The restricted and webservice zones are assigned a private IP address in addition to the IP address that they already share. Each private IP address has a multilevel port configured and is associated with a restricted label set.
The following table shows the network configuration for each of the labeled zones.
|
First, you must create the new zones. You can clone an existing zone, such as the public zone. After these zones are created, use the zonecfg command to add a network (with the address specified in the table) and your local interface name.
For example, the following command associates the 10.4.5.6 IP address and the bge0 interface with the restricted zone:
# zonecfg -z restricted add net set address=10.4.5.6 set physical=bge0 end exit
After you specify the IP address and network interface for each labeled zone, use the txzonemgr script to configure the remaining values in the table. When you finish the configuration process, start or restart the affected zones. In the global zone, add routes for the new addresses, where shared-IP-addr is the shared IP address.
# route add proxy shared-IP-addr # route add webservice shared-IP-addr