I have one server with solaris11.4,two nics
I use it for testing,learning,etc..
I have one network,the classical 192.168.0.0/24
But for virtual machines i want to use another network 10.2.0.0/24
So I follow this procedure
a)First I have create a bridge with net1 and net0,otherwise net1 start "disconnected"
Code:
dladm create-bridge -l net0 -l net1 bridge1
b)Then I configure ipv4 addr for net1
Code:
ipadm create-ip net1
Code:
ipadm create-addr -T static -a 10.2.0.1 net1
ipadm and dladm report no errors
c)Then I run on solaris11 server isc-dhcp,and isc-dns
All works fine,tested,I can resolve external hostnames
and dhcp assing address
d)I have installed VirtualBox,machines with bridged-networking point to net1
e)I have configured firewall with nat
Code:
# Vars
ext_if="net0"
int_if="net1"
virt_if="vnic0"
ext_net="192.168.0.0/24"
int_net="10.2.0.0/24"
webports="{443, 80}"
## make IP reassembly work
set reassemble yes no-df
## ignore loopback traffic
set skip on lo0
# block everything unless told otherwise
# and send TCP-RST/ICMP unreachable
# for every packet which gets blocked
block return in log all
pass out all
# accept incoming SSH connections
pass in proto tcp to any port 2122
# accept dhcp connections
pass in proto udp to any port 67:69
pass in proto tcp to any port 67:69
# accept dns connections
pass in proto udp to any port 53
pass in proto tcp to any port 53
# accept webeservers SSH connections
pass in proto tcp to $ext_if port 8888:8889
pass in proto tcp to $ext_if port $webports
# accept icmp
pass in proto icmp all
## allow all connections initiated from this system,
## including DHCP requests
pass out
#nat
pass out on net0 from $int_net to any nat-to (net0)
f)With routeadm i have enabled routing and ip-forwarding.
Now the "result"
I can ping 10.2.0.0/24 from 192.168.0.0/24 OK
I can ping 192.168.0.0/24 from 10.2.0.0/24 vm's OK
I can ping external address(google.de,etc) from 10.2.0.0/24 vm's OK
I cannot connect with any protocol from the vm's!! NOT OK
Of course I have checked route with netstat -rn and said 10.2.0.1 default
(correct).
But telnet,links,yum and any kind of connection fail!
Only ping and dns resolution works(sic!)
What to check?