[OmniOS-discuss] Routing challlenges
Schweiss, Chip
chip at innovates.com
Thu Apr 7 15:52:55 UTC 2016
On several of my OmniOS hosts I have a setup a management interface for SSH
access on an independent VLAN. There are service vlans attached to other
nics.
The problem I am having is that when on privileged machine on one of the
vlans also on the service side that has access to the management SSH port
the TCP SYN comes in the management VLAN but the SYNACK goes out the
service VLAN instead of routing back out its connecting port. This causes
a split route and the firewall blocks the connection because the connection
never appears complete.
Traffic is flowing like this:
client firewall omnnios
10.28.0.106 -> 10.28.0.254->10.28.125.254 -> 10.28.125.44
10.28.0.106 <--------------------------------- 10.28.0.44
How can I cause connections to only communicate on the vlan that the
connection is initiated from?
I don't want to use the 10.28.0.44 interface because that is a virtual IP
and will not always be on the same host.
-Chip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20160407/e750083c/attachment.html>
More information about the OmniOS-discuss
mailing list