14:03:35 <danmcd> kenichi: Did I miss what problem(s) you're having?
15:28:43 <kenichi> danmcd: thanks, no i didn't mention - i've been trying to learn, going through the zadm guides on the site
15:29:38 <danmcd> Ah.  Zone networking can use the same tools as the GZ, but with zadm(8) you can configure a zone in advance with addresses and what-not (like you can with SmartOS's vmadm(8)).
15:29:39 <kenichi> but from in a zone/vnic, i can't ping beyond the host ip
15:30:36 <danmcd> I still run my OmniOS zones on my home server the old-fashioned way, where I (as root@zone) did ipadm(8) to bring up networking (even using route(8) -p).  But those zones go back to the days of OpenSolaris.
15:31:08 <neitzel> smells like forwarding not enabled in the global zone.
15:31:26 <kenichi> i've tried both zadm and zonecfg/zoneadm
15:32:25 <kenichi> routeadm shows forwarding and routing enabled...
15:34:06 <kenichi> i've tried a sparse and lx/debian, same net and nat ip according to https://docs.oracle.com/cd/E23824_01/html/821-1458/gjxfb.html#scrolltoc
15:35:32 <kenichi> (aws instance)
15:36:38 <neitzel> can you snoop(8) the packets on the outbound interface of the global zone?
15:39:42 <kenichi> ooh snoop looks great, i'll try & report back
15:44:38 <ptribble> If you're on aws, have you added the IP address of the zone to the EC2 instance as a secondary address?
15:45:38 <danmcd> Yes, if you're <root-or-suitable-privs-at-least>@global you should have visibility into any/all vnics.
17:15:53 <kenichi> snoop shows arp whois for the gw (defrouter value), but doesn't get a response
17:18:11 <kenichi> to answer ptribble, i hadn't but just tried that without success. note: just another private IP, not another public one
18:56:51 <tomww> kenichi: does the entry in /etc/netmakss match the outside view of the netmask?
20:27:16 <kenichi> yes, both are equal and have no uncommented lines