config: global Zone nic / ce4 172.21.15.81/ffffff00 locale zone ( seperate lan with default router/firewall ) nic / ce0 172.21.39.94/ffffffe0
Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 172.21.15.0 172.21.15.81 U 1 8143 ce4 10.3.0.0 10.3.0.214 U 1 18 ce5 224.0.0.0 172.21.15.81 U 1 0 ce4 default 172.21.15.1 UG 1 573111 default 172.21.39.65 UG 1 9 127.0.0.1 127.0.0.1 UH 21038276 lo0 With a ping from 172.16.1.101 : local.zone send back the ICMP "Echo Reply" ping -s 172.21.39.94 PING 172.21.39.94: 56 data bytes 64 bytes from local.zone.orman.org (172.21.39.94): icmp_seq=0. time=2.32 ms 64 bytes from local.zone.orman.org (172.21.39.94): icmp_seq=1. time=2.14 ms 64 bytes from local.zone.orman.org (172.21.39.94): icmp_seq=2. time=0.923 ms ^F64 bytes from local.zone.orman.org (172.21.39.94): icmp_seq=3. time=1.05 ms ^C ----172.21.39.94 PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max/stddev = 0.923/1.61/2.32/0.72 With traceroute from 172.16.1.101: instead local zone, global.zone send back the ICMP "Destination unreachable" [EMAIL PROTECTED]:# traceroute 172.21.39.94 traceroute: Warning: Multiple interfaces found; using 172.16.1.101 @ eri0 traceroute to local.zone.orman.org (172.21.39.94), 30 hops max, 40 byte packets 1 erf703fa0-1-0.net.orman.org (172.16.1.2) 0.466 ms 0.452 ms 0.335 ms 2 erf-172-17-250-49.orman.org (172.17.250.49) 0.691 ms 0.681 ms 0.694 ms 3 * * * 4 * * * 5 * * * 6 172.20.32.85 (172.20.32.85) 12.993 ms 12.269 ms 12.177 ms 7 blnpp20db-bkuprte.orman.org (172.20.1.224) 11.592 ms 10.708 ms 10.434 ms 8 172.21.53.5 (172.21.53.5) 13.227 ms 13.602 ms 13.108 ms 9 blncsr01-07-eth-1-0-2.lan.orman.org (172.21.12.126) 13.040 ms 13.518 ms 13.162 ms 10 blnsf00041.lan.orman.org (172.21.183.13) 11.336 ms 11.117 ms 11.836 ms 11 blncsr01-100-vlan-110.lan.orman.org (172.16.208.130) 12.127 ms 12.056 ms 11.959 ms 12 global.zone.orman.org (172.21.15.81) 13.266 ms 12.482 ms 12.232 ms [EMAIL PROTECTED]:# For our lan group this is a security problem. This message posted from opensolaris.org _______________________________________________ zones-discuss mailing list [email protected]
