Darren Reed wrote:
> James Carlson wrote:
>> Glenn Brunette writes:
>>
>>> 1. Global Zone
>>>
>>> - has two IP addresses:
>>> * public address obtained via DHCP (e1000g0)
>>> * private (crossbow) address (192.168.0.254)
>>>
>> [...]
>>
>>> 1. Global zone is unrestricted in communicating with public network.
>>>
>> [...]
>>
>>> The configuration in my last message does this. The only thing
>>> that I had wanted to do was tighten the IPF rule associated with
>>> #1 above (for the Global Zone). Since this is a DHCP issued
>>> address, I would like a keyword to use that will be substituted
>>> like (0/32 is in ipnat.conf).
>>>
>> I think "<thishost>" would work.
>>
>> I've never seen "0/32" used in ipnat.conf. It doesn't seem to be
>> described in ipnet.conf.
>>
>> You'll probably need to talk with one of the IPF experts (when they
>> come on line) about that.
>>
>
> Jim is both right and wrong.
> The 0/32 isn't currently supported for ipnat.conf.
> The "<thishost>" probably won't work.
> What I'd recommend doing is adding something to dhcp
> bringing up/down the link, using a shell script, that adds
> and removes the correct rules.
James, Darren,
Thank you both for the clarification. Two questions:
1. For ipf.conf, will <thishost> expand to all of the local IP
addresses that are available in the global zone (assuming
global zone usage here)?
2. Is there something that is missing for IPNAT? Should I file
a RFE to have something comparable to <thishost> as is
available for ipf.conf?
g
_______________________________________________
networking-discuss mailing list
[email protected]
