Zones unreachable externally
I am running Solaris 10 on an X2200 M2 machine, fully patched with all the latest patches.
I am trying to run an application, which I have configured and tested to run in the global zone, ie locating the startup script in rc3.d works. However, when I created a non-global zone to host this application, two things happen:
(1) Putting the startup script in the local rc3.d doesn't work. Rebooting the zone doesn't start up the service.
(2) I can ping the virtual IP from another machine, but it cannot connect to the ser vices I run, even though the ports show up in netstat as listening on all interfaces. I can connect to the service using the machine's browser, pointing to the virtual IP and port.
Actual configuration shown below:
Machine has 4 NICs, bge0, bge1, nge0, nge1. bge0 and nge0 are plumbed.
bge0: IP 172.22.2.4 netmask 255.255.0.0 default gateway 172.22.2.1
nge0: IP 10.0.0.1 netmask 255.0.0.0
nge0 is meant to connect to my database server.
The zone is created with bge0:1 as 172.22.2.6, nge0:1 as 10.0.0.2.
What am I missing? I'm very new to Solaris, all steps are carried out according to the documentation.
[1197 byte] By [
alpha78a] at [2007-11-27 7:45:57]
# 3
When I do the svcs -vx in the global zone, I get only one service state.
svc:/application/print/server:default (LP print server)
State: disabled since Fri Jun 15
Reason: Disabled by an administrator.
This seems correct, as I did the Solaris install with the most secure port services enabled, only 21 and 22.
With zlogin to my zone and doing svcs -vx, I get quite a few returns, which I need help in interpreting.
svc:/system/sysidtool.net (sysidtool)
State: offline since Thu Jun 14
Reason: Start method is running.
Impact: 27 dependent services are not running. (not listing them down for brevity)
svc:/network/rpc/gss:default (Generic Security Service)
State: unintialized since Thu Jun 14
Reason: Restarter svc:/network/inetd:default is not running.
Impact: 14 dependent services are not running.
svc:/application/print/server:default (LP print server)
State: disabled since Fri Jun 15
Reason: Disabled by an administrator.
svc:/network/rpc/smserver:default (removable media management)
State: uninitialized since Thu Jun 14
Reason: Restarter svc:/network/inetd:default is not running.
Impact: 1 dependent service is not running.
svc:/network/rpc/rstat:default (kernel statistics server)
State: uninitialized since Thu Jun 14
Reason: Restarter svc:/network/inetd:default is not running.
Impact: 1 dependent service is not running.
If I start the script manually in the zone, it will run the service, which I can access from the web browser locally, pointing to the IPs assigned to the zone, but they cannot be reached from other machines in the subnet.
Looks like I'm missing quite a bit of configuration for the zone?
