If you have installed Solaris Trusted Extensions, you may want to try
the Safe Browsing environment that I use at Sun. The configuration is a
bit complicated, but I have provided most of the files in a compressed
tar file txdemo
which you can download. After uncompressing the file you should extract
it as root in the global zone. The tar file will extract into /opt/txdemo.
It is assumed that you will be using separate Firefox browsers in the
public and internal zones. The public zone will be used to access the
external Internet and the internal zone will be used for the internal
Intranet. To maintain network separation, a URL transfer service will
forward external URLs from your internal browser so that they can be
processed using the pubic browser.
Some of these files need to be customized or copied.
The manifest for the url-xfer
service needs to be copied into the
public zone which you will use to access the public Internet. You
should do this as root in the public zone. For example:
# cd /var/svc/manifest/application
# mkdir web
# cp /opt/txdemo/var/svc/manifest/application/web/url-xfer.xml web
The two proxy.pac scripts (public.pac, internal.pac
) should be
customized as described in each script. The values for urlProxy
should be changed as appropriate for your office environment.
You must configure your browser proxy settings approriately, via theConnection Settings
panel for Proxies. This is normally under thePreferences
For example, in the public browser you should specify the following URL:
In the internal browser you should specify the following URL:
The shell script ./bin/openURL
is specific to Firefox.
If you are using
a different browser you will need to customize this script. If themozilla-xremote-client
application is not in /usr/lib/firefox
need to correct the pathname.
In addition to these steps, you will need to specify the networking
policy for web access. All of the following steps can be done
graphically using the Computers and Networks
GUI in the Solaris
. If you prefer to do get your hands dirty, the files
can be edited by hand.
The port 8080 in the public zone must be specified as a Multilevel
Port. If you are using an all-zones IP address in the public zone, you
should specify the port of the shared IP address.
entry would look like this:
If the public zone has a unique IP address, you should specify the per-zone port. The entry should look like this:
You will need to create unlabeled hosts type entries for the public and
internal labels. The entries should look like this in/etc/security/tsol/tnrhtp
You should assign the public template to your corporate web proxy
server, and specify that the default template for your corporate
network is internal.
You will need entries like this in /etc/security/tsol/tnrhdb
# Corporate Proxy Servers
# Default Label for Corporate Intranet
You should reboot the public zone after the configuration is complete.
Then you should enable the service in the public zone as follows:
# svcadm enable url-xfer
You should now be able to run the demonstration. How'd it go?