Re: rdr help

Think of zones as just being sets of processes or a particular subset of the
view of the system from the global zone.

Don't think of the zone as another machine - at least not yet - so far as
networking goes.

There might be some posts on opensolaris.org about using ipnat and rdr
and arp and zones to do what you want from last year or earlier.

The problem that you have is that you don't want to give the zone visbility
of the external networks - which raises a problem: how does it send its
reply
packets back *out*?

I think what was done was to create a fake default route (in the zone) and
then manually add in an ARP entry...maybe an ARP entry that points to
the *real* router.

So if your server had a network interface, 10.1.1.1, with its default route
set to 10.1.1.254, but your zone is 192.168.1.1, then you create a default
route to 192.168.1.254 and then populate the ARP table with an entry that
maps 192.168.1.254 to the MAC address of 10.1.1.254 - even though
there is n 192.168.1.254 in existence.

What you're expecting, local zone to global zone data comms via an
internal network, is not there yet.

Darren

Luiz Casey wrote:
>
> My initial thought was that using ipnat with rdr would redirect the
> port to the private subnet not needing a router to go back to the
> outside world. I also read couple posts on forums that you can use
> ipfilter/ipnat as a NAT for Solaris. The first link said it had to be
> on separate interfaces but the second had it on the same. Tried both
> and was unsuccessful so thought of maybe someone else here being able
> to do so and is currently running this setup.
>
> http://www.rite-group.com/rich/solaris_nat.html
> http://groups.google.com/group/comp....950f8378d28234
>
> -Luiz
>
> Luiz Casey
> Office: (202) 885-2692
> Cell: (202) 403-1209
> lcasey@american.edu
>
> Inactive hide details for Darren Reed ---05/01/2008 02:10:58 PM---Luiz
> Casey wrote:Darren Reed ---05/01/2008 02:10:58 PM---Luiz Casey wrote:
>
> *Darren Reed <darrenr@reed.wattle.id.au>*
> Sent by: owner-ipfilter@coombs.anu.edu.au
>
> 05/01/2008 02:10 PM
> Please respond to
> darrenr@reed.wattle.id.au
>
>
>
> To
>
> Luiz Casey <lcasey@american.edu>
>
> cc
>
> ipfilter@coombs.anu.edu.au
>
> Subject
>
> Re: rdr help
>
>
>
>
> Luiz Casey wrote:
> >
> > Hello all,
> > I am trying to do something a bit complicating and was wondering if
> > some of you had tried this is in the past or had any tips. First off
> > ipfilter has been wonderful, helpful and is a great tool. Now to the
> > issue/problem I am having. We are running a couple zones on a T2000
> > one zone with a world access IP address ie. 147.9.X.X. We then want to
> > create a separate zone on a private subnet ie. 192.168.1.2 which
> > currently does not have any world access. What I would like and am
> > trying to do is take ipfilter/ipnat and use RDR to redirect 2 ports
> > from Global zone to Zone B. I have tried the configuration bellow but
> > have not been successful. Any help would be appreciated and is this
> > even possible. We are running ipfilter/ipnat that came with Solaris 10.
> >
>
> I'm not sure you can do this with zones...
>
> Your problem is that the global zone doesn't act as a router
> for zones - at all.
>
> Darren
>
>