Eric, The concepts are very similar to TSOL 8. A labeled zone can only communicate with an unlabeled host if the default label in trusted networking template for its IP address matches the label of the zone. You can verify this by running:
tninfo -h <the name or IP address of the remote host> It should show the template name. If it says admin_low, you need to create a custom unlabeled template for that label and assign it to that IP address or netmask. You need to run the tnctl command after editing the tn files. This part is the same as TSOL 8. Maybe you are confused because there is no tnidb file. Generally we rely on the per-zone configuration, instead. Zones can have their own logic network interfaces if you want. That is specified using the zonecfg command. Otherwise, by default, they will all share any interfaces that are specified as all-zones. This message posted from opensolaris.org
