...
Now the global zone has configured partially, it means that we need second VNIC to do NAT for the non-global zones.
Configuring etherstub
Thechnically etherstub is a virtual software switch that does the same as a hardware switch. The differnce is the end point of the etherstub is a VNIC (instead of physical cable which connected to a physical NIC). So, to do a forward packets we need an interface which will receive packets from the non-global zones and forwards them to the external network (ext0). The VNIC will be first end point of the virtual switch (ethersub). Let’s create them in the host:
| Code Block |
|---|
lenovo# dladm create-etherstub vsw0
lenovo# dladm create-vnic -l vsw0 int0
lenovo# dladm show-link
LINK CLASS MTU STATE BRIDGE OVER
atge0 phys 1500 up -- --
ext0 vnic 1500 up -- atge0
vsw0 etherstub 9000 up -- --
int0 vnic 9000 up -- vsw0
|
Line 1 creates a new etherstub named vsw0; line 2 creates a new VNIC over the switch and line 3 shows us the result. Now the interface int0 should be configured as we did it for ext0. I do it manually:
| Code Block |
|---|
lenovo# ifconfig int0 plumb
lenovo# ifconfig int0 inet 10.68.0.1/24 up
lenovo# ifconfig int0
int0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 9000 index 3
inet 10.68.0.1 netmask ffffff00 broadcast 10.68.0.255
ether 2:8:20:85:3d:bf |
The interface int0 has created, but it will not forward anything outside. NAT and ip forwarding is not yet configured. Let’s configure one as it was described here:
| Code Block |
|---|
lenovo# cat /etc/ipf/ipnat.conf
map ext0 10.68.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map ext0 10.68.0.0/24 -> 0/32 portmap tcp/udp auto
map ext0 10.68.0.0/24 -> 0/32 |
Enable ipfilter if it is still disabled:
| Code Block |
|---|
lenovo# svcs ipfilter
STATE STIME FMRI
disabled 9:48:03 svc:/network/ipfilter:default
lenovo# svcadm enable ipfilter
lenovo# svcs ipfilter
STATE STIME FMRI
online 11:29:25 svc:/network/ipfilter:default
|
Examinging packets ip forwarding:
| Code Block |
|---|
lenovo# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding disabled disabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
online svc:/network/routing/ndp:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
|
IPv4 forwarding is disabled (line 7); enable it:
| Code Block |
|---|
lenovo# routeadm -u -e ipv4-forwarding
lenovo# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
online svc:/network/routing/ndp:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
|
Now it is enabled, configure the first zone to test the result.