Date: Wed, 12 Feb 2014 23:20:57 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43892 - head/en_US.ISO8859-1/books/handbook/advanced-networking Message-ID: <201402122320.s1CNKvuF042812@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Wed Feb 12 23:20:57 2014 New Revision: 43892 URL: http://svnweb.freebsd.org/changeset/doc/43892 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Wed Feb 12 22:32:41 2014 (r43891) +++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Wed Feb 12 23:20:57 2014 (r43892) @@ -86,14 +86,15 @@ </sect1> <sect1 xml:id="network-routing"> - <info><title>Gateways and Routes</title> - <authorgroup> - <author><personname><firstname>Coranth</firstname><surname>Gryphon</surname></personname><contrib>Contributed by </contrib></author> + <info> + <title>Gateways and Routes</title> + + <authorgroup> + <author><personname><firstname>Coranth</firstname><surname>Gryphon</surname></personname><contrib>Contributed + by </contrib></author> </authorgroup> </info> - - <indexterm><primary>routing</primary></indexterm> <indexterm><primary>gateway</primary></indexterm> <indexterm><primary>subnet</primary></indexterm> @@ -151,12 +152,13 @@ host2.example.com link#1 UC <primary>Ethernet</primary> <secondary>MAC address</secondary> </indexterm> - <para>The addresses beginning with <systemitem class="etheraddress">0:e0:</systemitem> are Ethernet hardware addresses, - also known as <acronym>MAC</acronym> addresses. &os; will - automatically identify any hosts, <systemitem>test0</systemitem> in - the example, on the local Ethernet and add a route for that - host over the Ethernet interface, - <filename>ed0</filename>. This type of route has a + <para>The addresses beginning with <systemitem + class="etheraddress">0:e0:</systemitem> are Ethernet + hardware addresses, also known as <acronym>MAC</acronym> + addresses. &os; will automatically identify any hosts, + <systemitem>test0</systemitem> in the example, on the local + Ethernet and add a route for that host over the Ethernet + interface, <filename>ed0</filename>. This type of route has a timeout, seen in the <literal>Expire</literal> column, which is used if the host does not respond in a specific amount of time. When this happens, the route to this host will be @@ -168,10 +170,11 @@ host2.example.com link#1 UC <indexterm><primary>subnet</primary></indexterm> <para>&os; will add subnet routes for the local subnet. - <systemitem class="ipaddress">10.20.30.255</systemitem> is the broadcast - address for the subnet <systemitem class="ipaddress">10.20.30</systemitem> - and <systemitem class="fqdomainname">example.com</systemitem> is the - domain name associated with that subnet. The designation + <systemitem class="ipaddress">10.20.30.255</systemitem> is the + broadcast address for the subnet <systemitem + class="ipaddress">10.20.30</systemitem> and <systemitem + class="fqdomainname">example.com</systemitem> is the domain + name associated with that subnet. The designation <literal>link#1</literal> refers to the first Ethernet card in the machine.</para> @@ -189,13 +192,14 @@ host2.example.com link#1 UC <para>The two <literal>host2</literal> lines represent aliases which were created using &man.ifconfig.8;. The <literal>=></literal> symbol after the - <filename>lo0</filename> interface says that an alias - has been set in addition to the loopback address. Such routes - only show up on the host that supports the alias; all other - hosts on the local network will have a + <filename>lo0</filename> interface says that an alias has been + set in addition to the loopback address. Such routes only + show up on the host that supports the alias; all other hosts + on the local network will have a <literal>link#1</literal> line for such routes.</para> - <para>The final line (destination subnet <systemitem class="ipaddress">224</systemitem>) deals with + <para>The final line (destination subnet <systemitem + class="ipaddress">224</systemitem>) deals with multicasting.</para> <para>Finally, various attributes of each route can be seen in @@ -332,25 +336,28 @@ host2.example.com link#1 UC </informaltable> <para>A common question is <quote>Why is - <systemitem>T1-GW</systemitem> configured as the default gateway for - <systemitem>Local1</systemitem>, rather than the + <systemitem>T1-GW</systemitem> configured as the default + gateway for <systemitem>Local1</systemitem>, rather than the <acronym>ISP</acronym> server it is connected to?</quote>.</para> <para>Since the <acronym>PPP</acronym> interface is using an - address on the <acronym>ISP</acronym>'s local network for - the local side of the connection, routes for any other - machines on the <acronym>ISP</acronym>'s local network will - be automatically generated. The system already knows how - to reach the <systemitem>T1-GW</systemitem> machine, so there is no - need for the intermediate step of sending traffic to the + address on the <acronym>ISP</acronym>'s local network for the + local side of the connection, routes for any other machines on + the <acronym>ISP</acronym>'s local network will be + automatically generated. The system already knows how to + reach the <systemitem>T1-GW</systemitem> machine, so there is + no need for the intermediate step of sending traffic to the <acronym>ISP</acronym>'s server.</para> - <para>It is common to use the address <systemitem class="ipaddress">X.X.X.1</systemitem> as the gateway address for - the local network. So, if the local class C address space is - <systemitem class="ipaddress">10.20.30</systemitem> and the - <acronym>ISP</acronym> is using <systemitem class="ipaddress">10.9.9</systemitem>, the default routes would - be:</para> + <para>It is common to use the address <systemitem + class="ipaddress">X.X.X.1</systemitem> as the gateway + address for the local network. So, if the local class C + address space is <systemitem + class="ipaddress">10.20.30</systemitem> and the + <acronym>ISP</acronym> is using <systemitem + class="ipaddress">10.9.9</systemitem>, the default routes + would be:</para> <informaltable frame="none" pgwide="1"> <tgroup cols="2"> @@ -452,13 +459,15 @@ host2.example.com link#1 UC </sect2> <sect2 xml:id="network-static-routes"> - <info><title>Setting Up Static Routes</title> + <info> + <title>Setting Up Static Routes</title> + <authorgroup> - <author><personname><firstname>Al</firstname><surname>Hoang</surname></personname><contrib>Contributed by </contrib></author> + <author><personname><firstname>Al</firstname><surname>Hoang</surname></personname><contrib>Contributed + by </contrib></author> </authorgroup> </info> <!-- Feb 2004 --> - <sect3> <title>Manual Configuration</title> @@ -497,14 +506,18 @@ host2.example.com link#1 UC </textobject> </mediaobject> - <para>In this scenario, <systemitem>RouterA</systemitem> is a &os; - machine that is acting as a router to the rest of the - Internet. It has a default route set to <systemitem class="ipaddress">10.0.0.1</systemitem> which allows it to - connect with the outside world. <systemitem>RouterB</systemitem> is - already configured properly as it uses <systemitem class="ipaddress">192.168.1.1</systemitem> as the gateway.</para> + <para>In this scenario, <systemitem>RouterA</systemitem> is a + &os; machine that is acting as a router to the rest of the + Internet. It has a default route set to <systemitem + class="ipaddress">10.0.0.1</systemitem> which allows it to + connect with the outside world. + <systemitem>RouterB</systemitem> is already configured + properly as it uses <systemitem + class="ipaddress">192.168.1.1</systemitem> as the + gateway.</para> - <para>The routing table on <systemitem>RouterA</systemitem> looks - something like this:</para> + <para>The routing table on <systemitem>RouterA</systemitem> + looks something like this:</para> <screen>&prompt.user; <userinput>netstat -nr</userinput> Routing tables @@ -516,17 +529,20 @@ default 10.0.0.1 UG 10.0.0.0/24 link#1 UC 0 0 xl0 192.168.1.0/24 link#2 UC 0 0 xl1</screen> - <para>With the current routing table, <systemitem>RouterA</systemitem> - cannot reach Internal Net 2 as it does not have a route for - <systemitem class="ipaddress">192.168.2.0/24</systemitem>. The + <para>With the current routing table, + <systemitem>RouterA</systemitem> cannot reach Internal Net + 2 as it does not have a route for <systemitem + class="ipaddress">192.168.2.0/24</systemitem>. The following command adds the Internal Net 2 network to - <systemitem>RouterA</systemitem>'s routing table using <systemitem class="ipaddress">192.168.1.2</systemitem> as the next - hop:</para> + <systemitem>RouterA</systemitem>'s routing table using + <systemitem class="ipaddress">192.168.1.2</systemitem> as + the next hop:</para> <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen> - <para>Now <systemitem>RouterA</systemitem> can reach any hosts on the - <systemitem class="ipaddress">192.168.2.0/24</systemitem> + <para>Now <systemitem>RouterA</systemitem> can reach any hosts + on the <systemitem + class="ipaddress">192.168.2.0/24</systemitem> network.</para> </sect3> @@ -558,8 +574,9 @@ route_internalnet2="-net 192.168.2.0/24 <para>Using more than one string in <literal>static_routes</literal> creates multiple static routes. The following shows an example of adding static - routes for the <systemitem class="ipaddress">192.168.0.0/24</systemitem> - and <systemitem class="ipaddress">192.168.1.0/24</systemitem> + routes for the <systemitem + class="ipaddress">192.168.0.0/24</systemitem> and + <systemitem class="ipaddress">192.168.1.0/24</systemitem> networks:</para> <programlisting>static_routes="net1 net2" @@ -644,13 +661,16 @@ route_net2="-net 192.168.1.0/24 192.168. which has largely been replaced by &man.pim.4; in many multicast installations. &man.mrouted.8; and the related &man.map-mbone.8; and &man.mrinfo.8; utilities are available - in the &os; Ports Collection as <package>net/mrouted</package>.</para> + in the &os; Ports Collection as + <package>net/mrouted</package>.</para> </note> </sect2> </sect1> <sect1 xml:id="network-wireless"> - <info><title>Wireless Networking</title> + <info> + <title>Wireless Networking</title> + <authorgroup> <author><personname><othername>Loader</othername></personname></author> @@ -659,7 +679,6 @@ route_net2="-net 192.168.1.0/24 192.168. <author><personname><firstname>Murray</firstname><surname>Stokely</surname></personname></author> </authorgroup> </info> - <indexterm><primary>wireless networking</primary></indexterm> <indexterm> @@ -800,11 +819,13 @@ route_net2="-net 192.168.1.0/24 192.168. changed according to the configuration. A list of available wireless drivers and supported adapters can be found in the &os; Hardware Notes, available on - the <link xlink:href="http://www.FreeBSD.org/releases/index.html">Release + the <link + xlink:href="http://www.FreeBSD.org/releases/index.html">Release Information</link> page of the &os; website. If a native &os; driver for the wireless device does not exist, it may be possible to use the &windows; driver - with the help of the <link linkend="config-network-ndis">NDIS</link> driver + with the help of the <link + linkend="config-network-ndis">NDIS</link> driver wrapper.</para> </note> @@ -980,7 +1001,8 @@ freebsdap 00:11:95:c3:0d:ac 1 <para>This section provides a simple example of how to make the wireless network adapter work in &os; without encryption. Once familiar with these concepts, it is - strongly recommend to use <link linkend="network-wireless-wpa">WPA</link> to set up + strongly recommend to use <link + linkend="network-wireless-wpa">WPA</link> to set up the wireless network.</para> <para>There are three basic steps to configure a wireless @@ -1057,7 +1079,8 @@ ifconfig_wlan0="mode <replaceable>11g</r authentication is the default setting. The next most common setup is <acronym>WPA-PSK</acronym>, also known as <acronym>WPA</acronym> Personal, which is - described in <xref linkend="network-wireless-wpa-wpa-psk"/>.</para> + described in <xref + linkend="network-wireless-wpa-wpa-psk"/>.</para> <note> <para>If using an &apple; &airport; Extreme base @@ -1079,7 +1102,8 @@ ifconfig_wlan0="authmode shared wepmode with legacy devices, it is better to use <acronym>WEP</acronym> with <literal>open</literal> authentication. More information regarding - <acronym>WEP</acronym> can be found in <xref linkend="network-wireless-wep"/>.</para> + <acronym>WEP</acronym> can be found in <xref + linkend="network-wireless-wep"/>.</para> </note> </sect5> @@ -1339,17 +1363,19 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN (<acronym>EAP-TLS</acronym>) is a well-supported wireless authentication protocol since it was the first <acronym>EAP</acronym> method to be certified - by the <link xlink:href="http://www.wi-fi.org/">Wi-Fi alliance</link>. - <acronym>EAP-TLS</acronym> requires three certificates - to run: the certificate of the Certificate Authority - (<acronym>CA</acronym>) installed on all machines, the - server certificate for the authentication server, and - one client certificate for each wireless client. In - this <acronym>EAP</acronym> method, both the - authentication server and wireless client authenticate - each other by presenting their respective certificates, - and then verify that these certificates were signed by - the organization's <acronym>CA</acronym>.</para> + by the <link + xlink:href="http://www.wi-fi.org/">Wi-Fi + alliance</link>. <acronym>EAP-TLS</acronym> requires + three certificates to run: the certificate of the + Certificate Authority (<acronym>CA</acronym>) installed + on all machines, the server certificate for the + authentication server, and one client certificate for + each wireless client. In this <acronym>EAP</acronym> + method, both the authentication server and wireless + client authenticate each other by presenting their + respective certificates, and then verify that these + certificates were signed by the organization's + <acronym>CA</acronym>.</para> <para>As previously, the configuration is done via <filename>/etc/wpa_supplicant.conf</filename>:</para> @@ -1742,8 +1768,8 @@ Associated with 00:13:46:49:41:76</scree <para><acronym>IBSS</acronym> mode, also called ad-hoc mode, is designed for point to point connections. For example, to establish an ad-hoc network between the machines - <systemitem>A</systemitem> and <systemitem>B</systemitem>, choose two - <acronym>IP</acronym> addresses and a + <systemitem>A</systemitem> and <systemitem>B</systemitem>, + choose two <acronym>IP</acronym> addresses and a <acronym>SSID</acronym>.</para> <para>On <systemitem>A</systemitem>:</para> @@ -1773,8 +1799,8 @@ Associated with 00:13:46:49:41:76</scree <para>The <literal>I</literal> in the output confirms that <systemitem>A</systemitem> is in ad-hoc mode. Now, configure - <systemitem>B</systemitem> with a different <acronym>IP</acronym> - address:</para> + <systemitem>B</systemitem> with a different + <acronym>IP</acronym> address:</para> <screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.2</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable></userinput> &prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput> @@ -1787,8 +1813,9 @@ Associated with 00:13:46:49:41:76</scree country US ecm authmode OPEN privacy OFF txpower 21.5 scanvalid 60 protmode CTS wme burst</screen> - <para>Both <systemitem>A</systemitem> and <systemitem>B</systemitem> are now - ready to exchange information.</para> + <para>Both <systemitem>A</systemitem> and + <systemitem>B</systemitem> are now ready to exchange + information.</para> </sect2> <sect2 xml:id="network-wireless-ap"> @@ -1807,7 +1834,8 @@ Associated with 00:13:46:49:41:76</scree <acronym>AP</acronym>, the kernel must be configured with the appropriate networking support for the wireless card as well as the security protocols being used. For more - details, see <xref linkend="network-wireless-basic"/>.</para> + details, see <xref + linkend="network-wireless-basic"/>.</para> <note> <para>The <acronym>NDIS</acronym> driver wrapper for @@ -1914,8 +1942,8 @@ freebsdap 00:11:95:c3:0d:ac 1 <acronym>AP</acronym> using the <acronym>WPA</acronym> security protocol. More details regarding <acronym>WPA</acronym> and the configuration of - <acronym>WPA</acronym>-based - wireless clients can be found in <xref linkend="network-wireless-wpa"/>.</para> + <acronym>WPA</acronym>-based wireless clients can be found + in <xref linkend="network-wireless-wpa"/>.</para> <para>The &man.hostapd.8; daemon is used to deal with client authentication and key management on the @@ -1931,7 +1959,8 @@ freebsdap 00:11:95:c3:0d:ac 1 <programlisting>hostapd_enable="YES"</programlisting> <para>Before trying to configure &man.hostapd.8;, first - configure the basic settings introduced in <xref linkend="network-wireless-ap-basic"/>.</para> + configure the basic settings introduced in <xref + linkend="network-wireless-ap-basic"/>.</para> <sect4> <title><acronym>WPA-PSK</acronym></title> @@ -2042,10 +2071,10 @@ wpa_pairwise=CCMP TKIP <co xml:id="co-ap authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen> <para>Once the <acronym>AP</acronym> is running, the - clients can associate with it. See <xref linkend="network-wireless-wpa"/> for more details. - It is possible to see the stations associated with the - <acronym>AP</acronym> using <command>ifconfig - wlan0 list + clients can associate with it. See <xref + linkend="network-wireless-wpa"/> for more details. It + is possible to see the stations associated with the + <acronym>AP</acronym> using <command>ifconfig wlan0 list sta</command>.</para> </sect4> </sect3> @@ -2112,7 +2141,8 @@ freebsdap 00:11:95:c3:0d:ac 1 <para>In this example, the client machine found the <acronym>AP</acronym> and can associate with it using the - correct parameters. See <xref linkend="network-wireless-wep"/> for more details.</para> + correct parameters. See <xref + linkend="network-wireless-wep"/> for more details.</para> </sect3> </sect2> @@ -2131,8 +2161,10 @@ freebsdap 00:11:95:c3:0d:ac 1 and the operating system switches automatically when the link state changes.</para> - <para>Link aggregation and failover is covered in <xref linkend="network-aggregation"/> and an example for using - both wired and wireless connections is provided at <xref linkend="networking-lagg-wired-and-wireless"/>.</para> + <para>Link aggregation and failover is covered in <xref + linkend="network-aggregation"/> and an example for using + both wired and wireless connections is provided at <xref + linkend="networking-lagg-wired-and-wireless"/>.</para> </sect2> <sect2> @@ -2228,16 +2260,17 @@ freebsdap 00:11:95:c3:0d:ac 1 </sect1> <sect1 xml:id="network-bluetooth"> - <info><title>Bluetooth</title> + <info> + <title>Bluetooth</title> + <authorgroup> - <author><personname><firstname>Pav</firstname><surname>Lucistnik</surname></personname><contrib>Written by </contrib><affiliation> + <author><personname><firstname>Pav</firstname><surname>Lucistnik</surname></personname><contrib>Written + by </contrib><affiliation> <address><email>pav@FreeBSD.org</email></address> </affiliation></author> </authorgroup> </info> - - <indexterm><primary>Bluetooth</primary></indexterm> <sect2> <title>Introduction</title> @@ -2804,8 +2837,9 @@ Success, response: OK, Success (0x20)</s <para>In order to provide the <acronym>OPUSH</acronym> service, &man.sdpd.8; must be running and a root folder, where all incoming objects will be stored, must be created. The - default path to the root folder is <filename>/var/spool/obex</filename>. Finally, - start the <acronym>OBEX</acronym> server on a valid + default path to the root folder is + <filename>/var/spool/obex</filename>. Finally, start the + <acronym>OBEX</acronym> server on a valid <acronym>RFCOMM</acronym> channel number. The <acronym>OBEX</acronym> server will automatically register the <acronym>OPUSH</acronym> service with the local @@ -2877,12 +2911,14 @@ rfcomm_sppd[94692]: Starting on /dev/tty </sect1> <sect1 xml:id="network-bridging"> - <info><title>Bridging</title> + <info> + <title>Bridging</title> + <authorgroup> - <author><personname><firstname>Andrew</firstname><surname>Thompson</surname></personname><contrib>Written by </contrib></author> + <author><personname><firstname>Andrew</firstname><surname>Thompson</surname></personname><contrib>Written + by </contrib></author> </authorgroup> </info> - <sect2> <title>Introduction</title> @@ -3206,23 +3242,25 @@ bridge0: flags=8843<UP,BROADCAST,RUNN forwarding table. Clients learned on a particular segment of the bridge can not roam to another segment.</para> - <para>Another example of using sticky addresses is to - combine the bridge with <acronym>VLAN</acronym>s to create - a router where customer networks are isolated without - wasting <acronym>IP</acronym> address space. Consider that - <systemitem class="fqdomainname">CustomerA</systemitem> is on - <literal>vlan100</literal> and <systemitem class="fqdomainname">CustomerB</systemitem> is on + <para>Another example of using sticky addresses is to combine + the bridge with <acronym>VLAN</acronym>s to create a router + where customer networks are isolated without wasting + <acronym>IP</acronym> address space. Consider that + <systemitem class="fqdomainname">CustomerA</systemitem> is + on <literal>vlan100</literal> and <systemitem + class="fqdomainname">CustomerB</systemitem> is on <literal>vlan101</literal>. The bridge has the address - <systemitem class="ipaddress">192.168.0.1</systemitem> and is also an - Internet router.</para> + <systemitem class="ipaddress">192.168.0.1</systemitem> and + is also an Internet router.</para> <screen>&prompt.root; <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput> &prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen> - <para>In this example, both clients see <systemitem class="ipaddress">192.168.0.1</systemitem> as their default - gateway. Since the bridge cache is sticky, one host can not - spoof the <acronym>MAC</acronym> address of the other - customer in order to intercept their traffic.</para> + <para>In this example, both clients see <systemitem + class="ipaddress">192.168.0.1</systemitem> as their + default gateway. Since the bridge cache is sticky, one host + can not spoof the <acronym>MAC</acronym> address of the + other customer in order to intercept their traffic.</para> <para>Any communication between the <acronym>VLAN</acronym>s can be blocked using a firewall or, as seen in this example, @@ -3231,8 +3269,8 @@ bridge0: flags=8843<UP,BROADCAST,RUNN <screen>&prompt.root; <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput></screen> <para>The customers are completely isolated from each other - and the full <systemitem class="netmask">/24</systemitem> address - range can be allocated without subnetting.</para> + and the full <systemitem class="netmask">/24</systemitem> + address range can be allocated without subnetting.</para> </sect3> <sect3> @@ -3245,7 +3283,8 @@ bridge0: flags=8843<UP,BROADCAST,RUNN is removed.</para> <para>The following example sets the maximum number of - Ethernet devices for <systemitem class="fqdomainname">CustomerA</systemitem> on + Ethernet devices for <systemitem + class="fqdomainname">CustomerA</systemitem> on <literal>vlan100</literal> to 10:</para> <screen>&prompt.root; <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput></screen> @@ -3272,11 +3311,13 @@ bridge0: flags=8843<UP,BROADCAST,RUNN information.</para> <para>The following examples use the - <application>Net-SNMP</application> software (<package>net-mgmt/net-snmp</package>) to query a - bridge from a client system. The <package>net-mgmt/bsnmptools</package> port can - also be used. From the <acronym>SNMP</acronym> client - which is running <application>Net-SNMP</application>, add - the following lines to + <application>Net-SNMP</application> software + (<package>net-mgmt/net-snmp</package>) to query a bridge + from a client system. The + <package>net-mgmt/bsnmptools</package> port can also be + used. From the <acronym>SNMP</acronym> client which is + running <application>Net-SNMP</application>, add the + following lines to <filename>$HOME/.snmp/snmp.conf</filename> in order to import the bridge <acronym>MIB</acronym> definitions:</para> @@ -3340,12 +3381,14 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault </sect1> <sect1 xml:id="network-aggregation"> - <info><title>Link Aggregation and Failover</title> + <info> + <title>Link Aggregation and Failover</title> + <authorgroup> - <author><personname><firstname>Andrew</firstname><surname>Thompson</surname></personname><contrib>Written by </contrib></author> + <author><personname><firstname>Andrew</firstname><surname>Thompson</surname></personname><contrib>Written + by </contrib></author> </authorgroup> </info> - <indexterm><primary>lagg</primary></indexterm> <indexterm><primary>failover</primary></indexterm> @@ -3685,15 +3728,18 @@ ifconfig_<literal>lagg0</literal>="laggp </sect1> <sect1 xml:id="network-diskless"> - <info><title>Diskless Operation</title> + <info> + <title>Diskless Operation</title> + <authorgroup> - <author><personname><firstname>Jean-François</firstname><surname>Dockès</surname></personname><contrib>Updated by </contrib></author> + <author><personname><firstname>Jean-François</firstname><surname>Dockès</surname></personname><contrib>Updated + by </contrib></author> </authorgroup> <authorgroup> - <author><personname><firstname>Alex</firstname><surname>Dupre</surname></personname><contrib>Reorganized and enhanced by </contrib></author> + <author><personname><firstname>Alex</firstname><surname>Dupre</surname></personname><contrib>Reorganized + and enhanced by </contrib></author> </authorgroup> </info> - <indexterm><primary>diskless workstation</primary></indexterm> <indexterm><primary>diskless operation</primary></indexterm> @@ -3717,8 +3763,9 @@ ifconfig_<literal>lagg0</literal>="laggp file system on the server. The script will probably require a little customization.</para> - <para>Standard system startup files exist in <filename>/etc</filename> to detect and support a - diskless system startup.</para> + <para>Standard system startup files exist in + <filename>/etc</filename> to detect and support a diskless + system startup.</para> <para>Swapping, if needed, can be done either to an <acronym>NFS</acronym> file or to a local disk.</para> @@ -3736,10 +3783,10 @@ ifconfig_<literal>lagg0</literal>="laggp <filename>/</filename> and <filename>/usr</filename>.</para> - <para>The root file system is a copy of a standard &os; - root, with some configuration files overridden by ones - specific to diskless operation or, possibly, to the - workstation they belong to.</para> + <para>The root file system is a copy of a standard &os; root, + with some configuration files overridden by ones specific to + diskless operation or, possibly, to the workstation they + belong to.</para> <para>The parts of the root which have to be writable are overlaid with &man.md.4; file systems. Any changes will be @@ -3855,8 +3902,9 @@ ifconfig_<literal>lagg0</literal>="laggp answer both <acronym>BOOTP</acronym> and <acronym>DHCP</acronym> requests.</para> - <para><application>ISC DHCP</application> is not part of - the base system. Install the <package>net/isc-dhcp42-server</package> port or + <para><application>ISC DHCP</application> is not part of the + base system. Install the + <package>net/isc-dhcp42-server</package> port or package.</para> <para>Once <application>ISC DHCP</application> is installed, @@ -3980,7 +4028,8 @@ subnet 192.168.4.0 netmask 255.255.255.0 <procedure> <step> <para>Create a directory from which &man.tftpd.8; will - serve the files, such as <filename>/tftpboot</filename>.</para> + serve the files, such as + <filename>/tftpboot</filename>.</para> </step> <step> @@ -4152,7 +4201,8 @@ cd /usr/src/etc; make distribution</prog <title>Miscellaneous Issues</title> <sect4> - <title>Running with a Read-only <filename>/usr</filename></title> + <title>Running with a Read-only + <filename>/usr</filename></title> <indexterm> <primary>diskless operation</primary> @@ -4162,7 +4212,8 @@ cd /usr/src/etc; make distribution</prog <para>If the diskless workstation is configured to run <application>&xorg;</application>, adjust the <application>XDM</application> configuration file as it - puts the error log on <filename>/usr</filename> by default.</para> + puts the error log on <filename>/usr</filename> by + default.</para> </sect4> <sect4> @@ -4174,27 +4225,28 @@ cd /usr/src/etc; make distribution</prog &man.tar.1; or &man.cpio.1;.</para> <para>In this situation, there are sometimes problems with - the special files in <filename>/dev</filename>, due to differing - major/minor integer sizes. A solution to this problem - is to export a directory from the non-&os; server, mount - this directory onto a &os; machine, and use &man.devfs.5; - to allocate device nodes transparently for the - user.</para> + the special files in <filename>/dev</filename>, due to + differing major/minor integer sizes. A solution to this + problem is to export a directory from the non-&os; server, + mount this directory onto a &os; machine, and use + &man.devfs.5; to allocate device nodes transparently for + the user.</para> </sect4> </sect3> </sect2> </sect1> <sect1 xml:id="network-pxe-nfs"> - <info><title>PXE Booting with an <acronym>NFS</acronym> Root File + <info> + <title>PXE Booting with an <acronym>NFS</acronym> Root File System</title> + <authorgroup> <author><personname><firstname>Craig</firstname><surname>Rodrigues</surname></personname><affiliation> <address>rodrigc@FreeBSD.org</address> </affiliation><contrib>Written by </contrib></author> </authorgroup> </info> - <para>The &intel; Preboot eXecution Environment (<acronym>PXE</acronym>) allows booting the operating system @@ -4211,7 +4263,8 @@ cd /usr/src/etc; make distribution</prog loader via <acronym>TFTP</acronym>. After the host computer receives this information, it downloads the boot loader via <acronym>TFTP</acronym> and then executes the boot loader. - This is documented in section 2.2.1 of the <link xlink:href="http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf">Preboot + This is documented in section 2.2.1 of the <link + xlink:href="http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf">Preboot Execution Environment (<acronym>PXE</acronym>) Specification</link>. In &os;, the boot loader retrieved during the <acronym>PXE</acronym> process is @@ -4229,8 +4282,9 @@ cd /usr/src/etc; make distribution</prog <step> <para>Choose a directory which will have a &os; installation which will be <acronym>NFS</acronym> - mountable. For example, a directory such as <filename>/b/tftpboot/FreeBSD/install</filename> - can be used.</para> + mountable. For example, a directory such as + <filename>/b/tftpboot/FreeBSD/install</filename> can be + used.</para> <screen>&prompt.root; <userinput>export NFSROOTDIR=/b/tftpboot/FreeBSD/install</userinput> &prompt.root; <userinput>mkdir -p ${NFSROOTDIR}</userinput></screen> @@ -4238,7 +4292,8 @@ cd /usr/src/etc; make distribution</prog <step> <para>Enable the <acronym>NFS</acronym> server by following - the instructions in <xref linkend="network-configuring-nfs"/>.</para> + the instructions in <xref + linkend="network-configuring-nfs"/>.</para> </step> <step> @@ -4274,7 +4329,8 @@ cd /usr/src/etc; make distribution</prog </step> <step> - <para>Rebuild the &os; kernel and userland (<xref linkend="makeworld"/>):</para> + <para>Rebuild the &os; kernel and userland (<xref + linkend="makeworld"/>):</para> <screen>&prompt.root; <userinput>cd /usr/src</userinput> &prompt.root; <userinput>make buildworld</userinput> @@ -4358,17 +4414,19 @@ myhost.example.com:/b/tftpboot/FreeBSD/i <acronym>NFS</acronym> boot and runs <filename>/etc/rc.initdiskless</filename>. Read the comments in this script to understand what is going on. In this case, - <filename>/etc</filename> and <filename>/var</filename> need to be memory backed - file systems so that these directories are writable but the - <acronym>NFS</acronym> root directory is read-only:</para> + <filename>/etc</filename> and <filename>/var</filename> need + to be memory backed file systems so that these directories are + writable but the <acronym>NFS</acronym> root directory is + read-only:</para> <screen>&prompt.root; <userinput>chroot ${NFSROOTDIR}</userinput> &prompt.root; <userinput>mkdir -p conf/base</userinput> &prompt.root; <userinput>tar -c -v -f conf/base/etc.cpio.gz --format cpio --gzip etc</userinput> &prompt.root; <userinput>tar -c -v -f conf/base/var.cpio.gz --format cpio --gzip var</userinput></screen> - <para>When the system boots, memory file systems for <filename>/etc</filename> and <filename>/var</filename> will be created and - mounted and the contents of the + <para>When the system boots, memory file systems for + <filename>/etc</filename> and <filename>/var</filename> will + be created and mounted and the contents of the <filename>cpio.gz</filename> files will be copied into them.</para> </sect2> @@ -4385,7 +4443,8 @@ myhost.example.com:/b/tftpboot/FreeBSD/i <procedure> <step> <para>Install the <acronym>DHCP</acronym> server by - following the instructions documented at <xref linkend="network-dhcp-server"/>. Make sure that + following the instructions documented at <xref + linkend="network-dhcp-server"/>. Make sure that <filename>/etc/rc.conf</filename> and <filename>/usr/local/etc/dhcpd.conf</filename> are correctly configured.</para> @@ -4443,7 +4502,8 @@ myhost.example.com:/b/tftpboot/FreeBSD/i <para>Use the <package>net/wireshark</package> package or port to debug the network traffic involved during the <acronym>PXE</acronym> booting process, as illustrated - in the diagram below. In <xref linkend="network-pxe-setting-up-dhcp"/>, an example + in the diagram below. In <xref + linkend="network-pxe-setting-up-dhcp"/>, an example configuration is shown where the <acronym>DHCP</acronym>, <acronym>TFTP</acronym>, and <acronym>NFS</acronym> servers are on the same machine. However, these @@ -4456,11 +4516,16 @@ myhost.example.com:/b/tftpboot/FreeBSD/i <mediaobject> <imageobjectco> <areaspec units="calspair"> - <area xml:id="co-pxenfs1" coords="2873,8133 3313,7266"/> - <area xml:id="co-pxenfs2" coords="3519,6333 3885,5500"/> - <area xml:id="co-pxenfs3" coords="4780,5866 5102,5200"/> - <area xml:id="co-pxenfs4" coords="4794,4333 5102,3600"/> - <area xml:id="co-pxenfs5" coords="3108,2666 3519,1800"/> + <area + xml:id="co-pxenfs1" coords="2873,8133 3313,7266"/> + <area + xml:id="co-pxenfs2" coords="3519,6333 3885,5500"/> + <area + xml:id="co-pxenfs3" coords="4780,5866 5102,5200"/> + <area + xml:id="co-pxenfs4" coords="4794,4333 5102,3600"/> + <area + xml:id="co-pxenfs5" coords="3108,2666 3519,1800"/> </areaspec> <imageobject> <imagedata fileref="advanced-networking/pxe-nfs"/> @@ -4547,12 +4612,14 @@ Received 264951 bytes in 0.1 seconds</sc </sect1> <sect1 xml:id="network-natd"> - <info><title>Network Address Translation</title> + <info> + <title>Network Address Translation</title> + <authorgroup> - <author><personname><firstname>Chern</firstname><surname>Lee</surname></personname><contrib>Contributed by </contrib></author> + <author><personname><firstname>Chern</firstname><surname>Lee</surname></personname><contrib>Contributed + by </contrib></author> </authorgroup> </info> - <sect2 xml:id="network-natoverview"> <title>Overview</title> @@ -4768,20 +4835,27 @@ redirect_port tcp 192.168.0.3:80 80</pro <para>Each machine and interface behind the <acronym>LAN</acronym> should be assigned <acronym>IP</acronym> addresses in the private network space, - as defined by <link xlink:href="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC + as defined by <link + xlink:href="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC 1918</link>, and have a default gateway of the &man.natd.8; machine's internal <acronym>IP</acronym> address.</para> <para>For example, client <systemitem>A</systemitem> and - <systemitem>B</systemitem> behind the <acronym>LAN</acronym> have - <acronym>IP</acronym> addresses of <systemitem class="ipaddress">192.168.0.2</systemitem> and <systemitem class="ipaddress">192.168.0.3</systemitem>, while the &man.natd.8; - machine's <acronym>LAN</acronym> interface has an - <acronym>IP</acronym> address of <systemitem class="ipaddress">192.168.0.1</systemitem>. The default gateway - of clients <systemitem>A</systemitem> and <systemitem>B</systemitem> must be - set to that of the &man.natd.8; machine, <systemitem class="ipaddress">192.168.0.1</systemitem>. The &man.natd.8; - machine's external Internet interface does not require any - special modification for &man.natd.8; to work.</para> + <systemitem>B</systemitem> behind the <acronym>LAN</acronym> + have <acronym>IP</acronym> addresses of <systemitem + class="ipaddress">192.168.0.2</systemitem> and <systemitem + class="ipaddress">192.168.0.3</systemitem>, while the + &man.natd.8; machine's <acronym>LAN</acronym> interface has an + <acronym>IP</acronym> address of <systemitem + class="ipaddress">192.168.0.1</systemitem>. The default + gateway of clients <systemitem>A</systemitem> and + <systemitem>B</systemitem> must be set to that of the + &man.natd.8; machine, <systemitem + class="ipaddress">192.168.0.1</systemitem>. The + &man.natd.8; machine's external Internet interface does not + require any special modification for &man.natd.8; to + work.</para> </sect2> <sect2 xml:id="network-natdport-redirection"> @@ -4798,10 +4872,10 @@ redirect_port tcp 192.168.0.3:80 80</pro client.</para> <para>For example, an <acronym>IRC</acronym> server runs on - client <systemitem>A</systemitem> and a web server runs on client - <systemitem>B</systemitem>. For this to work properly, connections - received on ports 6667 (<acronym>IRC</acronym>) and 80 - (<acronym>HTTP</acronym>) must be redirected to the + client <systemitem>A</systemitem> and a web server runs on + client <systemitem>B</systemitem>. For this to work properly, + connections received on ports 6667 (<acronym>IRC</acronym>) + and 80 (<acronym>HTTP</acronym>) must be redirected to the respective machines.</para> <para>The syntax for <option>-redirect_port</option> is as @@ -4823,7 +4897,8 @@ redirect_port tcp 192.168.0.3:80 80</pro <option>-redirect_port</option>. For example, <replaceable>tcp 192.168.0.2:2000-3000 2000-3000</replaceable> would redirect all connections received on ports 2000 to 3000 - to ports 2000 to 3000 on client <systemitem>A</systemitem>.</para> + to ports 2000 to 3000 on client + <systemitem>A</systemitem>.</para> <para>These options can be used when directly running &man.natd.8;, placed within the @@ -4849,12 +4924,17 @@ redirect_port tcp 192.168.0.3:80 80</pro incoming on that particular <acronym>IP</acronym> address back to the specific <acronym>LAN</acronym> client. This is also known as static <acronym>NAT</acronym>. For example, - if <acronym>IP</acronym> addresses <systemitem class="ipaddress">128.1.1.1</systemitem>, <systemitem class="ipaddress">128.1.1.2</systemitem>, and <systemitem class="ipaddress">128.1.1.3</systemitem> are available, <systemitem class="ipaddress">128.1.1.1</systemitem> can be used as the - &man.natd.8; machine's external <acronym>IP</acronym> - address, while <systemitem class="ipaddress">128.1.1.2</systemitem> and - <systemitem class="ipaddress">128.1.1.3</systemitem> are forwarded back - to <acronym>LAN</acronym> clients <systemitem>A</systemitem> and - <systemitem>B</systemitem>.</para> + if <acronym>IP</acronym> addresses <systemitem + class="ipaddress">128.1.1.1</systemitem>, <systemitem + class="ipaddress">128.1.1.2</systemitem>, and <systemitem + class="ipaddress">128.1.1.3</systemitem> are available, + <systemitem class="ipaddress">128.1.1.1</systemitem> can be + used as the &man.natd.8; machine's external + <acronym>IP</acronym> address, while <systemitem + class="ipaddress">128.1.1.2</systemitem> and <systemitem + class="ipaddress">128.1.1.3</systemitem> are forwarded back + to <acronym>LAN</acronym> clients <systemitem>A</systemitem> + and <systemitem>B</systemitem>.</para> <para>The <option>-redirect_address</option> syntax is as follows:</para> @@ -4901,25 +4981,29 @@ redirect_port tcp 192.168.0.3:80 80</pro </sect1> <sect1 xml:id="network-ipv6"> - <info><title><acronym>IPv6</acronym></title> + <info> + <title><acronym>IPv6</acronym></title> + <authorgroup> - <author><personname><firstname>Aaron</firstname><surname>Kaplan</surname></personname><contrib>Originally Written by </contrib></author> + <author><personname><firstname>Aaron</firstname><surname>Kaplan</surname></personname><contrib>Originally + Written by </contrib></author> </authorgroup> <authorgroup> - <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Restructured and Added by </contrib></author> + <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Restructured + and Added by </contrib></author> </authorgroup> <authorgroup> - <author><personname><firstname>Brad</firstname><surname>Davis</surname></personname><contrib>Extended by </contrib></author> + <author><personname><firstname>Brad</firstname><surname>Davis</surname></personname><contrib>Extended + by </contrib></author> </authorgroup> </info> - - <para><acronym>IPv6</acronym>, also known as <acronym>IPng</acronym> <quote><acronym>IP</acronym> next generation</quote>, is the new version of the well known <acronym>IP</acronym> protocol, also known as - <acronym>IPv4</acronym>. &os; includes the <link xlink:href="http://www.kame.net/">KAME</link>; + <acronym>IPv4</acronym>. &os; includes the <link + xlink:href="http://www.kame.net/">KAME</link>; <acronym>IPv6</acronym> reference implementation. &os; comes with everything needed to use <acronym>IPv6</acronym>. This section focuses on getting <acronym>IPv6</acronym> configured @@ -4933,16 +5017,17 @@ redirect_port tcp 192.168.0.3:80 80</pro <itemizedlist> <listitem> <para>Running out of addresses. For years the use of - RFC1918 private address space - (<systemitem class="ipaddress">10.0.0.0/8</systemitem>, - <systemitem class="ipaddress">172.16.0.0/12</systemitem>, and - <systemitem class="ipaddress">192.168.0.0/16</systemitem>) and NAT + RFC1918 private address space (<systemitem + class="ipaddress">10.0.0.0/8</systemitem>, <systemitem + class="ipaddress">172.16.0.0/12</systemitem>, and + <systemitem + class="ipaddress">192.168.0.0/16</systemitem>) and NAT has slowed down the exhaustion. Even though, there are very few remaining IPv4 addresses. The Internet Assigned Numbers Authority (<acronym>IANA</acronym>) has issued the last of the available major blocks to the Regional Registries. Once each Regional Registry runs - out, there will be no more available and switching to + out, there will be no more available and switching to <acronym>IPv6</acronym> will be critical.</para> </listitem> @@ -4978,7 +5063,8 @@ redirect_port tcp 192.168.0.3:80 80</pro <itemizedlist> <listitem> - <para>Address autoconfiguration (<link xlink:href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</link>).</para>; + <para>Address autoconfiguration (<link + xlink:href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</link>).</para>; </listitem> <listitem> @@ -5014,7 +5100,8 @@ redirect_port tcp 192.168.0.3:80 80</pro <itemizedlist> <listitem> - <para><link xlink:href="http://www.kame.net">KAME.net</link></para>; + <para><link + xlink:href="http://www.kame.net">KAME.net</link></para>; </listitem> </itemizedlist> @@ -5040,8 +5127,9 @@ redirect_port tcp 192.168.0.3:80 80</pro <note> <para>The <acronym>IPv4</acronym> broadcast address, usually - <systemitem class="ipaddress">xxx.xxx.xxx.255</systemitem>, is expressed - by multicast addresses in <acronym>IPv6</acronym>.</para> + <systemitem class="ipaddress">xxx.xxx.xxx.255</systemitem>, + is expressed by multicast addresses in + <acronym>IPv6</acronym>.</para> </note> <table frame="none"> @@ -5062,7 +5150,8 @@ redirect_port tcp 192.168.0.3:80 80</pro <entry><systemitem>::</systemitem></entry> <entry>128 bits</entry> <entry>unspecified</entry> - <entry>Equivalent to <systemitem class="ipaddress">0.0.0.0</systemitem> in *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402122320.s1CNKvuF042812>