1 Reply Latest reply: Jul 9, 2013 9:52 AM by Reidod RSS

    Global zone overrides local zone default gateway

    3d9af545-064e-400d-addb-f29f0b372335

      Hi, I have a solaris 10 ldom (latest patches) running several zones.

      Global zone uses two networks, let's say its IPs are 10.0.1.1,10.0.2.1. the default gateway is set to 10.0.0.230

      A local zone is configured to used two shaerd network interfaces, Its IPs are on different networks then the global: 10.0.3.1, 10.0.4.1. Local zone (set in zonecfg) default gateway is set to 10.0.3.230.

      The global zone's netstat -r show two 'default' routes. Traffic seems to work.

       

      HOWEVER: For some reason, packets sent from the local zone are determined to be 'spoofed' by our fiewall.

      I am not a network guy, but I'm being told that for some reason, packets going out from the local zone are returned NOT by its own NICs but by the global zone's. That is - say a client contacts the local zone from address 10.10.10.1 - The response will be delivered through the global zone's default gateway - 10.0.0.230 (but marked as coming from the local zone IP - 10.0.3.1.

       

      This seems very strange to me.

      For now it seems that the only solution is to use exclutive NICs, but that's kinda annoying.

      Can the routing problem be fixed?

      This is very important and urgent for us. Answers will be very much apreaciated.

       

      Uri