Christine Tran writes:
> I am putting 2 applications that talk to each other on two non-global
> zones of type exclusive-ip.  I do this for one reason only, that is to
> be able to observe traffic between the two applications for
> troubleshooting if and when things go wrong.  Unfortunately, this will
> run afoul of security guidelines, which says one should not be able to
> observe anything from the outside.  Encryption is just not in the
> picture right now.  I'm trying to think of a way to make traffic
> observable from the global zone only, and obscured to everyone else
> outside the box.  I thought of not cabling the interfaces and turning
> off ip_restrict_interzone_loopback, but that just backs me right into
> the corner of not being able to snoop anything on the lo0 channel. I
> don't have anything here that I can use, do I?  Just making sure.

Using the existing Clearview interfaces (integrated back in November
for build 103; see CR 4085089), you should be able to snoop lo0 just
fine.

-- 
James Carlson, Solaris Networking              <james.d.carl...@sun.com>
Sun Microsystems / 35 Network Drive        71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to