Solaris 11 zones, networking and blocked ports
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
Our Solaris admin quit. We are building a new system. I have been tasked to help.
I have a Solaris box with a global zone and 15 non-global zones.
Some NGZs can ssh to other NGZ. Many cannot ssh at all. I can zlogin from GZ to all NGZ.
Here is how I have tried to troubleshoot:
1) copy a master hosts file to all zones
2) ssh -vvv somehost* (for problem zones this hangs at " debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 22."
3) telnet somehost 22 (for problem zones this never connects)
One last caveat: I was told there was a firewall NGZ built in the original design that was never implemented, but no way to prove it.
How can I track down the source blocking these ports
networking firewall solaris-zones
asked Oct 27 '17 at 19:56
Marinaio
898
add a comment |Â
up vote
3
down vote
favorite
Our Solaris admin quit. We are building a new system. I have been tasked to help.
I have a Solaris box with a global zone and 15 non-global zones.
Some NGZs can ssh to other NGZ. Many cannot ssh at all. I can zlogin from GZ to all NGZ.
Here is how I have tried to troubleshoot:
1) copy a master hosts file to all zones
2) ssh -vvv somehost* (for problem zones this hangs at " debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 22."
3) telnet somehost 22 (for problem zones this never connects)
One last caveat: I was told there was a firewall NGZ built in the original design that was never implemented, but no way to prove it.
How can I track down the source blocking these ports
networking firewall solaris-zones
asked Oct 27 '17 at 19:56
Marinaio
898
1
I think you may want this article: docs.oracle.com/cd/E19044-01/sol.containers/817-1592/… Specifically the "Shared-IP Network Interfaces" section.
– Jesse_b
Oct 27 '17 at 20:09
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
Our Solaris admin quit. We are building a new system. I have been tasked to help.
I have a Solaris box with a global zone and 15 non-global zones.
Some NGZs can ssh to other NGZ. Many cannot ssh at all. I can zlogin from GZ to all NGZ.
Here is how I have tried to troubleshoot:
1) copy a master hosts file to all zones
2) ssh -vvv somehost* (for problem zones this hangs at " debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 22."
3) telnet somehost 22 (for problem zones this never connects)
One last caveat: I was told there was a firewall NGZ built in the original design that was never implemented, but no way to prove it.
How can I track down the source blocking these ports
networking firewall solaris-zones
asked Oct 27 '17 at 19:56
Marinaio
898
Our Solaris admin quit. We are building a new system. I have been tasked to help.
I have a Solaris box with a global zone and 15 non-global zones.
Some NGZs can ssh to other NGZ. Many cannot ssh at all. I can zlogin from GZ to all NGZ.
Here is how I have tried to troubleshoot:
1) copy a master hosts file to all zones
2) ssh -vvv somehost* (for problem zones this hangs at " debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 22."
3) telnet somehost 22 (for problem zones this never connects)
One last caveat: I was told there was a firewall NGZ built in the original design that was never implemented, but no way to prove it.
How can I track down the source blocking these ports
networking firewall solaris-zones
asked Oct 27 '17 at 19:56
Marinaio
898
asked Oct 27 '17 at 19:56
Marinaio
898
asked Oct 27 '17 at 19:56
Marinaio
898
asked Oct 27 '17 at 19:56
Marinaio
898
898
1
I think you may want this article: docs.oracle.com/cd/E19044-01/sol.containers/817-1592/… Specifically the "Shared-IP Network Interfaces" section.
– Jesse_b
Oct 27 '17 at 20:09
add a comment |Â
1
I think you may want this article: docs.oracle.com/cd/E19044-01/sol.containers/817-1592/… Specifically the "Shared-IP Network Interfaces" section.
– Jesse_b
Oct 27 '17 at 20:09
1
1
I think you may want this article: docs.oracle.com/cd/E19044-01/sol.containers/817-1592/… Specifically the "Shared-IP Network Interfaces" section.
– Jesse_b
Oct 27 '17 at 20:09
I think you may want this article: docs.oracle.com/cd/E19044-01/sol.containers/817-1592/… Specifically the "Shared-IP Network Interfaces" section.
– Jesse_b
Oct 27 '17 at 20:09
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
On the global zone, can you display the output of zoneadm list -iv?
Also, for you're problem zone, from the global as root, have you tried: zlogin -C <zone_name> to get to the zone's console? Perhaps it was never fully setup and will prompt you to do some configuration. If that's not it, at least you'll have a way to get into the zone to verify it's state (ie: svcs -xv; and looking at /var/adm/messages).
answered Dec 1 '17 at 17:28
sleepyweasel
86319
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
On the global zone, can you display the output of zoneadm list -iv?
Also, for you're problem zone, from the global as root, have you tried: zlogin -C <zone_name> to get to the zone's console? Perhaps it was never fully setup and will prompt you to do some configuration. If that's not it, at least you'll have a way to get into the zone to verify it's state (ie: svcs -xv; and looking at /var/adm/messages).
answered Dec 1 '17 at 17:28
sleepyweasel
86319
add a comment |Â
up vote
0
down vote
On the global zone, can you display the output of zoneadm list -iv?
Also, for you're problem zone, from the global as root, have you tried: zlogin -C <zone_name> to get to the zone's console? Perhaps it was never fully setup and will prompt you to do some configuration. If that's not it, at least you'll have a way to get into the zone to verify it's state (ie: svcs -xv; and looking at /var/adm/messages).
answered Dec 1 '17 at 17:28
sleepyweasel
86319
add a comment |Â
up vote
0
down vote
up vote
0
down vote
On the global zone, can you display the output of zoneadm list -iv?
Also, for you're problem zone, from the global as root, have you tried: zlogin -C <zone_name> to get to the zone's console? Perhaps it was never fully setup and will prompt you to do some configuration. If that's not it, at least you'll have a way to get into the zone to verify it's state (ie: svcs -xv; and looking at /var/adm/messages).
answered Dec 1 '17 at 17:28
sleepyweasel
86319
On the global zone, can you display the output of zoneadm list -iv?
Also, for you're problem zone, from the global as root, have you tried: zlogin -C <zone_name> to get to the zone's console? Perhaps it was never fully setup and will prompt you to do some configuration. If that's not it, at least you'll have a way to get into the zone to verify it's state (ie: svcs -xv; and looking at /var/adm/messages).
answered Dec 1 '17 at 17:28
sleepyweasel
86319
answered Dec 1 '17 at 17:28
sleepyweasel
86319
answered Dec 1 '17 at 17:28
sleepyweasel
86319
answered Dec 1 '17 at 17:28
sleepyweasel
86319
86319
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f400956%2fsolaris-11-zones-networking-and-blocked-ports%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
I think you may want this article: docs.oracle.com/cd/E19044-01/sol.containers/817-1592/… Specifically the "Shared-IP Network Interfaces" section.
– Jesse_b
Oct 27 '17 at 20:09