[oi-dev] Problem With Zone Networking

Jim Klimov jimklimov at cos.ru
Sat Oct 13 15:26:25 UTC 2012


Ideas below...

2012-10-13 4:18, Nick Zivkovic wrote:
> Hi,
>
> I just created and installed a new NGZ, with an exclusive IP stack.
>
> I've copied a sysidcfg file into the zone's /etc (the one from the wiki).
>
> I've enabled port forwarding via ipfilter and nat.
>
> I am able to ping IP addresses (using GZ as router). Note: I am using
> a vnic for the NGZ and one for the GZ,
> on the same etherstub.
>
> However domain name resolution does not work (I cannot ping
> google.com, for example).
>
> I did copy resolv.conf and nsswitch.conf from the GZ into the NGZ.
>
> I tried enabling the multicast service, but it won't start because the
> sysidtool:net service is not starting.
>
> Here is the message I get from `svcs -xv`:
>
> svc:/system/sysidtool:net (sysidtool)
>   State: offline since Fri Oct 12 16:46:53 2012
> Reason: Start method is running.
>     See: http://illumos.org/msg/SMF-8000-C4
>     See: man -M /usr/man -s 1M sysidtool
>     See: /var/svc/log/system-sysidtool:net.log
> Impact: 13 dependent services are not running:
>          svc:/system/sysidtool:system
>          svc:/milestone/sysconfig:default
>          svc:/milestone/multi-user:default
>          svc:/system/boot-config:default
>          svc:/milestone/multi-user-server:default
>          svc:/system/system-log:default
>          svc:/system/utmp:default
>          svc:/system/console-login:default
>          svc:/network/ssh:default
>          svc:/network/inetd:default
>          svc:/system/sac:default
>          svc:/network/rpc/bind:default
>          svc:/system/filesystem/autofs:default


What does the service's log show, if anything?
Any messages on zone console?

Namely, I suspect that with a copy-pasted sysidcfg you could request
the zone to be a DHCP client (which pulls configs from announcements)
and have no server on the etherstub? Un-started services seem to imply
that the implementation of sysidcfg relevant to your config is still
running (maybe blocked or failed under the hood somehow)...

Any blockages in GZ ipfilter? (use "ipmon" to see matches for rules
with the "log" keyword, and generally all blocking rules should have
that - eases such debugs)

Did you snoop on the vnic facing the etherstub for hints (requests,
replies)?

HTH,
//Jim





More information about the oi-dev mailing list