12:58:36 <aru> I'm struggling a bit with ipna. The idea was I would have a zone running tailscale, that would redirect and map incoming packets over internal network to other zones.  I can see the packets coming in, I can see the nat sessions being created for them, but I never see them leave through the internal interface. What am i missing?
12:58:48 <aru> s/ipna/ipnat
13:53:59 <ptribble> The first things I would check are (a) that ip forwarding is enabled, and (b) that anti-spoofing protection (ie allowed-address) is disabled
13:56:56 <aru> allowed-address is set, so that could be it
13:57:08 <aru> if I stop the zone, unset it with zonecfg and boot the zone, will it take effect?
14:00:51 <ptribble> On the internal interface, that is.
14:03:09 <aru> understood, will try
14:20:01 <aru> well, ipv4 forwarding seems to be enable according to routeadm, allowed-address is unset for the internal interface of the nat zone
14:22:50 <aru> but no luck
14:24:07 <aru> is it enough if forwarding is enable in the zone?
14:43:36 <sommerfeld> how is the forwarding zone plumbed up to other zones?
14:46:46 <aru> there's an internal0 etherstub in the global zones,  the zones have interfaces plugged into it
14:49:17 <aru> dunno, I might nuke it all and start over
15:06:10 <aru> just to be extra sure, is "rdr ext0 from any to any port = 8000 -> 192.168.111.251 port 8000" the thing I'm looking for?
15:06:17 <aru> when it comes to configuring ipnat
15:40:44 <sommerfeld> i have 3 lines: map wan0 192.168.40.0/24 -> W.X.Y.Z portmap tcp 40000:60000
15:40:52 <sommerfeld> map wan0 192.168.40.0/24 -> W.X.Y.Z portmap udp 40000:60000
15:41:01 <sommerfeld>  map wan0 192.168.40.0/24 -> W.X.Y.Z 
15:43:27 <sommerfeld> I also have "rdr wan0 W.X.Y.Z port A -> 192.168.40.202 port B udp age 7500" to map one specific port (for SIP)
15:59:22 <sommerfeld> aru: ipnat.conf(5) doesn't document a "from any to any" syntax for rdr.   I think you just specify the inbound-dst / outbound-src address and port.
16:00:55 <sommerfeld> one other thing to look at is the routing table on the nat zone - does it have default pointing at ext0 ?
16:51:50 <aru> doesn't it? You can piece it together from the description of the grammar on top
16:52:32 <aru> how does the first line work?
17:00:41 <aru> so, the most simple case. In my global zone I'm running python -m http.server -b 0.0.0.0 8000, in my ipnat rules i have "rdr rge0 from any to any port = 8001 -> 192.168.0.150 port 8000 tcp". 192.168.0.150 is the machine's ip, with this I can hit it on either port 8000 (regular) or 8001 (redirected)
17:01:09 <aru> If I switch the right hand side address to 127.0.0.1, it breaks
17:03:53 <aru> almost sounds like I have forwarding disabled
17:39:16 <aru> ok, not sure what I was doing wrong before
17:54:20 <aru> everything it seems
18:04:35 <sommerfeld> aru: oops, misread the grammar (missed the "fromto" rule somehow); anyhow my known working config didn't use the fromto syntax
18:06:23 <aru> now the thing I'm running into is, if I have an already existing zone, how to add an interface with allowed-address to it? I can add it with zonecfg, but then the interface appears inside the zone without an ip address and I can't set it from within the zone
21:56:47 <nomad> Does anyone here have 2 (or more) OmniOS hosts with 10G links between them, with IPv6 configured, that can test something for me?
22:02:57 <nomad> https://pastebin.com/089VtwXj shows some ... interesting .. differences between IPv4 and IPv6 speeds.
22:03:28 <nomad> I'd really like to understand what's going on here.
22:05:50 <nomad> (I should add, those numbers are for hosts that are directly cabled together, no switch involved.)
22:16:06 <nomad> and the numbers are fairly consistent across multiple tests.