We have a T2000 server which is connected to the Internet via e1000g1 (ISP uplink) and a couple of internal servers on a dedicated switch via e1000g0, with private addresses.
This server's e1000g0 is 192.168.155.1, routing is enabled, ipfilter passes all in and out. Other physical boxes on the dedicated switch can route through this server to the internet, and I can "rdr" required ports, i.e. to publish a web-server on one of these boxes thru NAT. Now we want to make a local zone on the T2000 itself, give it a private 192.168.155.80 address on e1000g0 and want to publish it via NAT, just like other physical servers. For some reason it doesn't work! We added the second default route on the T2000 (so it has two default routes, to the ISP router and to itself as 192.168.155.1), and the local zone does see the 192.168.155.1 as its router. It can ping and telnet the global zone and other boxes on the switch. However "rdr" doesn't pass any connections, and traceroute from the local zone fails quickly: [EMAIL PROTECTED] /]# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.155.1 UG 1 0 192.168.155.0 192.168.155.80 U 1 0 e1000g0:2 224.0.0.0 192.168.155.80 U 1 0 e1000g0:2 127.0.0.1 127.0.0.1 UH 1 0 lo0:1 [EMAIL PROTECTED] /]# arp -a Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- -------- --------------- e1000g0 192.168.155.142 255.255.255.255 o 00:14:4f:af:2f:7e e1000g0 192.168.155.141 255.255.255.255 o 00:14:4f:af:2b:3c e1000g0 192.168.155.80 255.255.255.255 SPLA 00:14:4f:9f:84:68 e1000g1 213.242.210.73 255.255.255.255 00:14:69:e6:00:ff e1000g1 213.242.210.75 255.255.255.255 SPLA 00:14:4f:9f:84:69 e1000g0 192.168.155.42 255.255.255.255 o 00:14:4f:cd:d4:64 e1000g0 192.168.155.41 255.255.255.255 o 00:14:4f:cd:d6:cc e1000g0 192.168.155.21 255.255.255.255 SPLA 00:14:4f:9f:84:68 e1000g0 192.168.155.1 255.255.255.255 SPLA 00:14:4f:9f:84:68 e1000g1 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00 e1000g0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00 Interesting: the node which reports the error is the local zone's IP address, not even the global zone acting as a router... [EMAIL PROTECTED] /]# traceroute -n 194.87.0.50 traceroute to 194.87.0.50 (194.87.0.50), 30 hops max, 40 byte packets 1 192.168.155.80 0.370 ms !H 0.190 ms !H 0.179 ms !H [EMAIL PROTECTED] /]# traceroute -nI 194.87.0.50 traceroute to 194.87.0.50 (194.87.0.50), 30 hops max, 40 byte packets 1 192.168.155.80 0.362 ms !H 0.193 ms !H 0.192 ms !H What did I miss? Can it be done at all? Our internal lab tests all had a separate box for a router, so the fake-static-MAC tricks, etc. were applicable. They don't help here, within one box, though... This message posted from opensolaris.org _______________________________________________ networking-discuss mailing list [email protected]
