[OpenIndiana-discuss] etherstub and bridge

[Michael Stapleton]

Then you need to route, not bridge.

All zones with VNICs connected to the etherstub, Global Zone with VNIC
on the etherstub, Global Zone routing between physical NIC and the VNIC.
Proper routable IPs all around. Proper routing configured all around (in
zones, global zone and the external network.

You can then also firewall from the global zone all traffic going to and
from the zones and the external network.

I think that is what you are after?

Mike

On Sun, 2012-02-26 at 10:13 -0800, Anil Jangity wrote:

> Well, I am trying to create separate LAN segments essentially, so whatever broadcasts, would be isolated to it's own segment.
> Each zone (etherstub/vnic) would be it's own LAN and completely isolated from the other zones, which themselves are on their own separate etherstub/vnic.
> 
> 
> On Feb 25, 2012, at 10:44 PM, Richard Elling wrote:
> 
> > On Feb 25, 2012, at 8:49 PM, Anil Jangity wrote:
> > 
> >> What I am really trying to do is, isolate the zone, but also at the same time have it be able to talk the outside world. Going over the "real link" means it would see all the wire traffic (broadcasts etc... from the rest of the network, it isn't isolated).
> > 
> > Can you explain? Broadcasts are intended to be seen… which is why they are called
> > broadcasts.
> > -- richard
> > 
> > -- 
> > 
> > ZFS storage and performance consulting at http://www.RichardElling.com
> > SCALE 10x, Los Angeles, Jan 20-22, 2012
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > _______________________________________________
> > OpenIndiana-discuss mailing list
> > OpenIndiana-discuss at openindiana.org
> > http://openindiana.org/mailman/listinfo/openindiana-discuss
> 
> 
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss