This is a set of instructions to demonstrate how to set up a pair of zones where one of them is performing NAT for the other.
This could be generalized to a zone that performs NAT for a collection of zones/VMs, or other configurations as well.
My example happens to result in double NAT to reach the internet. My SmartOS machine is on a 192.168.0.1/24 network that is itself NATed to the Internet. The "firewall" zone is NATing the client zone from a 10.0.0.1/24 network onto that 192.168.0.1/24 network.
|Things to note|
Note the "allow_ip_spoofing" setting on the firewall zone NICs
- Example JSON for "Firewall" Zone
- Example JSON for "Client" Zone/VM
- Example /etc/ipf/ipnat.conf
- Turn on packet forwarding and ipfilter