Solaris 11 zone has no external network access (except to Global Zone)
Hi, hoping someone can help, its been a while since I used Solaris.
After creating a NGZ (non global zone), the NGZ can access the GZ (Global Zone) and the GZ can access the NGZ (using ssh, zlogin)
However, the NGZ cannot access any other netwqork devices, it can't even see the default router
I have tried different methods of creating the zone (Oracle Docs - How to Configure a Zone for the Virtual Network)
but each method has the exact same result (the zone can only access the GZ and nothing else)
Code:
GZ Config
----------------
GMS-SOl114_global> ipadm
NAME CLASS/TYPE STATE UNDER ADDR
lo0 loopback ok -- --
lo0/v4 static ok -- 127.0.0.1/8
lo0/v6 static ok -- ::1/128
net0 ip ok -- --
net0/v4 static ok -- 10.100.216.12/24
net0/v6 addrconf ok -- fe80::250:56ff:fe9a:d73a/10
GMS-SOl114_global>
GMS-SOl114_global> netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.100.216.1 UG 22 250653
10.100.216.0 10.100.216.12 U 9 22840 net0
127.0.0.1 127.0.0.1 UH 2 19058 lo0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 2 5442 lo0
fe80::/10 fe80::250:56ff:fe9a:d73a U 2 0 net0
GMS-SOl114_global> route -p show
add persistent net -name route-1 default: gateway 10.100.216.1
GMS-SOl114_global> cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost loghost
10.100.216.12 GMS-SOL114
10.100.216.13 zone1
GMS-SOl114_global> cat /etc/resolv.conf
#
# _AUTOGENERATED_FROM_SMF_V1_
#
# WARNING: THIS FILE GENERATED FROM SMF DATA.
# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
# See resolv.conf(5) for details.
search GMS.LOCAL
nameserver 10.100.216.110
The GZ can access any external device/server/website without issues
This is using the router 10.100.216.1
ZONE CREATION COMMAND
----------------------------------------
GMS-SOl114_global> zonecfg -z zone1
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
create: Using system default template 'SYSdefault'
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set bootargs="-m verbose"
zonecfg:zone1> select anet linkname=net0
zonecfg:zone1:anet> set lower-link=net0
zonecfg:zone1:anet> set allowed-address=10.100.216.13/24
zonecfg:zone1:anet> set defrouter=10.100.216.1
zonecfg:zone1:anet> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit
GMS-SOl114_global> zoneadm -z zone1 install
Note - no need to specify any network info when configuring Zone1 as its already been specified
ZONE Information
---------------------------
GMS-SOl114_global> zonecfg -z zone1 info
zonename: zone1
brand: solaris
autoboot: true
bootargs: -m verbose
anet:
linkname: net0
lower-link: net0
allowed-address: 10.100.216.13/24
configure-allowed-address: true
defrouter: 10.100.216.1
link-protection: "mac-nospoof, ip-nospoof"
auto-mac-address: 2:8:20:ac:71:2d
GMS-SOl114_global> zonecfg -z zone1 info ip-type
ip-type: exclusive
ZONE Network Config
-----------------------------
GMS-SOl114_global> dladm show-phys
LINK MEDIA STATE SPEED DUPLEX DEVICE
net0 Ethernet up 1000 full e1000g0
root@zone1:~# ipadm
NAME CLASS/TYPE STATE UNDER ADDR
lo0 loopback ok -- --
lo0/v4 static ok -- 127.0.0.1/8
lo0/v6 static ok -- ::1/128
net0 ip ok -- --
net0/v4 inherited ok -- 10.100.216.13/24
root@zone1:~# netstat -r
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.100.216.1 UGZ 2 37 net0
10.100.216.0 zone1 U 6 128 net0
zone1 zone1 UH 2 36 lo0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
zone1 zone1 UH 2 44 lo0
Note that Zone1 cannot see the default gateway (10.100.216.1)
root@zone1:~# dladm
LINK CLASS MTU STATE OVER
net0 vnic 1500 up ?
root@zone1:~# dladm show-link
LINK CLASS MTU STATE OVER
net0 vnic 1500 up ?
root@zone1:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
net0 ip ok yes --
root@zone1:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 inherited ok 10.100.216.13/24
lo0/v6 static ok ::1/128
root@zone1:~# netstat -i
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback zone1 44 0 44 0 0 0
net0 1500 zone1 zone1 32479 0 248 0 0 0
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis
lo0 8252 zone1 zone1 44 0 44 0 0
root@zone1:~# route -p show
add persistent net -name route-1 default: gateway 10.100.216.1
root@zone1:~# ping 10.100.216.161
no answer from 10.100.216.161
GZ
------------------
GMS-SOl114_global> dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
zone1/net0 net0 1000 2:8:20:ac:71:2d random VID:0
zone2/net0 net0 1000 2:8:20:50:bb:57 random VID:0
GMS-SOl114_global>
NGZ
---------
root@zone1:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
net0 ? 1000 2:8:20:ac:71:2d random VID:0
--- Post updated at 03:00 PM ---
Wow - Great Pointer...
Just seen that vSphere needs promiscous mode to be enabled !!!!
If I run a snoop on net0 - networking works - so could run this as a background task but
I'm looking for a better solution
This User Gave Thanks to GazinLincoln For This Post:
I am planning to do solaris 11 global zone patching having solaris 10 branded zone. I have a doubts on step 8 specially
Can someone clear my step 8 doubts or if anything wrong between step 1 to step 9 please correct that also as I have pretty good idea about Step 10 mean patching in solaris 10... (2 Replies)
Have 2 nics on physical system
net0 phys 1500 up --
net1 phys 1500 up --
1. I want to create a link aggregation with LACP enabled with above 2 nics
2. Create port-group(Like we create on ESXi) with VLAN-ID 2141
3. And assign this... (0 Replies)
can some one help me out as it is showing 2 different time zones in global zone and nonglobal zone .In global zone it is showing in GMT while in nonglobal zone i it showing as PDT.
System in running with solaris 10 (3 Replies)
Hi Greetings...
I have an issue in connecting the zone from outside the network and it is because of default gateway. I can ping default gateway from inside the zone and not able to ping from global zone due to different VLAN issue. If i add two different gateways and restart network services,... (2 Replies)
I am trying to use a serial communications device that is connected to /dev/ttyb on a netra 240 server. This is a solaris zone configuration using solaris 10 0910. I am able to access /dev/ttyb from the global zone but not throught he non-global zone. I have enabled all of the tty devices in my... (0 Replies)
Hi Guys,
My requirement is I have file called /opt/orahome/.profile in non global zone.
PATH=/usr/bin:/usr/ucb:/etc:/usr/sbin:/usr/local/bin:/usr/openwin/bin:.
export PATH
PS1="\${ORACLE_SID}:`hostname`:\$PWD$ "
export PS1
EDITOR=vi
export EDITOR
ENV=/opt/orahome/.kshrc
export ENV... (1 Reply)
Hi All ,
I try to install some packages in my global zone...
On the execution of the installion of the script it quits by saying the error
"Non global zone check failed"
Kindly help me in this regard
Thanks in advance,
jeganr (7 Replies)
hi ,
I am trying to access my machine at work with PuTTY and I keep obtaining "access denied"... and i can't access the global zone but i can login on any local zone and then from there i can login using "ssh -l root Ip command " command....... whats the problem , If anybody have idea about... (2 Replies)