[oi-dev] Problem With Zone Networking
garrett.damore at dey-sys.com
garrett.damore at dey-sys.com
Mon Oct 15 00:49:42 UTC 2012
On Oct 14, 2012, at 4:55 PM, Nick Zivkovic <zivkovic.nick at gmail.com> wrote:
> Hi.
>
> I didn't configure dhcp server properly.
>
> I've now configured it.
>
> However, while I can now do `dig google.com`, and get a proper
> resolution, `ping google.com` does not work.
>
> Which is very strange, to me. One command can do a resolution and
> another can't. I verified that dns/multicast and dns/client services
> are running.
Check /etc/nsswitch.conf ? Make sure that nscd hasn't cached a negative answer?
Also, ping relies on ICMP, so if you're using NAT, you may have trouble if the firewall in the middle isn't configured to forward ICMP.
But, I see you're having issues with ipfilter as well.
- Garrett
>
> Additionally, ipfilter (in the GZ) keeps going into the disabled
> state, and I have to keep re-enabling it.
>
> Any ideas?
>
> Nick Zivkovic
> Code: https://github.com/nickziv
> Blog: http://nickziv.wordpress.com
> Twitter: https://twitter.com/nickziv
>
>
> On Sat, Oct 13, 2012 at 10:26 AM, Jim Klimov <jimklimov at cos.ru> wrote:
>> Ideas below...
>>
>>
>> 2012-10-13 4:18, Nick Zivkovic wrote:
>>>
>>> Hi,
>>>
>>> I just created and installed a new NGZ, with an exclusive IP stack.
>>>
>>> I've copied a sysidcfg file into the zone's /etc (the one from the wiki).
>>>
>>> I've enabled port forwarding via ipfilter and nat.
>>>
>>> I am able to ping IP addresses (using GZ as router). Note: I am using
>>> a vnic for the NGZ and one for the GZ,
>>> on the same etherstub.
>>>
>>> However domain name resolution does not work (I cannot ping
>>> google.com, for example).
>>>
>>> I did copy resolv.conf and nsswitch.conf from the GZ into the NGZ.
>>>
>>> I tried enabling the multicast service, but it won't start because the
>>> sysidtool:net service is not starting.
>>>
>>> Here is the message I get from `svcs -xv`:
>>>
>>> svc:/system/sysidtool:net (sysidtool)
>>> State: offline since Fri Oct 12 16:46:53 2012
>>> Reason: Start method is running.
>>> See: http://illumos.org/msg/SMF-8000-C4
>>> See: man -M /usr/man -s 1M sysidtool
>>> See: /var/svc/log/system-sysidtool:net.log
>>> Impact: 13 dependent services are not running:
>>> svc:/system/sysidtool:system
>>> svc:/milestone/sysconfig:default
>>> svc:/milestone/multi-user:default
>>> svc:/system/boot-config:default
>>> svc:/milestone/multi-user-server:default
>>> svc:/system/system-log:default
>>> svc:/system/utmp:default
>>> svc:/system/console-login:default
>>> svc:/network/ssh:default
>>> svc:/network/inetd:default
>>> svc:/system/sac:default
>>> svc:/network/rpc/bind:default
>>> svc:/system/filesystem/autofs:default
>>
>>
>>
>> What does the service's log show, if anything?
>> Any messages on zone console?
>>
>> Namely, I suspect that with a copy-pasted sysidcfg you could request
>> the zone to be a DHCP client (which pulls configs from announcements)
>> and have no server on the etherstub? Un-started services seem to imply
>> that the implementation of sysidcfg relevant to your config is still
>> running (maybe blocked or failed under the hood somehow)...
>>
>> Any blockages in GZ ipfilter? (use "ipmon" to see matches for rules
>> with the "log" keyword, and generally all blocking rules should have
>> that - eases such debugs)
>>
>> Did you snoop on the vnic facing the etherstub for hints (requests,
>> replies)?
>>
>> HTH,
>> //Jim
>>
>>
>> _______________________________________________
>> oi-dev mailing list
>> oi-dev at openindiana.org
>> http://openindiana.org/mailman/listinfo/oi-dev
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> http://openindiana.org/mailman/listinfo/oi-dev
More information about the oi-dev
mailing list