openindiana - how to get routing working

This time, we are going to get routing working on the global zone for our other zones. You can replace the global zone with another zone too, as the setup is the same.

What’s needed?

First, we need to install ipfilter, if it isn’t already installed. To do that, just invoke

# pkg install ipfilter

This will install the package filter and NAT engine. Latter is the part, we want to use now.

We will asume, that the global zone has to interfaces with the following setup

configure ipnat

With ipnat installed, we need to write a small configuration. For this example, we set up routing for every machine in the subnet.

For that, open the file /etc/ipf/ipnat.conf and write the following lines:

map bge0 -> 0/32 portmap tcp/udp auto
map bge0 -> 0/32

These two lines say, that all packages from the subnet to the rest shall be relabeled and forwarded.

After that, all we need to do is enable the ipfilter and the routing deamons with the following commands.

# svcadm enable ipfilter
# routeadm -e ipv4-forwarding
# routeadm -e ipv4-routing
# routeadm -u

The last command checks if all deamons are running according to the settings. To see, which settings are set and what the deamons are doing, run the routeadm command without any arguments.

configure the zone

Now we fire up the zone to test, if we can get anywhere near routing. In our case, the zone only has one interface, so that it detects the router itself per icmp.

We can prove that very easy with

# netstat -rn

The default gateway should point to our global zone. To make a last test, you can ping an ip in another subnet. If the global zone says, this host is alive, the zone should do too.

A good IP to test is, as it is really easy to remember.

That was all. Have fun with your access

links and hints

You can get some more documentation to ipfilter and routing in the man pages of ipnat, ipf and routeadm. Some example rule sets for ipf can be found in /usr/share/ipfilter/examples/