We have several zones running on an OmniOS server that use exclusive 
addressing but in the same subnet at the global zone. These work fine.

We now need to set up a couple of zones that have their own subnet, but 
talk to the outside world through the global zone. These will need to be 
network isolated from the existing zones and with access controlled, 
presumably by ipf/ipnat filtering done in the global zone. I’m having 
difficulty setting this up. It is readily admitted on the ‘net that 
Solaris network config is different to anything else, and that it has 
moved on in stages from the old hosts, hostname etc. files that were so 
easy back in the 80’s.

Could someone please point me to some documentation that is relevant to 
OmniOS. We’re not up to r151022 even yet. I can’t tell from what’s 
out there whether I should be using ipfilter config within svcs, or 
ipf/ipnat type files or what. Some things say I need an etherstub, 
others say I don’t. The <zone>.cfg file gives the zone a vmic, but the 
zone can’t see it, but the zone can use it ???

David the confused.

