[oi-dev] Problem With Zone Networking
Nick Zivkovic
zivkovic.nick at gmail.com
Mon Oct 15 17:26:09 UTC 2012
On Mon, Oct 15, 2012 at 8:02 AM, Jim Klimov <jimklimov at cos.ru> wrote:
> 2012-10-15 8:08, Nick Zivkovic пишет:
>
>> Changing the host and ipnodes lines in nsswitch.conf to "files dns",
>> does solve the name resolution problem from within a zone.
>>
>> Thanks!
>>
>> Unfortunately, ipfilter still gets disabled. `svcs -xv` states that
>> ipfilter was temporarily disabled by the administrator.
>>
>> I am the only administrator on the box, and I did not disable it. So
>> clearly something else is doing something behind my back...
>>
>> The log file (network-ipfilter:default.log) says: "stopping because
>> dependency activity requires stop".
>>
>> I have no idea how to interpret this message.
>
>
>
> As a wild guess, do you use static networking config or NWAM?
> I haven't used the latter, but from what I've heard, it can
> influence ipfilter by applying various firewall profiles to
> various networks it thinks it finds itself attached to. So it
> might disable firewall (and NAT) while it is detecting the
> network and whether it matches some known profile.
Yes, I was using nwam. Because my school only supports wifi, nwam
frequently has to reconnect to the network.
I figured that this could be the problem. So I disabled nwam, used
physical:default instead.
Because I still get periodically disconnected, I've set up a loop
script that plumbs the interface, connects to wifi, enables dhcp on
the interface, re-enabled ip-filter, and sleeps for 5 minutes.
Though I probably could have it ping some domain every N secs, and and
if the ping fails, it restarts everything.
But yeah, now networking works for most applications (i.e. browsing,
email, downloads), and I don't have to intervene manually. It probably
won't work for things like ssh.
It's far from ideal, but it's good enough.
Thanks for all the help.
Nick Zivkovic
Code: https://github.com/nickziv
Blog: http://nickziv.wordpress.com
Twitter: https://twitter.com/nickziv
>
>
> //Jim
>
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> http://openindiana.org/mailman/listinfo/oi-dev
More information about the oi-dev
mailing list