diff --git a/en_US.ISO8859-1/books/handbook/install/chapter.sgml b/en_US.ISO8859-1/books/handbook/install/chapter.sgml
index cc0199e591..6c471d2305 100644
--- a/en_US.ISO8859-1/books/handbook/install/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/install/chapter.sgml
@@ -3449,7 +3449,7 @@ Retype new password :
Exiting Install
- If you need to configure additional network devices or
+ If you need to configure additional network services or
any other configuration, you can do it at this point or
after installation with sysinstall
(/stand/sysinstall in &os; versions older
@@ -3491,7 +3491,266 @@ Retype new password :
be removed from drive (quickly).The system will reboot so watch for any error messages that
- may appear.
+ may appear, see for more
+ details.
+
+
+
+
+
+
+ Tom
+ Rhodes
+ Contributed by
+
+
+
+ Configure Additional Network Services
+
+ Configuring network services can be a daunting
+ task for new users if they lack previous
+ knowledge in this area. Networking, including the Internet,
+ is critical to all modern operating systems including &os;;
+ as a result, it is very useful to have some understanding
+ &os;'s extensive networking capabilities. Doing this
+ during the installation will ensure users have some
+ understanding of the various services available to them.
+
+ Network services are programs that accept input from
+ anywhere on the network. Every effort is made to make sure
+ these programs will not do anything harmful.
+ Unfortunately, programmers are not perfect and through time
+ there have been cases where bugs in network services have been
+ exploited by attackers to do bad things. It is important that
+ you only enable the network services you know that you need. If
+ in doubt it is best if you do not enable a network service until
+ you find out that you do need it. You can always enable it
+ later by re-running sysinstall or by
+ using the features provided by the
+ /etc/rc.conf file.
+
+ Selecting the Networking option will display
+ a menu similar to the one below:
+
+
+ Network Configuration Upper-level
+
+
+
+
+
+
+
+
+ The first option, Interfaces, was previously covered during
+ the , thus this option can
+ safely be ignored.
+
+ Selecting the AMD option adds
+ support for the BSD automatic mount utility.
+ This is usually used in conjunction with the
+ NFS protocol (see below)
+ for automatically mounting remote file systems.
+ No special configuration is required here.
+
+ Next in line is the AMD Flags
+ option. When selected, a menu will pop up for you
+ to enter specific AMD flags.
+ The menu already contains a set of default options:
+
+ -a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map
+
+ The option sets the default mount
+ location which is specified here as
+ /.amd_mnt. The
+ option specifies the default log file;
+ however, when syslogd is used all log
+ activity will be sent to the system log daemon. The
+ /host directory is used
+ to mount an exported file system from a remote
+ host, while /net
+ directory is used to mount an exported file system from an
+ IP address. The
+ /etc/amd.map file defines the default
+ options for AMD exports.
+
+
+ FTP
+ anonymous
+
+
+ The Anon FTP option permits anonymous
+ FTP connections. Select this option to
+ make this machine an anonymous FTP server.
+ Be aware of the security risks involved with this option.
+ Another menu will be displayed to explain the security risks
+ and configuration in depth.
+
+ The Gateway configuration menu will set
+ the machine up to be a gateway as explained previously. This
+ can be used to unset the Gateway option if you accidentally
+ selected it during the installation process.
+
+ The Inetd option can be used to configure
+ or completely disable the &man.inetd.8; daemon as discussed
+ above.
+
+ The Mail option is used to configure the system's
+ default MTA or Mail Transfer Agent.
+ Selecting this option will bring up the following menu:
+
+
+ Select a default MTA
+
+
+
+
+
+
+
+
+ Here you are offered a choice as to which
+ MTA to install
+ and set as the default. An MTA is nothing
+ more than a mail server which delivers email to users on the
+ system or the Internet.
+
+ Selecting Sendmail will install
+ the popular sendmail server which
+ is the &os; default. The Sendmail local option
+ will set sendmail to be the default
+ MTA, but disable its ability to receive
+ incoming email from the Internet. The other options here,
+ Postfix and
+ Exim act similar to
+ Sendmail. They both deliver
+ email; however, some users prefer these alternatives to the
+ sendmail
+ MTA.
+
+ After selecting an MTA, or choosing
+ not to select an MTA, the network configuration menu will appear
+ with the next option being NFS client.
+
+ The NFS client option will
+ configure the system to communicate with a server via
+ NFS. An NFS server
+ makes file systems available to other machines on the
+ network via the NFS protocol. If this is
+ a stand-alone machine, this option can remain unselected.
+ The system may require more configuration later; see
+ for more
+ information about client and server configuration.
+
+ Below that option is the NFS server
+ option, permitting you to set the system up as an
+ NFS server. This adds the required
+ information to start up the RPC remote
+ procedure call services. RPC is used to
+ coordinate connections between hosts and programs.
+
+ Next in line is the Ntpdate option,
+ which deals with time synchronization. When selected, a menu
+ like the one below shows up:
+
+
+ Ntpdate Configuration
+
+
+
+
+
+
+
+
+ From this menu, select the server which is the closest
+ to your location. Selecting a close one will make the time
+ synchronization more accurate as a server further from your
+ location may have more connection latency.
+
+ The next option is the PCNFSD selection.
+ This option will install the
+ net/pcnfsd package from
+ the Ports Collection. This is a useful utility which provides
+ NFS authentication services for systems which
+ are unable to provide their own, such as Microsoft's
+ &ms-dos; operating system.
+
+ Now you must scroll down a bit to see the other
+ options:
+
+
+ Network Configuration Lower-level
+
+
+
+
+
+
+
+
+ The &man.rpcbind.8;, &man.rpc.statd.8;, and
+ &man.rpc.lockd.8; utilities are all used for Remote Procedure
+ Calls (RPC).
+ The rpcbind utility manages communication
+ between NFS servers and clients, and is
+ required for NFS servers to operate
+ correctly. The rpc.statd daemon interacts
+ with the rpc.statd daemon on other hosts to
+ provide status monitoring. The reported status is usually held
+ in the /var/db/statd.status file. The
+ next option listed here is the rpc.lockd
+ option, which, when selected, will provide file locking
+ services. This is usually used with
+ rpc.statd to monitor what hosts are
+ requesting locks and how frequently they request them.
+ While these last two options are marvelous for debugging, they
+ are not required for NFS servers and clients
+ to operate correctly.
+
+ As you progress down the list the next item here is
+ Routed, which is the routing daemon. The
+ &man.routed.8; utility manages network routing tables,
+ discovers multicast routers, and supplies a copy of the routing
+ tables to any physically connected host on the network upon
+ request. This is mainly used for machines which act as a
+ gateway for the local network. When selected, a menu will be
+ presented requesting the default location of the utility.
+ The default location is already defined for you and can be
+ selected with the Enter key. You will then
+ be presented with yet another menu, this time asking for the
+ flags you wish to pass on to routed. The
+ default is and it should already appear
+ on the screen.
+
+ Next in line is the Rwhod option which,
+ when selected, will start the &man.rwhod.8; daemon
+ during system initialization. The rwhod
+ utility broadcasts system messages across the network
+ periodically, or collects them when in consumer
+ mode. More information can be found in the &man.ruptime.1; and
+ &man.rwho.1; manual pages.
+
+ The next to the last option in the list is for the
+ &man.sshd.8; daemon. This is the secure shell server for
+ OpenSSH and it is highly recommended
+ over the standard telnet and
+ FTP servers. The sshd
+ server is used to create a secure connection from one host to
+ another by using encrypted connections.
+
+ Finally there is the TCP Extensions
+ option. This enables the TCP Extensions
+ defined in RFC 1323 and
+ RFC 1644. While on many hosts this can
+ speed up connections, it can also cause some connections to be
+ dropped. It is not recommended for servers, but may be
+ beneficial for stand alone machines.
+
+ Now that you have configured the network services, you can
+ scroll up to the very top item which is Exit
+ and continue on to the next configuration section.
+