IP Forwarding on Solaris 10 (should be simple, but isn't!)
I'm having a hard time getting IP forwarding to work. I'll eventually have several interfaces, but all that matters for now is that two of them actually be able to IP forward. I have no network interfaces in the global zone, but both interfaces are in the same zone, Common.
The IPs I've been testing with:
10.50.20.1 Local interface, tied to e1000g0:1 and in the zone Common.
10.50.20.10 remote and directly connected to 10.50.20.1
10.50.40.1 Local interface, tied to e1000g2:1 and in the zone Common.
10.50.40.10 remote and directly connected to 10.50.40.1
From a zlogin to my zone Common, I can ping either of these interfaces: the packets go out the expected wire, and I get a response immediately.
From either of the remote machines, I can ping my machine on the interface it is directly connected to (10.50.20.10 can ping 10.50.20.1). But if I try to ping 10.50.40.10 from 10.50.20.10, it goes out on the wire, is not picked up by my machine, and nothing happens on the other wire- no IP forwarding occurs.
A netstat -rn executed from zone Common gives the following:
Code:
Destination Gateway Flags Ref Use Interface
10.50.20.0 10.50.20.1 U 1 0 e1000g0:1
10.50.20.10 10.50.20.1 UH 1 6 e1000g0:1
10.50.40.0 10.50.40.1 U 1 0 e1000g2:1
10.50.40.10 10.50.40.1 UH 1 3 e1000g2:1
ifconfig -a gives me all my interfaces. The relevant ones:
First the physical:
e1000g0 BROADCAST RUNNING MULTICAST ROUTER IPV4
zone Common
inet 0.0.0.0 netmask 0
Then it gives the virtual interface:
e1000g0:1 UP BROADCAST RUNNING MULTICAST ROUTER IPV4
zone Common
inet 10.50.20.1 netmask ffffff00
The other physical:
e1000g2 BROADCAST RUNNING MULTICAST ROUTER IPV4
zone Common
inet 0.0.0.0 netmask 0
Then it gives the other virtual interface:
e1000g2:1 UP BROADCAST RUNNING MULTICAST ROUTER IPV4
zone Common
inet 10.50.40.1 netmask ffffff00
/etc/netmasks assigns 255.255.255.0 to each.
/etc/networks looks about like:
network-a 10.50.20
network-b 10.50.40
If I type routeadm, I find that ipv4-routing is enabled (I've tried it with it disabled too, it shouldn't be needed), and that ipv4-forwarding is enabled (it definitely needs to be on, right?). For routing services, I have:
route:default
ripng:default
For Routing Daemons I have:
Disabled svc:/network/routing/legacy-routing:ipv4
Disabled svc:/network/routing/legacy-routing:ipv6
Online svc:/network/routing/ndp:default
Online svc:/network/routing/rdisc:default
Disabled svc:/network/routing/ripng:default
Online svc:/net0work/routing/route:default
Are there any other checks I should do? The ipv4-forwarding being active is as a result of the "routeadm -e ipv4-forwarding" command. This was all trivial under tsol, just a couple ndd commands.
Currently ipfilter explicitly calls out at the top of /etc/ipf/ipf.conf (just because I want it to work):
pass in log quick from any to any
pass out log quick from any to any
Earlier, I took an approach and tried to get NAT to work, even though I don't want the addressed translated at all (10.50.20.10 knows what 10.50.40.10 is, and knows that it wants to route it through 10.50.20.1, at least enough to put the ping on that wire). During that experiment, I tried the following rules (which are probably not correct):
pass in quick on e1000g0 from 10.50.20.0/255.255.255.0 to any keep state
pass in quick on e1000g2 from 10.50.40.0/255.255.255.0 to any keep state
When I had that active, I also tried /etc/ipf/ipnat.conf as:
I'm pretty sure I'm doing the NAT incorrectly, but I'm also thinking I shouldn't need it at all (and much of my poking has been without it at all), being as I just want the stupid packets dumped on the other interface.
Hello All , Need assistance in finding out a solution for X Forwarding issue
IBM applications requires X Forwarding . Server X11 works fine when i try xclock but not this application . On a different server with the same OS it is working . Need inputs .
OS Version : Solaris 11 with updated... (1 Reply)
I have two simple questions
First is :can dhcp server NATIVE of solaris perform dhcp
updates of bind via dnssec like dchpd on linux?
Second: Is possible to build a pdc with samba and iplanet ldap server?Or is better with openldap?
I never found howto or discussions about iplanet server.
Thanks (0 Replies)
Hi,
Don't know if this is Solaris 10 or that the shell on Solaris 10 is working against me.
But this works fine on HP-UX 11i, but not on Solaris 10:
# cat /tmp/test_file
1:een
2:twee
3:drie
# cat /tmp/test_file | /bin/nawk 'END {print $NF}'
# cat /tmp/test_file | /bin/nawk '{} END... (5 Replies)
Hi; I have the following issue:
I have a Solaris server running an old applications which connects to an http server in other server at certain port. The thing is that the http server has changed its ip and port and the addres in the app is hard coded and touching the app by now is out of the... (0 Replies)
I have a local account for a unix server. The idle timeout for the account is around 10 mins. I have to login to the server multiple times during the day. Is there a way to increase the idle timeout or may be a script that I can run on background so it is not idle. Something like echo date every 9... (3 Replies)
Hi,
I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200
to
corresponding ports of server 10.2.45.197.
I am using Solaris 10.0.
-bash-3.00$ uname -a
SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445
Is... (6 Replies)
i am using
SunOS ReportServer 5.8 Generic_108528-29 sun4u sparc SUNW,Sun-Blade-2500
and i just wrote a simple script like below:
#!/sbin/sh
df -k
exit 0
when i run it i get response as below
check.sh: not found
please what am i doing wrong (7 Replies)
I'm reading through this guide, BigAdmin Feature Article: Using Solaris JumpStart With the Solaris 10 OS for x86/x64 Platforms, and I was wondering if there was more to the bash scripts than just the example given (see above link) like for begin1 and begin2 and finish1 and finish2. I don't know... (3 Replies)
Hi,
from my workplace we use a proxy to connect to the outside world, including external ssh servers.
The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
IP Forwarding on Solaris 10 (should be simple, but isn't!)