[OmniOS-discuss] networking between zones
Dan McDonald
danmcd at kebe.com
Fri Sep 8 14:31:22 UTC 2017
On Fri, Sep 08, 2017 at 03:21:30PM +0100, David Ledger wrote:
>
<SNIP!>
> We now need to set up a couple of zones that have their own subnet, but talk
> to the outside world through the global zone. These will need to be network
> isolated from the existing zones and with access controlled, presumably by
> ipf/ipnat filtering done in the global zone. I’m having difficulty setting
> this up. It is readily admitted on the ‘net that Solaris network config is
> different to anything else, and that it has moved on in stages from the old
> hosts, hostname etc. files that were so easy back in the 80’s.
I think you wish to create an etherstub (in-machine "LAN" as it were). From
global:
dladm create-etherstub internal0
And once created, you create vnics attached to that etherstub:
dladm create-vnic -l internal0 stubnet0
dladm create-vnic -l internal0 stubnet1
...
And then you assign the vnics to your "have their own subnet" zones like you
would any other nic. You will also need your global, or even a dedicated
router zone, attach to both the etherstub and the external network (running
ipf or whatever else).
Does this help?
Dan
More information about the OmniOS-discuss
mailing list