I want to install a zone on the server 't2.math.washington.edu'. That machine is 
a Sun T5240 running Solaris 10. In that zone, I'd like to run Sage


http://www.sagemath.org/

which is maths software, with a web-based interface. It is basically a web 
server running on port 8000.

Is it possible to direct traffic on port 8000 of that the server 
't2.math.washington.edu' to the zone? Or would I need to get another public IP 
address for the zone? The application (Sage) running in the zone needs to be 
accessible to anyone.

If it is possible to do this without another public IP, can anyone tell me the 
steps needed?

Dave
-- 
I respectfully request that this message is not archived by companies as
unscrupulous as 'Experts Exchange' . In case you are unaware,
'Experts Exchange'  take questions posted on the web and try to find
idiots stupid enough to pay for the answers, which were posted freely
by others. They are leeches.

Dave pisze:
> I want to install a zone on the server 't2.math.washington.edu'. That 
> machine is a Sun T5240 running Solaris 10. In that zone, I'd like to run 
> Sage
> 
> 
> http://www.sagemath.org/
> 
> which is maths software, with a web-based interface. It is basically a 
> web server running on port 8000.
> 
> Is it possible to direct traffic on port 8000 of that the server 
> 't2.math.washington.edu' to the zone? Or would I need to get another 
> public IP address for the zone? The application (Sage) running in the 
> zone needs to be accessible to anyone.
> 
> If it is possible to do this without another public IP, can anyone tell 
> me the steps needed?
> 
> Dave
Hi, on Solaris 10 box the following should be sufficient:

in /etc/ipf/ipnat.conf put:
rdr <interface> <glabal zone ip>/32 port 8000 -> <zone ip> port 8000

then:
svcadm restart network/pfil
svcadm restart ipfilter

-- 
Michał Marek Gryko czasem zwany Odkurzaczem.

On Wed, 02 Dec 2009 02:46:56 +0000
Dave <foo@coo.com> wrote:

> I want to install a zone on the server 't2.math.washington.edu'. That
> machine is a Sun T5240 running Solaris 10. In that zone, I'd like to
> run Sage
> 
> 
> http://www.sagemath.org/
> 
> which is maths software, with a web-based interface. It is basically
> a web server running on port 8000.
> 
> Is it possible to direct traffic on port 8000 of that the server 
> 't2.math.washington.edu' to the zone? Or would I need to get another
> public IP address for the zone? The application (Sage) running in the
> zone needs to be accessible to anyone.
> 
> If it is possible to do this without another public IP, can anyone
> tell me the steps needed?

How to do this depends on the network setup. If t2.math.washington.edu
is behind a router (probably) or behind a reverse proxy, it can be done
through the configuration of these devices. Your zone is, to all
intents and purposes, a distinct network entity with its own IP address.

If you don't have access to the network, you can set up a reverse proxy
on t2.math.washington.edu and redirect the virtual server on port 8000
to the zone's IP address.

Alternatively, you could try your hand at ipfilter.

-- 
Stefaan A Eeckels
-- 
"Technically, Windows is an 'operating system,' which means that it
supplies your computer with the basic commands that it needs to
suddenly, with no warning whatsoever, stop operating." -Dave Barry 

odk wrote:
> Dave pisze:
>> I want to install a zone on the server 't2.math.washington.edu'. That 
>> machine is a Sun T5240 running Solaris 10. In that zone, I'd like to 
>> run Sage
>>
>>
>> http://www.sagemath.org/
>>
>> which is maths software, with a web-based interface. It is basically a 
>> web server running on port 8000.
>>
>> Is it possible to direct traffic on port 8000 of that the server 
>> 't2.math.washington.edu' to the zone? Or would I need to get another 
>> public IP address for the zone? The application (Sage) running in the 
>> zone needs to be accessible to anyone.
>>
>> If it is possible to do this without another public IP, can anyone 
>> tell me the steps needed?
>>
>> Dave
> Hi, on Solaris 10 box the following should be sufficient:
> 
> in /etc/ipf/ipnat.conf put:
> rdr <interface> <glabal zone ip>/32 port 8000 -> <zone ip> port 8000
> 
> then:
> svcadm restart network/pfil
> svcadm restart ipfilter
> 

Cheers, if that works, it will make life a lot easier. It might actually be 
preferable to use port 80 on the global zone, so I assume I can substitute 80 
for the first number.

Does this work if the IP of the zone is a private IP address like 192.168.x.y, 
whereas the global zone is a public IP address?

Dave
-- 
I respectfully request that this message is not archived by companies as
unscrupulous as 'Experts Exchange' . In case you are unaware,
'Experts Exchange'  take questions posted on the web and try to find
idiots stupid enough to pay for the answers, which were posted freely
by others. They are leeches.

Dave pisze:
> 
> Cheers, if that works, it will make life a lot easier. It might actually 
> be preferable to use port 80 on the global zone, so I assume I can 
> substitute 80 for the first number.
> 
> Does this work if the IP of the zone is a private IP address like 
> 192.168.x.y, whereas the global zone is a public IP address?
> 
> Dave

This should help You:
http://www.obfuscation.org/ipf/ipf-howto.txt
4.5 on page 29

-- 
Michał Marek Gryko czasem zwany Odkurzaczem.

In article <4b162101@212.67.96.135>, Dave  <foo@coo.com> wrote:
>Does this work if the IP of the zone is a private IP address like 192.168.x.y, 
>whereas the global zone is a public IP address?

Yes, easily, under Indiana and Nevada with Crossbow vnics.
<URL:http://docs.sun.com/app/docs/doc/819-6990>
| docs.sun.com Home  > OpenSolaris System Administrator Collection  >
| System Administration Guide: Network Interfaces and
| Network Virtualization  > Network Virtualization and
| Resource Management  > 11.  Configuring Virtual Networks (Tasks)   >
| Configuring a Private Virtual Network  > How to Create Etherstubs and
| VNICs for the Private Virtual Network

Yes, with some hackery, under Solaris 10.

John
groenveld@acm.org