1

I have a Solaris 11 host with multiple network interfaces, and configured IPFilter to do some NAT works; however every time a physical link down, the ipfilter service becomes disabled; even if the link was later restored, the service will remain in disabled state.

For example there is a link down message from /var/adm/messages: Nov 29 18:08:22 solaris11exp mac: [ID 486395 kern.info] NOTICE: rge0 link down

The ipfilter service log file /var/svc/log/network-ipfilter:default.log later shows: [ 11月 29 18:08:27 Stopping because service disabled. ] [ 11月 29 18:08:27 Executing stop method ("/lib/svc/method/ipfilter stop"). ] [ 11月 29 18:08:28 Method "stop" exited with status 0. ]

I have to run a svcadm enable network/ipfilter manually every time after this.

So my question is How to prevent the ipfilter service from disable (stop) on links down? Or if that is not possible, How to enable (start) the service automatically when the link is up?

Low power
  • 241
  • 1
  • 6

1 Answers1

0

Not sure how much it will help, but you could try using the pkg network/firewall which is based on the BSD PF which offers an easier way to NAT.

Other than that, have you considered using IPMP or link aggregation to help with your network availability?

fyi: Normally you can issue a svcadm clear <service>, vs enable.

sleepyweasel
  • 1,013
  • 5
  • 11