I am putting 2 applications that talk to each other on two non-global
zones of type exclusive-ip.  I do this for one reason only, that is to
be able to observe traffic between the two applications for
troubleshooting if and when things go wrong.  Unfortunately, this will
run afoul of security guidelines, which says one should not be able to
observe anything from the outside.  Encryption is just not in the
picture right now.  I'm trying to think of a way to make traffic
observable from the global zone only, and obscured to everyone else
outside the box.  I thought of not cabling the interfaces and turning
off ip_restrict_interzone_loopback, but that just backs me right into
the corner of not being able to snoop anything on the lo0 channel. I
don't have anything here that I can use, do I?  Just making sure.

zones-discuss mailing list

Reply via email to