I have solaris11 running in a kvm virtual machine,network works fine.
I can configure it with dhcp or static.
Of course packet forward in kvm machine is enabled
The solaris11 machine can ping external network.
I have setup a solaris10 zone inside the vm
the solaris 10 zone use exclusive ip and physical net is vnic0
I use those commands
Code:
dladm create-vnic vnic0 -l net0
Code:
zonecfg -z solaris10
set ip-type=exclusive
add net
set physical=vnic0
end
commit
exit
Now zlogin...
Code:
zlogin -z solaris10
The interface is here
Code:
ifconfig vnic0
I can configure ip..
Code:
ifconfig vnic0 192.168.0.11 netmask 255.255.255.0 up
Code:
route add default 192.168.0.1
On solaris11 routeadm say ipforward is enabled
Code:
routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing enabled enabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
disabled svc:/network/routing/ndp:default
disabled svc:/network/routing/ripng:default
online svc:/network/routing/route:default
and even ipadm say enabled
Code:
ipadm show-ifprop net0|grep forw
net0 forwarding ipv4 rw on on off on,off
what is the problem?
The solaris zone can ping ONLY the solaris11 host..not the internal network(192.168.0.0/24) not internet!
What I miss?
Solution found..vnic doesn't work good with this configuration.
So I use a virtual e1000,assigned to solaris10 zone
And works fine.
If someone need,this is the procedure to make the vm works with the zones
a)Install solaris11.4 on kvm(works..but only with intel cpu),install with TWO network e1000 cards,one is for your normal network,the other will be assigned to zone
So..
we use
net0 as network for "home"
net1 dedicated to solaris10 zone of solaris11 vm
in this guide I call solaris10 with hostname..solaris10
I use term "physical" for solaris10 but can be also a vm..
May I suggest that you read ALL this thread first. The OP seemed to find his own solution by amending the zone configuration to specify a router ip.
If none of this works for you please do post back here.
Thanks for answer,already solved.
The bad thing was the vnic..I don't know why on vm is isolated..is also impossible to ping a vnic configured from outside,probably using NAT works..
Last edited by Linusolaradm1; 11-20-2018 at 01:50 PM..
In global zone, a network interface (VNIC) is created on L2 (MAC layer), with unique MAC address.
That is created/assigned to a zone, during zone install/creation or can be done manually as you did in first example.
When using exclusive IP stack, global zone does nothing on IP layer (L3).
So you do not need or require those forwarding options on global zone, or anything really outside vnic definition for zone.
As for your original problem, i presume KVM virtual switch discards everything not coming from assigned interface MAC from options for solaris 11 guest.
For a lab enviroment you can probably a tcpdump or snoop on kvm hypervisor interface and global zone guest, then see if network works in non global zone when dumps are running.
RHEL 7.0, IPV6
Scenario:
I have routed specific network using network scripts.
1. "ip -6 route show" shows that route has been added. ( with metric 1024)
2. Ping of the specific IP through that route is successful.
3. Now after few days, for some reason, we see that cache route appears for... (3 Replies)
Hi all. Linux noob here.
I was hoping someone could help me with configuring some routing rules on my router, an Asus AC68.
The router is connected to two gateways, wan0_gateway and wan1_gateway.
I have rules set up in the router gui that will push all traffic from every IP other than my own... (0 Replies)
Exercise:
Protection of WEB and DNS servers using the context-free rules for packet filtering:
- Protect your WEB-server, so that would be for him can be accessed by browsers, and could go to dns.
- Protect your primary DNS-server so that it could be to contact clients and secondary servers.... (1 Reply)
Hi,
I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)