Lim Sei Wei wrote: > Hi all, > > I'm in the process of putting up Glenn's Safe Browsing Demo. I have set-up > one proxy server with access to the internet, and other on as my internal > proxy > > I have put in the details into tnrhdb as follows > > 0.0.0.0:internal > 172.16.2.121:public <-- public proxy server > 172.16.2.156:internal <-- internal proxy server
The last entry is redundant because it defaults to "internal". > > Does my TX box need labelled access to my dns servers (do i have to set up 2 > sets of dns servers? one internal and one public). I have been evaluating the > internal.pac and public.pac files, and the main command is "isResolve" > checks. Does this mean that my zones must be able to resolve my target web > addresses? i.e. /etc/resolv.conf must be created? > > Also, the guide mentions to set-up the url-xfer service in public. Is this > only in public or do i have to setup the url-xfer service in internal zone as > well? > You need to set up DNS for global zone, i.e. your DNS server listed in /etc/resolv.conf should use the "admin_low" unlabeled template (in your tnrhdb) file. The global zone provides name services to labeled zones via nscd using Solaris doors. The url-xfer should be in public zone only. Don't forget to make 8080/tcp an MLP in public zone. Good luck. Jarrett > Thanks > > Lim Sei Wei > > > This message posted from opensolaris.org > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
