I have problem with the above topic so decided to send to both list. There is a host with Solaris 10 and installed one zone. The host has 4 NICs. Global zone [GZ] is defined/connected to one NIC (e1000g0 = g.g.g.230) and local zone [LZ] to another NIC (e1000g1 = l.l.l.110). Both are connected to _different_ subnets. Routing and IP addresses:
GZ = e1000g0 = g.g.g.230 LZ = e1000g1 = l.l.l.110 bash-3.00# ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 zone LZ inet 127.0.0.1 netmask ff000000 e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet g.g.g.230 netmask ffffff00 broadcast 192.168.220.255 ether 0:14:4f:1f:f2:a8 e1000g1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 0.0.0.0 netmask 0 ether 0:14:4f:1f:f2:a9 e1000g1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 zone LZ inet l.l.l.110 netmask ffffff00 broadcast 10.213.1.255 bash-3.00# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- l.l.l.110 g.g.g.230 UH 1 0 e1000g0 g.g.g.0 g.g.g.230 U 1 10 e1000g0 224.0.0.0 g.g.g.230 U 1 0 e1000g0 default g.g.g.4 UG 1 26 default l.l.l.4 UG 1 40 e1000g1 127.0.0.1 127.0.0.1 UH 2 4 lo0 To prevent routing between zones (security reasons) I ran: /usr/sbin/route add default l.l.l.4 -ifp e1000g1 /usr/sbin/route add g.g.g.230 l.l.l.110 -interface -reject /usr/sbin/route add l.l.l.110 g.g.g.230 -interface -reject There is apache in the LZ which binds to port 80. When someone (client = c.c.c.186) from outside (internet) is trying to connect to the apache in the LZ some packets are going back to the client by the e1000g0 (GZ) ! Observation on NIC gives me: [e1000g1] /opt/sfw/bin/tethereal -i e1000g1 -t ad host l.l.l.110 and host c.c.c.186 [e1000g0] /opt/sfw/bin/tethereal -i e1000g0 -t ad host l.l.l.110 and host c.c.c.186 [1] [e1000g1] 2006-10-06 09:25:11.329472 c.c.c.186 -> l.l.l.110 TCP 32945 > 80 [SYN] Seq=0 Ack=0 Win=25200 Len=0 MSS=1460 [2] [e1000g0] 2006-10-06 09:25:11.329568 l.l.l.110 -> c.c.c.186 TCP 80 > 32945 [SYN, ACK] Seq=0 Ack=1 Win=49640 Len=0 MSS=1460 [3] [e1000g1] 2006-10-06 09:25:14.518694 c.c.c.186 -> l.l.l.110 TCP 32945 > 80 [SYN] Seq=0 Ack=0 Win=25200 Len=0 MSS=1460 [4] [e1000g1] 2006-10-06 09:25:14.518731 l.l.l.110 -> c.c.c.186 TCP 80 > 32945 [ACK] Seq=0 Ack=0 Win=49640 Len=0 [5] [e1000g1] 2006-10-06 09:25:14.527126 c.c.c.186 -> l.l.l.110 TCP 32945 > 80 [RST] Seq=0 Ack=0 Win=0 Len=0 [6] [e1000g1] 2006-10-06 09:25:20.532428 c.c.c.186 -> l.l.l.110 TCP 32945 > 80 [SYN] Seq=0 Ack=0 Win=25200 Len=0 MSS=1460 [7] [e1000g1] 2006-10-06 09:25:20.532465 l.l.l.110 -> c.c.c.186 TCP 80 > 32945 [SYN, ACK] Seq=0 Ack=1 Win=49640 Len=0 MSS=1460 [8] [e1000g1] 2006-10-06 09:25:21.071132 c.c.c.186 -> l.l.l.110 TCP 32945 > 80 [ACK] Seq=1 Ack=1 Win=25200 Len=0 Can someone explain me why, in the line [2], the packet goes using e1000g0 ?!?! /usr/sbin/route delete host l.l.l.110 g.g.g.230 doesn't help. Is it bug or something wrong in my configuration ? przemol _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org