[OmniOS-discuss] LX Zones - Password for Canned SmartOS Images

PÁSZTOR György pasztor at sagv5.gyakg.u-szeged.hu
Thu Jan 5 20:20:54 UTC 2017 

Hi,

"Michael Rasmussen" <mir at miras.org> írta 2017-01-05 19:44-kor:
> On Thu, 5 Jan 2017 13:34:40 -0500
> Dan McDonald <danmcd at omniti.com> wrote:
> 
> > I notice you're running on vmxnet... I wonder if your host is preventing you from creating vNICs through some sort of address filtering?
> > 
> Does it not require promiscuous mode to be able to create a nic alias?
> I do not think this is supported with default settings in VmWare.

In my home nas, I bumped into a similar problem.
- Host is omnios 151014.
-- There is a zone, named vbox.
--- There is a linux virtual machine inside that, which access the local
network as it should, interface: eth0, br0(lxcname.eth0)
---- There is a lxc container in that virtual machine

The lxc container didn't had access to the network, since virtualbox+ vnic
filtered out frames, didn't belong to it's address, so from the global
zone's perspective, the linux machine's vnic shouldn't get the frames where
it's destination was the lxc's mac.
So, I set up a proxy arp in the linux virtual machine:
$ cat /etc/sysctl.d/lxc-net-dep.conf 
net.ipv4.ip_forward=1
net.ipv4.conf.br0.proxy_arp=1
net.ipv4.conf.eth0.proxy_arp=1

Also, for safety, inside the /etc/network/interfaces, there is an up
command entry for the iface br0 inet static:
	up route add -host 172.28.33.40 dev br0
	up sysctl net.ipv4.conf.br0.proxy_arp=1
	down route del -host 172.28.33.40

So for eth0, there is a regular eth0 inet static entry, and there is this
br0, with the same ip, as eth0, but it adds a p2p route entry to the
routing table at bringing up.
Since, br0 doesn't exist at host boot up time, the
net.ipv4.conf.br0.proxy_arp=1 is practically useless in the sysctl.d.conf
The 172.28.33.40 is the address of the lxc, while my whole home network is
the 172.28.33.0/24.

Outside from my omni nas, the linux vm, and the lxc seems like the same
mac:
# arp -n | grep -E '36|40'
172.28.33.36             ether   02:08:20:0d:ae:ea   C wlan0
172.28.33.40             ether   02:08:20:0d:ae:ea   C wlan0

I don't know, if it's possible on illumos but proxy arp can be a solution.
Not a nice one, but a sulution! ;-)

Cheers,
Gyu

More information about the OmniOS-discuss mailing list