I have problem with the above topic so decided to send to both list.
There is a host with Solaris 10 and installed one zone. The host has
4 NICs. Global zone [GZ] is defined/connected to one NIC (e1000g0 = g.g.g.230)
and local zone [LZ] to another NIC (e1000g1 = l.l.l.110). Both are connected to
_different_ subnets. Routing and IP addresses:
GZ = e1000g0 = g.g.g.230
LZ = e1000g1 = l.l.l.110
bash-3.00# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone LZ
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet g.g.g.230 netmask ffffff00 broadcast 192.168.220.255
ether 0:14:4f:1f:f2:a8
e1000g1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 0.0.0.0 netmask 0
ether 0:14:4f:1f:f2:a9
e1000g1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
zone LZ
inet l.l.l.110 netmask ffffff00 broadcast 10.213.1.255
bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
l.l.l.110 g.g.g.230 UH 1 0 e1000g0
g.g.g.0 g.g.g.230 U 1 10 e1000g0
224.0.0.0 g.g.g.230 U 1 0 e1000g0
default g.g.g.4 UG 1 26
default l.l.l.4 UG 1 40 e1000g1
127.0.0.1 127.0.0.1 UH 2 4 lo0
To prevent routing between zones (security reasons) I ran:
/usr/sbin/route add default l.l.l.4 -ifp e1000g1
/usr/sbin/route add g.g.g.230 l.l.l.110 -interface -reject
/usr/sbin/route add l.l.l.110 g.g.g.230 -interface -reject
There is apache in the LZ which binds to port 80. When someone (client =
c.c.c.186) from
outside (internet) is trying to connect to the apache in the LZ
some packets are going back to the client by the e1000g0 (GZ) !
Observation on NIC gives me:
[e1000g1] /opt/sfw/bin/tethereal -i e1000g1 -t ad host l.l.l.110 and host
c.c.c.186
[e1000g0] /opt/sfw/bin/tethereal -i e1000g0 -t ad host l.l.l.110 and host
c.c.c.186
[1] [e1000g1] 2006-10-06 09:25:11.329472 c.c.c.186 -> l.l.l.110 TCP 32945 > 80
[SYN] Seq=0 Ack=0 Win=25200 Len=0 MSS=1460
[2] [e1000g0] 2006-10-06 09:25:11.329568 l.l.l.110 -> c.c.c.186 TCP 80 > 32945
[SYN, ACK] Seq=0 Ack=1 Win=49640 Len=0 MSS=1460
[3] [e1000g1] 2006-10-06 09:25:14.518694 c.c.c.186 -> l.l.l.110 TCP 32945 > 80
[SYN] Seq=0 Ack=0 Win=25200 Len=0 MSS=1460
[4] [e1000g1] 2006-10-06 09:25:14.518731 l.l.l.110 -> c.c.c.186 TCP 80 > 32945
[ACK] Seq=0 Ack=0 Win=49640 Len=0
[5] [e1000g1] 2006-10-06 09:25:14.527126 c.c.c.186 -> l.l.l.110 TCP 32945 > 80
[RST] Seq=0 Ack=0 Win=0 Len=0
[6] [e1000g1] 2006-10-06 09:25:20.532428 c.c.c.186 -> l.l.l.110 TCP 32945 > 80
[SYN] Seq=0 Ack=0 Win=25200 Len=0 MSS=1460
[7] [e1000g1] 2006-10-06 09:25:20.532465 l.l.l.110 -> c.c.c.186 TCP 80 > 32945
[SYN, ACK] Seq=0 Ack=1 Win=49640 Len=0 MSS=1460
[8] [e1000g1] 2006-10-06 09:25:21.071132 c.c.c.186 -> l.l.l.110 TCP 32945 > 80
[ACK] Seq=1 Ack=1 Win=25200 Len=0
Can someone explain me why, in the line [2], the packet goes using e1000g0 ?!?!
/usr/sbin/route delete host l.l.l.110 g.g.g.230
doesn't help.
Is it bug or something wrong in my configuration ?
przemol
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
