Login or Register to Ask a Question and Join Our Community


Solaris

Configure Solaris zone on new network

 
Thread Tools Search this Thread
Operating Systems Solaris Configure Solaris zone on new network
Prev   Next
# 1  
Old 10-09-2018
Configure Solaris zone on new network
Hi,

I have a Solaris 10 zone which I need to configure on a new network. I have configured the new IP on the zone itself and I can ping the interface from a node on the same network, but not from another network. Basically I need to know how to route the traffic from the zone to it's default gateway.

Example:

BGE0 - IP 192.168.1.1 - GW 192.168.1.254

BGE1 - IP 192.168.100.1 - GW 192.168.100.254

Zone IP: 192.168.100.2 - GW 192.168.100.254.

Default Gateway on the global zone is 192.168.1.254

I've looked up IPFilters and come up with the entry below. I'm just wondering would this entry work? I just want to be sure before enabling IPFilters and adding entries as I have a number of prod zones running on this global zone and don't want to break the networking.

pass out quick on bge0 to bge1:192.168.100.254 from 192.168.100.1 to any

Any help is greatly appreciated.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Solaris 11 zone has no external network access (except to Global Zone)

Hi, hoping someone can help, its been a while since I used Solaris. After creating a NGZ (non global zone), the NGZ can access the GZ (Global Zone) and the GZ can access the NGZ (using ssh, zlogin) However, the NGZ cannot access any other netwqork devices, it can't even see the default router ... (2 Replies)
Discussion started by: GazinLincoln
2 Replies

2. Solaris

Solaris non-global zone network vlan

Have 2 nics on physical system net0 phys 1500 up -- net1 phys 1500 up -- 1. I want to create a link aggregation with LACP enabled with above 2 nics 2. Create port-group(Like we create on ESXi) with VLAN-ID 2141 3. And assign this... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

3. Solaris

Unable to get Solaris 11 Zone onto the network

Hello, I followed these instructions to create a Solaris 11 zone: http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-092-s11-zones-intro-524494.html And I am unable to ping anything from the Local Zone except for the IP address of the global zone. My global zone has an IP... (6 Replies)
Discussion started by: unblockable
6 Replies

4. Solaris

Branded Solaris 10 zone no network

I am trying to create a branded 10 zone on a Solaris 11.1 control domain. I am using a flar image (cpio) from an existing LDOM. Here are the steps taken after flarcreate. #zonecfg -z <device> >create -b >set brand=solaris10 >set zonepath=/zonez/<device> >set ip-type=exclusive >add net... (1 Reply)
Discussion started by: aeroforce
1 Replies

5. Solaris

Configure network interface for Solaris 10

Hi, I have installed Solaris 10 on VMware7, When i used ifconfig -a to check network interface, it has shown lo0 as loopback interface. Please advise how to configure network interfaces using VMware. (1 Reply)
Discussion started by: ajhal04
1 Replies

6. Solaris

Configure a network printer on solaris

Hi, guys, recently my os changed to solaris 10, and i want to share the printer with another computer whose os is also solaris. Is there anyone could give me a hint to fix this problem. lpadmin -p hp5200 -v /dev/null -A write -n... (1 Reply)
Discussion started by: papertiger
1 Replies

7. Solaris

Creating A Solaris Zone - Unable to install - Are network settings required?

Hi i have created a solaris zone but have not yet connected any network cables for this new zone, can i set the zone up without running the command 'add net' and not adding an ip or physical interface? i tried to add dummy internet settings and get this zonecfg:coddr> add net... (4 Replies)
Discussion started by: newbiesolaris10
4 Replies

8. Solaris

how to configure network in solaris 10?

Hi..i have installed solaris 10 on vmware. I m not able connect to internet. pls help in detail. how to solve the problem. During the installation i have put no DHCP. cofigured manually ( Ip 192.168.1.9) default gateway 192.168.1.1 . (3 Replies)
Discussion started by: johnavery
3 Replies

9. Solaris

Solaris 10 network configuration problem with zone

I am seeking help from the gurus in this forum and hope that I can find answers soon. Anyone who provide the answers will be greatly appreciated. I have a sparc box with Solaris 10 on it. We install Solaris with zone structure. One global zone and two other zone. I installed Oracle DB on global... (6 Replies)
Discussion started by: duke0001
6 Replies

10. UNIX for Dummies Questions & Answers

How to configure the network at Sun Solaris

Can anybody help me on how to configure the network in Sun Solaris. This is my first time to touch sun system please help!!!:confused: :confused: (2 Replies)
Discussion started by: jameswong
2 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

tnctl

tnctl(1M)						  System Administration Commands						 tnctl(1M)

NAME

       tnctl - configure Trusted Extensions network parameters

SYNOPSIS

       /usr/sbin/tnctl [-dfv] [-h host [/prefix] [:template]]
	    [-m zone:mlp:shared-mlp][-t template [:key=val [;key=val]]]
	    [-HTz] file]

DESCRIPTION

       tnctl provides an interface to manipulate trusted network parameters in the Solaris kernel.

       As  part  of  Solaris  Trusted Extensions initialization, tnctl is run in the global zone by an smf(5) script during system boot. The tnctl
       command is not intended to be used during normal system administration. Instead, if a local trusted networking database	file  is  modified
       without using the Solaris Management Console, the administrator first issues tnchkdb(1M) to check the syntax, and then refreshes the kernel
       copy with this command:

	 # svcadm restart svc:/network/tnctl

       See WARNINGS about the risks of changing remote host and template information on a running system.

OPTIONS

       -d

	   Delete matching entries from the kernel. The default is to add new entries.

	   When deleting MLPs, the MLP range must match exactly. MLPs are specified in the form:

	     port[-port]/protocol

	   Where port can be a number in the range 1 to 65535. or any known service (see services(4)), and protocol can be a number in the range 1
	   to 255, or any known protocol (see protocols(4)).

       -f

	   Flush  all  kernel  entries	before loading the entries that are specified on the command line. The flush does not take place unless at
	   least one entry parsed successfully.

       -v

	   Turn on verbose mode.

       -h host[/prefix][:template]

	   Update the kernel remote-host cache on the local host for  the specified host or, if a template name  is  given,  change  the  kernel's
	   cache  to  use  the	specified template. If prefix is not specified, then an implied prefix length is determined according to the rules
	   used for interpreting the tnrhdb. If -d is specified, then a template name cannot be specified.

       -m zone:mlp:shared-mlp

	   Modify the kernel's multilevel port (MLP) configuration cache for the specified zone. zone specifies the zone to be	updated.  mlp  and
	   shared-mlp specify the MLPs for the zone-specific and shared IP addresses. The shared-mlp field is effective in the global zone only.

       -t template[key=val[;key=val]]

	   Update  the	kernel template cache for template or, if a list of key=val pairs is given, change the kernel's cache to use the specified
	   entry. If -d is specified, then key=val pairs cannot be specified.

       -T file

	   Load all template entries in file into the kernel cache.

       -H file

	   Load all remote host entries in file into the kernel cache.

       -z file

	   Load just the global zone's MLPs from file into the kernel cache. To reload MLPs for a non-global zone, reboot the zone:

	     # zoneadm -z non-global zone reboot

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWtsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Uncommitted		   |
       +-----------------------------+-----------------------------+

FILES

       /etc/security/tsol/tnrhdb

	   Trusted network remote-host database

       /etc/security/tsol/tnrhtp

	   Trusted network remote-host templates

       /etc/security/tsol/tnzonecfg

	   Trusted zone configuration database

       /etc/nsswitch.conf

	   Configuration file for the name service switch

SEE ALSO

       svcs(1), svcadm(1M), tninfo(1M), tnd(1M), tnchkdb(1M), zoneadm(1M), nsswitch.conf(4), protocols(4), services(4), attributes(5), smf(5)

       How to Synchronize Kernel Cache With Network Databases in Solaris Trusted Extensions Administrator's Procedures

WARNINGS

       Changing a template while the network is up can change the security view of an undetermined number of hosts.

NOTES

       The functionality described on this manual page is available only if the system is configured with Trusted Extensions.

       The tnctl service is managed by the service management facility, smf(5), under the service identifier:

	 svc:/network/tnctl

       The service's status can be queried by using svcs(1). Administrative actions on this service, such as refreshing the kernel cache,  can	be
       performed using svcadm(1M), as in:

	 svcadm restart svc:/network/tnctl

SunOS 5.11							    6 Mar 2008								 tnctl(1M)