From d9b35c6b3538ea4aeea378f3485c442772696b35 Mon Sep 17 00:00:00 2001 From: Chern Lee Date: Mon, 20 Aug 2001 18:48:45 +0000 Subject: [PATCH] Nitpick English changes to make the chapter more understandable. --- .../handbook/advanced-networking/chapter.sgml | 134 ++++++++++-------- 1 file changed, 72 insertions(+), 62 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml index e2dbc7a473..b7ccbdf019 100644 --- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml @@ -1,7 +1,7 @@ @@ -85,27 +85,31 @@ routing gateway subnet - For one machine to be able to find another, there must be a + For one machine to be able to find another over a network, there + must be a mechanism in place to describe how to get from one to the other. This is called Routing. A route is a defined pair of addresses: a destination and a gateway. The pair indicates that if you are trying to get to this - destination, send along through this + destination, communicate through this gateway. There are three types of destinations: individual hosts, subnets, and default. The default route is used if none of the other routes apply. We will talk a little bit more about default routes later on. There are also three types of gateways: individual hosts, interfaces (also called - links), and Ethernet hardware addresses. + links), and Ethernet hardware addresses (MAC addresses). + An Example To illustrate different aspects of routing, we will use the - following example which is the output of the command netstat - -r: - - Destination Gateway Flags Refs Use Netif Expire + following example from netstat: + + &prompt.user; netstat -r +Routing tables + +Destination Gateway Flags Refs Use Netif Expire default outside-gw UGSc 37 418 ppp0 localhost localhost UH 0 181 lo0 @@ -118,8 +122,9 @@ host2.foobar.com link#1 UC 0 0 224 link#1 UC 0 0 default route - The first two lines specify the default route (which we will cover - in the next section) and the localhost route. + The first two lines specify the default route (which we + will cover in the next + section) and the localhost route. loopback device The interface (Netif column) that it specifies @@ -127,15 +132,16 @@ host2.foobar.com link#1 UC 0 0 lo0, also known as the loopback device. This says to keep all traffic for this destination internal, rather than sending it out over the LAN, since it will only end up back where it - started anyway. + started. Ethernet MAC address - The next thing that stands out are the 0:e0:... addresses. These are Ethernet hardware - addresses. FreeBSD will automatically identify any hosts + The next thing that stands out are the addresses beginning + with 0:e0:. These are Ethernet + hardware addresses, which are also known as MAC addresses. + FreeBSD will automatically identify any hosts (test0 in the example) on the local Ethernet and add a route for that host, directly to it over the Ethernet interface, ed0. There is also a timeout @@ -157,8 +163,9 @@ host2.foobar.com link#1 UC 0 0 Both of these groups (local network hosts and local subnets) have their routes automatically configured by a daemon called - routed. If this is not run, then only routes which - are statically defined (ie. entered explicitly) will exist. + routed. If this is not run, then only + routes which are statically defined (ie. entered explicitly) will + exist. The host1 line refers to our host, which it knows by Ethernet address. Since we are the sending host, FreeBSD @@ -232,7 +239,7 @@ host2.foobar.com link#1 UC 0 0 - + Default Routes default route @@ -274,9 +281,9 @@ host2.foobar.com link#1 UC 0 0 - host - default gateway - interface + Host + Default Gateway + Interface @@ -330,7 +337,7 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) used to refer to a machine that sits on two local-area networks. - In one case, the machine as two Ethernet cards, each having an + In one case, the machine has two Ethernet cards, each having an address on the separate subnets. Alternately, the machine may only have one Ethernet card, and be using &man.ifconfig.8; aliasing. The former is used if two physically separate Ethernet networks are in use, the @@ -414,15 +421,15 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) Introduction IP subnet bridge - It is sometimes useful to divide one physical network (i.e., an - Ethernet segment) into two separate network segments, without having + It is sometimes useful to divide one physical network (such as an + Ethernet segment) into two separate network segments without having to create IP subnets and use a router to connect the segments together. A device that connects two networks together in this - fashion is called a bridge. and a FreeBSD system with two network + fashion is called a bridge. A FreeBSD system with two network interface cards can act as a bridge. - The bridge works by learning the MAC layer addresses (i.e., - Ethernet addresses) of the devices on each of its network interfaces. + The bridge works by learning the MAC layer addresses + (Ethernet addresses) of the devices on each of its network interfaces. It forwards traffic between two networks only when its source and destination are on different networks. @@ -467,8 +474,8 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) needed without IP Masquerading (NAT). An example is a small company that is connected via DSL or ISDN - to their ISP. They have a 13 address global IP allocation for their - ISP and have 10 PCs on their network. In this situation, using a + to their ISP. They have a 13 globally-accessible IP addresses + from their ISP and have 10 PCs on their network. In this situation, using a router-based firewall is difficult because of subnetting issues. @@ -503,7 +510,7 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) options BRIDGE - To enable kernel support for bridging, add the + To enable kernel support for bridging, add the: options BRIDGE @@ -541,13 +548,13 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) Enabling the Bridge - Add the line + Add the line: net.link.ether.bridge=1 to /etc/sysctl.conf to enable the bridge at runtime. If you want the bridged packets to be filtered by &man.ipfw.8;, - you should also add + you should also add: net.link.ether.bridge_ipfw=1 @@ -594,8 +601,8 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) NFS Among the many different file systems that FreeBSD supports is the Network File System or NFS. NFS allows you - to share directories and files on one machine with one or more other - machines via the network they are attached to. Using NFS, users and + to share directories and files on one machine with others + via the network they are attached to. Using NFS, users and programs can access files on remote systems as if they were local files. @@ -630,7 +637,7 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1) wants the data that the server side has. The server shares its data with the client. In order for this system to function properly a few - processes have to be configured and running properly. + processes have to be configured and running. The server has to be running the following daemons: @@ -759,7 +766,7 @@ nfs_client_flags="-n 4" /a -maproot=0 host.domain.com box.example.com - In order for a client to share an exported file system it must + In order for a client to access- an exported file system it must have permission to do so. Make sure your client is listed in your /etc/exports file. @@ -797,7 +804,8 @@ nfs_client_flags="-n 4" &prompt.root; mount server:/home /mnt - This will mount /home on the server on + This will mount the /home directory on the + server at /mnt on the client. If everything is setup correctly you should be able to go into /mnt on the client and see all the files that are on the server. @@ -992,7 +1000,7 @@ Exports list on foobar: freebox is the host (interface) name of a FreeBSD system with a lower-performance Ethernet adapter. Also, /sharedfs will be the exported NFS - filesystem (see man exports), and + filesystem (see &man.exports.5;), and /project will be the mount point on the client for the exported file system. In all cases, note that additional options, such as or @@ -1523,7 +1531,8 @@ hostname myclient.mydomain should discuss your needs with them. If you are planning to connect two LAN segments together, - ie: home LAN to the office LAN, this is the simplest lowest + such as your home LAN to the office LAN, this is the simplest + lowest maintenance solution. Since you are buying the equipment for both sides of the connection you can be assured that the link will work. @@ -1602,22 +1611,23 @@ ISDN BRI line One large advantage of most routers/bridges is that they allow you to have 2 separate independent PPP connections to 2 separate sites at the same time. This is not - supported on most TA's, except for specific(expensive) models that - have two serial ports. Do not confuse this with channel bonding, MPP + supported on most TA's, except for specific (usually expensive) models + that + have two serial ports. Do not confuse this with channel bonding, MPP, etc. - This can be very useful feature, for example if you have an + This can be very useful feature if, for example, you have an dedicated ISDN connection at your office and would like to tap into it, but do not want to get another ISDN line at work. A router at the office location can manage a dedicated B channel connection - (64Kbs) to the Internet, as well as a use the other B channel for a + (64Kbps) to the Internet and use the other B channel for a separate data connection. The second B channel can be used for - dial-in, dial-out or dynamically bond(MPP etc.) with the first B channel - for more bandwidth. + dial-in, dial-out or dynamically bonding (MPP, etc.) with the first + B channel for more bandwidth. IPX/SPX An Ethernet bridge will also allow you to transmit more than just - IP traffic, you can also send IPX/SPX or whatever other protocols you + IP traffic. You can also send IPX/SPX or whatever other protocols you use. @@ -1747,7 +1757,7 @@ ISDN BRI line How Does It Work? - There are three types of hosts in an NIS environment; master + There are three types of hosts in an NIS environment: master servers, slave servers, and clients. Servers act as a central repository for host configuration information. Master servers hold the authoritative copy of this information, while slave @@ -1952,7 +1962,7 @@ ISDN BRI line have its own independent set of maps. NIS master and slave servers handle all NIS requests with - the ypserv daemon. Ypserv + the ypserv daemon. ypserv is responsible for receiving incoming requests from NIS clients, translating the requested domain and map name to a path to the corresponding database file and transmitting data from the @@ -2163,14 +2173,13 @@ Don't forget to update map ypservers on ellington. 21 * * * * root /usr/libexec/ypxfr passwd.byuid These two lines force the slave to sync its maps with - the maps on the master server. Although this is - not mandatory, because the master server - tries to make sure any changes to its NIS maps are - communicated to its slaves, the password - information is so vital to systems that depend on the server, - that it is a good idea to force the updates. This is more - important on busy networks where map updates might not always - complete. + the maps on the master server. Although these entries are + not mandatory, since the master server attempts to ensure + any changes to its NIS maps are communicated to its slaves + and because password information is vital to systems + depending on the server, it is a good idea to force the + updates. This is more important on busy networks where map + updates might not always complete. Now, run the command /etc/netstart on the slave server as well, which again starts the NIS server. @@ -2195,7 +2204,7 @@ Don't forget to update map ypservers on ellington. several slaves, for example), ypbind will use the address of the first one to respond. From that point on, the client system will direct all of its NIS requests to - that server. Ypbind will + that server. ypbind will occasionally ping the server to make sure it is still up and running. If it fails to receive a reply to one of its pings within a reasonable amount of time, @@ -2236,7 +2245,7 @@ nis_client_enable="YES" the NIS server's password maps an account. There are many ways to configure your NIS client by changing this line. See the netgroups - part below for more information. + section below for more information. For more detailed reading see O'Reilly's book on Managing NFS and NIS. @@ -2293,9 +2302,10 @@ nis_client_enable="YES" address fails to match a rule, the request will be ignored and a warning message will be logged. If the /var/yp/securenets file does not exist, - ypserv will allow connections from any host. + ypserv will allow connections from any host. - The ypserv program also has support for Wietse Venema's + The ypserv program also has support for Wietse + Venema's tcpwrapper package. This allows the administrator to use the tcpwrapper configuration files for access control instead of @@ -2400,7 +2410,7 @@ basie&prompt.root; Using Netgroups netgroups - The method shown in the previous chapter works reasonably + The method shown in the previous section works reasonably well if you need special rules for a very small number of users and/or machines. On larger networks, you will forget to bar some users from logging @@ -2420,7 +2430,7 @@ basie&prompt.root; a Good Thing if you are forced to deal with such a situation. On the other hand, this complexity makes it almost impossible to explain netgroups with really simple examples. The example - used in the remainder of this chapter demonstrates this + used in the remainder of this section demonstrates this problem. Let us assume that your successful introduction of NIS in @@ -2945,7 +2955,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 libscrypt.so@ -> libscrypt.so.2 What this Section Covers - This handbook section attempts to describe only the parts + This section attempts to describe only the parts of the DHCP system that are integrated with FreeBSD; consequently, the server portions are not described. The DHCP manual pages, in addition to the references below, are useful