From owner-freebsd-doc  Thu Jul 19  5:30:23 2001
Delivered-To: freebsd-doc@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 2488737B406
	for <freebsd-doc@freebsd.org>; Thu, 19 Jul 2001 05:30:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f6JCU1n00941;
	Thu, 19 Jul 2001 05:30:01 -0700 (PDT)
	(envelope-from gnats)
Date: Thu, 19 Jul 2001 05:30:01 -0700 (PDT)
Message-Id: <200107191230.f6JCU1n00941@freefall.freebsd.org>
To: freebsd-doc@freebsd.org
Cc: 
From: Dima Dorfman <dima@unixfreak.org>
Subject: Re: docs/28994: New article for docproj "Checkpoint VPN-1/Firewall-1 and FreeBSD IPSEC" 
Reply-To: Dima Dorfman <dima@unixfreak.org>
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

The following reply was made to PR docs/28994; it has been noted by GNATS.

From: Dima Dorfman <dima@unixfreak.org>
To: jono@networkcommand.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: docs/28994: New article for docproj "Checkpoint VPN-1/Firewall-1 and FreeBSD IPSEC" 
Date: Thu, 19 Jul 2001 05:28:32 -0700

 jono@networkcommand.com writes:
 
 Some very minor style/convention nits:
 
 >      $Header$
 
 This should be "$FreeBSD$".
 
 > <article>
 >   <articleinfo>
 >     <title>Integration of Checkpoint VPN-1/Firewall-1 and FreeBSD IPSEC</title>
 
 Notice how you capitalized "IPSEC" here.
 
 >     <pubdate>$Date$</pubdate>
 
 This should also be "$FreeBSD$"; it may be a bit too much, but $Date$
 wouldn't get expanded.
 
 >     <programlisting>
 >       External Interface                    External Interface
 >            208.229.100.6                    216.218.197.2
 >                        |                    |
 >          +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+
 >          |                                                |
 >   FW-1 Protected Nets                              Internal Nets
 >    199.208.192.0/24                               192.168.10.0/24
 >     </programlisting>
 
 Things inside <programlisting> should cuddle up to the tags.  Thus,
 the above should be written like this:
 
      <programlisting>External Interface                    External Interface
             208.229.100.6                    216.218.197.2
                         |                    |
           +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+
           |                                                |
    FW-1 Protected Nets                              Internal Nets
     199.208.192.0/24                               192.168.10.0/24</programlisting>
 
 There are some more violations of this below; I won't point them out
 explicitly, but you should fix them.
 
 >     <para>The FreeBSD GW serves as a firewall and NAT device for
 >       "internal nets."</para>
 
 How about: <quote>internal networks</quote>
 
 > 
 >     <para>The FreeBSD kernel must be compiled to support IPSec.
 
 Remember how you capitalized "IPSEC" above?  It'd be nice if they were
 the same.  Personally I'd make them all "IPsec", but it's up to you.
 There are some other instances of this that should be fixed as well.
 
 >     <para>Also, racoon must be installed to support key exchange.
 
 "<command>racoon</command>" or "&man.racoon.1;", please (pick one).
 
 >       <programlisting>208.229.100.6          rUac0wtoo?</programlisting>     
 >  
 > 
 >   </sect1>
 
 Extraneous whitespace.
 
 >       -----------------------------------------------------------------------
 > -
 >       FreeBSD GW        | FW-1 Protected Net | VPN services | Encrypt | Long
 >       FW-1 Protected Net| FreeBSD GW         |              |         |
 >     </programlisting>
 > 
 >     <para>"VPN services" are any services (i.e. telnet, ssh, ntp, etc.)
 
 <quote>VPN services</quote>....
 
 Also, since you're referring to the protocols TELNET, SSH, NTP,
 etc. and not the commands, you should capitalize them.  And if you
 were referring to protocols, you would mark them up inside <command>.
 
 >     <para>At this point, the VPN policy on FreeBSD GW must be defined. The
 >       <filename>/usr/sbin/setkey</filename> tool performs this function.</para>
 
 "&man.setkey.1;", please.
 
 >     <para>Ensure that <filename>/usr/local/etc/racoon/psk.txt</filename>
 >       contains the shared secret configured in the "Firewall-1 Network Object
 
 <quote>Firewall-1 Network Object Configuration</quote>
 
 >       Configuration" section of this document and has mode 600 permissions.</para>
 
 "<literal>600</literal>", please.
 
 >     <para>This command attempts to connect to the ssh port on 199.208.192.66,
 >       a machine in the Firewall-1 protected network. The <literal>-s</literal> switch indicates
 
 "<option>-s</option>", please.
 
 >       the source interface of the outbound connection. This is particularly important
 >       when running NAT and IPFW on FreeBSD GW. Using <literal>-s</literal> and specifying an
 >       explicit source address prevents NAT from mangling the packet prior to 
 > tunneling.</para>
 > 
 >     <para>A successful racoon key exchange will output the following to racoon.log:</para>
 
 Lines should be <= 80 characters in width (note that this does *not*
 apply to text inside <programlisting> or <screen>).
 
 
 Overall, this is a *very* good article!  I think it would be one of
 the most well-written ones in our tree.  I'll gladly add it once you
 fix the above nits.
 
 Thanks, and nice work!
 
 					Dima Dorfman
 					dima@unixfreak.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message