Glenn Brunette wrote: > Darren Reed wrote: > >> James Carlson wrote: >> >>> Glenn Brunette writes: >>> >>> >>>> 1. Global Zone >>>> >>>> - has two IP addresses: >>>> * public address obtained via DHCP (e1000g0) >>>> * private (crossbow) address (192.168.0.254) >>>> >>>> >>> [...] >>> >>> >>>> 1. Global zone is unrestricted in communicating with public network. >>>> >>>> >>> [...] >>> >>> >>>> The configuration in my last message does this. The only thing >>>> that I had wanted to do was tighten the IPF rule associated with >>>> #1 above (for the Global Zone). Since this is a DHCP issued >>>> address, I would like a keyword to use that will be substituted >>>> like (0/32 is in ipnat.conf). >>>> >>>> >>> I think "<thishost>" would work. >>> >>> I've never seen "0/32" used in ipnat.conf. It doesn't seem to be >>> described in ipnet.conf. >>> >>> You'll probably need to talk with one of the IPF experts (when they >>> come on line) about that. >>> >>> >> Jim is both right and wrong. >> The 0/32 isn't currently supported for ipnat.conf. >> The "<thishost>" probably won't work. >> What I'd recommend doing is adding something to dhcp >> bringing up/down the link, using a shell script, that adds >> and removes the correct rules. >> > > James, Darren, > > Thank you both for the clarification. Two questions: > > 1. For ipf.conf, will <thishost> expand to all of the local IP > addresses that are available in the global zone (assuming > global zone usage here)? >
No, it exapands to the first address returned associated with the name that comes from "hostname(1)". I'll return to the email that started this thread for more info... Darren _______________________________________________ networking-discuss mailing list [email protected]
