From: James Noyes (jnoyes-sml@retrogeeks.com)
Date: Mon Jun 14 2004 - 02:25:21 EDT
Fellow Managers -
Does anyone out there have any experience with SunScreen 3.2 and
using SKIP to make a separate admin station and screen setup? I've been
through the install/configure/troubleshoot/uninstall/lather/rinse/repeat
cycle about 5 times now and I simply *cannot* get my "admin" station to
talk to the "screen" system, no matter what I do. The two systems
communicate fine over a dedicated management LAN before I start the
installation, so I know the equipment is working.
I can't believe for a second this is supposed to be this difficult. I
need a "bridging" firewall, which SunScreen is supposed to be able to
provide, but I haven't even gotten so far as to even START configuring
the screen, and I've already pretty much run out of patience. I'm
starting to see why a Google search for "bridging firewall" brings up
several hundred sites explaining how to build a Linux machine using
ipfw, which is apparently the only other product that can be configured
as a bridging firewall. But I'm not ready to go down that road - not
just yet.
More details:
Admin station
Ultra 60, Solaris 9, full install, current patches
Two network interfaces - hme on "private" LAN, gig-e on "internal" LAN
SKIP and SunScreen management software installed and configured per the
SunScreen docs
Screen system
Ultra 1, Solaris 9, core install, additional packages as required per
SunScreen documentation
Three network interfaces - hme on "private" LAN, hme on "external" LAN,
gig-e on "internal" LAN
SunScreen firewall software installed and configured per the SunScreen
docs
The goal is to have the screen bridge between the external hme and
internal gig-e with stealth screening, and use the private hme to
provide the management interface, managed from the U60.
The U60 and the U1 can communicate across the private LAN perfectly
until the SunScreen/SKIP software is installed and configured. I have
followed the steps in the SunScreen docs several times. The install and
configure seem to follow the given steps reasonably well, and the
results look like what's to be expected at each step. I simply cannot
get the machines to communicate once SKIP is active. No ping, no
nothing. At this point, the docs, especially from a troubleshooting
perspective, are borderline useless. They make the assumption that once
the steps given are followed, things will simply work, and when things
don't work they give you almost no guidance in figuring out why.
Looking forward to any input, and with the assumption that I can ever get this to work, I'll be happy to summarize.
James Noyes
(jnoyes-sml@retrogeeks.com)
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:51 EDT