4

Our Solaris admin quit. We are building a new system. I have been tasked to help.

I have a Solaris box with a global zone and 15 non-global zones. Some NGZs can ssh to other NGZ. Many cannot ssh at all. I can zlogin from GZ to all NGZ.

Here is how I have tried to troubleshoot:

1) copy a master hosts file to all zones 2) ssh -vvv somehost* (for problem zones this hangs at " debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 22." 3) telnet somehost 22 (for problem zones this never connects)

One last caveat: I was told there was a firewall NGZ built in the original design that was never implemented, but no way to prove it.

How can I track down the source blocking these ports

Marinaio
  • 298
  • 5
  • 15
  • 1
    I think you may want this article: https://docs.oracle.com/cd/E19044-01/sol.containers/817-1592/z.admin.ov-9/index.html Specifically the "Shared-IP Network Interfaces" section. – jesse_b Oct 27 '17 at 20:09

1 Answers1

1

On the global zone, can you display the output of zoneadm list -iv?

Also, for you're problem zone, from the global as root, have you tried: zlogin -C <zone_name> to get to the zone's console? Perhaps it was never fully setup and will prompt you to do some configuration. If that's not it, at least you'll have a way to get into the zone to verify it's state (ie: svcs -xv; and looking at /var/adm/messages).

sleepyweasel
  • 1,013
  • 5
  • 11