Home > Default > Open ports in zones

Open ports in zones

October 11Hits:1
I am encountering a strange behavior in new zones created using zonemgr 2.0.6 (this is the only way I create zones, so I do not know if the issue is more general). When I create a new zone, two strange things are happening:
1. Immediately after the zone is created, no services are running, not even ssh
2. About 10 minutes later, a whole bunch of services are running. Most of these are not running on the global zone.
For reference, nmap output on the global zone is the following:
[[email protected]:~] $ nmap t2000
Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 20:51 EST
Interesting ports on
Not shown: 991 closed ports
22/tcp open ssh
111/tcp open rpcbind
2161/tcp open apc-agent
3052/tcp open powerchute
4045/tcp open lockd
32774/tcp open sometimes-rpc11
32775/tcp open sometimes-rpc13
32776/tcp open sometimes-rpc15
32777/tcp open sometimes-rpc17
The new zone is created using the following zonemgr arguments:
[[email protected]:~/zonecfgs] # more ./temp.sh
./zonemgr -a add -n drenkhah -z "/export/zones" -P "root_pw" -I "|e1000g0|25|drenkhah" -R "/root|/usr/bin/bash" -s "basic|lock"
zone creation output is as follows:
[[email protected]:~/zonecfgs] # ./temp.sh
Checking to see if the zone IP address ( is already in use...IP is available.
cannot create '/drenkhah': leading slash in name
chmod: WARNING: can't access /export/zones/drenkhah
chown: /export/zones/drenkhah: No such file or directory
Zone drenkhah will be placed in the following directory: /export/zones/drenkhah
Preparing to install zone <drenkhah>.
Creating list of files to copy from the global zone.
Copying <2568> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1042> packages on the zone.
Initialized <1042> packages on zone.
Zone <drenkhah> is initialized.
The file </export/zones/drenkhah/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
Creating the sysidcfg file for automated zone configuration.
Booting zone for the first time.
Waiting for first boot tasks to complete.
Waiting for automatic post-install reboot to complete
Updating netmask information.
Updating /etc/inet/hosts of the global zone with the drenkhah IP information.
Generating ssh host keys. Details in the (/root/.zonemgr/zone28330-ssh.log) file.
svcadm: Pattern 'svc:/network/ssh' doesn't match any instances
Setting the root user's home directory to /root
Setting the root user's shell to /usr/bin/bash
Disabling un-necessary services via basic method for the default services.
Zone drenkhah is complete and ready to use.
nmap output just after creating the zone is as follows:
[[email protected]:~] $ nmap drenkhah
Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 17:53 EST
All 1000 scanned ports on are closed
Nmap done: 1 IP address (1 host up) scanned in 29.39 seconds
nmap output 17 minutes later is as follows:
[[email protected]:~] $ nmap drenkhah
Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 18:10 EST
Interesting ports on
Not shown: 986 closed ports
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
79/tcp open finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
587/tcp open submission
4045/tcp open lockd
6112/tcp open dtspc
6788/tcp open unknown
6789/tcp open ibm-db2-admin
7100/tcp open font-service
Nmap done: 1 IP address (1 host up) scanned in 29.25 seconds
Note that there are many open ports
# uname -a
SunOS t2000 5.10 Generic_137137-09 sun4v sparc SUNW,Sun-Fire-T200


The Leopard OS X firewall is application based and not port based. Honestly, I haven't played with it enough to know for certain how to answer your question.
But... when you do connection sharing, you're essentially doing a port based NAT for the systems on the other side of your Mac. This pretty much keeps you from initiating anything to the other system even without a local firewall unless you were to configure port forwarding.
As for blocking packets, you would need to use the 'ipfw' command to do things at the port level.

Read other 5 answers


Related Articles

  • Open ports in zonesOctober 11

    I am encountering a strange behavior in new zones created using zonemgr 2.0.6 (this is the only way I create zones, so I do not know if the issue is more general). When I create a new zone, two strange things are happening: 1. Immediately after the z

  • Firewall ports for Zone Sharing and Subscription?November 30

    Hi again! What firewall ports need to be open for Zone Sharing and Subscription?...Hello, we updated from 11.3.1 to 11.3.2 Now i can not run the command chkconfig -a novell-proxydhcp to set the proxydhcp to autorun because i get...Read other 8 answer

  • Entire environment on one machine with zonesNovember 30

    I've been pondering some of what zones can do, and it occurred to me that one could build an entire reasonably secure environment using one machine with multiple zones... * Global zone with no network ports active, console only * One zone for firewal

  • Simple parallel port controlNovember 30

    Hi, I am new in programing and what I need to do is to maintain 5V on 4(any 4, cause I can hook the wires to any pins I wanna to) of the 25 pins of the parallel port. and at specific time I need to press a button to let the voltage drop(a signal) to

  • DN-1050 Zone 2 - not enough speaker connectionsNovember 30

    Hello - I am a new one to the AV world so this may be a ignorant question but here it goes: I Just bought the Sony Dn 1050 because I have a 2 Zone house. Zone one is the living room while Zone 2 is the outside area. The issue I need advice on is I ha

  • Only one IP is Picked for SCANNovember 30

    Hi guys, I'm trying to setup a 11gR2 RAC on Linux 5.5 on a Virtualbox environment (Host OS : Windows 7 and guest OSs: Linux 5.5). Grid installation goes on up "Net Configuration Assistant" and fails. When the SCAN configurations are checked, it

  • How do u input the printer output into labview and display the data?November 30

    Hi, basically when a program has done running the program prints a page of data. basically i want labview to read this data from the parallel port of the pc, display it in labview or be able to pull the data apart and put it where i want. any ideas,

  • Fetching the DNS serversNovember 30

    Hi In java version 1.4 How can i get the list of the DNS servers configured on my operating system? And how can I change the current (primary) dns server the InetAddress class is resolving the hosts with to another one? Thanks[[email protected] ~]# cat /e

  • Using BNC2110 DAQ In Order to Control Stepper MotorNovember 30

    So basically my goal here is to use LabView to control the direction and the steps of the stepper motor. I have BNC 2110 (connected to PC), Lin Engineering's 4218M-54P-04 Stepper Motor, and Lin Engineering's R701 Stepper Motor Driver. The specificati

  • Howto: Zones in private subnets using ipfilter's NAT and Port forwardingOctober 11

    This setup supports the following features: * Requires 1 Network interface total. * Supports 1 or more public ips. * Allows Zone to Zone private network traffic. * Allows internet access from the global zones. * Allows direct (via ipfilter) internet

Copyright (C) 2019 wisumpire.com, All Rights Reserved. webmaster#wisumpire.com 14 q. 0.890 s.