similar to: Crossbow virtual router and firewall

Ok, I''m hoping this is a fairly trivial issue, and I''m missing something. I''m trying to use Solaris zones (Nevada Build 117) to act as a DMZ and a router, using exclusive IPs, VNICs (from Crossbow), and connecting to the internet (static IP from my ISP). I''ve got the DMZ working - that zone sees the internet, can do name lookups, ftp, telnet, ssh, etc etc etc.

Hi. On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all: - IPFW - traffic accounting, shaping, balancing and filtering; - IPFilter - policy routing; - IPNAT - masquerading. I want to know, how IP-packets flow through all of this components? What's the path? incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ? outgoing: IPFW Layer2 ->

Hi, I was trying to download the Crossbow ISO from : http://opensolaris.org/os/project/crossbow/snapshots/ under "Crossbow Beta iso images June 6 2008" and it failed. Does anyone know of a link which is working ? Thanks for any pointers ! Regards, Sanjeev.

Using OpenSolaris 2008.11 build 110. Created vnic''s and etherstub''s and they are displayed using dladm show-links but when the server is rebooted a ''dladm show-link'' is empty although the vnic and etherstub devices are still there and function properly. That is a real inconvenience, so why do the no longer show after a reboot or shutdown/start? Is there a

During boot, I get the following error: Nov 16 09:16:41 sol11 svc.startd[7]: [ID 652011 daemon.warning] svc:/system xvm/store:default: Method "/lib/svc/method/xenstored start" failed with exit status 96. Nov 16 09:16:41 sol11 svc.startd[7]: [ID 748625 daemon.error] system/xvm/store:default misconfigured: transitioned to maintenance (see ''svcs -xv'' for details) It

Has anyone gotten a transparent firewall working? I''m using snv_125 on an IBM x346 (snv_130 goes into endless boot loops on this hardware). I can create a working bridge with dladm, but can''t stop packets, even with "block in quick all". That stops packets on my management interface bge0, but not on the bridge. :( tim at ghost:~# ifconfig -a lo0:

On OpenSolaris 2009.06 I created a flow, half a dozen VNICs, and I set some properties, and everything was working, then I rebooted my system and everything disappeared from show-vnic, show-flow, and show-prop. When I tried to re-create the objects, dladm said they already existed. While I could not see the objects, I could delete them. Example: # dladm show-vnic # dladm create-vnic -l bge0

redirecting to crossbow-discuss... On 03/12/09 15:17, Andrew Gabriel wrote: > In snv_108, I''m playing with creating a vnic over an etherstub, and I > might not be doing it right, but the behaviour I''m seeing doesn''t look > right either. > > So this is what I did... > > # dladm create-etherstub estub0 > # dladm create-vnic -l estub0 vnic0 > #

Hi! I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN router. My problem is with firewalling the VPN part. I'm using a tunnel to a RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my internal net (172.17.0.0/24) to that box only: spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique; spdadd $REDHAT/32 172.17.0.0/24

Hi, >From what I have read, the create-vnic feature in dladm is only available within the context of crossbow...? Specifically, what I am wondering is whether it is at all possible to successfully install crossbow on top of Sun''s "Standard/sunsolve supported" Solaris 10/08 rather than OpenSolaris, per. Se.... Is this at all feasible? Many thanks in advance.. Best

Howdy all, I posted this message to the netfilter mailing-list and didn''t get much response. I apologize if anyone here is getting this for a second time. Anyway, I recently migrated my firewall from a FreeBSD box running ipfilter, ipnat and dummynet to a Gentoo Linux box running netfilter and tc. I have to admit that I''m having problems visualizing tc in my head. So, I was

Hi, I''m afraid I have some problems understanding how crossbow is supposed to work ;) On my machine (OpenSolaris, snv_111) I''m running VirtualBox with couple of linux / XP installation and additionally a zone with exclusive IP. My network configuration looks like this: [6]elsinore:~>dladm show-link LINK CLASS MTU STATE OVER bge0 phys 1500 up

Hi, I am trying to install CentOS on an Opensolaris Dom0. virt-install fails with an error in virDomainCreateLinux(). Is this a known issue? Am I missing some step? manoj@mowgli:~$ uname -a SunOS mowgli 5.11 snv_101b i86pc i386 i86xpv Solaris manoj@mowgli:~$ pfexec virt-install What is the name of your virtual machine? centos How much RAM should be allocated (in megabytes)? 512 What would

I have searched google high and low for answers to this...and I have gotten many examples, howto, etc...but they all seem to have a slightly different configuration, and therefore, slightly different problems. Unfortunately, not enough of them show the network layout, along with the configuration, so it's hard to tell why certain IP are being used, and were they are on the network. I have

Hi all, I have a Toshiba Tecra M9 and have not been able to boot it dom0. This is running SXDE 01/08, snv79b. After booting under kmdb and setting moddebug=80000000 before booting the Solaris kernel (with help from Dan Mick), I was able to see mac_ether as the last thing loading, right after loading the e1000g driver. I cannot drop into kmdb via F1-A after it hangs. I''ve also

Howdy, I just finished reading through the Crossbow presentation: http://blogs.sun.com/sunay/resource/crossbow.pdf And have one question. If you create a virtual NIC with dladm: $ dladm create-vnic -d bge0 -m 0:1:2:3:4:5 -b 10000 1 Can you then add vnic1 directly to the zone? e.g.: zonecfg -z zone1 zonecfg:zone1> create zonecfg:zone1> set zonepath=/zones/zone1 zonecfg:zone1> add net

As requested by several people, an Overview document has been posted at http://blogs.sun.com/sunay The reference section also contains a pointer to the slides that will be used for tonights presentation. See you all there. Cheers, Sunay -------- Original Message -------- Subject: [osol-discuss] SVOSUG - This Thurs, August 24, Sunay Tripathi presents Crossbow 7:30pm SCA03 Date: Mon, 21 Aug

Hi All, >From the design documents, I see there is an option "DLADM_VNIC_OPT_NODUPCHECK" for checking if the vnic MAC is unique on the same physical NIC. I have a question here. Does crossbow check if the MAC address is unique on the same subnet? E.g, create a vnic on hostA with hostB''s MAC address. Thanks, Karol

Smooth review. The case was approved unanimously by the members present. This is the summary of actions: . Advice to the team to follow on issue djr-02, clarifying the rationale for -p vs -a. . TCR - Add a format specifier (e.g. -F gnuplot) to show-usage . Two spec updates: - EOF of the VLAN PPA hack removal - Clarify mac_intr_t . Opinion fodder about the extensibility of the

hi all i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter seems to be working fine. i just have a couple of issues that are probably not very serious... one thing is that during network startup at boot, i get the message IPFilter: already initialized repeated 4 times. i think i have everything configured properly my kernel config looks like options IPFILTER options