Solaris networking

jld · October 20, 2010, 4:40pm

Hi,

I have installed two solaris boxes in an VM.
First box is 10-1
Has two interfaces and in connected briged to the lan an d connected internal to an virtual lan.

Second box is 10-2
Has one interface.

Now what I wanted to do is a setup so that 10-2 connects through 10-1 to the lan. Below you can see my config

10-1

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2
        inet 192.168.1.5 netmask ffffff00 broadcast 192.168.1.255
        ether 0:c:29:d:6d:a5
e1000g1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3
        inet 192.168.2.9 netmask ffffff00 broadcast 192.168.2.255
        ether 0:c:29:d:6d:af
e1000g0: flags=2104841<UP,RUNNING,MULTICAST,DHCP,ROUTER,IPv6> mtu 1500 index 2
        inet6 fe80::20c:29ff:fe0d:6da5/10
        ether 0:c:29:d:6d:a5
e1000g1: flags=2104841<UP,RUNNING,MULTICAST,DHCP,ROUTER,IPv6> mtu 1500 index 3
        inet6 fe80::20c:29ff:fe0d:6daf/10
        ether 0:c:29:d:6d:af
e1000g1:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 3
        inet6 2002:541d:906c:1234:20c:29ff:fe0d:6daf/64
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128
ip.6to4tun0: flags=2300041<UP,RUNNING,ROUTER,NONUD,IPv6> mtu 65515 index 4
        inet tunnel src 192.168.1.5
        tunnel hop limit 60
        inet6 2002:c0a8:105::1/64

 
bash-3.00# netstat -rn
Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              192.168.2.1          UG        1          0
192.168.1.0          192.168.1.5          U         1          1 e1000g0
192.168.2.0          192.168.2.9          U         1          3 e1000g1
224.0.0.0            192.168.1.5          U         1          0 e1000g0
127.0.0.1            127.0.0.1            UH        1        106 lo0
Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
2002:541d:906c:1234::/64    2002:541d:906c:1234:20c:29ff:fe0d:6daf U       1       0 e1000g1:1
2002:c0a8:105::/64          2002:c0a8:105::1            U       1       0 ip.6to4tun0
2002::/16                   2002:c0a8:105::1            U       1       0 ip.6to4tun0
fe80::/10                   fe80::20c:29ff:fe0d:6daf    U       1       0 e1000g1
fe80::/10                   fe80::20c:29ff:fe0d:6da5    U       1       0 e1000g0
default                     fe80::222:75ff:fe60:b24     UG      1       0 e1000g1
::1                         ::1                         UH      1       0 lo0

bash-3.00# ps -ef |grep in[.]
    root  1325     1   0 21:56:51 ?           0:00 /usr/lib/inet/in.ripngd -s
    root  1311     1   0 21:56:51 ?           0:00 /usr/sbin/in.routed
    root  1328     1   0 21:56:58 ?           0:00 /usr/lib/inet/in.ndpd

 
bash-3.00# svcs -a |grep ip
legacy_run     20:09:57 lrc:/etc/rc3_d/S80mipagent
disabled       20:09:29 svc:/network/ipsec/ike:default
disabled       20:09:29 svc:/network/ipsec/manual-key:default
disabled       20:09:29 svc:/network/ipfilter:default
disabled       20:09:31 svc:/application/print/ipp-listener:default
disabled       20:09:32 svc:/network/routing/legacy-routing:ipv4
disabled       20:09:32 svc:/network/routing/ripng:quagga
disabled       20:09:32 svc:/network/routing/rip:quagga
disabled       20:09:32 svc:/network/routing/legacy-routing:ipv6
disabled       20:09:33 svc:/network/ipmievd:default
online         20:09:38 svc:/network/ipsec/ipsecalgs:default
online         20:09:38 svc:/network/ipsec/policy:default
online         21:56:50 svc:/network/ipv4-forwarding:default
online         21:56:50 svc:/network/ipv6-forwarding:default
online         21:56:50 svc:/network/routing/ripng:default


started a ping from 10-2
snoop -d e1000g0 10-2
       10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 0)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 1)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 2)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 3)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 4)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 5)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 6)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 7)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 8)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 9)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 10)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 11)
        10-2 -> 192.168.2.1  ICMP Echo request (ID: 731 Sequence number: 12)

10-2

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 192.168.1.6 netmask ffffff00 broadcast 192.168.1.255
        ether 0:c:29:a2:e3:c9

bash-3.00# netstat -rn
Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              192.168.1.5          UG        1          0 e1000g0
192.168.1.0          192.168.1.6          U         1          2 e1000g0
192.168.2.0          192.168.1.5          UG        1          2
224.0.0.0            192.168.1.6          U         1          0 e1000g0
127.0.0.1            127.0.0.1            UH        1         40 lo0


bash-3.00# ping 192.168.2.9
192.168.2.9 is alive

What have I configured wrong or what am I missing.

kumarmani · October 21, 2010, 3:17am

I believe to make your system default router you have to set the IP forwarding on the server which is going to work as default gateway. For that you can check the value with

if the value is 0 then make it to 1 to enable the IP forwarding, once done refresh the services.

jld · October 21, 2010, 4:47pm

bash-3.00# ndd -get /dev/ip ip_forwarding
1

bash-3.00# ndd -get /dev/ip e1000g0:ip_forwarding
1
bash-3.00# ndd -get /dev/ip e1000g1:ip_forwarding
1

jld · November 6, 2010, 12:15pm

Solved it by myself, but I should have tought about it earlier.
What I forgot was to NAT the adresses from the 192.168.1.0/24 to the 192.168.2.0/24 adresses.

So what I have done.

Enabled the IPfilter firewall.
create the file /etc/ipf/ipnat.conf

 
map e1000g1 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map e1000g1 192.168.1.0/24 -> 0/32 portmap tcp/udp auto
map e1000g1 192.168.1.0/24 -> 0/32

restart ipfilter

svcadm restart network/ipfilter