Yes, the all-zones interface allowed me to communicate with the LDAP
service; however, I cannot ping or change the defaultrouter for the
zone/clearance level.
Below is my current configuration:
Global Zone
lo0 127.0.0.1
lo0:1 127.0.0.1 zone unclassified
bge0 10.0.0.116
bge0:1 10.4.0.116 all-zones
bge1 0.0.0.0
Public Zone
lo0:1 127.0.0.1
bge0:1 10.4.0.116
bge1:1 192.168.100.2
Logged-in as root in the public zone, I tried removing the default route
via "route delete default 10.0.0.1," but received an error "insufficient
privileges."
How do I explicitly state the default route in a zone? And keep
communication with the global zone for LDAP?
Thanks . . . Spencer
-----Original Message-----
From: Glenn Faden [mailto:glenn.fa...@sun.com]
Sent: Monday, July 31, 2006 6:15 PM
To: Yates, Spencer A.
Cc: security-discuss at opensolaris.org
Subject: Re: [security-discuss] TX43 with Multiple Network Interfaces?
Yates, Spencer A. wrote:
> The current TX document describes two methods to configure network
> interfaces for zones/clearance levels:
> SDTShareLogical - ifconfig bge0:3 all-zones
> SDTSharePhysical - ifconfig bge0 all-zones
>
> My SunFire V210 has 4 interfaces. Can I configure each clearance
> level to use a different network interface? For instance,
> global - bge0
> PUBLIC - bge1
> CONFIDENTIAL - bge2
> SANDBOX - bge3
Yes, this should work.
>
> I have tried touching the following files /etc/hostname.bge[0123] and
> svccfg each zone as follows:
> add net
> set physcial=bge1
> set address=X.X.X.X
> end
> commit
>
> But I'm unable to get the zones to communicate with the global zone's
> LDAP server.
Try creating an additional interface, bge0:1, on the same subnet as
bge0, and make it all-zones, for example, create a file
/etc/hostname.bge0:1 with the following contents
foo all-zones
You will need to reboot.
--Glenn
