default' doesn't match any instances


I believe that would be fixed by "pkg install SUNWroute", which of 
course I can't do because there is no route out...


I guess that has routing daemon(s) in it?


Path out is different than routing. Can you set a default route (this 
will depend on shared vs. exclusive IP





the default route on my internal network is 192.168.0.100 but this is 


I thought this was an IP address in the global zone?


unreachable from inside the zone. I can set /etc/defaultrouter to 
10.0.0.2 and then I'm able to ping on both subnets but not the internet.



How many ways do you have to get to the internet? I hope two, since 
10.0.0.0/24 will need one.


I am not able to picture your setup, however, take a look at
http://blogs.sun.com/carlson/entry/packets_out_of_the_wrong and
http://blogs.sun.com/stw/entry/what_happened_to_my_packets

traceroute is useful to see which interface is being picked by IP.


Since you are using VNIC, you could create a separate router zone, if 
you only have one router to the internet. see 
http://blogs.sun.com/sunay/entry/network_in_a_box_creating






Any thoughts on how I can fix this or if I'm even on the right track.



I don't know enough about your setup to figure it out.






_______________________________________________
zones-discuss mailing list
[email protected]






















					Reply via email to