Hi, I''m afraid I have some problems understanding how crossbow is supposed to work ;) On my machine (OpenSolaris, snv_111) I''m running VirtualBox with couple of linux / XP installation and additionally a zone with exclusive IP. My network configuration looks like this: [6]elsinore:~>dladm show-link LINK CLASS MTU STATE OVER bge0 phys 1500 up -- etherstub0 etherstub 9000 unknown -- vnic1 vnic 9000 up etherstub0 vnic2 vnic 9000 up etherstub0 [9]elsinore:~>ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge0: flags=1104843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,ROUTER,IPv4> mtu 1500 index 2 inet 10.1.1.116 netmask fffffe00 broadcast 10.1.1.255 ether 0:19:b9:23:c6:8a vnic2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 9000 index 4 inet 192.168.112.254 netmask ffffff00 broadcast 192.168.112.255 ether 2:8:20:fe:8a:63 VirtualBox machines are using bridged neworking, connecting to one of the virtual vnic2. vnic2 is plumbed on the host machine, it has assigned IP and it''s up. Additionally I run ipnat on my host machine (elsinore) for the VirtualBox machines. This all works brilliantly, my virutal mahines can access the network, can see my host machine, can see each other. vnic2 is using 192.168.112.254/24 Zone (called web) is using vnic1. vnic1 is configured to use 192.168.112.253. I can access zone from my host machine, zone can access the network, but with one distinction. I can''t access my virtualbox machines. while trying to ping 192.168.112.253 from one of the VBox systems snoop on the zone shows ICMP packet incoming, and being send back, but it never arrives to the VBox system... There''s no firewall on the way, all machines are on the same IP class, ipnat on solaris passess all packets. What''s wrong? ;) -- Best Regards, Michal -- This message posted from opensolaris.org
On 05/13/09 07:39, Micha? Kowalik wrote:> Hi, > I''m afraid I have some problems understanding how crossbow is supposed to work ;) > On my machine (OpenSolaris, snv_111) I''m running VirtualBox with couple of linux / XP > installation and additionally a zone with exclusive IP. > > > My network configuration looks like this: > > [6]elsinore:~>dladm show-link > LINK CLASS MTU STATE OVER > bge0 phys 1500 up -- > etherstub0 etherstub 9000 unknown -- > vnic1 vnic 9000 up etherstub0 > vnic2 vnic 9000 up etherstub0 > > > [9]elsinore:~>ifconfig -a > lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 > inet 127.0.0.1 netmask ff000000 > bge0: flags=1104843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,ROUTER,IPv4> mtu 1500 index 2 > inet 10.1.1.116 netmask fffffe00 broadcast 10.1.1.255 > ether 0:19:b9:23:c6:8a > vnic2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 9000 index 4 > inet 192.168.112.254 netmask ffffff00 broadcast 192.168.112.255 > ether 2:8:20:fe:8a:63 > > > VirtualBox machines are using bridged neworking, connecting to one of the virtual vnic2. > vnic2 is plumbed on the host machine, it has assigned IP and it''s up. Additionally I run ipnat > on my host machine (elsinore) for the VirtualBox machines. This all works brilliantly, my virutal mahines > can access the network, can see my host machine, can see each other. > > vnic2 is using 192.168.112.254/24 > > Zone (called web) is using vnic1. vnic1 is configured to use 192.168.112.253. > > I can access zone from my host machine, zone can access the network, but with one distinction. > I can''t access my virtualbox machines. > > while trying to ping 192.168.112.253 from one of the VBox systems snoop on the zone shows ICMP packet incoming, and being send back, but it never arrives to the VBox system... There''s no firewall on the way, all machines are on the same IP class, ipnat on solaris passess all packets. >does snoop -d vnic2 on the global zone also show that icmp replies from the web zone make it to vnic2 ? does kstat icmp on the global zone show inDatagrams and outDatagrams incrementing when you ping -ns ? Kais> What''s wrong? ;) > > -- > Best Regards, > Michal >
> does snoop -d vnic2 on the global zone also show that icmp replies from > the web zone make it to vnic2 ?No. it makes to my etherstub, but not any further :S I had a strange impression it''s a question of MTU size (vnic2 has mtu set to 9000, eth0 in debian to 1500), but changing it to 9000 on debian didn''t help.> does kstat icmp on the global zone show inDatagrams and outDatagrams > incrementing when you ping -ns ?no. (and all I wanted was to try out puppet with puppet master set up on the zone ;) ) -- Best Regards, Michal -- This message posted from opensolaris.org