[OpenIndiana-discuss] Isolating networks for zones
carlopmart
carlopmart at gmail.com
Sun Oct 30 08:27:04 UTC 2011
On 10/30/2011 02:27 AM, Jeppe Toustrup wrote:
> On Sat, Oct 29, 2011 at 23:30, carlopmart<carlopmart at gmail.com> wrote:
>> I have installed oi zone under a oi_151a host to provide dns caching
>> services. All works ok now, except network isolation. Running snoop on
>> non-global zone I can see all traffic of all networks where global zone
>> connects. For example:
>
> How is the vnic configured? (dladm show-vnic)
>
> You might want to set the global zone up as a router which route
> traffic from it's external interface to an etherstub (virtual switch)
> which the vnic then is connected to. Then you shouldn't be able to
> sniff network traffic from the external network on the zone.
>
> --
> Venlig hilsen / Kind regards
> Jeppe Toustrup (aka. Tenzer)
>
Thanks Jeppe. I don't have configured a etherstub. current config is:
root at oihost:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
dmzlan0 e1000g1 1000 2:8:20:dc:48:d9 random 0
and dladm show-phys:
root at oihost:~# dladm show-phys
LINK MEDIA STATE SPEED DUPLEX DEVICE
e1000g0 Ethernet up 1000 full e1000g0
e1000g1 Ethernet up 1000 full e1000g1
e1000g2 Ethernet unknown 0 half e1000g2
But one question: how can I associate certail physical interface to a
etherstub?? Do I need to create a bridge with only one interface??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the OpenIndiana-discuss
mailing list