Peter J. Cherny writes: > In a POC, I've used IPFilter's "on int:gw" construct to kludge the > routing, I'm now just working out how to get into the zone-zone path.
Given that local zone-to-zone traffic goes via IP loopback, and that IP Filter connects into the stack via DLPI (well below the point where loopback occurs), the latter part above seems somewhat unlikely to be helpful on the current implementation. > I think SMCC needs to re-look at these issues if they're going > to win back lots of us who have deserted Solaris for FreeBSD > in our Internet Facing production systems. I don't think there's any disputing that there are situations in which it just doesn't do what's wanted, or that there's more work needed. The point of my message was to describe the externally-validated assumptions that were used in the original design, in the hope that this might illustrate _why_ it does what it currently does. I'm not trying to justify those choices, or assert that the system will necessarily do something that works for you specifically. -- James Carlson, KISS Network <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
