os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

- Re-add without any change "Configure Additional Network Services"

Browse source 
section (see previous commit to understand why);
- Add some links to help navigation when one reaches the "Existing
  Install" section.
This commit is contained in:
Marc Fonvieille 2007-08-12 12:59:21 +00:00
parent d99d01a8ca
commit b2aa95b56c
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=30641
1 changed files with 261 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

263
en_US.ISO8859-1/books/handbook/install/chapter.sgml
View file

@ -3449,7 +3449,7 @@ Retype new password :</screen>
<sect2 id="exit-inst">
<title>Exiting Install</title>
<para>If you need to configure additional network devices or
<para>If you need to configure <link linkend="network-services">additional network services</link> or
any other configuration, you can do it at this point or
after installation with <command>sysinstall</command>
(<command>/stand/sysinstall</command> in &os; versions older
@ -3491,7 +3491,266 @@ Retype new password :</screen>
be removed from drive (quickly).</para>
<para>The system will reboot so watch for any error messages that
may appear.</para>
may appear, see <xref linkend="freebsdboot"> for more
details.</para>
</sect2>
<sect2 id="network-services">
<sect2info>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Rhodes</surname>
<contrib>Contributed by </contrib>
</author>
</authorgroup>
</sect2info>
<title>Configure Additional Network Services</title>
<para>Configuring network services can be a daunting
task for new users if they lack previous
knowledge in this area. Networking, including the Internet,
is critical to all modern operating systems including &os;;
as a result, it is very useful to have some understanding
&os;'s extensive networking capabilities. Doing this
during the installation will ensure users have some
understanding of the various services available to them.</para>
<para>Network services are programs that accept input from
anywhere on the network. Every effort is made to make sure
these programs will not do anything <quote>harmful</quote>.
Unfortunately, programmers are not perfect and through time
there have been cases where bugs in network services have been
exploited by attackers to do bad things. It is important that
you only enable the network services you know that you need. If
in doubt it is best if you do not enable a network service until
you find out that you do need it. You can always enable it
later by re-running <application>sysinstall</application> or by
using the features provided by the
<filename>/etc/rc.conf</filename> file.</para>
<para>Selecting the <guimenu>Networking</guimenu> option will display
a menu similar to the one below:</para>
<figure id="network-configuration">
<title>Network Configuration Upper-level</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/net-config-menu1" format="PNG">
</imageobject>
</mediaobject>
</figure>
<para>The first option, <guimenuitem>Interfaces</guimenuitem>, was previously covered during
the <xref linkend="inst-network-dev">, thus this option can
safely be ignored.</para>
<para>Selecting the <guimenuitem>AMD</guimenuitem> option adds
support for the <acronym>BSD</acronym> automatic mount utility.
This is usually used in conjunction with the
<acronym>NFS</acronym> protocol (see below)
for automatically mounting remote file systems.
No special configuration is required here.</para>
<para>Next in line is the <guimenuitem>AMD Flags</guimenuitem>
option. When selected, a menu will pop up for you
to enter specific <acronym>AMD</acronym> flags.
The menu already contains a set of default options:</para>
<screen>-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map</screen>
<para>The <option>-a</option> option sets the default mount
location which is specified here as
<filename>/.amd_mnt</filename>. The <option>-l</option>
option specifies the default <filename>log</filename> file;
however, when <literal>syslogd</literal> is used all log
activity will be sent to the system log daemon. The
<filename class="directory">/host</filename> directory is used
to mount an exported file system from a remote
host, while <filename class="directory">/net</filename>
directory is used to mount an exported file system from an
<acronym>IP</acronym> address. The
<filename>/etc/amd.map</filename> file defines the default
options for <acronym>AMD</acronym> exports.</para>
<indexterm>
<primary>FTP</primary>
<secondary>anonymous</secondary>
</indexterm>
<para>The <guimenuitem>Anon FTP</guimenuitem> option permits anonymous
<acronym>FTP</acronym> connections. Select this option to
make this machine an anonymous <acronym>FTP</acronym> server.
Be aware of the security risks involved with this option.
Another menu will be displayed to explain the security risks
and configuration in depth.</para>
<para>The <guimenuitem>Gateway</guimenuitem> configuration menu will set
the machine up to be a gateway as explained previously. This
can be used to unset the <guimenuitem>Gateway</guimenuitem> option if you accidentally
selected it during the installation process.</para>
<para>The <guimenuitem>Inetd</guimenuitem> option can be used to configure
or completely disable the &man.inetd.8; daemon as discussed
above.</para>
<para>The <guimenuitem>Mail</guimenuitem> option is used to configure the system's
default <acronym>MTA</acronym> or Mail Transfer Agent.
Selecting this option will bring up the following menu:</para>
<figure id="mta-selection">
<title>Select a default MTA</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/mta-main" format="PNG">
</imageobject>
</mediaobject>
</figure>
<para>Here you are offered a choice as to which
<acronym>MTA</acronym> to install
and set as the default. An <acronym>MTA</acronym> is nothing
more than a mail server which delivers email to users on the
system or the Internet.</para>
<para>Selecting <guimenuitem>Sendmail</guimenuitem> will install
the popular <application>sendmail</application> server which
is the &os; default. The <guimenuitem>Sendmail local</guimenuitem> option
will set <application>sendmail</application> to be the default
<acronym>MTA</acronym>, but disable its ability to receive
incoming email from the Internet. The other options here,
<guimenuitem>Postfix</guimenuitem> and
<guimenuitem>Exim</guimenuitem> act similar to
<guimenuitem>Sendmail</guimenuitem>. They both deliver
email; however, some users prefer these alternatives to the
<application>sendmail</application>
<acronym>MTA</acronym>.</para>
<para>After selecting an <acronym>MTA</acronym>, or choosing
not to select an MTA, the network configuration menu will appear
with the next option being <guimenuitem>NFS client</guimenuitem>.</para>
<para>The <guimenuitem>NFS client</guimenuitem> option will
configure the system to communicate with a server via
<acronym>NFS</acronym>. An <acronym>NFS</acronym> server
makes file systems available to other machines on the
network via the <acronym>NFS</acronym> protocol. If this is
a stand-alone machine, this option can remain unselected.
The system may require more configuration later; see
<xref linkend="network-nfs"> for more
information about client and server configuration.</para>
<para>Below that option is the <guimenuitem>NFS server</guimenuitem>
option, permitting you to set the system up as an
<acronym>NFS</acronym> server. This adds the required
information to start up the <acronym>RPC</acronym> remote
procedure call services. <acronym>RPC</acronym> is used to
coordinate connections between hosts and programs.</para>
<para>Next in line is the <guimenuitem>Ntpdate</guimenuitem> option,
which deals with time synchronization. When selected, a menu
like the one below shows up:</para>
<figure id="Ntpdate-config">
<title>Ntpdate Configuration</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/ntp-config" format="PNG">
</imageobject>
</mediaobject>
</figure>
<para>From this menu, select the server which is the closest
to your location. Selecting a close one will make the time
synchronization more accurate as a server further from your
location may have more connection latency.</para>
<para>The next option is the <acronym>PCNFSD</acronym> selection.
This option will install the
<filename role="package">net/pcnfsd</filename> package from
the Ports Collection. This is a useful utility which provides
<acronym>NFS</acronym> authentication services for systems which
are unable to provide their own, such as Microsoft's
&ms-dos; operating system.</para>
<para>Now you must scroll down a bit to see the other
options:</para>
<figure id="Network-configuration-cont">
<title>Network Configuration Lower-level</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/net-config-menu2" format="PNG">
</imageobject>
</mediaobject>
</figure>
<para>The &man.rpcbind.8;, &man.rpc.statd.8;, and
&man.rpc.lockd.8; utilities are all used for Remote Procedure
Calls (<acronym>RPC</acronym>).
The <command>rpcbind</command> utility manages communication
between <acronym>NFS</acronym> servers and clients, and is
required for <acronym>NFS</acronym> servers to operate
correctly. The <application>rpc.statd</application> daemon interacts
with the <application>rpc.statd</application> daemon on other hosts to
provide status monitoring. The reported status is usually held
in the <filename>/var/db/statd.status</filename> file. The
next option listed here is the <guimenuitem>rpc.lockd</guimenuitem>
option, which, when selected, will provide file locking
services. This is usually used with
<application>rpc.statd</application> to monitor what hosts are
requesting locks and how frequently they request them.
While these last two options are marvelous for debugging, they
are not required for <acronym>NFS</acronym> servers and clients
to operate correctly.</para>
<para>As you progress down the list the next item here is
<guimenuitem>Routed</guimenuitem>, which is the routing daemon. The
&man.routed.8; utility manages network routing tables,
discovers multicast routers, and supplies a copy of the routing
tables to any physically connected host on the network upon
request. This is mainly used for machines which act as a
gateway for the local network. When selected, a menu will be
presented requesting the default location of the utility.
The default location is already defined for you and can be
selected with the <keycap>Enter</keycap> key. You will then
be presented with yet another menu, this time asking for the
flags you wish to pass on to <application>routed</application>. The
default is <option>-q</option> and it should already appear
on the screen.</para>
<para>Next in line is the <guimenuitem>Rwhod</guimenuitem> option which,
when selected, will start the &man.rwhod.8; daemon
during system initialization. The <command>rwhod</command>
utility broadcasts system messages across the network
periodically, or collects them when in <quote>consumer</quote>
mode. More information can be found in the &man.ruptime.1; and
&man.rwho.1; manual pages.</para>
<para>The next to the last option in the list is for the
&man.sshd.8; daemon. This is the secure shell server for
<application>OpenSSH</application> and it is highly recommended
over the standard <application>telnet</application> and
<acronym>FTP</acronym> servers. The <application>sshd</application>
server is used to create a secure connection from one host to
another by using encrypted connections.</para>
<para>Finally there is the <guimenuitem>TCP Extensions</guimenuitem>
option. This enables the <acronym>TCP</acronym> Extensions
defined in <acronym>RFC</acronym>&nbsp;1323 and
<acronym>RFC</acronym>&nbsp;1644. While on many hosts this can
speed up connections, it can also cause some connections to be
dropped. It is not recommended for servers, but may be
beneficial for stand alone machines.</para>
<para>Now that you have configured the network services, you can
scroll up to the very top item which is <guimenuitem>Exit</guimenuitem>
and continue on to the next configuration section.</para>
</sect2>
<sect2 id="freebsdboot">