Inspired by a testcase during a Solaris 11 course I’m writing this short tutorial on how to configure an environment with VirtualBox, Solaris 11 and non-global zones.<\/p>\n
The path is as follows: Internet – Host OS – Guest OS – none-global zone<\/p>\n
How to connect things…<\/p>\n
The Internal “zone” network is called 10.0.2.0\/24.
\nThe Host OS <-> Guest OS network is called 192.168.56.0\/24.
\nAnd the Host OS is also connected to corporate network.<\/p>\n
The Host OS address has 192.168.56.1 as the default VirtualBox hostadapter address and a corporate address.
\nGlobal zone adresses are 192.168.56.2 and 10.0.2.15.
\nThe non-global zone uses 10.0.2.10 as its address.<\/p>\n
So the host ipconfiguration details are:<\/p>\n
\r\nvboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00 \r\n inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0\r\n inet6 addr: fe80::800:27ff:fe00:0\/64 Scope:Link\r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\n RX packets:0 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:1461 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:1000 \r\n RX bytes:0 (0.0 B) TX bytes:203666 (203.6 KB)\r\n\r\nwlan0 Link encap:Ethernet HWaddr 88:53:2e:b0:cc:37 \r\n inet addr:10.164.171.135 Bcast:10.164.191.255 Mask:255.255.192.0\r\n inet6 addr: fe80::8a53:2eff:feb0:cc37\/64 Scope:Link\r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\n RX packets:2314987 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:1154918 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:1000 \r\n RX bytes:2475885418 (2.4 GB) TX bytes:103659457 (103.6 MB)\r\n<\/pre>\nThe global zone details are: <\/p>\n
\r\nroot@sun:~# ipadm\r\nNAME CLASS\/TYPE STATE UNDER ADDR\r\nlo0 loopback ok -- --\r\n lo0\/v4 static ok -- 127.0.0.1\/8\r\n lo0\/v6 static ok -- ::1\/128\r\nnet0 ip ok -- --\r\n net0\/manual static ok -- 192.168.56.2\/24\r\n net0\/v4 static ok -- 10.0.2.15\/24\r\n net0\/v6 addrconf ok -- fe80::a00:27ff:fe0f:c53b\/10\r\n<\/pre>\nAnd the non-global zone details are:<\/p>\n
\r\nroot@webzone:~# ipadm\r\nNAME CLASS\/TYPE STATE UNDER ADDR\r\nlo0 loopback ok -- --\r\n lo0\/v4 static ok -- 127.0.0.1\/8\r\n lo0\/v6 static ok -- ::1\/128\r\nnet0 ip ok -- --\r\n net0\/v6 addrconf ok -- fe80::8:20ff:fe28:e3c0\/10\r\n net0\/v4static static ok -- 10.0.2.10\/8\r\n<\/pre>\nPhase 1:
\nTo allow the non-global zone to reach the outside network (Host OS) you need to configure port forwarding on the global zone and source NAT using ipf.<\/p>\nEnsure that the correct address is used for traffic going out: <\/p>\n
\r\nipadm set-addrprop -p decrecated=on net0\/v4 #(address configured with 10.0.2.15)\r\n<\/pre>\nAllow IP forwarding on the interface: <\/p>\n
\r\nipadm set-ifprop -p forwarding=on -m ipv4 net0\r\n<\/pre>\nAdd a NAT mapping for traffic from the internal (zone) network:<\/p>\n
\r\necho \"map net0 10.0.2.0\/24 -> 192.168.56.2\/32\" > \/etc\/ipf\/ipnat.conf\r\nsvcadm enable ipfilter\r\n<\/pre>\nShow current mappings: <\/p>\n
\r\nipnat -l\r\n<\/pre>\nPhase 2:
\nTo allow the Guest OS to reach the Internet port forwarding and masquerading needs to be done on the host:<\/p>\nsudo echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward (or \"sysctl -w net.ipv4.ip_forward=1\" to make it permanent)\r\nsudo iptables -t nat -A POSTROUTING -s 192.168.56.0\/24 -j MASQUERADE\r\n<\/pre>\nIf you want the Host OS masquerading permanent issue: <\/p>\n
\r\nsudo iptables-save\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Inspired by a testcase during a Solaris 11 course I’m writing this short tutorial on how to configure an environment with VirtualBox, Solaris 11 and non-global zones. The path is as follows: Internet – Host OS – Guest OS – none-global zone How to connect things… The Internal “zone” network is called 10.0.2.0\/24. The Host … [Read more…]<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,4],"tags":[22,11,13,21],"_links":{"self":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts\/202"}],"collection":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":2,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"predecessor-version":[{"id":204,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/posts\/202\/revisions\/204"}],"wp:attachment":[{"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lambiek.eu\/blog\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}