Robert Bailey wrote: > I have a few questions on the TX extensions 42a. > > I'm trying to configure a dual homed server with TX installed. I can > ssh out of both interfaces/subnets but cannot ssh into them. Is > there a way to rout the ssh demon from the global zone to a specific > trusted zone? SSHD is running on all zones.
> > Should the "public" non-secured network be setup as template: _unlab > instead of cipso? You should create unique network templates with the host type of unlabeled, with the default label corresponding to the label you have assigned to each zone. The IP addresses of the zones will still use the cipso template, but the IP addresseses of external hosts or networks should be assigned one of these unlabeled templates. > And is it possible to have different IP addresses at different > templates on the same subnet? Yes. Each remote host could have is own network template assignment. > > I was wondering if anyone else is using the Trusted Extensions and > has firefox coredumping on them. This could be a configuration issue > on my end. Window opens but seems to die when generating the firefox > menu. I am running Firefox. It does seem to core dump about once a day, whereas Mozilla does not. > > P.S. I'd kill for the docs on this. The Arch guide is good, but if > anyone has a practical guide I'd buy the beer. We plan to make most of the docs available by the end of the month. I will also be providing some usage examples on my blog. We look forward to receiving your feedback. --Glenn > > Bob Bailey > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
