On Sep 5, 2014 8:27 PM, "RYAN M. vAN GINNEKEN via smartos-discuss" < [email protected] > wrote:
> > I have some networking questions directly below is a bit of a network diagram > not sure if it is completely accurate or even correct other infos follow. > > INET >>>> ibg0 >> GZ >> admin_nic >> IPF/NAT >> gw0 >> switch0 >> GZ >>>> > zones and KVMs > > Anyways i would like to add an Internal nic or vnic to the GZ with IP address > 172.16.0.200 so that i can setup NFS, FIFO, etc using an internal ip instead > of the external one, is the internal NIC TAG listed below from my > /usbkey/config file going to work for me or is there a better more correct > way. Also can i use a virtual MAC address, or a real MAC address from one of > my unplugged NICS? or can i just ommit to MAC and let SmartOS do some magic > and create or not need one? > > Here is part of my /usbkey/config please see the internal_nic section > > admin_nic=0:25:90:e9:c:4 > admin_ip=204.244.122.132 > admin_netmask=255.255.255.224 > admin_network=... > admin_gateway=204.244.122.129 > > etherstub="switch0" > > #Internal nic connects GZ to internal network? > internal_nic= ???????????? use real mac of one of my unplugged NICs or use > virtual MAC or can i skip MAC all together ????????? > internal0_ip=172.16.0.200 > internal0_netmask=255.255.255.0 > internal0_gateway=172.16.0.1 > > Here is a bit more about the network, and i have to say thanks to lots of > folks on the IRC that have helped me get this far > > I have this in /opt/custom/bin/net-setup > > ## setup gw0 > 4 if [ `dladm show-vnic | grep gw0 | wc -l` -ne 1 ]; then > 5 /usr/sbin/dladm create-vnic -m 2:8:20:bc:d5:5f -l switch0 gw0 > 6 /usr/sbin/ipadm create-addr -T static -a 172.16.0.1/24 gw0/v4 > 7 fi > 8 > 9 ## setup ip forwarding > 10 /usr/sbin/routeadm -u -e ipv4-forwarding > 11 /usr/sbin/routeadm -u -e ipv6-forwarding > 12 A bunch of IPF/NAT rules to make things happen > > Some more hopefully helpful infos > > dladm show-phys > LINK MEDIA STATE SPEED DUPLEX DEVICE > igb0 Ethernet up 1000 full igb0 > igb1 Ethernet up 1000 full igb1 > igb2 Ethernet down 0 half igb2 > igb3 Ethernet down 0 half igb3 > > > ifconfig -a > lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 > index 1 > inet 127.0.0.1 netmask ff000000 > igb0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 > index 2 > inet 204.244.122.132 netmask ffffffe0 broadcast 204.244.122.159 > ether 0:25:90:e9:c:4 > dell0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 > index 3 > inet 192.168.1.10 netmask ffffff00 broadcast 192.168.1.255 > ether 2:8:20:d9:4e:6a > gw0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 9000 index > 4 > inet 172.16.0.1 netmask ffffff00 broadcast 172.16.0.255 > ether 2:8:20:bc:d5:5f > lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 > index 1 > inet6 ::1/128 > gw0: flags=20002100840<RUNNING,MULTICAST,ROUTER,IPv6> mtu 9000 index 4 > inet6 ::/0 > ether 2:8:20:bc:d5:5f > > netstat -rn -f inet > > Routing Table: IPv4 > Destination Gateway Flags Ref Use Interface > -------------------- -------------------- ----- ----- ---------- --------- > default 204.244.122.129 UG 7 10846355 igb0 > 127.0.0.1 127.0.0.1 UH 4 696826 lo0 > 172.16.0.0 172.16.0.1 U 10 11739732 gw0 > 192.168.1.0 192.168.1.10 U 2 0 dell0 > 204.244.122.128 204.244.122.132 U 7 442026 igb0 > Hello, I only wish to understand your network so unfortunately do not have any advice. You have global zone directly connected to the internet? That is, your admin IP is addressable from the internet. If I am correct may I ask why? Or rather why not use SmartOS's built-in external_nic for external access and firewall from there? Regards, Usama Yes i have GZ directly connected to the INET, i think/thought this was the only option as i only have one NIC and one cable to the INET at the present time also this machine is in a remote data center so i only have access from the INET. Not sure how to setup using SmartOS's built-in external_nic or how to firewall from there as you mentioned ... I would be very appreciative if you could enlighten me to a better setup than this one. Thank you in advance. > > Computer King CaN-Mail Surveillance King > http://computerking.ca http://canmail.org http://surveillanceking.net > > Surveillance - Sales Service - Hosting Backup > Internet Based Surveillance Systems > Custom Service Pac kages > Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online ERP and > Accounting Packages > > smartos-discuss | Archives | Modify Your Subscription ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
