Localhost routing is weard - checkout the following post I sent some times ag.
http://www.opensolaris.org/jive/thread.jspa?threadID=10745&tstart=30 or http://www.but.ch/root/public/sysadmin/solaris/solaris10.html Ivan On Tuesday 01 August 2006 21:26, Glenn Faden wrote: > Yates, Spencer A. wrote: > >Yes, the all-zones interface allowed me to communicate with the LDAP > >service; however, I cannot ping or change the defaultrouter for the > >zone/clearance level. > > > >Below is my current configuration: > > Global Zone > > lo0 127.0.0.1 > > lo0:1 127.0.0.1 zone unclassified > > bge0 10.0.0.116 > > bge0:1 10.4.0.116 all-zones > > bge1 0.0.0.0 > > Public Zone > > lo0:1 127.0.0.1 > > bge0:1 10.4.0.116 > > bge1:1 192.168.100.2 > > > >Logged-in as root in the public zone, I tried removing the default route > >via "route delete default 10.0.0.1," but received an error "insufficient > >privileges." > > > >How do I explicitly state the default route in a zone? And keep > >communication with the global zone for LDAP? > > All route commands must be issued from the global zone. You may want to > look at the Zones FAQ, > http://opensolaris.org/os/community/zones/faq/#cfg_defroute > > You should also read the route(1M) section about the new -secattr option. > > One thing I'm not sure of is whether you should bring up the global zone > network interfaces corresponding to each of your per-zone networks. > Certain multilevel desktop functionality relies on the global zone being > able to contact NFS servers on these separate networks. If you expect > this to work, you should create the appropriate interfaces by editing > /etc/hostname.<interface> files for the global zone. These file are not > used for labeled zones. > > --Glenn > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org -- _____________________________________________________________ Ivan Buetler Compass Security Network Computing AG Gl?rnischstrasse 7, CH-8640 Rapperswil, Switzerland ?Tel +41 55 214 41 62 ?Fax +41 55 214 41 61 ?ivan.buetler at csnc.ch ?http://www.csnc.ch ?PGP: 539D 2C1B F338 66C6 AD00 ?ABB9 68B5 4976 2E9A 98EA ?Security Review - Penetration Testing - Computer Forensics _____________________________________________________________
