> Packets probably flow best when the physical interface is connected. > > What's the goal in leaving it unconnected?
that the zone is created for a purly "virtual" purpose. I need to create/destroy a "massive" number of light weight zones as "container" for a user. > By default, if there's a route that makes another zone's IP address > reachable, then those zones can talk via internal loopback. This > usually means that if they can communicate with the > outside world, then they can talk to each other. my issue is that they CAN'T communicate with the outside world, except http thru the proxy. They zones also can NOT communicate with each other (if in different subnets). > To prevent that, you can set up '-reject' or '-blackhole' routes. I want to achieve the opposite. > If they're on separate subnets, you'll need one set of routes per > zone, all configured in the global zone. (That "set" for each could > consist of a single default route.) what would that have to look like? I have /etc/defaultrouter defined in zoneroot and netstat -r shows the proper default router per zone/subnet, but I can not access any address outside my subnet. This is my routing table on the GZ right now: 192.168.100.0 192.168.100.254 U 1 0 ce1 192.168.101.0 192.168.101.254 U 1 9 ce1:1 192.168.102.0 192.168.102.254 U 1 15 ce1:2 10.7.0.0 10.7.100.24 U 1 222 ce0 224.0.0.0 10.7.100.24 U 1 0 ce0 default 10.7.0.5 UG 1 233 127.0.0.1 127.0.0.1 UH 4 161 lo0 > No ... IP Filter currently does not intercept traffic flowing locally between > zones. what about NAT to the outside? Like I configure DNS inside the zone, but in order to get to even the dns server the zone has to go thru at least one gateway? This message posted from opensolaris.org _______________________________________________ zones-discuss mailing list [email protected]
