Christine Tran writes:
> I am putting 2 applications that talk to each other on two non-global
> zones of type exclusive-ip.  I do this for one reason only, that is to
> be able to observe traffic between the two applications for
> troubleshooting if and when things go wrong.  Unfortunately, this will
> run afoul of security guidelines, which says one should not be able to
> observe anything from the outside.  Encryption is just not in the
> picture right now.  I'm trying to think of a way to make traffic
> observable from the global zone only, and obscured to everyone else
> outside the box.  I thought of not cabling the interfaces and turning
> off ip_restrict_interzone_loopback, but that just backs me right into
> the corner of not being able to snoop anything on the lo0 channel. I
> don't have anything here that I can use, do I?  Just making sure.

Using the existing Clearview interfaces (integrated back in November
for build 103; see CR 4085089), you should be able to snoop lo0 just

James Carlson, Solaris Networking              <>
Sun Microsystems / 35 Network Drive        71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677
zones-discuss mailing list

Reply via email to