Christine Tran writes: > I am putting 2 applications that talk to each other on two non-global > zones of type exclusive-ip. I do this for one reason only, that is to > be able to observe traffic between the two applications for > troubleshooting if and when things go wrong. Unfortunately, this will > run afoul of security guidelines, which says one should not be able to > observe anything from the outside. Encryption is just not in the > picture right now. I'm trying to think of a way to make traffic > observable from the global zone only, and obscured to everyone else > outside the box. I thought of not cabling the interfaces and turning > off ip_restrict_interzone_loopback, but that just backs me right into > the corner of not being able to snoop anything on the lo0 channel. I > don't have anything here that I can use, do I? Just making sure.
Using the existing Clearview interfaces (integrated back in November for build 103; see CR 4085089), you should be able to snoop lo0 just fine. -- James Carlson, Solaris Networking <james.d.carl...@sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ zones-discuss mailing list firstname.lastname@example.org