thr3ads.net - crossbow discuss - [crossbow-discuss] Crossbow virtual router and firewall [Apr 2009]

If this information is useful, please help other people find it:
Share via:

Gary Bainbridge

2009-Apr-17 19:20 UTC

[crossbow-discuss] Crossbow virtual router and firewall

I want to run a non-global zone as a virtual router and run ipnat inside the
non-global zone, however, when I try to enable routing it can''t find
route:default or network/ipfilter.  I''m using exclusive IP inside the
zones and using OpenSolaris 2008.11 build 110.

I''ve tried sparse root and whole root zones without success.
I''ve read blogs and posts and documentation where it states you can run
a virtual router in a non-global zone and run ipnat inside the non-global zone
but when I run ''routeadm -u -e ipv4-forwarding'' I get an error
that it can''t find route:default.  When Itry to enable ipfilter it
doesn''t exist, which is true, it doesn''t exist in an svcs
list.

All of the detailed posts on vnics, etherstubs, and virtual networking use the
global zone as a firewall which I can get to work, but I want my firewall/router
in a non-global zone.

Has anyone successfully enabled routing and ipfilter in a non-global zone and
used it as a firewall/router and what did you do to get it working?
-- 
This message posted from opensolaris.org

Piotr Jasiukajtis

2009-Apr-17 20:48 UTC

head link

[crossbow-discuss] Crossbow virtual router and firewall

Hi,

I have done that but on SXCE instead of Indiana.
I created a dedicated zone for ipnat/ipfilter services and a separate zone for
dhcp-server service.

For dhcp-server you will need to edit service''s manifest in order to
get it started in non global zone.
-- 
This message posted from opensolaris.org

Gary Bainbridge

2009-Apr-17 22:01 UTC

head link

[crossbow-discuss] Crossbow virtual router and firewall

Thanks.  I''ll try SXCE.  

Do you know why it would work in SXCE but not Indiana?
-- 
This message posted from opensolaris.org

Renee Danson

2009-Apr-17 22:08 UTC

head link

[crossbow-discuss] Crossbow virtual router and firewall

On Fri, Apr 17, 2009 at 03:01:47PM -0700, Gary Bainbridge
wrote:> Thanks.  I''ll try SXCE.  
> 
> Do you know why it would work in SXCE but not Indiana?
I suspect your just seeing the difference in the default configurations
for SXCE and Indiana.  SXCE installs with old-style network configuration
(managed by network/physical:default) enabled; Indiana installs with NWAM
(network/physical:nwam) enabled instead.

An easier test would be to just disable network/physical:nwam and enable
network/physical:default on your Indiana box.

-renee

Possibly Parallel Threads

Search for more possibly parallel threads

crossbow discuss - Apr 2009 - Crossbow virtual router and firewall

[crossbow-discuss] Crossbow virtual router and firewall

[crossbow-discuss] Crossbow virtual router and firewall

[crossbow-discuss] Crossbow virtual router and firewall

[crossbow-discuss] Crossbow virtual router and firewall

Possibly Parallel Threads