LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
Reload this Page [SOLVED] help with a little complex network configuration
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.

Notices


Reply
  Search this Thread
Old 03-17-2018, 02:34 PM   #1
camerabambai
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 408

Rep: Reputation: 54
help with a little complex network configuration

I have one server with solaris11.4,two nics
I use it for testing,learning,etc..
I have one network,the classical 192.168.0.0/24
But for virtual machines i want to use another network 10.2.0.0/24
So I follow this procedure
a)First I have create a bridge with net1 and net0,otherwise net1 start "disconnected"

Code:
dladm create-bridge -l net0 -l net1 bridge1
b)Then I configure ipv4 addr for net1
Code:
ipadm create-ip net1
Code:
ipadm create-addr -T static -a 10.2.0.1 net1
ipadm and dladm report no errors

c)Then I run on solaris11 server isc-dhcp,and isc-dns
All works fine,tested,I can resolve external hostnames
and dhcp assing address

d)I have installed VirtualBox,machines with bridged-networking point to net1

e)I have configured firewall with nat

Code:
# Vars
ext_if="net0"
int_if="net1"
virt_if="vnic0"
ext_net="192.168.0.0/24"
int_net="10.2.0.0/24"
webports="{443, 80}"

##  make IP reassembly work
set reassemble yes no-df

## ignore loopback traffic
set skip on lo0

# block everything unless told otherwise
# and send TCP-RST/ICMP unreachable
# for every packet which gets blocked
block return in log all
pass out all

# accept incoming SSH connections
pass in proto tcp to any port 2122

# accept dhcp connections
pass in proto udp to any port 67:69
pass in proto tcp to any port 67:69

# accept dns connections
pass in proto udp to any port 53
pass in proto tcp to any port 53

# accept webeservers SSH connections
pass in proto tcp to $ext_if port 8888:8889
pass in proto tcp to $ext_if port $webports

# accept icmp
pass in proto icmp all

## allow all connections initiated from this system,
## including DHCP requests
pass out

#nat
pass out on net0 from $int_net  to any nat-to (net0)
f)With routeadm i have enabled routing and ip-forwarding.

Now the "result"

I can ping 10.2.0.0/24 from 192.168.0.0/24 OK
I can ping 192.168.0.0/24 from 10.2.0.0/24 vm's OK
I can ping external address(google.de,etc) from 10.2.0.0/24 vm's OK
I cannot connect with any protocol from the vm's!! NOT OK
Of course I have checked route with netstat -rn and said 10.2.0.1 default
(correct).
But telnet,links,yum and any kind of connection fail!
Only ping and dns resolution works(sic!)
What to check?
Last edited by camerabambai; 03-17-2018 at 02:37 PM.
 
Old 03-17-2018, 03:20 PM   #2
camerabambai
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 408

Original Poster
Rep: Reputation: 54
Solved.
Firewall too restrictive.
Now I study some rule to permit reaching http,ftp,etc..
 
  


Reply

Tags
gateway, network, routing, solaris



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need to solve complex network problem soliberus Linux - Networking 4 02-23-2008 03:46 PM
For Linux GURU's: route configuration in complex network netguy2000 Linux - Networking 1 09-06-2004 09:00 AM
Complex home network xblade2003 Linux - Networking 3 07-08-2003 11:16 AM

LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 07:02 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration