|
|
Sponsored Content
Operating Systems
Solaris
building solaris-based enterprise router-firewall project
Post 302324332 by stdout on Wednesday 10th of June 2009 01:13:06 PM
06-10-2009
building solaris-based router-firewall project
hi guys,
its been a while since my last visit here,
could not keep up the pace on this ever changing industry
i'd just doing my home research under vmware to make a solaris-based router-firewall using zones - doing a lot of reading about zones & review solaris zone functionality.
and now, i'm a bit stuck interpreting these ip-type=shared and ip-type=exclusive under the non-global zone. i mean, cant i just have that NIC belongs to a non-global zone without being plumbed under the global-zone?
i'm sorry for this long question, but i'll make it short - does anyone has done this before?
my scenario is :
a stripped down SXCE using 3-NICs - so that it will be a 3-legs firewall :
global-zone=LAN interface, NIC#1,
WAN, NIC#2
DMZ, NIC#3
and, i also like to have somekind of tunnel interface between zones - so that the traffic entering WAN from LAN doesnt have to go out from the NIC?
so, is there any possibilities to do this setup?
any constructive input would be very appreciated.
thank you.
-----Post Update-----
addition :
on my current setup - under the global zone, i have 3 NICs - and each one having subinterface for the non-global zone, so
lo0 127/8
lo0.1 WAN 127/8
lo0.2 DMZ 127/8
pcn0 global 192.168.10.1/24
pcn1.0 global 0/8
pcn1.1 WAN 10.0.0.1/24
pcn2.0 global 0/8
pcn2.1 DMZ 172.16.0.1/24
so, all this interface are ip shared.
what i mean is that : can i just have that pcn1 belongs to WAN, pcn2 to DMZ without using the global zone as host?
thanks
its been a while since my last visit here,
could not keep up the pace on this ever changing industry
i'd just doing my home research under vmware to make a solaris-based router-firewall using zones - doing a lot of reading about zones & review solaris zone functionality.
and now, i'm a bit stuck interpreting these ip-type=shared and ip-type=exclusive under the non-global zone. i mean, cant i just have that NIC belongs to a non-global zone without being plumbed under the global-zone?
i'm sorry for this long question, but i'll make it short - does anyone has done this before?
my scenario is :
a stripped down SXCE using 3-NICs - so that it will be a 3-legs firewall :
global-zone=LAN interface, NIC#1,
WAN, NIC#2
DMZ, NIC#3
and, i also like to have somekind of tunnel interface between zones - so that the traffic entering WAN from LAN doesnt have to go out from the NIC?
so, is there any possibilities to do this setup?
any constructive input would be very appreciated.
thank you.
-----Post Update-----
addition :
on my current setup - under the global zone, i have 3 NICs - and each one having subinterface for the non-global zone, so
lo0 127/8
lo0.1 WAN 127/8
lo0.2 DMZ 127/8
pcn0 global 192.168.10.1/24
pcn1.0 global 0/8
pcn1.1 WAN 10.0.0.1/24
pcn2.0 global 0/8
pcn2.1 DMZ 172.16.0.1/24
so, all this interface are ip shared.
what i mean is that : can i just have that pcn1 belongs to WAN, pcn2 to DMZ without using the global zone as host?
thanks
Last edited by stdout; 08-02-2009 at 03:44 AM..
|
|
6 More Discussions You Might Find Interesting
1. IP Networking
Hi,
I came across this forum looking for some help, Iam new to Unix/Linux and am need in help of some basic problems. I myself am a networker and know a bit about networking hardware and theory. If you have any questions i am available to assist.
I am running a Caldera Box, with Kernel 2.2,... (4 Replies)
Discussion started by: riles
4 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have a build script in perl to build projects in my team.It is using MakeMaker.I have a problem now.When I build a project and a tarball is created,I untar the tarball to get the files.Now the files have "rwx-r_x-r_x" permssions. While I want "rwx-rwx-rwx" for all files. i am not too sure... (0 Replies)
Discussion started by: abhinavsinha
0 Replies
3. Cybersecurity
HI all,
I have setup IPTables firewall/Router and my home network, with address space 192.168.10.XXX
Form my private network hosts, i can ping the gateway ( 192.168.10.101 ) , but the reverse is not happening.
Can someone help me as of what i need to do, so that i can ping my private... (1 Reply)
Discussion started by: chandan_m
1 Replies
4. UNIX and Linux Applications
Hi,
I've installed firewall builder into my operating system (PCLinuxOS) from the repository. Now I need to configure and make run firewall builder in the main server (production server) of my company.
The technique that I want to use is pushing the script from my laptop (where I've got the... (3 Replies)
Discussion started by: anaigini45
3 Replies
5. Programming
Hey guys! this is my first post on this site. I was hoping you guys could help me out. I am going to be a senior this year and I want to build an operating system from scratch or at least do as much of as I can by myself. I want to build nothing big like ubuntu but something smaller looking that... (10 Replies)
Discussion started by: Hoonathan
10 Replies
6. Solaris
Hi friends,
I am a Computer Science student, and about to do my final year project. I am a big lover of Solaris and SPARC RISC computers, and I want to work on those computers in future. I want to become a System Administrator/Security Administrator etc on the Solaris stuff. Could you please tell... (1 Reply)
Discussion started by: gabam
1 Replies
LEARN ABOUT OPENSOLARIS
brands
brands(5) Standards, Environments, and Macros brands(5) NAME
brands - alternate operating environments for non-global zones DESCRIPTION
The branded zone (BrandZ) framework extends the Solaris Zones infrastructure described in zones(5) to include the creation of brands, which provide non-global zones that contain non-native operating environments. The term "brand" can refer to a wide range of operating environments. All brand management is performed as extensions to the current zones structure. Every zone is configured with an associated brand. The brand type is used to determine which scripts are executed when a zone is installed and booted. In addition, a zone's brand is used to properly identify the correct application type at application launch time. The default is the native brand. A branded zone will support exactly one brand of non-native binary, which means that a branded zone provides a single operating environ- ment. Once a zone has been assigned a brand, that brand cannot be changed or removed. BrandZ extends the zones tools in the following ways: o A brand is an attribute of a zone, set at zone create time. o The zonecfg tool (see zonecfg(1M)) is used to set a zone's brand type and configure the zone. o The zoneadm tool (see zoneadm(1M)) is used to report a zone's brand type and administer the zone. Device Support The devices supported by each zone are documented in the man pages and other documentation for that brand. The zones infrastructure detects any attempt to add an unsupported device and issues a warning to the administrator. If the administrator chooses to add an unsupported device despite that warning, that device might or might not work as expected. The configuration will be untested and unsupported. ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWzoneu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
mdb(1), zlogin(1), zonename(1), dtrace(1M), in.rlogind(1M), sshd(1M), zoneadm(1M), zonecfg(1M), kill(2), priocntl(2), getzoneid(3C), ucred_get(3C), getzoneid(3C), proc(4), attributes(5), lx(5), native(5), privileges(5), zones(5), lx_systrace(7D), crgetzoneid(9F) SunOS 5.11 13 Feb 2009 brands(5)