From owner-freebsd-questions Wed Jan 12 19:35:17 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp2.cybersurf.net (smtp2.cybersurf.net [209.197.145.112]) by hub.freebsd.org (Postfix) with ESMTP id 5FCFE15482 for ; Wed, 12 Jan 2000 19:35:12 -0800 (PST) (envelope-from 01031149@3web.net) Received: from webserver ([209.197.158.26]) by smtp2.cybersurf.net (Netscape Messaging Server 4.05) with SMTP id FO98R700.8W5; Wed, 12 Jan 2000 20:37:55 -0700 Message-ID: <004a01bf5d77$5cff7480$759cc5d1@webserver> From: "Duke Normandin" <01031149@3web.net> To: Cc: "freebsd-questions" Subject: Re: Networking Diagram Date: Wed, 12 Jan 2000 20:32:19 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG From: Jim C. Nasby To: Duke Normandin <01031149@3web.net> Cc: freebsd-questions Date: Wednesday, January 12, 2000 3:10 PM Subject: Re: Networking Diagram >I think the question you should really be asking is 'what does each of >these things do?' Once you know that, it's easy to determin what you need >to be running. > >To run down your list: > >ipfw is used for creating a firewall. This is a little confusing because > the functionality provided by ipfw is sometimes used by other programs, > normally in the form of the 'divert' setting. natd is an example of this. > >inetd could be considered the 'operator' for many IP services. Without inted, > you would need to run a daemon for just about every single IP protocol > that you wanted to allow. Worse, you'd need to keep all these daemons > running 24x7, even if the port was only used once in a great while. The > daemons would also have to be able to handle multiple connections (though, > most do this anyway). Instead of this, you can used inetd. inetd will > bind to a set of ports (controled by inetd.conf) and when a request > comes in on one of those ports, it will run a specific program, or > handle the request internally. > >named is the daemon that is responsible for serving DNS requests. I'm not > 100% certain, but I think that you only need to run it if you actually > want to have a name server. > >ifconfig is just a command, not a daemon. It stands for InterFace > CONFIGurator, or at least it should ;) This is the command you use to > assign IP addresses to network cards, etc. It is also used by > /etc/rc.network at bootup to configure everything per the settings in > rc.conf. > >natd is what allows Network Address Translation. NAT basically allows you > to run an internal network with (RFC1918?) IPs (such as 10.x.x.x), and > still allow those machines to talk to the internet. When natd sees an > IP packet headed for a 'real' IP from a RFC1918 IP, it will change the > from address to the address that NAT is bound to. When packets come back > in, the reverse occurs. This allows you to connect a large number of > computers to the Internet with a single IP. It also provides some > security, since RFC1918 IPs are generally blocked by a lot of internet > routers. > >bind I'm not real familiar with bind... I just know it's used by some > services. > >routed is a routing protocol daemon. It allows routers to talk to each > other to help determin the best route to an address. If you don't > know what it does, you probably don't need to run it. > >For documentation, an excellent place to start is reading the man pages >for the different commands. Another good trick is to grep /etc for 'key >phrases'. For example, to see where nat is used, 'grep -v nat /etc/*'. >You should also study /etc/defaults/rc.conf and /etc/rc*. > >Finally, you might want to pick up a copy of 'The Red Book'... see >http://www.amazon.com/exec/obidos/ASIN/0131510517/distributednet > >Hope this helps. }:8) It does and it's a start for my present concerns and future project! Thanks a bunch! -duke To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message