I'm on OmniOS.
I have set a linux zone(lx zone) wich use 10.2.0.0/24 network.
The other network,connected to internet is 192.168.0.0/24
The network interface of 10.2.0.0/24 is bge1
The network interface of 192.168.0.0/24 is bge0
I know is more easy to use the same network but i prefer to separate two networks,one for virtual machines,one for home network.
I have setup the nat with this lines,firewall is ipfilter
map bge0 10.2.0.0/24 -> 0/32 portmap tcp/udp auto
map bge0 10.2.0.0/24 -> 0/32
The zone can ping external(even internet) and is ok
The problem is..I cannot reach the 10.2.0.0/24 from 192.168.0.0/24
network!
Firewall is simple
pass in quick proto tcp from any to any port = 2122 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 80 keep state
pass in quick proto tcp from any to any port = 8080 keep state
pass in quick proto tcp from any to any port = 443 keep state
pass in quick proto icmp from any to any icmp-type 8 keep state
pass in quick proto icmp from any to any icmp-type 13 keep state
pass out quick from any to any keep state
block in quick all
But when i ping from 192.168.0.0/24 to 10.2.0.0/24..don't ping.
ipnat said
List of active sessions:
MAP 10.2.0.3 <- -> 192.168.0.30 [192.168.0.2]
If i deactive ipnat
ipnat -FC
I can ping,but not ssh into the lx zone.
And of course zone cannot ping or reach internet
edit1: ip forward is enabled.
---------- Post updated 08-04-18 at 04:25 AM ---------- Previous update was 07-04-18 at 10:59 PM ----------
Solution found: iptables on linux client misconfigured
---------- Post updated at 11:30 AM ---------- Previous update was at 04:25 AM ----------
Solution found using this ipnat.conf,which enable nat external and permit ssh from external.
map bge0 10.2.0.0/24 -> 0/32 portmap tcp/udp auto
map bge0 10.2.0.0/24 -> 0/32
rdr bge0 from any to 10.2.0.3/32 port = 22 -> 10.2.0.3 port 22 tcp
rdr bge0 from any to 10.2.0.2/32 port = 22 -> 10.2.0.2 port 22 tcp