[OmniOS-discuss] networking between zones
David Ledger
david.ledger at ivdcs.co.uk
Fri Sep 8 14:40:44 UTC 2017
On 8 Sep 2017, at 15:31, Dan McDonald wrote:
> On Fri, Sep 08, 2017 at 03:21:30PM +0100, David Ledger wrote:
>>
>
> <SNIP!>
>
>> We now need to set up a couple of zones that have their own subnet,
>> but talk
>> to the outside world through the global zone. These will need to be
>> network
>> isolated from the existing zones and with access controlled,
>> presumably by
>> ipf/ipnat filtering done in the global zone. I’m having difficulty
>> setting
>> this up. It is readily admitted on the ‘net that Solaris network
>> config is
>> different to anything else, and that it has moved on in stages from
>> the old
>> hosts, hostname etc. files that were so easy back in the 80’s.
>
> I think you wish to create an etherstub (in-machine "LAN" as it were).
> From
> global:
>
> dladm create-etherstub internal0
>
> And once created, you create vnics attached to that etherstub:
>
> dladm create-vnic -l internal0 stubnet0
> dladm create-vnic -l internal0 stubnet1
> ...
>
> And then you assign the vnics to your "have their own subnet" zones
> like you
> would any other nic. You will also need your global, or even a
> dedicated
> router zone, attach to both the etherstub and the external network
> (running
> ipf or whatever else).
>
> Does this help?
>
> Dan
Knowing that certainly helps, thanks. Can I also ignore those online
documents that say it’s all done by configurations within the svcs
setup and that I need to disable one version of ipfilter and enable
another?
David
More information about the OmniOS-discuss
mailing list