Information Technology Reference
In-Depth Information
GZ#
zonecfg -z router
zonecfg:router>
create
zonecfg:router>
set zonepath=/rpool/zones/roots/router
zonecfg:router>
set autoboot=true
zonecfg:router>
set ip-type=exclusive
zonecfg:router>
add net
zonecfg:route:net>
set physical=bge0
zonecfg:router:net>
end
zonecfg:router>
add net
zonecfg:router:net>
set physical=vn_router
zonecfg:router:net>
end
zonecfg:router>
exit
GZ#
zoneadm -z router install
The
router
Container is simply a Solaris Container acting as a router, forward-
ing packets, and, if desired, filtering out packets that should not be forwarded. It
must be configured to perform IP forwarding. The IP Filter features can be used
to limit the types of traffic that can flow between the lab systems and the rest of
the corporate data center. Routing is enabled by default, so there is no need to
enable routing in the router Container. After booting the Container, the following
steps are needed:
router#
echo > /etc/resolv.conf
domain xyz.com
nameserver 192.99.99.99
nameserver 192.99.99.9
^D
router#
svcadm enable svc:/network/ipv4-forwarding
router#
ifconfig bge0 plumb inet 192.168.10.10 up
router#
ifconfig vn-router plumb inet 192.168.11.1 up
Because of the importance of the router, you should improve security by dis-
abling all unnecessary services. You can easily disable all unnecessary network
services with a single command:
GZ#
zlogin router netservices limited
If you would like to further simplify the router Container, you can disable other
unnecessary services with the
svcadm
(1M) command.
The preceding example shows a limited set of OpenSolaris networking features.
Yo u c a n , o f c o u r s e , u s e o t h e r n e t w o r k f e a t u r e s , s u c h a s t h e fi r e w a l l f e a t u r e s a n d
network address translation (NAT) features that are managed with the
ipf
(1M)
and
ipnat
(1M) commands.
Search WWH ::
Custom Search