[OpenIndiana-discuss] Isolating networks for zones
Jeppe Toustrup
openindiana at tenzer.dk
Sun Oct 30 00:27:28 UTC 2011
On Sat, Oct 29, 2011 at 23:30, carlopmart <carlopmart at gmail.com> wrote:
> I have installed oi zone under a oi_151a host to provide dns caching
> services. All works ok now, except network isolation. Running snoop on
> non-global zone I can see all traffic of all networks where global zone
> connects. For example:
How is the vnic configured? (dladm show-vnic)
You might want to set the global zone up as a router which route
traffic from it's external interface to an etherstub (virtual switch)
which the vnic then is connected to. Then you shouldn't be able to
sniff network traffic from the external network on the zone.
--
Venlig hilsen / Kind regards
Jeppe Toustrup (aka. Tenzer)
More information about the OpenIndiana-discuss
mailing list