kenichi: Did I miss what problem(s) you're having?

danmcd: thanks, no i didn't mention - i've been trying to learn, going through the zadm guides on the site

Ah. Zone networking can use the same tools as the GZ, but with zadm(8) you can configure a zone in advance with addresses and what-not (like you can with SmartOS's vmadm(8)).

but from in a zone/vnic, i can't ping beyond the host ip

I still run my OmniOS zones on my home server the old-fashioned way, where I (as root@zone) did ipadm(8) to bring up networking (even using route(8) -p). But those zones go back to the days of OpenSolaris.

smells like forwarding not enabled in the global zone.

i've tried both zadm and zonecfg/zoneadm

routeadm shows forwarding and routing enabled...

i've tried a sparse and lx/debian, same net and nat ip according to docs.oracle.com/cd/E23824_01/html/821-1458/gjxfb.html#scrolltoc

(aws instance)

can you snoop(8) the packets on the outbound interface of the global zone?

ooh snoop looks great, i'll try & report back

If you're on aws, have you added the IP address of the zone to the EC2 instance as a secondary address?

Yes, if you're <root-or-suitable-privs-at-least>@global you should have visibility into any/all vnics.

snoop shows arp whois for the gw (defrouter value), but doesn't get a response

to answer ptribble, i hadn't but just tried that without success. note: just another private IP, not another public one

kenichi: does the entry in /etc/netmakss match the outside view of the netmask?

yes, both are equal and have no uncommented lines