Date: Wed, 12 Jan 2000 16:11:11 -0600 From: "Jim C. Nasby" <jim@nasby.net> To: Duke Normandin <01031149@3web.net> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Networking Diagram Message-ID: <20000112161111.F49092@enteract.com> In-Reply-To: <00be01bf5d25$ddfece20$da9ec5d1@webserver> References: <00be01bf5d25$ddfece20$da9ec5d1@webserver>
next in thread | previous in thread | raw e-mail | index | archive | help
I think the question you should really be asking is 'what does each of these things do?' Once you know that, it's easy to determin what you need to be running. To run down your list: ipfw is used for creating a firewall. This is a little confusing because the functionality provided by ipfw is sometimes used by other programs, normally in the form of the 'divert' setting. natd is an example of this. inetd could be considered the 'operator' for many IP services. Without inted, you would need to run a daemon for just about every single IP protocol that you wanted to allow. Worse, you'd need to keep all these daemons running 24x7, even if the port was only used once in a great while. The daemons would also have to be able to handle multiple connections (though, most do this anyway). Instead of this, you can used inetd. inetd will bind to a set of ports (controled by inetd.conf) and when a request comes in on one of those ports, it will run a specific program, or handle the request internally. named is the daemon that is responsible for serving DNS requests. I'm not 100% certain, but I think that you only need to run it if you actually want to have a name server. ifconfig is just a command, not a daemon. It stands for InterFace CONFIGurator, or at least it should ;) This is the command you use to assign IP addresses to network cards, etc. It is also used by /etc/rc.network at bootup to configure everything per the settings in rc.conf. natd is what allows Network Address Translation. NAT basically allows you to run an internal network with (RFC1918?) IPs (such as 10.x.x.x), and still allow those machines to talk to the internet. When natd sees an IP packet headed for a 'real' IP from a RFC1918 IP, it will change the from address to the address that NAT is bound to. When packets come back in, the reverse occurs. This allows you to connect a large number of computers to the Internet with a single IP. It also provides some security, since RFC1918 IPs are generally blocked by a lot of internet routers. bind I'm not real familiar with bind... I just know it's used by some services. routed is a routing protocol daemon. It allows routers to talk to each other to help determin the best route to an address. If you don't know what it does, you probably don't need to run it. For documentation, an excellent place to start is reading the man pages for the different commands. Another good trick is to grep /etc for 'key phrases'. For example, to see where nat is used, 'grep -v nat /etc/*'. You should also study /etc/defaults/rc.conf and /etc/rc*. Finally, you might want to pick up a copy of 'The Red Book'... see http://www.amazon.com/exec/obidos/ASIN/0131510517/distributednet Hope this helps. }:8) On Wed, Jan 12, 2000 at 10:29:52AM -0700, Duke Normandin wrote: > Still trying to learning & swearing :-)) > > So this newbie reads posts about: > > ipfw | inetd | named | ifconfig | natd | bind | routed .... ad nauseum > > and the applicable: > > rc.conf | resolv.conf | etc | etc | etc ..... ad multum nauseum > > It's been said ... even before the computer age ;^) ... that a picture (diagram) > is worth a 1000 words. > > Do any of you "networking literate" guys know of a web resource that would put > all of the above in a diagram form, explaining *when* to use *what* and > *how* ----> under *various* (read most probable/common) scenarios - e.g., a > firewall/gateway box w/ a single FBSD W/S hung off of it; ditto, but with a > single win9x W/S; a single FBSD box working as a W/S -- is there a way to > protect *it*? . > > Let me put it this way: > > It's difficult to learn how to play soccer if the student has never *seen* a > soccer field, its layout and paraphenalia. Advanced soccer theory will be > meaningless unless and until the student is introduced to the "big picture". > > So, in your experience and web "travels", does such a learning resource exist > with respect to various BSD OSs that use the above tools? > > I have already found a great resource on Ethernet hardware -- it's invention and > function. It, of course, only "zooms-in" on the above-mentioned "big-picture". > Very useful, though! I realize that there are plenty of books out there -- not > what *I need* at the moment. TIA.... > > -duke > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Jim C. Nasby (aka Decibel!) /^\ jim@nasby.net /___\ Freelance lighting designer and database developer / | \ Member: Triangle Fraternity, Sports Car Club of America /___|___\ Give your computer some brain-candy! www.distributed.net Team #1828 Get paid to surf!! http://www.enteract.com/~nasby/alladvantage.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000112161111.F49092>