diff --git a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml index 2e069cc3c7..adb4df0e33 100644 --- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml @@ -1,7 +1,7 @@ @@ -106,7 +106,7 @@ host2.foobar.com link#1 UC 0 0 rather than sending it out over the Ethernet interface. The two host2 lines are an example of what - happens when we use an ifconfig alias (see the section of Ethernet for + happens when we use an &man.ifconfig.8; alias (see the section of Ethernet for reasons why we would do this). The => symbol after the lo0 interface says that not only are we using the loopback (since this is address also refers to the @@ -272,7 +272,7 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) In one case, the machine as two Ethernet cards, each having an address on the separate subnets. Alternately, the machine may only - have one Ethernet card, and be using ifconfig aliasing. The former is + have one Ethernet card, and be using &man.ifconfig.8; aliasing. The former is used if two physically separate Ethernet networks are in use, the latter if there is one physical network segment, but two logically separate subnets. @@ -449,7 +449,7 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) Firewall support firewall If you are planning to use the bridge as a firewall, you will - need to add the IPFIREWALL option as well. Read IPFIREWALL option as well. Read for general information on configuring the bridge as a firewall. @@ -480,8 +480,8 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) net.link.ether.bridge=1 to /etc/sysctl.conf to enable the bridge at - runtime. If you want the bridged packets to be filtered by ipfw, you - should also add + runtime. If you want the bridged packets to be filtered by &man.ipfw.8;, + you should also add net.link.ether.bridge_ipfw=1 @@ -580,13 +580,14 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) mountd - The NFS Mount Daemon which - actually carries out requests that nfsd passes on to + actually carries out requests that &man.nfsd.8; passes on to it. - portmap - The portmapper daemon which - allows NFS clients to find out which port the NFS server is + portmap - The + portmapper daemon which allows NFS + clients to find out which port the NFS server is using. @@ -688,10 +689,10 @@ nfs_client_flags="-n 4" have permission to do so. Make sure your client is listed in your /etc/exports file. - It's important to remember that you must restart mountd + It's important to remember that you must restart mountd whenever you modify /etc/exports so that your changes take effect. This can be accomplished by sending - the hangup signal to the mountd process : + the hangup signal to the mountd process : &prompt.root; kill -HUP `cat /var/run/mountd.pid` @@ -924,7 +925,7 @@ nfs_client_flags="-n 4" - Set up a bootp server to provide the client with IP, gateway, + Set up a bootp server to provide the client with IP address, gateway, netmask. diskless:\ @@ -1030,14 +1031,14 @@ nfs_client_flags="-n 4" - A typical completely diskless cfg file might contain: + A typical completely diskless config file might contain: rootfs 192.1.2.3:/rootfs/myclient swapfs 192.1.2.3:/swapfs swapsize 20000 hostname myclient.mydomain - A cfg file for a machine with local swap might contain: + A config file for a machine with local swap might contain: rootfs 192.1.2.3:/rootfs/myclient hostname myclient.mydomain @@ -1066,12 +1067,13 @@ hostname myclient.mydomain If you are swapping over NFS (completely diskless configuration) create a swap file for your client using - dd. If your swapfs command - has the arguments /swapfs and the size 20000 - as in the example above, the swapfile for myclient will be called + dd. If your swapfs + command has the arguments /swapfs and + the size 20000 as in the example above, the swapfile for + myclient will be called /swapfs/swap.X.X.X.X - where X.X.X.X is the client's IP addr, - e.g.: + where X.X.X.X is the client's IP + address, e.g.: &prompt.root; dd if=/dev/zero of=/swapfs/swap.192.1.2.4 bs=1k count=20000 @@ -1446,7 +1448,7 @@ ISDN BRI line NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of Unix (originally SunOS) systems. It has now essentially become an - industry standard; all major Unices (Solaris, HP-UX, AIX, Linux, + industry standard; all major Unix systems (Solaris, HP-UX, AIX, Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. yellow pages (see NIS) @@ -1507,7 +1509,7 @@ ISDN BRI line ypserv. ypserv, which should only be running on NIS servers, is the NIS server - process itself. If ypserv dies, then the server will no longer be + process itself. If &man.ypserv.8; dies, then the server will no longer be able to respond to NIS requests (hopefully, there is a slave server to take over for it). @@ -2045,11 +2047,11 @@ nis_client_enable="YES" NIS Security - In general, any remote user can issue an RPC to ypserv and + In general, any remote user can issue an RPC to &man.ypserv.8; and retrieve the contents of your NIS maps, provided the remote user knows your domainname. To prevent such unauthorized transactions, - ypserv supports a feature called securenets which can be used to - restrict access to a given set of hosts. At startup, ypserv will + &man.ypserv.8; supports a feature called securenets which can be used to + restrict access to a given set of hosts. At startup, &man.ypserv.8; will attempt to load the securenets information from a file called /var/yp/securenets. @@ -2072,7 +2074,7 @@ nis_client_enable="YES" # this includes the machines in the testlab 10.0.0.0 255.255.240.0 - If ypserv receives a request from an address that matches one + If &man.ypserv.8; receives a request from an address that matches one of these rules, it will process the request normally. If the address fails to match a rule, the request will be ignored and a warning message will be logged. If the @@ -2081,8 +2083,9 @@ nis_client_enable="YES" The ypserv program also has support for Wietse Venema's tcpwrapper package. This allows the - administrator to use the tcpwrapper configuration files for access - control instead of /var/yp/securenets. + administrator to use the tcpwrapper configuration + files for access control instead of + /var/yp/securenets. While both of these access control mechanisms provide some @@ -2283,7 +2286,8 @@ basie&prompt.root; If you tried to implement these restrictions by separately blocking each user, you would have to add one - -user line to each system's passwd + -user line to each system's + passwd for each user who is not allowed to login onto that system. If you forget just one entry, you could be in trouble. It may be feasible to do this correctly during the initial setup, @@ -2304,7 +2308,7 @@ basie&prompt.root; configuration file to grant or deny access to machines. The first step is the initialization of the NIS map - netgroup. FreeBSD's ypinit does not create this map by + netgroup. FreeBSD's &man.ypinit.8; does not create this map by default, but its NIS implementation will support it once it has been created. To create an empty map, simply type @@ -2413,15 +2417,15 @@ ellington&prompt.user; ypcat -k netgroup.byuser these users are allowed to login. Unfortunately, this limitation also applies to the ~ - function of the shell and all routines converting between user - names and numerical user ids. In other words, cd - ~user will not work, ls - -l will show the numerical id instead of the - username and find . -user joe -print will - fail with No such user. To fix this, you will - have to import all user entries without - allowing them to login onto your servers. - + function of the shell and all routines converting between user + names and numerical user ids. In other words, + cd ~user will not work, + ls -l will show the numerical id instead of + the username and find . -user joe -print will + fail with No such user. To fix this, you will + have to import all user entries without allowing them + to login onto your servers. + This can be achieved by adding another line to /etc/master.passwd. This line should contain +:::::::::/sbin/nologin, meaning @@ -2884,10 +2888,10 @@ dhcp_flags="" FreeBSD utilizes, by default, a version of BIND (Berkeley Internet Name Domain), which is the most common implementation of the DNS protocol. DNS is the protocol through which names are mapped to - IPs, and vice versa. For example, a query for www.freebsd.org + IP addresses, and vice versa. For example, a query for www.freebsd.org will send back a reply for the IP address of The FreeBSD Project's - webpage, whereas, a query for ftp.freebsd.org will return the IP - of the corresponding FTP machine. Likewise, the opposite can + webpage, whereas, a query for ftp.freebsd.org will return the IP + address of the corresponding FTP machine. Likewise, the opposite can happen. A query for an IP address can resolve its hostname. @@ -2929,20 +2933,20 @@ dhcp_flags="" . is the root zone - org. is a zone under the root zone + org. is a zone under the root zone - foobardomain.org is a zone under the org. zone + foobardomain.org is a zone under the org. zone - foo.foobardomain.org. is a subdomain, a zone under the - foobardomain.org. zone + foo.foobardomain.org. is a subdomain, a zone under the + foobardomain.org. zone - 1.2.3.in-addr.arpa is a zone referencing all ips which fall - under the 3.2.1.* ip space. + 1.2.3.in-addr.arpa is a zone referencing all IP addresses + which fall under the 3.2.1.* IP space. @@ -2967,12 +2971,12 @@ dhcp_flags="" the particular zone - forward dns - mapping of hostnames to ip + forward dns - mapping of hostnames to IP addresses reverse DNS - reverse dns - the opposite, mapping of ip + reverse dns - the opposite, mapping of IP addresses to hostnames @@ -2991,8 +2995,8 @@ dhcp_flags="" - For example, you register foobardomain.org and wish - to assign hostnames to the proper IP addresses. + For example, you register foobardomain.org + and wish to assign hostnames to the proper IP addresses. @@ -3109,7 +3113,7 @@ dhcp_flags="" <filename>/etc/namedb/named.conf</filename> - // $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.59 2001/07/17 22:20:47 chern Exp $ + // $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.60 2001/07/17 23:33:25 chern Exp $ // // Refer to the named(8) man page for details. If you are ever going // to setup a primary server, make sure you've understood the hairy @@ -3327,13 +3331,13 @@ www IN CNAME @ The most commonly used DNS records: - SOA - start of zone authority - NS - an authoritative nameserver - A - A host address - CNAME - the canonical name for an + SOA - start of zone authority + NS - an authoritative nameserver + A - A host address + CNAME - the canonical name for an alias - MX - mail exchange - PTR - a domain name pointer (used in + MX - mail exchange + PTR - a domain name pointer (used in reverse dns) foobardomain.org. IN SOA ns1.foobardomain.org. admin.foobardomain.org. ( @@ -3344,21 +3348,23 @@ foobardomain.org. IN SOA ns1.foobardomain.org. admin.foobardomain.org. ( 86400 ) ; Minimum TTL of 1 day - foobardomain.org. - the domain name, also + foobardomain.org. - the domain name, also the origin for this zone file. - ns1.foobardomain.org. - the + ns1.foobardomain.org. - the primary/authoritative nameserver for this zone - admin.foobardomain.org. - the + admin.foobardomain.org. - the responsible person for this zone, e-mail address with @ - replaced. (admin@foobardomain.org becomes admin.foobardomain.org) + replaced. (admin@foobardomain.org becomes + admin.foobardomain.org) 5 - the serial number of the file. this must be incremented each time the zone file is modified. Nowadays, - many admins prefer a yyyymmddrr format for the serial number. + many admins prefer a yyyymmddrr format for the serial + number. 2001041002 would mean last modified 04/10/2001, the latter 02 being the second time the zone file has been modified this day. The serial number is important as it alerts slave nameservers for a zone @@ -3369,10 +3375,10 @@ foobardomain.org. IN SOA ns1.foobardomain.org. admin.foobardomain.org. ( @ IN NS ns1.foobardomain.org. - This is an NS entry. Every nameserver that is going to reply + This is an NS entry. Every nameserver that is going to reply authoritatively for the zone must have one of these entries. - The @ as seen here could have been 'foobardomain.org.' The @ - translates to the origin. + The @ as seen here could have been foobardomain.org. + The @ translates to the origin. @@ -3396,7 +3402,7 @@ www IN CNAME @ The canonical name record is usually used for giving aliases to a machine. In the example, www is aliased to the machine addressed to the origin, or foobardomain.org (3.2.1.30). - CNAMEs can be used to provide alias hostnames, or round + CNAMEs can be used to provide alias hostnames, or round robin one hostname among multiple machines. @@ -3405,7 +3411,7 @@ www IN CNAME @ - The MX record indicates which mail servers are responsible + The MX record indicates which mail servers are responsible for handling incoming mail for the zone. mail.foobardomain.org is the hostname of the mail server, and 10 being the priority of that mailserver. @@ -3420,7 +3426,8 @@ www IN CNAME @ For in-addr.arpa zone files (reverse dns), the same format is - used, except with PTR entries instead of A or CNAME. + used, except with PTR entries instead of + A or CNAME. $TTL 3600 @@ -3440,7 +3447,7 @@ www IN CNAME @ 10 IN PTR mail.foobardomain.org. 30 IN PTR foobardomain.org. - This file gives the proper IP to hostname mappings of our above + This file gives the proper IP address to hostname mappings of our above fictitious domain. @@ -3540,7 +3547,7 @@ www IN CNAME @ sandbox/var/run - When using the ndc utility you need to specify the + When using the &man.ndc.8; utility you need to specify the location of the Unix socket created in the sandbox, by &man.named.8;, by using the -c switch: &prompt.root; ndc -c /etc/namedb/sandbox/var/run/ndc @@ -3563,7 +3570,7 @@ www IN CNAME @ If setup properly, the nameserver should be accessible through the network and locally. /etc/resolv.conf must - contain a nameserver entry with the local ip so it will query the + contain a nameserver entry with the local IP address so it will query the local name server first. @@ -3644,9 +3651,9 @@ www IN CNAME @ &man.natd.8; is a daemon that accepts incoming raw IP packets, changes the source to the local machine and re-injects these packets back into the outgoing IP packet stream. natd does this by changing - the source ip and port such that when data is received back, it is + the source IP address and port such that when data is received back, it is able to determine the original location of the data and forward it - back to its original requestor. + back to its original requester. Internet connection sharing IP masquerading The most common use of NAT is to perform what is commonly known as @@ -3655,14 +3662,14 @@ www IN CNAME @ Setup - Due to the diminishing ip space in ipv4, and the increased number + Due to the diminishing IP space in ipv4, and the increased number of users on high-speed consumer lines such as cable or DSL, people are in more and more need of an Internet Connection Sharing solution. The ability to connect several computers online through one connection and - ip makes &man.natd.8; a reasonable choice. + IP address makes &man.natd.8; a reasonable choice. Most commonly, a user has a machine connected to a cable or DSL - line with one ip and wishes to use this one connected computer to + line with one IP address and wishes to use this one connected computer to provide Internet access to several more over a LAN. To do this, the FreeBSD machine on the Internet must act as a @@ -3759,13 +3766,13 @@ natd_flags="" natd -interface fxp0 at boot. This can also be run manually. - Each machine and interface behind the LAN should be assigned ip + Each machine and interface behind the LAN should be assigned IP address numbers in the private network space as defined by RFC 1918 - and have a default gateway of the natd machine's internal ip. + and have a default gateway of the natd machine's internal IP address. - For example, client a and b behind the LAN have ips of 192.168.0.2 - and 192.168.0.3, while the natd machine's LAN interface has an ip of + For example, client a and b behind the LAN have IP addresses of 192.168.0.2 + and 192.168.0.3, while the natd machine's LAN interface has an IP address of 192.168.0.1. Client a and b's default gateway must be set to that of the natd machine, 192.168.0.1. The natd machine's external, or Internet interface does not require any special modification for natd @@ -3818,19 +3825,19 @@ natd_flags="" Address Redirection address redirection - Address redirection is useful if several ips are available, yet + Address redirection is useful if several IP addresses are available, yet they must be on one machine. With this, &man.natd.8; can assign each - LAN client its own external ip. &man.natd.8; then rewrites outgoing - packets from the LAN clients with the proper external ip and redirects - all traffic incoming on that particular ip back to the specific LAN - client. This is also known as static NAT. For example, the ips + LAN client its own external IP address. &man.natd.8; then rewrites outgoing + packets from the LAN clients with the proper external IP address and redirects + all traffic incoming on that particular IP address back to the specific LAN + client. This is also known as static NAT. For example, the IP addresses 128.1.1.1, 128.1.1.2, and 128.1.1.3 belong to the natd gateway machine. 128.1.1.1 can be used as the natd gateway machine's external - ip address, while 128.1.1.2 and 128.1.1.3 are forwarded back to LAN + IP address, while 128.1.1.2 and 128.1.1.3 are forwarded back to LAN clients A and B. The -redirect_address syntax is as follows: - -redirect_address localIP publicIP + @@ -3838,26 +3845,26 @@ natd_flags="" localIP - The internal ip of the LAN client. + The internal IP address of the LAN client. publicIP - The external ip corresponding to the LAN client. + The external IP address corresponding to the LAN client. In the example, this argument would read: - -redirect_address 192.168.0.2 128.1.1.2 - -redirect_address 192.168.0.3 128.1.1.3 + Like -redirect_port, these arguments are also placed within natd_flags of /etc/rc.conf. With address redirection, there is no need for port redirection since all data - received on a particular ip address is redirected. + received on a particular IP address is redirected. - The external ips on the natd machine must be active and aliased + The external IP addresses on the natd machine must be active and aliased to the external interface. Look at &man.rc.conf.5; to do so.