>> Unless ip_restrict_interzone_loopback is 0 (the default is 1 on OS). >> You can have zones of type exclusive-ip plumbed on different >> interfaces but not cabled up if this parameter is set to 0. > > Where is this documented?
This is what started the whole kerfuffle for me, https://www.opensolaris.org/jive/thread.jspa?threadID=84543&tstart=-1 particularly "which have their local IP addresses on different interfaces", I zeroed in on this and conveniently ignored the "shared-stack zone" which I'm noticing just now. But how could that be ... shared-stack zone with IP address on different interface? This thing cannot exist? Here it is. I need exclusive stack so I can snoop traffic when bad things happen. When bad things are not happening, traffic must not be snoopable, sayeth the people in charge. I have this brilliant idea (based on what I read) that I can conviently shunt traffic to the NIC or internally, at will, using this nifty param. Bad things happen, shunt it outside to observe. Bad things go away, shunt it back inside, remove the cable. This cannot work, you say? This is S10U5, OS is not an option. CT _______________________________________________ zones-discuss mailing list firstname.lastname@example.org