> In brief: Want to send all WAN traffic to one interface in a given (global?
> non-global?) zone, effectively making it the DMZ. From there, wish to
> implement port forwarding to specific vnics, each on its own non-global
> zone, on Box 'A'. In addition, we'd like to forward specific ports (80?
> 443?) to IP addresses external to the openSolaris box; Boxes 'B', 'C', etc.
I do this already on my home server. In the context of a different problem:
http://blogs.sun.com/danmcd/entry/do_a_pkg_image_update
I use ipfilter in the "router" zone, which is nonglobal.
> Does anyone know of a specific recipe?
Running a router/NAT/whatever in a non-global zone and using ipfilter is a
good start.
On my own home server, I have two physical NICs, one is connected to the
Internet, the other is connected to my internal switch. Zones on the
internal switch have VNICs over the physical NIC that's plugged in.
I don't use resource controls, but each VNIC plugged into the internal switch
could have such controls on 'em, I suppose.
Dan
_______________________________________________
networking-discuss mailing list
[email protected]
