crossbow discuss - May 2008 - silly questions

Rather than trying to see if this will work, I thought that it was
best to simply ask the good folks on crossbow if the following
scenario is currently supported:

I have a box with an inbound NAT mapping that maps an inbound public
IP addr to a private address (192.168.93.*).  The system is running nv
build 84 and is a SPARC box.  Usually, the only connectivity to this
box is via SSH from the internet at large.

What I''d like to do, is provision a zone on this box, where the
"owner" of this zone would use it to publish webpages via HTTP/HTTPS
and also have the ability to SSH directly to his personal zone (in
which he''ll have root privilidges).  Why not simply create a separate
public address and assigned it to the owner of the (http) zone?
Because public IPs are in really short supply.  Why not let the user
simply use the global zone - because then it''s likely we''ll
get into a
case of finger pointing - especially if something goes wrong on the
box.

So; question: Can crossbow provide a virtual address that would allow
the 2nd zone (owner) to gain SSH access to his zone?  Can crossbow
allow the zone user to publish web content to a VNIC and have it
visible to the internet on the same physical ethernet port that the
global zone is using - except that the ports will be different?

I guess my real issue is trying to figure out where the project is
currently at - in terms of what''s working or what still needs work.  I
know that untimately Crossbox will be able to provide the required
functionality.

Thanks,

-- 
Al Hopper  Logical Approach Inc,Plano,TX al at logical-approach.com
                   Voice: 972.379.2133 Timezone: US CDT
OpenSolaris Governing Board (OGB) Member - Apr 2005 to Mar 2007
http://www.opensolaris.org/os/community/ogb/ogb_2005-2007/

Al,

This is certainly possible and all the functionality is there in
Crossbow bits. I think Nicolas did a blog just for this functionality.
Have a look at http://blogs.sun.com/droux. I also did a blog for
more elaborate configurations within a box. You can check that
http://blogs.sun.com/sunay

I think if you set the NAT rules correctly, the config below
should work with Crossbow beta bits available (and a beta
refresh due out in few days).

Cheers,
Sunay

Al Hopper wrote:
> Rather than trying to see if this will work, I thought that it was
> best to simply ask the good folks on crossbow if the following
> scenario is currently supported:
> 
> I have a box with an inbound NAT mapping that maps an inbound public
> IP addr to a private address (192.168.93.*).  The system is running nv
> build 84 and is a SPARC box.  Usually, the only connectivity to this
> box is via SSH from the internet at large.
> 
> What I''d like to do, is provision a zone on this box, where the
> "owner" of this zone would use it to publish webpages via
HTTP/HTTPS
> and also have the ability to SSH directly to his personal zone (in
> which he''ll have root privilidges).  Why not simply create a
separate
> public address and assigned it to the owner of the (http) zone?
> Because public IPs are in really short supply.  Why not let the user
> simply use the global zone - because then it''s likely
we''ll get into a
> case of finger pointing - especially if something goes wrong on the
> box.
> 
> So; question: Can crossbow provide a virtual address that would allow
> the 2nd zone (owner) to gain SSH access to his zone?  Can crossbow
> allow the zone user to publish web content to a VNIC and have it
> visible to the internet on the same physical ethernet port that the
> global zone is using - except that the ports will be different?
> 
> I guess my real issue is trying to figure out where the project is
> currently at - in terms of what''s working or what still needs
work.  I
> know that untimately Crossbox will be able to provide the required
> functionality.
> 
> Thanks,
> 

-- 
Sunay Tripathi
Distinguished Engineer
Solaris Core Operating System
Sun MicroSystems Inc.

Solaris Networking:     http://www.opensolaris.org/os/community/networking
Project Crossbow:       http://www.opensolaris.org/os/project/crossbow