os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add ~96 index entries

Browse source
This commit is contained in:
Murray Stokely 2001-06-26 00:09:52 +00:00
parent 620d344d8f
commit a04cbb22cc
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=9721
1 changed files with 105 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

139
en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
View file

@ -1,7 +1,7 @@
<!-- <!--
The FreeBSD Documentation Project The FreeBSD Documentation Project
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.47 2001/06/24 03:06:38 murray Exp $ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.48 2001/06/24 03:22:48 murray Exp $
--> -->
<chapter id="advanced-networking"> <chapter id="advanced-networking">
@ -21,6 +21,10 @@
<para><emphasis>Contributed by &a.gryphon;. 6 October <para><emphasis>Contributed by &a.gryphon;. 6 October
1995.</emphasis></para> 1995.</emphasis></para>
<indexterm><primary>route</primary></indexterm>
<indexterm><primary>routing</primary></indexterm>
<indexterm><primary>gateway</primary></indexterm>
<indexterm><primary>subnet</primary></indexterm>
<para>For one machine to be able to find another, there must be a <para>For one machine to be able to find another, there must be a
mechanism in place to describe how to get from one to the other. This is mechanism in place to describe how to get from one to the other. This is
called Routing. A <quote>route</quote> is a defined pair of addresses: a called Routing. A <quote>route</quote> is a defined pair of addresses: a
@ -53,9 +57,11 @@ host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
host2.foobar.com link#1 UC 0 0 host2.foobar.com link#1 UC 0 0
224 link#1 UC 0 0</screen> 224 link#1 UC 0 0</screen>
<indexterm><primary>default route</primary></indexterm>
<para>The first two lines specify the default route (which we will cover <para>The first two lines specify the default route (which we will cover
in the next section) and the <hostid>localhost</hostid> route.</para> in the next section) and the <hostid>localhost</hostid> route.</para>
<indexterm><primary>loopback device</primary></indexterm>
<para>The interface (<literal>Netif</literal> column) that it specifies <para>The interface (<literal>Netif</literal> column) that it specifies
to use for <literal>localhost</literal> is to use for <literal>localhost</literal> is
<devicename>lo0</devicename>, also known as the loopback device. This <devicename>lo0</devicename>, also known as the loopback device. This
@ -63,6 +69,7 @@ host2.foobar.com link#1 UC 0 0
sending it out over the LAN, since it will only end up back where it sending it out over the LAN, since it will only end up back where it
started anyway.</para> started anyway.</para>
<indexterm><primary>Ethernet</primary><secondary>MAC address</secondary></indexterm>
<para>The next thing that stands out are the <hostid <para>The next thing that stands out are the <hostid
role="mac">0:e0:...</hostid> addresses. These are ethernet hardware role="mac">0:e0:...</hostid> addresses. These are ethernet hardware
addresses. FreeBSD will automatically identify any hosts addresses. FreeBSD will automatically identify any hosts
@ -75,7 +82,8 @@ host2.foobar.com link#1 UC 0 0
hosts are identified using a mechanism known as RIP (Routing hosts are identified using a mechanism known as RIP (Routing
Information Protocol), which figures out routes to local hosts based Information Protocol), which figures out routes to local hosts based
upon a shortest path determination.</para> upon a shortest path determination.</para>
<indexterm><primary>subnet</primary></indexterm>
<para>FreeBSD will also add subnet routes for the local subnet (<hostid <para>FreeBSD will also add subnet routes for the local subnet (<hostid
role="ipaddr">10.20.30.255</hostid> is the broadcast address for the role="ipaddr">10.20.30.255</hostid> is the broadcast address for the
subnet <hostid role="ipaddr">10.20.30</hostid>, and <hostid subnet <hostid role="ipaddr">10.20.30</hostid>, and <hostid
@ -164,6 +172,7 @@ host2.foobar.com link#1 UC 0 0
<sect2> <sect2>
<title>Default routes</title> <title>Default routes</title>
<indexterm><primary>default route</primary></indexterm>
<para>When the local system needs to make a connection to remote host, <para>When the local system needs to make a connection to remote host,
it checks the routing table to determine if a known path exists. If it checks the routing table to determine if a known path exists. If
the remote host falls into a subnet that we know how to reach (Cloned the remote host falls into a subnet that we know how to reach (Cloned
@ -250,7 +259,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2> <sect2>
<title>Dual homed hosts</title> <title>Dual homed hosts</title>
<indexterm><primary>dual homed hosts</primary></indexterm>
<para>There is one other type of configuration that we should cover, and <para>There is one other type of configuration that we should cover, and
that is a host that sits on two different networks. Technically, any that is a host that sits on two different networks. Technically, any
machine functioning as a gateway (in the example above, using a PPP machine functioning as a gateway (in the example above, using a PPP
@ -275,7 +284,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2> <sect2>
<title>Routing propagation</title> <title>Routing propagation</title>
<indexterm><primary>routing propogation</primary></indexterm>
<para>We have already talked about how we define our routes to the <para>We have already talked about how we define our routes to the
outside world, but not about how the outside world finds us.</para> outside world, but not about how the outside world finds us.</para>
@ -306,7 +315,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2> <sect2>
<title>Troubleshooting</title> <title>Troubleshooting</title>
<indexterm><primary>traceroute</primary></indexterm>
<para>Sometimes, there is a problem with routing propagation, and some <para>Sometimes, there is a problem with routing propagation, and some
sites are unable to connect to you. Perhaps the most useful command sites are unable to connect to you. Perhaps the most useful command
for trying to figure out where a routing is breaking down is the for trying to figure out where a routing is breaking down is the
@ -332,7 +341,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2> <sect2>
<title>Introduction</title> <title>Introduction</title>
<indexterm><primary>IP subnet</primary></indexterm>
<indexterm><primary>bridge</primary></indexterm>
<para>It is sometimes useful to divide one physical network (i.e., an <para>It is sometimes useful to divide one physical network (i.e., an
Ethernet segment) into two separate network segments, without having Ethernet segment) into two separate network segments, without having
to create IP subnets and use a router to connect the segments to create IP subnets and use a router to connect the segments
@ -379,6 +389,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect3> <sect3>
<title>Filtering/traffic shaping firewall</title> <title>Filtering/traffic shaping firewall</title>
<indexterm><primary>firewall</primary></indexterm>
<indexterm><primary>IP Masquerading</primary></indexterm>
<para>The second common situation is where firewall functionality is <para>The second common situation is where firewall functionality is
needed without IP Masquerading (NAT).</para> needed without IP Masquerading (NAT).</para>
@ -389,6 +401,9 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
router-based firewall is difficult because of subnetting router-based firewall is difficult because of subnetting
issues.</para> issues.</para>
<indexterm><primary>router</primary></indexterm>
<indexterm><primary>DSL</primary></indexterm>
<indexterm><primary>ISDN</primary></indexterm>
<para>A bridge-based firewall can be configured and dropped into the <para>A bridge-based firewall can be configured and dropped into the
path just downstream of their DSL/ISDN router without any IP path just downstream of their DSL/ISDN router without any IP
numbering issues.</para> numbering issues.</para>
@ -411,6 +426,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect3> <sect3>
<title>Kernel configuration changes</title> <title>Kernel configuration changes</title>
<indexterm><primary>kernel configuration</primary></indexterm>
<indexterm><primary>kernel configuration</primary><secondary>options BRIDGE</secondary></indexterm>
<para>To enable kernel support for bridging, add the</para> <para>To enable kernel support for bridging, add the</para>
@ -422,7 +439,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect3> <sect3>
<title>Firewall support</title> <title>Firewall support</title>
<indexterm><primary>firewall</primary></indexterm>
<para>If you are planning to use the bridge as a firewall, you will <para>If you are planning to use the bridge as a firewall, you will
need to add the IPFIREWALL option as well. Read <xref need to add the IPFIREWALL option as well. Read <xref
linkend="firewalls"> for general information on configuring the linkend="firewalls"> for general information on configuring the
@ -492,7 +509,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<title>NFS</title> <title>NFS</title>
<para><emphasis>Written by &a.unfurl;, 4 March 2000.</emphasis></para> <para><emphasis>Written by &a.unfurl;, 4 March 2000.</emphasis></para>
<indexterm><primary>NFS</primary></indexterm>
<para>Among the many different file systems that FreeBSD supports is <para>Among the many different file systems that FreeBSD supports is
a very unique type, the Network File System or NFS. NFS allows you a very unique type, the Network File System or NFS. NFS allows you
to share directories and files on one machine with one or more other to share directories and files on one machine with one or more other
@ -534,7 +551,10 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
processes have to be configured and running properly.</para> processes have to be configured and running properly.</para>
<para>The server has to be running the following daemons:</para> <para>The server has to be running the following daemons:</para>
<indexterm><primary>NFS</primary><secondary>server</secondary></indexterm>
<indexterm><primary>portmap</primary></indexterm>
<indexterm><primary>mountd</primary></indexterm>
<indexterm><primary>nfsd</primary></indexterm>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><command>nfsd</command> - The NFS Daemon which services <para><command>nfsd</command> - The NFS Daemon which services
@ -555,7 +575,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
</itemizedlist> </itemizedlist>
<para>The client side only needs to run a single daemon:</para> <para>The client side only needs to run a single daemon:</para>
<indexterm><primary>NFS</primary><secondary>client</secondary></indexterm>
<indexterm><primary>nfsiod</primary></indexterm>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><command>nfsiod</command> - The NFS async I/O Daemon which <para><command>nfsiod</command> - The NFS async I/O Daemon which
@ -566,6 +587,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2> <sect2>
<title>Configuring NFS</title> <title>Configuring NFS</title>
<indexterm><primary>NFS</primary><secondary>configuration</secondary></indexterm>
<para>Luckily for us, on a FreeBSD system this setup is a snap. The <para>Luckily for us, on a FreeBSD system this setup is a snap. The
processes that need to be running can all be run at boot time with processes that need to be running can all be run at boot time with
@ -605,6 +627,7 @@ nfs_client_flags="-n 4"</programlisting>
<para>Here are a few example <filename>/etc/exports</filename> <para>Here are a few example <filename>/etc/exports</filename>
entries:</para> entries:</para>
<indexterm><primary>NFS</primary><secondary>exporting filesystems</secondary></indexterm>
<para>The following line exports <filename>/cdrom</filename> to <para>The following line exports <filename>/cdrom</filename> to
three silly machines that have the same domain name as the server three silly machines that have the same domain name as the server
(hence the lack of a domain name for each) or have entries in your (hence the lack of a domain name for each) or have entries in your
@ -665,7 +688,7 @@ nfs_client_flags="-n 4"</programlisting>
temporarily mount a remote file system or just want to test out temporarily mount a remote file system or just want to test out
your config you can run a command like this as root on the your config you can run a command like this as root on the
client:</para> client:</para>
<indexterm><primary>NFS</primary><secondary>mounting filesystems</secondary></indexterm>
<screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen> <screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen>
<para>This will mount <filename>/home</filename> on the server on <para>This will mount <filename>/home</filename> on the server on
@ -688,7 +711,7 @@ nfs_client_flags="-n 4"</programlisting>
<para>There are many very cool uses for NFS. Some of the more common <para>There are many very cool uses for NFS. Some of the more common
ones are listed below.</para> ones are listed below.</para>
<indexterm><primary>NFS</primary><secondary>uses</secondary></indexterm>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Have several machines on a network and share a CD-ROM or <para>Have several machines on a network and share a CD-ROM or
@ -833,7 +856,7 @@ nfs_client_flags="-n 4"</programlisting>
<title>Diskless Operation</title> <title>Diskless Operation</title>
<para><emphasis>Contributed by &a.martin;.</emphasis></para> <para><emphasis>Contributed by &a.martin;.</emphasis></para>
<indexterm><primary>diskless workstation</primary></indexterm>
<para><filename>netboot.com</filename>/<filename>netboot.rom</filename> <para><filename>netboot.com</filename>/<filename>netboot.rom</filename>
allow you to boot your FreeBSD machine over the network and run FreeBSD allow you to boot your FreeBSD machine over the network and run FreeBSD
without having a disk on your client. Under 2.0 it is now possible to without having a disk on your client. Under 2.0 it is now possible to
@ -854,11 +877,12 @@ nfs_client_flags="-n 4"</programlisting>
machines:</para> machines:</para>
<itemizedlist> <itemizedlist>
<indexterm><primary>HP-UX</primary></indexterm>
<listitem> <listitem>
<para>HP9000/8xx running HP-UX 9.04 or later (pre 9.04 doesn't <para>HP9000/8xx running HP-UX 9.04 or later (pre 9.04 doesn't
work)</para> work)</para>
</listitem> </listitem>
<indexterm><primary>Solaris</primary></indexterm>
<listitem> <listitem>
<para>Sun/Solaris 2.3. (you may need to get bootp)</para> <para>Sun/Solaris 2.3. (you may need to get bootp)</para>
</listitem> </listitem>
@ -881,6 +905,8 @@ nfs_client_flags="-n 4"</programlisting>
</step> </step>
<step> <step>
<indexterm><primary>TFTP</primary></indexterm>
<indexterm><primary>bootp</primary></indexterm>
<para>Set up a TFTP server (on same machine as bootp server) to <para>Set up a TFTP server (on same machine as bootp server) to
provide booting information to client. The name of this file is provide booting information to client. The name of this file is
<filename>cfg.<replaceable>X.X.X.X</replaceable></filename> (or <filename>cfg.<replaceable>X.X.X.X</replaceable></filename> (or
@ -1000,6 +1026,7 @@ hostname myclient.mydomain</programlisting>
</step> </step>
<step> <step>
<indexterm><primary>NFS</primary><secondary>swapping over</secondary></indexterm>
<para>If you are swapping over NFS (completely diskless <para>If you are swapping over NFS (completely diskless
configuration) create a swap file for your client using configuration) create a swap file for your client using
<command>dd</command>. If your <command>swapfs</command> command <command>dd</command>. If your <command>swapfs</command> command
@ -1108,7 +1135,8 @@ hostname myclient.mydomain</programlisting>
<title>ISDN Cards</title> <title>ISDN Cards</title>
<para><emphasis>Contributed by &a.hm;.</emphasis></para> <para><emphasis>Contributed by &a.hm;.</emphasis></para>
<indexterm><primary>ISDN</primary><secondary>cards</secondary></indexterm>
<para>This section is really only relevant to ISDN users in countries <para>This section is really only relevant to ISDN users in countries
where the DSS1/Q.931 ISDN standard is supported.</para> where the DSS1/Q.931 ISDN standard is supported.</para>
@ -1117,6 +1145,7 @@ hostname myclient.mydomain</programlisting>
development but the reports show that it is successfully used all over development but the reports show that it is successfully used all over
Europe.</para> Europe.</para>
<indexterm><primary>isdn4bsd</primary></indexterm>
<para>The latest isdn4bsd version is available from <ulink <para>The latest isdn4bsd version is available from <ulink
url="ftp://isdn4bsd@ftp.consol.de/pub/">ftp://isdn4bsd@ftp.consol.de/pub/</ulink>, url="ftp://isdn4bsd@ftp.consol.de/pub/">ftp://isdn4bsd@ftp.consol.de/pub/</ulink>,
the main isdn4bsd ftp site (you have to log in as user the main isdn4bsd ftp site (you have to log in as user
@ -1151,10 +1180,10 @@ hostname myclient.mydomain</programlisting>
<sect2> <sect2>
<title>ISDN Terminal Adapters</title> <title>ISDN Terminal Adapters</title>
<para>Terminal adapters(TA), are to ISDN what modems are to regular <para>Terminal adapters(TA), are to ISDN what modems are to regular
phone lines.</para> phone lines.</para>
<indexterm><primary>modem</primary></indexterm>
<para>Most TA's use the standard hayes modem AT command set, and can be <para>Most TA's use the standard hayes modem AT command set, and can be
used as a drop in replacement for a modem.</para> used as a drop in replacement for a modem.</para>
@ -1163,7 +1192,7 @@ hostname myclient.mydomain</programlisting>
will need to configure <link linkend="ppp">PPP</link> exactly the same will need to configure <link linkend="ppp">PPP</link> exactly the same
as for a modem setup. Make sure you set your serial speed as high as as for a modem setup. Make sure you set your serial speed as high as
possible.</para> possible.</para>
<indexterm><primary>PPP</primary></indexterm>
<para>The main advantage of using a TA to connect to an Internet <para>The main advantage of using a TA to connect to an Internet
Provider is that you can do Dynamic PPP. As IP address space becomes Provider is that you can do Dynamic PPP. As IP address space becomes
more and more scarce, most providers are not willing to provide you more and more scarce, most providers are not willing to provide you
@ -1228,7 +1257,7 @@ hostname myclient.mydomain</programlisting>
<sect2> <sect2>
<title>Stand-alone ISDN Bridges/Routers</title> <title>Stand-alone ISDN Bridges/Routers</title>
<indexterm><primary>ISDN</primary><secondary>stand-alone bridges/routers</secondary></indexterm>
<para>ISDN bridges or routers are not at all specific to FreeBSD <para>ISDN bridges or routers are not at all specific to FreeBSD
or any other operating system. For a more complete or any other operating system. For a more complete
description of routing and bridging technology, please refer description of routing and bridging technology, please refer
@ -1266,6 +1295,7 @@ hostname myclient.mydomain</programlisting>
<example> <example>
<title>Branch office or Home network</title> <title>Branch office or Home network</title>
<indexterm><primary>10 base 2</primary></indexterm>
<para>Network uses a bus based topology with 10 base 2 <para>Network uses a bus based topology with 10 base 2
Ethernet ("thinnet"). Connect router to network cable with Ethernet ("thinnet"). Connect router to network cable with
AUI/10BT transceiver, if necessary.</para> AUI/10BT transceiver, if necessary.</para>
@ -1300,6 +1330,7 @@ ISDN BRI line</literallayout>
<example> <example>
<title>Head office or other LAN</title> <title>Head office or other LAN</title>
<indexterm><primary>10 base T</primary></indexterm>
<para>Network uses a star topology with 10 base T Ethernet <para>Network uses a star topology with 10 base T Ethernet
("Twisted Pair").</para> ("Twisted Pair").</para>
@ -1343,7 +1374,8 @@ ISDN BRI line</literallayout>
separate data connection. The second B channel can be used for separate data connection. The second B channel can be used for
dial-in, dial-out or dynamically bond(MPP etc.) with the first B channel dial-in, dial-out or dynamically bond(MPP etc.) with the first B channel
for more bandwidth.</para> for more bandwidth.</para>
<indexterm><primary>IPX/SPX</primary></indexterm>
<para>An Ethernet bridge will also allow you to transmit more than just <para>An Ethernet bridge will also allow you to transmit more than just
IP traffic, you can also send IPX/SPX or whatever other protocols you IP traffic, you can also send IPX/SPX or whatever other protocols you
use.</para> use.</para>
@ -1360,16 +1392,24 @@ ISDN BRI line</literallayout>
<sect2> <sect2>
<title>What is it?</title> <title>What is it?</title>
<indexterm><primary>NIS</primary></indexterm>
<indexterm><primary>Solaris</primary></indexterm>
<indexterm><primary>HP-UX</primary></indexterm>
<indexterm><primary>AIX</primary></indexterm>
<indexterm><primary>Linux</primary></indexterm>
<indexterm><primary>NetBSD</primary></indexterm>
<indexterm><primary>OpenBSD</primary></indexterm>
<para>NIS, which stands for Network Information Services, was <para>NIS, which stands for Network Information Services, was
developed by Sun Microsystems to centralize administration of Unix developed by Sun Microsystems to centralize administration of Unix
(originally SunOS) systems. It has now essentially become an (originally SunOS) systems. It has now essentially become an
industry standard; all major Unices (Solaris, HP-UX, AIX, Linux, industry standard; all major Unices (Solaris, HP-UX, AIX, Linux,
NetBSD, OpenBSD, FreeBSD, etc) support NIS.</para> NetBSD, OpenBSD, FreeBSD, etc) support NIS.</para>
<indexterm><primary>yellow pages (see NIS)</primary></indexterm>
<para>NIS was formerly known as Yellow Pages (or yp), but due to <para>NIS was formerly known as Yellow Pages (or yp), but due to
copyright violations, Sun was forced to change the name.</para> copyright violations, Sun was forced to change the name.</para>
<indexterm><primary>NIS</primary><secondary>domains</secondary></indexterm>
<para>It is a RPC-based client/server system that allows a group <para>It is a RPC-based client/server system that allows a group
of machines within an NIS domain to share a common set of of machines within an NIS domain to share a common set of
configuration files. This permits a system administrator to set configuration files. This permits a system administrator to set
@ -1377,6 +1417,7 @@ ISDN BRI line</literallayout>
add, remove or modify configuration data from a single add, remove or modify configuration data from a single
location.</para> location.</para>
<indexterm><primary>Windows NT</primary></indexterm>
<para>It is similar to Windows NT's domain system; although the <para>It is similar to Windows NT's domain system; although the
internal implementation of the two aren't at all similar, internal implementation of the two aren't at all similar,
the basic functionality can be compared.</para> the basic functionality can be compared.</para>
@ -1397,6 +1438,7 @@ ISDN BRI line</literallayout>
a NIS domainname. Similar to an NT domain name, the NIS a NIS domainname. Similar to an NT domain name, the NIS
domainname does not have anything to do with DNS.</para> domainname does not have anything to do with DNS.</para>
</listitem> </listitem>
<indexterm><primary>portmap</primary></indexterm>
<listitem> <listitem>
<para><emphasis>portmap</emphasis>. <command>portmap</command> <para><emphasis>portmap</emphasis>. <command>portmap</command>
must be running in order to enable RPC (Remote Procedure Call, a must be running in order to enable RPC (Remote Procedure Call, a
@ -1462,6 +1504,7 @@ ISDN BRI line</literallayout>
<title>Machine types</title> <title>Machine types</title>
<itemizedlist> <itemizedlist>
<indexterm><primary>NIS</primary><secondary>master server</secondary></indexterm>
<listitem> <listitem>
<para>A <emphasis>NIS master server</emphasis>. <para>A <emphasis>NIS master server</emphasis>.
This server, analogous to a Windows This server, analogous to a Windows
@ -1475,6 +1518,7 @@ ISDN BRI line</literallayout>
not be covered in this introduction, which assumes a relatively not be covered in this introduction, which assumes a relatively
small-scale NIS environment.</para></note> small-scale NIS environment.</para></note>
</listitem> </listitem>
<indexterm><primary>NIS</primary><secondary>slave server</secondary></indexterm>
<listitem> <listitem>
<para><emphasis>NIS slave servers</emphasis>. <para><emphasis>NIS slave servers</emphasis>.
Similar to NT's backup domain Similar to NT's backup domain
@ -1485,6 +1529,7 @@ ISDN BRI line</literallayout>
attach to the NIS server whose response they get first, and attach to the NIS server whose response they get first, and
this includes slave-server-replies.</para> this includes slave-server-replies.</para>
</listitem> </listitem>
<indexterm><primary>NIS</primary><secondary>client</secondary></indexterm>
<listitem> <listitem>
<para><emphasis>NIS clients</emphasis>. NIS clients, like most <para><emphasis>NIS clients</emphasis>. NIS clients, like most
NT workstations, authenticate against the NIS server (or the NT NT workstations, authenticate against the NIS server (or the NT
@ -1570,7 +1615,8 @@ ISDN BRI line</literallayout>
<sect4> <sect4>
<title>Choosing a NIS Domain Name</title> <title>Choosing a NIS Domain Name</title>
<indexterm><primary>NIS</primary><secondary>domainname</secondary></indexterm>
<para>This might not be the <quote>domainname</quote> that you <para>This might not be the <quote>domainname</quote> that you
are used to. It is more accurately called the are used to. It is more accurately called the
<quote>NIS domainname</quote>. When a client broadcasts its <quote>NIS domainname</quote>. When a client broadcasts its
@ -1589,6 +1635,7 @@ ISDN BRI line</literallayout>
"acme-art" NIS domain. For this example, assume you have "acme-art" NIS domain. For this example, assume you have
chosen the name <emphasis>test-domain</emphasis>.</para> chosen the name <emphasis>test-domain</emphasis>.</para>
<indexterm><primary>SunOS</primary></indexterm>
<para>However, some operating systems (notably SunOS) use their <para>However, some operating systems (notably SunOS) use their
NIS domain name as their Internet domain name. NIS domain name as their Internet domain name.
If one or more machines on your network have this restriction, If one or more machines on your network have this restriction,
@ -1640,7 +1687,7 @@ ISDN BRI line</literallayout>
<sect4> <sect4>
<title>Setting up a NIS master server</title> <title>Setting up a NIS master server</title>
<indexterm><primary>NIS</primary><secondary>server configuration</secondary></indexterm>
<para>Setting up a master NIS server can be relatively straight <para>Setting up a master NIS server can be relatively straight
forward, depending on your needs. FreeBSD comes with support forward, depending on your needs. FreeBSD comes with support
for NIS out-of-the-box. All you need is to add the following for NIS out-of-the-box. All you need is to add the following
@ -1675,7 +1722,7 @@ ISDN BRI line</literallayout>
<sect4> <sect4>
<title>Initializing the NIS maps</title> <title>Initializing the NIS maps</title>
<indexterm><primary>NIS maps</primary></indexterm>
<para>The <emphasis>NIS maps</emphasis> are database files, <para>The <emphasis>NIS maps</emphasis> are database files,
that are kept in the <filename>/var/yp</filename> directory. that are kept in the <filename>/var/yp</filename> directory.
They are generated from configuration files in the They are generated from configuration files in the
@ -1702,6 +1749,7 @@ ISDN BRI line</literallayout>
nor world readable (mode 600)! Use the nor world readable (mode 600)! Use the
<command>chmod</command> command, if appropriate.</para></note> <command>chmod</command> command, if appropriate.</para></note>
<indexterm><primary>Tru64 Unix</primary></indexterm>
<para>When you have finished, it's time to initialize the NIS <para>When you have finished, it's time to initialize the NIS
maps! FreeBSD includes a script named maps! FreeBSD includes a script named
<command>ypinit</command> to do this for you <command>ypinit</command> to do this for you
@ -1760,7 +1808,8 @@ ellington&prompt.root; <userinput>vi /var/yp/Makefile</userinput>
<sect4> <sect4>
<title>Setting up a NIS slave server</title> <title>Setting up a NIS slave server</title>
<indexterm><primary>NIS</primary><secondary>configuring a
slave server</secondary></indexterm>
<para>Setting up an NIS slave server is even more simple than <para>Setting up an NIS slave server is even more simple than
setting up the master. Log on to the slave server and edit the setting up the master. Log on to the slave server and edit the
file <filename>/etc/rc.conf</filename> as you did before. file <filename>/etc/rc.conf</filename> as you did before.
@ -1881,7 +1930,7 @@ Don't forget to update map ypservers on ellington.</screen>
<sect4> <sect4>
<title>Setting up an NIS client</title> <title>Setting up an NIS client</title>
<indexterm><primary>NIS</primary><secondary>client configuration</secondary></indexterm>
<para>Setting up a FreeBSD machine to be a NIS client is fairly <para>Setting up a FreeBSD machine to be a NIS client is fairly
straightforward.</para> straightforward.</para>
@ -1994,6 +2043,7 @@ nis_client_enable="YES"</programlisting>
really bad idea and will lead to loss of NIS functionality really bad idea and will lead to loss of NIS functionality
for large parts of your network.</para> for large parts of your network.</para>
<indexterm><primary>tcpwrapper</primary></indexterm>
<para>The use of the <application>tcpwrapper</application> <para>The use of the <application>tcpwrapper</application>
package increases the latency of your NIS server. The package increases the latency of your NIS server. The
additional delay may be long enough to cause timeouts in additional delay may be long enough to cause timeouts in
@ -2060,6 +2110,7 @@ basie&prompt.root;</screen>
<sect2 id="netgroups"> <sect2 id="netgroups">
<title>Using netgroups</title> <title>Using netgroups</title>
<indexterm><primary>netgroups</primary></indexterm>
<para><emphasis>The netgroups part was contributed by <para><emphasis>The netgroups part was contributed by
Udo Erdelhoff <email>ue@nathan.ruhr.de</email> in July Udo Erdelhoff <email>ue@nathan.ruhr.de</email> in July
@ -2240,6 +2291,7 @@ INTERNS (,able,test-domain) (,baker,test-domain)</programlisting>
&man.netgroup.5; for details.</para> &man.netgroup.5; for details.</para>
<note> <note>
<indexterm><primary>netgroups</primary></indexterm>
<para>Netgroup names longer than 8 characters should not be <para>Netgroup names longer than 8 characters should not be
used, especially if you have machines running other used, especially if you have machines running other
operating systems within your NIS domain. The names are operating systems within your NIS domain. The names are
@ -2539,7 +2591,7 @@ TWO (,hotel,test-domain)
<sect2> <sect2>
<title>libscrypt v.s. libdescrypt</title> <title>libscrypt v.s. libdescrypt</title>
<indexterm><primary>NIS</primary><secondary>crypto library</secondary></indexterm>
<para>One of the most common issues that people run into when trying <para>One of the most common issues that people run into when trying
to implement NIS is crypt library compatibility. If your NIS to implement NIS is crypt library compatibility. If your NIS
server is using the DES crypt libraries, it will only support server is using the DES crypt libraries, it will only support
@ -2588,6 +2640,8 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
<sect2> <sect2>
<title>What is DHCP?</title> <title>What is DHCP?</title>
<indexterm><primary>Dynamic Host Configuration Protocol (DHCP)</primary></indexterm>
<indexterm><primary>Internet Software Consortium (ISC)</primary></indexterm>
<para>DHCP, the Dynamic Host Configuration Protocol, describes <para>DHCP, the Dynamic Host Configuration Protocol, describes
the means by which a system can connect to a network and obtain the the means by which a system can connect to a network and obtain the
@ -2609,7 +2663,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
<sect2> <sect2>
<title>How it Works</title> <title>How it Works</title>
<indexterm><primary>UDP</primary></indexterm>
<para>When dhclient, the DHCP client, is executed on the client <para>When dhclient, the DHCP client, is executed on the client
machine, it begins broadcasting requests for configuration machine, it begins broadcasting requests for configuration
information. By default, these requests are on UDP port 68. The information. By default, these requests are on UDP port 68. The
@ -2635,7 +2689,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
for detailed knowledge of network configurations on any network for detailed knowledge of network configurations on any network
that runs a DHCP server. <command>dhclient</command> has been that runs a DHCP server. <command>dhclient</command> has been
included in all FreeBSD distributions since 3.2.</para> included in all FreeBSD distributions since 3.2.</para>
<indexterm><primary>sysinstall</primary></indexterm>
<para>DHCP is supported by <application>sysinstall</application>. <para>DHCP is supported by <application>sysinstall</application>.
When configuring a network interface within sysinstall, When configuring a network interface within sysinstall,
the first question asked is, "Do you want to try dhcp the first question asked is, "Do you want to try dhcp
@ -2645,7 +2699,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
<para>There are two things you must do to have your system use <para>There are two things you must do to have your system use
DHCP upon startup:</para> DHCP upon startup:</para>
<indexterm><primary>DHCP</primary><secondary>requirements</secondary></indexterm>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Make sure that the <devicename>bpf</devicename> <para>Make sure that the <devicename>bpf</devicename>
@ -2694,6 +2748,7 @@ dhcp_flags=""</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<indexterm><primary>DHCP</primary><secondary>server</secondary></indexterm>
<para>The DHCP server, <command>dhcpd</command>, is included <para>The DHCP server, <command>dhcpd</command>, is included
as part of the <literal>isc-dhcp2</literal> port in the ports as part of the <literal>isc-dhcp2</literal> port in the ports
collection. This port contains the full ISC DHCP distribution, collection. This port contains the full ISC DHCP distribution,
@ -2703,7 +2758,7 @@ dhcp_flags=""</programlisting>
<sect2> <sect2>
<title>Files</title> <title>Files</title>
<indexterm><primary>DHCP</primary><secondary>configuration files</secondary></indexterm>
<itemizedlist> <itemizedlist>
<listitem><para><filename>/etc/dhclient.conf</filename></para> <listitem><para><filename>/etc/dhclient.conf</filename></para>
<para><command>dhclient</command> requires a configuration file, <para><command>dhclient</command> requires a configuration file,
@ -2754,6 +2809,8 @@ dhcp_flags=""</programlisting>
<sect2> <sect2>
<title>Overview</title> <title>Overview</title>
<indexterm><primary>BIND</primary></indexterm>
<para>FreeBSD utilizes, by default, a version of BIND (Berkeley <para>FreeBSD utilizes, by default, a version of BIND (Berkeley
Internet Name Domain), which is the most common implementation of the Internet Name Domain), which is the most common implementation of the
DNS protocol. DNS is the protocol through which names are mapped to DNS protocol. DNS is the protocol through which names are mapped to
@ -2764,6 +2821,7 @@ dhcp_flags=""</programlisting>
happen. A query for an IP address can resolve its hostname. happen. A query for an IP address can resolve its hostname.
</para> </para>
<indexterm><primary>DNS</primary></indexterm>
<para>DNS is coordinated across the Internet through a somewhat <para>DNS is coordinated across the Internet through a somewhat
complex system of authoritative root name servers, and other complex system of authoritative root name servers, and other
smaller-scale nameservers who host and relay individual domain smaller-scale nameservers who host and relay individual domain
@ -2789,6 +2847,7 @@ dhcp_flags=""</programlisting>
<sect2> <sect2>
<title>Terminology</title> <title>Terminology</title>
<indexterm><primary>zones</primary></indexterm>
<para><emphasis>zone</emphasis> - Each individual domain, subdomain, <para><emphasis>zone</emphasis> - Each individual domain, subdomain,
or 'area' dictated by DNS is considered a zone. or 'area' dictated by DNS is considered a zone.
</para> </para>
@ -2822,10 +2881,12 @@ dhcp_flags=""</programlisting>
common names for the BIND name server package within FreeBSD. common names for the BIND name server package within FreeBSD.
</para> </para>
<indexterm><primary>resolver</primary></indexterm>
<para><emphasis>resolver</emphasis> - a network process by which a <para><emphasis>resolver</emphasis> - a network process by which a
system queries a nameserver for answers system queries a nameserver for answers
</para> </para>
<indexterm><primary>root zone</primary></indexterm>
<para><emphasis>root zone</emphasis> - literally, a '.', refers to <para><emphasis>root zone</emphasis> - literally, a '.', refers to
the root, or beginning zone. All zones fall under this, as do all the root, or beginning zone. All zones fall under this, as do all
files in fall under the root directory. It is the beginning of the files in fall under the root directory. It is the beginning of the
@ -2840,6 +2901,7 @@ dhcp_flags=""</programlisting>
addresses addresses
</para> </para>
<indexterm><primary>reverse DNS</primary></indexterm>
<para><emphasis>reverse dns</emphasis> - the opposite, mapping of ip <para><emphasis>reverse dns</emphasis> - the opposite, mapping of ip
addresses to hostnames addresses to hostnames
</para> </para>
@ -2940,6 +3002,7 @@ dhcp_flags=""</programlisting>
<sect2> <sect2>
<title>Starting BIND</title> <title>Starting BIND</title>
<indexterm><primary>BIND</primary><secondary>starting</secondary></indexterm>
<para> <para>
Since bind is installed by default, configuring it all is Since bind is installed by default, configuring it all is
relatively simple. relatively simple.
@ -2955,6 +3018,7 @@ dhcp_flags=""</programlisting>
<sect2> <sect2>
<title>Configuration files</title> <title>Configuration files</title>
<indexterm><primary>BIND</primary><secondary>configuration files</secondary></indexterm>
<sect3> <sect3>
<title>make-localhost</title> <title>make-localhost</title>
<para>Be sure to <para>Be sure to
@ -2970,7 +3034,7 @@ dhcp_flags=""</programlisting>
<sect3> <sect3>
<title><filename>/etc/namedb/named.conf</filename></title> <title><filename>/etc/namedb/named.conf</filename></title>
<programlisting>// $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.47 2001/06/24 03:06:38 murray Exp $ <programlisting>// $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.48 2001/06/24 03:22:48 murray Exp $
// //
// Refer to the named(8) man page for details. If you are ever going // Refer to the named(8) man page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy // to setup a primary server, make sure you've understood the hairy
@ -3181,6 +3245,7 @@ www IN CNAME @
</para> </para>
<programlisting>recordname IN recordtype value</programlisting> <programlisting>recordname IN recordtype value</programlisting>
<indexterm><primary>DNS</primary><secondary>records</secondary></indexterm>
<para> <para>
The most commonly used DNS records: The most commonly used DNS records:
</para> </para>
@ -3305,6 +3370,7 @@ www IN CNAME @
<sect2> <sect2>
<title>Caching Name Server</title> <title>Caching Name Server</title>
<indexterm><primary>BIND</primary><secondary>caching name server</secondary></indexterm>
<para> <para>
A caching nameserver is simply a nameserver that is not A caching nameserver is simply a nameserver that is not
authoritative for any zones. It simply asks queries of its own, authoritative for any zones. It simply asks queries of its own,
@ -3315,11 +3381,12 @@ www IN CNAME @
<sect2 id="named-sandbox"> <sect2 id="named-sandbox">
<title>Running named in a Sandbox</title> <title>Running named in a Sandbox</title>
<indexterm><primary>BIND</primary><secondary>running in a sandbox</secondary></indexterm>
<para><emphasis>Contributed by Mike Makonnen <para><emphasis>Contributed by Mike Makonnen
<email>mike_makonnen@yahoo.com</email>, May 1, 2001</emphasis> <email>mike_makonnen@yahoo.com</email>, May 1, 2001</emphasis>
</para> </para>
<indexterm><primary>chroot</primary></indexterm>
<para>For added security you may want to run &man.named.8; in a <para>For added security you may want to run &man.named.8; in a
sandbox. This will reduce the potential damage should it be sandbox. This will reduce the potential damage should it be
compromised. If you include a sandbox directory in its command compromised. If you include a sandbox directory in its command
@ -3485,6 +3552,7 @@ www IN CNAME @
<sect2 id="overview"> <sect2 id="overview">
<title>Overview</title> <title>Overview</title>
<indexterm><primary>natd</primary></indexterm>
<para>FreeBSD's Network Address Translation daemon, commonly known as <para>FreeBSD's Network Address Translation daemon, commonly known as
&man.natd.8; is a daemon that accepts incoming raw IP packets, &man.natd.8; is a daemon that accepts incoming raw IP packets,
changes the source to the local machine and re-injects these packets changes the source to the local machine and re-injects these packets
@ -3492,7 +3560,8 @@ www IN CNAME @
the source ip and port such that when data is received back, it is the source ip and port such that when data is received back, it is
able to determine the original location of the data and forward it able to determine the original location of the data and forward it
back to its original requestor.</para> back to its original requestor.</para>
<indexterm><primary>Internet connection sharing</primary></indexterm>
<indexterm><primary>IP masquerading</primary></indexterm>
<para>The most common use of NAT is to perform what is commonly known as <para>The most common use of NAT is to perform what is commonly known as
Internet Connection Sharing.</para> Internet Connection Sharing.</para>
</sect2> </sect2>
@ -3542,6 +3611,7 @@ www IN CNAME @
</sect2> </sect2>
<sect2 id="configuration"> <sect2 id="configuration">
<indexterm><primary>kernel</primary><secondary>configuration</secondary></indexterm>
<title>Configuration</title> <title>Configuration</title>
<para>The following options must be in the kernel configuration <para>The following options must be in the kernel configuration
file:</para> file:</para>
@ -3657,6 +3727,7 @@ natd_flags=""</programlisting>
<sect2 id="address-redirection"> <sect2 id="address-redirection">
<title>Address Redirection</title> <title>Address Redirection</title>
<indexterm><primary>address redirection</primary></indexterm>
<para>Address redirection is useful if several ips are available, yet <para>Address redirection is useful if several ips are available, yet
they must be on one machine. With this, &man.natd.8; can assign each they must be on one machine. With this, &man.natd.8; can assign each
LAN client its own external ip. &man.natd.8; then rewrites outgoing LAN client its own external ip. &man.natd.8; then rewrites outgoing