|
|
Sponsored Content
Operating Systems
Solaris
Solaris 10 - Zones - Design thoughts
Post 302300173 by sbk1972 on Monday 23rd of March 2009 11:49:34 AM
03-23-2009
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
okay people i need some help:
i was able to configure zones on my solaris 10 server, the problem is I can't ssh into the zones!!! I can zlogin -C zone2 successfully for both zones. Am I missing something? I can ping the zones, but can't ssh. From the zones, I can ping my global server. (7 Replies)
Discussion started by: Sarccastik Dude
7 Replies
2. Solaris
Hi All,
I am getting zone error
# /usr/sbin/zoneadm -z asflxpoc1 boot -s
could not verify net address=169.185.246.229 physical=ce0: No such device or address
could not verify net address=169.185.246.230 physical=ce0: No such device or address
Any ideas for this error message.
The... (13 Replies)
Discussion started by: jegaraman
13 Replies
3. Solaris
Hello All,
I have a list of Local Zones in my list. I want to find out their Global Zone names exactly....I know the command "arp ..."But I dont know how to filter it correctly and find it out.
Thanks in advance,
Jacky (9 Replies)
Discussion started by: jegaraman
9 Replies
4. Solaris
Hi,
I am new to solaris. As I am assigned to a new task to develop a installer for an application on solaris10 machine, I need to prepare the design document for the installer. ( I came to know that in solaris all the instllables will be considered as packages and and are not like .exe's).
So... (0 Replies)
Discussion started by: raghu.amilineni
0 Replies
5. Solaris
Hi Every,
I would like to know some questions on Zones???
1.what are types of zones we can install in global zone???
2.Exact difference between sparce root and whole root???
3.can we change the ip address of a running zone???
4.how to find our in which zone we are running and how many... (8 Replies)
Discussion started by: tirupathiraju_t
8 Replies
6. UNIX for Dummies Questions & Answers
Hi Guys,
I haven't worked on solaris zones earlier. I have a query regarding the zones.
We have MQ software installed on a solaris container. I am not sure on which zone this s/w is intalled.
I have logged into this container via putty.
When I search for the package, I got the package... (7 Replies)
Discussion started by: vandi
7 Replies
7. Solaris
Hi friends,
Actually I faced problem in solaris zone. i was created 4 zones on my server. but one of them is not working ?
so, where i wll get the error logs, and how to troubleshoot the problem.
i have some kind of urgency.
Please reply. (2 Replies)
Discussion started by: rajaramrnb
2 Replies
8. Solaris
Hi guys and gals,
Does anyone know how to import solaris zones from the xml files that sit in /etc/zones?
I want the zones from one machine to another, all I have is the XML files for the zones, so I can't export them first.
Thanks in advance
Martin (1 Reply)
Discussion started by: callmebob
1 Replies
9. Solaris
Hi All
Kindly let me know how can I move Solaris 10 OS running update 10 on physical machine to another machine solaris zone running Solaris 10 update 11 (2 Replies)
Discussion started by: amity
2 Replies
LEARN ABOUT DEBIAN
shorewall6-nesting
SHOREWALL6-NESTING(5) [FIXME: manual] SHOREWALL6-NESTING(5) NAME
nesting - shorewall6 Nested Zones SYNOPSIS
child-zone[:parent-zone[,parent-zone]...] DESCRIPTION
In shorewall6-zones[1](5), a zone may be declared to be a sub-zone of one or more other zones using the above syntax. The child-zone may be neither the firewall zone nor a vserver zone. The firewall zone may not appear as a parent zone, although all vserver zones are handled as sub-zones of the firewall zone. Where zones are nested, the CONTINUE policy in shorewall6-policy[2](5) allows hosts that are within multiple zones to be managed under the rules of all of these zones. EXAMPLE
/etc/shorewall6/zones: #ZONE TYPE OPTION fw firewall net ipv6 sam:net ipv6 loc ipv6 /etc/shorewall6/interfaces: #ZONE INTERFACE BROADCAST OPTIONS - eth0 detect blacklist loc eth1 detect /etc/shorewall6/hosts: #ZONE HOST(S) OPTIONS net eth0:[::] sam eth0:[2001:19f0:feee::dead:beef:cafe] /etc/shorewall6/policy: #SOURCE DEST POLICY LOG LEVEL loc net ACCEPT sam all CONTINUE net all DROP info all all REJECT info The second entry above says that when Sam is the client, connection requests should first be processed under rules where the source zone is sam and if there is no match then the connection request should be treated under rules where the source zone is net. It is important that this policy be listed BEFORE the next policy (net to all). You can have this policy generated for you automatically by using the IMPLICIT_CONTINUE option in shorewall6.conf[3](5). Partial /etc/shorewall6/rules: #ACTION SOURCE DEST PROTO DEST PORT(S) ... ACCEPT sam loc:2001:19f0:feee::3 tcp ssh ACCEPT net loc:2001:19f0:feee::5 tcp www ... Given these two rules, Sam can connect with ssh to 2001:19f0:feee::3. Like all hosts in the net zone, Sam can connect to TCP port 80 on 2001:19f0:feee::5. The order of the rules is not significant. FILES
/etc/shorewall6/zones /etc/shorewall6/interfaces /etc/shorewall6/hosts /etc/shorewall6/policy /etc/shorewall6/rules SEE ALSO
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5) NOTES
1. shorewall6-zones http://www.shorewall.net/manpages6/shorewall-zones.html 2. shorewall6-policy http://www.shorewall.net/manpages6/shorewall6-policy.html 3. shorewall6.conf http://www.shorewall.net/manpages6/shorewall6.conf.html [FIXME: source] 06/28/2012 SHOREWALL6-NESTING(5)