On Sol11.1 From non-global-zone Ipadm Can't Set Forwarding=on (Doc ID 1549644.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 11.1 to 11.1 [Release 11.0]
Information in this document applies to any platform.

Symptoms

 If you have created a zone with exclusive-ip  and using anet network capability with  "allowed-address" and "configure-allowed-address" set you will not be able to enable IP-forwarding and will give the below error executing " ipadm set-ifprop -p forwarding=on -m ipv4 <vnic-name>

 

OS:Sol11u1(SRU 6.4)
******************************

Name: entire
       Summary: entire incorporation including Support Repository Update (Oracle Solaris 11.1.6.4.0).

 

zonecfg -z myzone info
****************************************
anet:
       linkname: vnic123
       lower-link: net0
       allowed-address: 192.168.211.11/26              
       configure-allowed-address: true              
       defrouter: 192.168.211.1                                
       allowed-dhcp-cids not specified
       link-protection: "mac-nospoof, ip-nospoof"
       mac-address: random
       auto-mac-address: 2:8:20:3c:c8:ca
       mac-prefix not specified
       mac-slot not specified
       vlan-id: 998

myzone# ipadm set-ifprop -p forwarding=on -m ipv4 vnic123
ipadm: set-ifprop: forwarding: Permission denied

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms