Here's the link to ipf-howto for Jeff.
Mike Ditto wrote:
Christine Tran wrote:
Does this mean I can't have my global zone redirect to a non-global
zone living on the same box? Because I'm really using the loopback
interface and not leaving the system on any physical interface? This
applies whether my global and non-global zone share one interface, or
have unique interfaces? I would like some clarification if Darren is
It should be possible to use rdr to redirect inbound traffic to another
zone (IP address) on the same machine. This isn't mentioned in the ipf
how-to because without zones, there is generally no reason to do this.
Basically, when you use rdr, the inbound packet is modified before the
IP stack sees it, so it will be correctly delivered to the modified
destination if that destination is on the local machine or reachable
through some interface other than the one on which the packet arrived.
Customer was swearing up and down that he cannot use rdr to direct
traffic onto a web server running inside a zone on a box that is also
acting as a router and accepting inbound traffic. I don't know how much
of this is a misconfiguration (he says he can redirect to another
physical box, but not onto a zone on the same box). I was going to
write to Darren directly but thought the list could benefit from the
The use for this, and I'm guessing here, might be something like, I have
widgetco.com with several autonomous subdivisions. I can't all have
my zones called widgetco (so that all my customers can access via
http://widgetco.com) so I have one big server that accepts and redirects
to different zones and then the webserver there does URL rewrites.
zones-discuss mailing list