Hi, I am putting 2 applications that talk to each other on two non-global zones of type exclusive-ip. I do this for one reason only, that is to be able to observe traffic between the two applications for troubleshooting if and when things go wrong. Unfortunately, this will run afoul of security guidelines, which says one should not be able to observe anything from the outside. Encryption is just not in the picture right now. I'm trying to think of a way to make traffic observable from the global zone only, and obscured to everyone else outside the box. I thought of not cabling the interfaces and turning off ip_restrict_interzone_loopback, but that just backs me right into the corner of not being able to snoop anything on the lo0 channel. I don't have anything here that I can use, do I? Just making sure.
CT _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
