svn commit: r42603 - head/en_US.ISO8859-1/books/handbook/network-servers
Warren Block
wblock at FreeBSD.org
Thu Aug 29 03:56:18 UTC 2013
Author: wblock
Date: Thu Aug 29 03:56:17 2013
New Revision: 42603
URL: http://svnweb.freebsd.org/changeset/doc/42603
Log:
Whitespace-only fixes. Translators, please ignore.
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Aug 29 01:46:14 2013 (r42602)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Aug 29 03:56:17 2013 (r42603)
@@ -22,12 +22,11 @@
<sect1 id="network-servers-synopsis">
<title>Synopsis</title>
- <para>This chapter covers some of the more frequently used
- network services on &unix; systems. This includes
- installing, configuring, testing, and maintaining
- many different types of network services. Example
- configuration files are included throughout this
- chapter for reference.</para>
+ <para>This chapter covers some of the more frequently used network
+ services on &unix; systems. This includes installing,
+ configuring, testing, and maintaining many different types of
+ network services. Example configuration files are included
+ throughout this chapter for reference.</para>
<para>By the end of this chapter, readers will know:</para>
@@ -134,16 +133,15 @@
<para>The &man.inetd.8; daemon is sometimes referred to as the
<quote>Internet Super-Server</quote> because it manages
- connections for many services. When a connection is
- received by <application>inetd</application>, it determines
- which program the connection is destined for, spawns the
- particular process and delegates the socket to it (the program
- is invoked with the service socket as its standard input,
- output and error descriptors). Running
- <application>inetd</application> for servers that are not
- heavily used can reduce the overall system load, when compared
- to running each daemon individually in stand-alone
- mode.</para>
+ connections for many services. When a connection is received
+ by <application>inetd</application>, it determines which
+ program the connection is destined for, spawns the particular
+ process and delegates the socket to it (the program is invoked
+ with the service socket as its standard input, output and
+ error descriptors). Running <application>inetd</application>
+ for servers that are not heavily used can reduce the overall
+ system load, when compared to running each daemon individually
+ in stand-alone mode.</para>
<para>Primarily, <application>inetd</application> is used to
spawn other daemons, but several trivial protocols are handled
@@ -413,8 +411,7 @@ server-program-arguments</programlisting
<option>nowait</option> is mandatory.
<option>max-child</option>,
<option>max-connections-per-ip-per-minute</option> and
- <option>max-child-per-ip</option> are
- optional.</para>
+ <option>max-child-per-ip</option> are optional.</para>
<para>A stream-type multi-threaded daemon without any
<option>max-child</option>,
@@ -560,8 +557,8 @@ server-program-arguments</programlisting
<para>&os; supports the Network File System
(<acronym>NFS</acronym>), which allows a server to share
directories and files with clients over a network. With
- <acronym>NFS</acronym>, users and programs can access files
- on remote systems as if they were stored locally.</para>
+ <acronym>NFS</acronym>, users and programs can access files on
+ remote systems as if they were stored locally.</para>
<para>The most notable benefits that
<acronym>NFS</acronym> provides are:</para>
@@ -690,15 +687,14 @@ mountd_flags="-r"</programlisting>
<programlisting>nfs_client_enable="YES"</programlisting>
- <para><filename>/etc/exports</filename> specifies which
- file systems the <acronym>NFS</acronym> server will
- export. Each line in
- <filename>/etc/exports</filename> specifies a file system to
- be exported and which clients have access to that file system,
- as well as any access options. There are many
- such options that can be used in this file, but only a few will
- be mentioned here. See &man.exports.5; for the full list of
- options.</para>
+ <para><filename>/etc/exports</filename> specifies which file
+ systems the <acronym>NFS</acronym> server will export. Each
+ line in <filename>/etc/exports</filename> specifies a file
+ system to be exported and which clients have access to that
+ file system, as well as any access options. There are many
+ such options that can be used in this file, but only a few
+ will be mentioned here. See &man.exports.5; for the full list
+ of options.</para>
<indexterm>
<primary>NFS</primary>
@@ -736,14 +732,14 @@ mountd_flags="-r"</programlisting>
<para>This next line exports
<filename class="directory">/a</filename> so that two clients
- from different domains may access the file system.
- The <option>-maproot=root</option> flag allows the
+ from different domains may access the file system. The
+ <option>-maproot=root</option> flag allows the
<username>root</username> user on the remote system to write
data on the exported file system as <username>root</username>.
If the <literal>-maproot=root</literal> flag is not specified,
- the client's <username>root</username> user will be mapped
- to the server's <username>nobody</username> account and will
- be subject to the access limitations defined for user,
+ the client's <username>root</username> user will be mapped to
+ the server's <username>nobody</username> account and will be
+ subject to the access limitations defined for user,
<username>nobody</username>.</para>
<programlisting>/a -maproot=root host.example.com box.example.org</programlisting>
@@ -765,9 +761,9 @@ mountd_flags="-r"</programlisting>
/usr/ports client</programlisting>
<para>The <filename class="directory">/usr</filename> file
- system has two lines
- specifying exports to the same host, <hostid>client</hostid>.
- The correct format for this situation is:</para>
+ system has two lines specifying exports to the same host,
+ <hostid>client</hostid>. The correct format for this
+ situation is:</para>
<programlisting>/usr/src /usr/ports client</programlisting>
@@ -802,9 +798,8 @@ mountd_flags="-r"</programlisting>
more information about using rc scripts.</para>
<para>On a new server being configured with
- <acronym>NFS</acronym> services, the server can be
- started by running this command as
- <username>root</username>:</para>
+ <acronym>NFS</acronym> services, the server can be started by
+ running this command as <username>root</username>:</para>
<screen>&prompt.root; <userinput>service nfsd start</userinput></screen>
@@ -816,9 +811,9 @@ mountd_flags="-r"</programlisting>
file system. In these examples, the server's name is
<hostid>server</hostid> and the client's name is
<hostid>client</hostid>. For testing or to temporarily mount
- a remote file system, execute
- <application>mount</application> as
- <username>root</username> on <hostid>client</hostid>:</para>
+ a remote file system, execute <application>mount</application>
+ as <username>root</username> on
+ <hostid>client</hostid>:</para>
<indexterm>
<primary>NFS</primary>
@@ -826,14 +821,11 @@ mountd_flags="-r"</programlisting>
</indexterm>
<screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen>
- <para>This mounts the
- <hostid>server</hostid>:
- <filename class="directory">/home</filename>
- file system to the
- <hostid>client</hostid>:
- <filename class="directory">/mnt</filename> mount
- point. The files and directories in the
- <hostid>server</hostid>
+ <para>This mounts the <hostid>server</hostid>:
+ <filename class="directory">/home</filename> file system to
+ the <hostid>client</hostid>:
+ <filename class="directory">/mnt</filename> mount point. The
+ files and directories in the <hostid>server</hostid>
<filename class="directory">/home</filename> file system will
now be available on <hostid>client</hostid>, in the
<filename class="directory">/mnt</filename> directory.</para>
@@ -864,17 +856,17 @@ rpc_statd_enable="YES"</programlisting>
<acronym>NFS</acronym> client and server are already
configured.</para>
- <para>Start the application, as
- <username>root</username>, with:</para>
+ <para>Start the application, as <username>root</username>,
+ with:</para>
<screen>&prompt.root; <userinput>service lockd start</userinput>
&prompt.root; <userinput>service statd start</userinput></screen>
<para>If locking is not required on the server, the
- <acronym>NFS</acronym> client can be configured to
- lock locally by passing <option>-L</option> to
- &man.mount.nfs.8;. Refer to the &man.mount.nfs.8;
- manual page for further details.</para>
+ <acronym>NFS</acronym> client can be configured to lock
+ locally by passing <option>-L</option> to &man.mount.nfs.8;.
+ Refer to the &man.mount.nfs.8; manual page for further
+ details.</para>
</sect2>
<sect2>
@@ -889,10 +881,10 @@ rpc_statd_enable="YES"</programlisting>
</indexterm>
<itemizedlist>
<listitem>
- <para>Share a <acronym>CD-ROM</acronym> or other media
- with any number of clients. It is often more
- convenient to install software on multiple
- machines from a single location.</para>
+ <para>Share a <acronym>CD-ROM</acronym> or other media with
+ any number of clients. It is often more convenient to
+ install software on multiple machines from a single
+ location.</para>
</listitem>
<listitem>
@@ -904,8 +896,8 @@ rpc_statd_enable="YES"</programlisting>
</listitem>
<listitem>
- <para>Several clients may need access to the
- <filename class="directory">/usr/ports/distfiles</filename>
+ <para>Several clients may need access to the <filename
+ class="directory">/usr/ports/distfiles</filename>
directory. Sharing that directory allows for quick access
to the source files without having to download them to
each client.</para>
@@ -949,19 +941,19 @@ rpc_statd_enable="YES"</programlisting>
<para><application>amd</application> operates by attaching
itself as an NFS server to the
- <filename class="directory">/host</filename>
- and <filename class="directory">/net</filename> directories. When a file is
- accessed within one of these directories,
+ <filename class="directory">/host</filename> and
+ <filename class="directory">/net</filename> directories. When
+ a file is accessed within one of these directories,
<application>amd</application> looks up the corresponding
remote mount and automatically mounts it.
- <filename class="directory">/net</filename> is used to mount an exported file
- system from an IP address, while
- <filename class="directory">/host</filename> is
- used to mount an export from a remote hostname.</para>
+ <filename class="directory">/net</filename> is used to mount
+ an exported file system from an IP address, while
+ <filename class="directory">/host</filename> is used to mount
+ an export from a remote hostname.</para>
<para>For instance, an attempt to access a file within
- <filename class="directory">/host/foobar/usr</filename> would tell
- <application>amd</application> to mount the
+ <filename class="directory">/host/foobar/usr</filename> would
+ tell <application>amd</application> to mount the
<filename class="directory">/usr</filename> export on the host
<hostid>foobar</hostid>.</para>
@@ -981,13 +973,13 @@ Exports list on foobar:
&prompt.user; <userinput>cd /host/foobar/usr</userinput></screen>
</example>
- <para>The output from <command>showmount</command>
- shows <filename class="directory">/usr</filename> as an
- export. When changing directories to
+ <para>The output from <command>showmount</command> shows
+ <filename class="directory">/usr</filename> as an export.
+ When changing directories to
<filename class="directory">/host/foobar/usr</filename>,
<application>amd</application> intercepts the request and
- attempts to resolve the hostname <hostid>foobar</hostid>.
- If successful, <application>amd</application> automatically
+ attempts to resolve the hostname <hostid>foobar</hostid>. If
+ successful, <application>amd</application> automatically
mounts the desired export.</para>
<para><application>amd</application> is enabled by placing
@@ -1005,11 +997,10 @@ Exports list on foobar:
<programlisting>amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"</programlisting>
- <para><filename>/etc/amd.map</filename> defines the
- default options with which exports are mounted.
- <filename>/etc/amd.conf</filename> defines some of the
- more advanced features of
- <application>amd</application>.</para>
+ <para><filename>/etc/amd.map</filename> defines the default
+ options with which exports are mounted.
+ <filename>/etc/amd.conf</filename> defines some of the more
+ advanced features of <application>amd</application>.</para>
<para>Consult the &man.amd.8; and &man.amd.conf.5; manual pages
for more information.</para>
@@ -1139,7 +1130,6 @@ Exports list on foobar:
<row>
<entry><application>ypbind</application></entry>
-
<entry><quote>Binds</quote> an NIS client to its NIS
server. It will take the NIS domainname from the
system, and using <acronym>RPC</acronym>, connect to
@@ -1449,10 +1439,10 @@ Exports list on foobar:
<note>
<para>Depending on the NIS setup, additional entries may
- be required. See the <link
- linkend="network-nis-server-is-client">section about
- NIS servers that are also NIS clients</link>, below, for
- details.</para>
+ be required. See the
+ <link linkend="network-nis-server-is-client">section
+ about NIS servers that are also NIS clients</link>,
+ below, for details.</para>
</note>
<para>After setting up the above entries, run the command
@@ -1481,8 +1471,8 @@ Exports list on foobar:
good reason, never propagate passwords for
<username>root</username> and other administrative
accounts to all the servers in the NIS domain. Therefore,
- before the NIS maps are initialized, configure the
- primary password files:</para>
+ before the NIS maps are initialized, configure the primary
+ password files:</para>
<screen>&prompt.root; <userinput>cp /etc/master.passwd /var/yp/master.passwd</userinput>
&prompt.root; <userinput>cd /var/yp</userinput>
@@ -1541,12 +1531,11 @@ ellington has been setup as an YP master
<para>At this point, <command>ypinit</command> should have
created <filename>/var/yp/Makefile</filename> from
- <filename>/var/yp/Makefile.dist</filename>.
- When created, this file assumes that the operating
- environment is a single server NIS system with only &os;
- machines. Since <literal>test-domain</literal> has
- a slave server as well, edit
- <filename>/var/yp/Makefile</filename> as well:</para>
+ <filename>/var/yp/Makefile.dist</filename>. When created,
+ this file assumes that the operating environment is a
+ single server NIS system with only &os; machines. Since
+ <literal>test-domain</literal> has a slave server as well,
+ edit <filename>/var/yp/Makefile</filename> as well:</para>
<screen>ellington&prompt.root; <userinput>vi /var/yp/Makefile</userinput></screen>
@@ -2440,9 +2429,8 @@ nis_client_flags="-S <replaceable>NIS do
Blowfish and MD5 encrypted passwords, respectively).</para>
<para>If any changes were made to
- <filename>/etc/login.conf</filename>, the
- login capability database must be rebuilt by
- running the following command as
+ <filename>/etc/login.conf</filename>, the login capability
+ database must be rebuilt by running the following command as
<username>root</username>:</para>
<screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
@@ -2603,12 +2591,12 @@ result: 0 Success
during the certificate creation process below.</para>
<para>The following commands must be executed in the
- <filename class="directory">
- /usr/local/etc/openldap/private</filename> directory. This
- is important as the file permissions will need to be
- restrictive and users should not have access to these files
- directly. To create the certificates, issues the following
- commands.</para>
+ <filename
+ class="directory">/usr/local/etc/openldap/private</filename>
+ directory. This is important as the file permissions will
+ need to be restrictive and users should not have access to
+ these files directly. To create the certificates, issues the
+ following commands.</para>
<screen>&prompt.root; <userinput>openssl req -days 365 -nodes -new -x509 -keyout ca.key -out ../ca.crt</userinput></screen>
@@ -2915,237 +2903,236 @@ result: 0 Success
<para>DHCP is supported by
<application>sysinstall</application>. When configuring a
- network interface within
- <application>sysinstall</application>, the second question
- asked is: <quote>Do you want to try DHCP configuration of
- the interface?</quote>. Answering affirmatively will
- execute <command>dhclient</command>, and if successful, will
- fill in the network configuration information
- automatically.</para>
+ network interface within
+ <application>sysinstall</application>, the second question
+ asked is: <quote>Do you want to try DHCP configuration of the
+ interface?</quote>. Answering affirmatively will execute
+ <command>dhclient</command>, and if successful, will fill in
+ the network configuration information automatically.</para>
- <para>There are two things required to have the system use
- DHCP upon startup:</para>
- <indexterm>
- <primary>DHCP</primary>
- <secondary>requirements</secondary>
- </indexterm>
- <itemizedlist>
- <listitem>
- <para>Make sure that the <devicename>bpf</devicename>
- device is compiled into the kernel. To do this, add
- <literal>device bpf</literal> to the kernel
- configuration file, and rebuild the kernel. For more
- information about building kernels, see
- <xref linkend="kernelconfig"/>.</para>
-
- <para>The <devicename>bpf</devicename> device is already
- part of the <filename>GENERIC</filename> kernel that is
- supplied with &os;, thus there is no need to build a
- custom kernel for <acronym>DHCP</acronym>. In the case
- of a custom kernel configuration file, this device must
- be present for <acronym>DHCP</acronym> to function
- properly.</para>
+ <para>There are two things required to have the system use
+ DHCP upon startup:</para>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>requirements</secondary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para>Make sure that the <devicename>bpf</devicename> device
+ is compiled into the kernel. To do this, add
+ <literal>device bpf</literal> to the kernel configuration
+ file, and rebuild the kernel. For more information about
+ building kernels, see
+ <xref linkend="kernelconfig"/>.</para>
- <note>
- <para>For those who are particularly security conscious,
- take note that <devicename>bpf</devicename>
- is also the device that allows packet sniffers to work
- correctly (although they still have to be run as
- <username>root</username>).
- <devicename>bpf</devicename> <emphasis>is</emphasis>
- required to use DHCP; however, the security sensitive
- types should probably not add
- <devicename>bpf</devicename> to the
- kernel in the expectation that at some point in the
- future the system will be using DHCP.</para>
- </note>
- </listitem>
+ <para>The <devicename>bpf</devicename> device is already
+ part of the <filename>GENERIC</filename> kernel that is
+ supplied with &os;, thus there is no need to build a
+ custom kernel for <acronym>DHCP</acronym>. In the case of
+ a custom kernel configuration file, this device must be
+ present for <acronym>DHCP</acronym> to function
+ properly.</para>
- <listitem>
- <para>By default, DHCP configuration on &os; runs in the
- background, or <firstterm>asynchronously</firstterm>.
- Other startup scripts continue to run while DHCP
- completes, speeding up system startup.</para>
-
- <para>Background DHCP works well when the DHCP server
- responds quickly to requests and the DHCP configuration
- process goes quickly. However, DHCP may take a long
- time to complete on some systems. If network services
- attempt to run before DHCP has completed, they will
- fail. Using DHCP in <firstterm>synchronous</firstterm>
- mode prevents the problem, pausing startup until DHCP
- configuration has completed.</para>
-
- <para>To connect to a DHCP server in the background while
- other startup continues (asynchronous mode), use the
- <quote><literal>DHCP</literal></quote> value in
- <filename>/etc/rc.conf</filename>:</para>
-
- <programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting>
-
- <para>To pause startup while DHCP completes, use
- synchronous mode with the
- <quote><literal>SYNCDHCP</literal></quote> value:</para>
+ <note>
+ <para>For those who are particularly security conscious,
+ take note that <devicename>bpf</devicename> is also the
+ device that allows packet sniffers to work correctly
+ (although they still have to be run as
+ <username>root</username>).
+ <devicename>bpf</devicename> <emphasis>is</emphasis>
+ required to use DHCP; however, the security sensitive
+ types should probably not add
+ <devicename>bpf</devicename> to the kernel in the
+ expectation that at some point in the future the system
+ will be using DHCP.</para>
+ </note>
+ </listitem>
- <programlisting>ifconfig_<replaceable>fxp0</replaceable>="SYNCDHCP"</programlisting>
+ <listitem>
+ <para>By default, DHCP configuration on &os; runs in the
+ background, or <firstterm>asynchronously</firstterm>.
+ Other startup scripts continue to run while DHCP
+ completes, speeding up system startup.</para>
+
+ <para>Background DHCP works well when the DHCP server
+ responds quickly to requests and the DHCP configuration
+ process goes quickly. However, DHCP may take a long time
+ to complete on some systems. If network services attempt
+ to run before DHCP has completed, they will fail. Using
+ DHCP in <firstterm>synchronous</firstterm> mode prevents
+ the problem, pausing startup until DHCP configuration has
+ completed.</para>
+
+ <para>To connect to a DHCP server in the background while
+ other startup continues (asynchronous mode), use the
+ <quote><literal>DHCP</literal></quote> value in
+ <filename>/etc/rc.conf</filename>:</para>
- <note>
- <para>Replace the <replaceable>fxp0</replaceable> shown
- in these examples with the name of the interface to be
- dynamically configured, as described in
- <xref linkend="config-network-setup"/>.</para>
- </note>
+ <programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting>
+
+ <para>To pause startup while DHCP completes, use
+ synchronous mode with the
+ <quote><literal>SYNCDHCP</literal></quote> value:</para>
- <para>When using a different file system location for
- <command>dhclient</command>, or if
- additional flags must be passed to
- <command>dhclient</command>,
- include (editing as necessary):</para>
+ <programlisting>ifconfig_<replaceable>fxp0</replaceable>="SYNCDHCP"</programlisting>
- <programlisting>dhclient_program="/sbin/dhclient"
+ <note>
+ <para>Replace the <replaceable>fxp0</replaceable> shown
+ in these examples with the name of the interface to be
+ dynamically configured, as described in
+ <xref linkend="config-network-setup"/>.</para>
+ </note>
+
+ <para>When using a different file system location for
+ <command>dhclient</command>, or if additional flags must
+ be passed to <command>dhclient</command>, include (editing
+ as necessary):</para>
+
+ <programlisting>dhclient_program="/sbin/dhclient"
dhclient_flags=""</programlisting>
- </listitem>
- </itemizedlist>
+ </listitem>
+ </itemizedlist>
- <indexterm>
- <primary>DHCP</primary>
- <secondary>server</secondary>
- </indexterm>
- <para>The DHCP server, <application>dhcpd</application>, is
- included as part of the
- <filename role="package">net/isc-dhcp42-server</filename>
- port in the ports collection. This port contains the ISC
- DHCP server and documentation.</para>
- </sect2>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>server</secondary>
+ </indexterm>
+ <para>The DHCP server, <application>dhcpd</application>, is
+ included as part of the
+ <filename role="package">net/isc-dhcp42-server</filename> port
+ in the ports collection. This port contains the ISC DHCP
+ server and documentation.</para>
+ </sect2>
- <sect2>
- <title>Files</title>
+ <sect2>
+ <title>Files</title>
- <indexterm>
- <primary>DHCP</primary>
- <secondary>configuration files</secondary>
- </indexterm>
- <itemizedlist>
- <listitem>
- <para><filename>/etc/dhclient.conf</filename></para>
- <para><command>dhclient</command> requires a configuration
- file, <filename>/etc/dhclient.conf</filename>.
- Typically the file contains only comments, the defaults
- being reasonably sane. This configuration file is
- described by the &man.dhclient.conf.5; manual
- page.</para>
- </listitem>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>configuration files</secondary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para><filename>/etc/dhclient.conf</filename></para>
- <listitem>
- <para><filename>/sbin/dhclient</filename></para>
- <para><command>dhclient</command> is statically linked and
- resides in <filename>/sbin</filename>. The
- &man.dhclient.8; manual page gives more information
- about <command>dhclient</command>.</para>
- </listitem>
+ <para><command>dhclient</command> requires a configuration
+ file, <filename>/etc/dhclient.conf</filename>. Typically
+ the file contains only comments, the defaults being
+ reasonably sane. This configuration file is described by
+ the &man.dhclient.conf.5; manual page.</para>
+ </listitem>
- <listitem>
- <para><filename>/sbin/dhclient-script</filename></para>
- <para><command>dhclient-script</command> is the
- FreeBSD-specific DHCP client configuration script. It
- is described in &man.dhclient-script.8;, but should not
- need any user modification to function properly.</para>
- </listitem>
+ <listitem>
+ <para><filename>/sbin/dhclient</filename></para>
- <listitem>
- <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
- <para>The DHCP client keeps a database of valid leases
- in this file, which is written as a log.
- &man.dhclient.leases.5; gives a slightly longer
- description.</para>
- </listitem>
- </itemizedlist>
- </sect2>
+ <para><command>dhclient</command> is statically linked and
+ resides in <filename>/sbin</filename>. The
+ &man.dhclient.8; manual page gives more information about
+ <command>dhclient</command>.</para>
+ </listitem>
- <sect2>
- <title>Further Reading</title>
+ <listitem>
+ <para><filename>/sbin/dhclient-script</filename></para>
- <para>The DHCP protocol is fully described in <ulink
- url="http://www.freesoft.org/CIE/RFC/2131/">RFC
- 2131</ulink>. An informational resource has also been set
- up at <ulink url="http://www.dhcp.org/"></ulink>.</para>
- </sect2>
-
- <sect2 id="network-dhcp-server">
- <title>Installing and Configuring a DHCP Server</title>
-
- <sect3>
- <title>What This Section Covers</title>
-
- <para>This section provides information on how to configure
- a FreeBSD system to act as a DHCP server using the ISC
- (Internet Systems Consortium) implementation of the DHCP
- server.</para>
+ <para><command>dhclient-script</command> is the
+ FreeBSD-specific DHCP client configuration script. It
+ is described in &man.dhclient-script.8;, but should not
+ need any user modification to function properly.</para>
+ </listitem>
- <para>The server is not provided as part of &os;, and so the
- <filename role="package">net/isc-dhcp42-server</filename>
- port must be installed to provide this service. See
- <xref linkend="ports"/> for more information on using the
- Ports Collection.</para>
- </sect3>
+ <listitem>
+ <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
- <sect3>
- <title>DHCP Server Installation</title>
+ <para>The DHCP client keeps a database of valid leases in
+ this file, which is written as a log.
+ &man.dhclient.leases.5; gives a slightly longer
+ description.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
- <indexterm>
- <primary>DHCP</primary>
- <secondary>installation</secondary>
- </indexterm>
- <para>In order to configure the &os; system as a DHCP
- server, first ensure that the &man.bpf.4; device is
- compiled into the kernel. To do this, add
- <literal>device bpf</literal> to the kernel configuration
- file, and rebuild the kernel. For more information about
- building kernels, see
- <xref linkend="kernelconfig"/>.</para>
+ <sect2>
+ <title>Further Reading</title>
- <para>The <devicename>bpf</devicename> device is already
- part of the <filename>GENERIC</filename> kernel that is
- supplied with &os;, so there is no need to create a
- custom kernel in order to get <acronym>DHCP</acronym>
- working.</para>
+ <para>The DHCP protocol is fully described in
+ <ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC
+ 2131</ulink>. An informational resource has also been set
+ up at <ulink url="http://www.dhcp.org/"></ulink>.</para>
+ </sect2>
- <note>
- <para>Those who are particularly security conscious
- should note that <devicename>bpf</devicename> is also
- the device that allows packet sniffers to function
- correctly (although such programs still need
- privileged access). The <devicename>bpf</devicename>
- device <emphasis>is</emphasis> required to use DHCP, but
- if the sensitivity of the system's security is high,
- this device should not be included in the kernel purely
- because the use of <acronym>DHCP</acronym> may, at some
- point in the future, be desired.</para>
- </note>
+ <sect2 id="network-dhcp-server">
+ <title>Installing and Configuring a DHCP Server</title>
- <para>The next thing that is needed is to edit the
- sample <filename>dhcpd.conf</filename> which was installed
- by the <filename
- role="package">net/isc-dhcp42-server</filename> port.
- By default, this will be
- <filename>/usr/local/etc/dhcpd.conf.sample</filename>, and
- you should copy this to
- <filename>/usr/local/etc/dhcpd.conf</filename> before
- proceeding to make changes.</para>
- </sect3>
+ <sect3>
+ <title>What This Section Covers</title>
- <sect3>
- <title>Configuring the DHCP Server</title>
+ <para>This section provides information on how to configure a
+ FreeBSD system to act as a DHCP server using the ISC
+ (Internet Systems Consortium) implementation of the DHCP
+ server.</para>
- <indexterm>
- <primary>DHCP</primary>
- <secondary>dhcpd.conf</secondary>
- </indexterm>
- <para><filename>dhcpd.conf</filename> is comprised of
- declarations regarding subnets and hosts, and is perhaps
- most easily explained using an example :</para>
+ <para>The server is not provided as part of &os;, and so the
+ <filename role="package">net/isc-dhcp42-server</filename>
+ port must be installed to provide this service. See
+ <xref linkend="ports"/> for more information on using the
+ Ports Collection.</para>
+ </sect3>
+
+ <sect3>
+ <title>DHCP Server Installation</title>
+
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>installation</secondary>
+ </indexterm>
+
+ <para>In order to configure the &os; system as a DHCP server,
+ first ensure that the &man.bpf.4; device is compiled into
+ the kernel. To do this, add <literal>device bpf</literal>
+ to the kernel configuration file, and rebuild the kernel.
+ For more information about building kernels, see
+ <xref linkend="kernelconfig"/>.</para>
+
+ <para>The <devicename>bpf</devicename> device is already part
+ of the <filename>GENERIC</filename> kernel that is supplied
+ with &os;, so there is no need to create a custom kernel in
+ order to get <acronym>DHCP</acronym> working.</para>
+
+ <note>
+ <para>Those who are particularly security conscious should
+ note that <devicename>bpf</devicename> is also the device
+ that allows packet sniffers to function correctly
+ (although such programs still need privileged access).
+ The <devicename>bpf</devicename> device
+ <emphasis>is</emphasis> required to use DHCP, but if the
+ sensitivity of the system's security is high, this device
+ should not be included in the kernel purely because the
+ use of <acronym>DHCP</acronym> may, at some point in the
+ future, be desired.</para>
+ </note>
- <programlisting>option domain-name "example.com";<co id="domain-name"/>
+ <para>The next thing that is needed is to edit the sample
+ <filename>dhcpd.conf</filename> which was installed by the
+ <filename role="package">net/isc-dhcp42-server</filename>
+ port. By default, this will be
+ <filename>/usr/local/etc/dhcpd.conf.sample</filename>, and
+ you should copy this to
+ <filename>/usr/local/etc/dhcpd.conf</filename> before
+ proceeding to make changes.</para>
+ </sect3>
+
+ <sect3>
+ <title>Configuring the DHCP Server</title>
+
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>dhcpd.conf</secondary>
+ </indexterm>
+ <para><filename>dhcpd.conf</filename> is comprised of
+ declarations regarding subnets and hosts, and is perhaps
+ most easily explained using an example :</para>
+
+ <programlisting>option domain-name "example.com";<co id="domain-name"/>
option domain-name-servers 192.168.4.100;<co id="domain-name-servers"/>
option subnet-mask 255.255.255.0;<co id="subnet-mask"/>
@@ -3248,13 +3235,12 @@ dhcpd_ifaces="dc0"</programlisting>
<screen>&prompt.root; <userinput>service isc-dhcpd start</userinput></screen>
- <para>Any future changes to the configuration
- of the server will require the sending of a
- <literal>SIGTERM</literal> signal to
- <application>dhcpd</application> rather than a
- <literal>SIGHUP</literal>. It is definitely more
- simple to use &man.service.8; to completely restart
- the service.</para>
+ <para>Any future changes to the configuration of the server
+ will require the sending of a <literal>SIGTERM</literal>
+ signal to <application>dhcpd</application> rather than a
+ <literal>SIGHUP</literal>. It is definitely more simple to
+ use &man.service.8; to completely restart the
+ service.</para>
</sect3>
<sect3>
@@ -3267,30 +3253,33 @@ dhcpd_ifaces="dc0"</programlisting>
<itemizedlist>
<listitem>
<para><filename>/usr/local/sbin/dhcpd</filename></para>
+
<para><application>dhcpd</application> is statically
linked and resides in
- <filename>/usr/local/sbin</filename>. The
- &man.dhcpd.8; manual page installed with the port
- gives more information about
+ <filename>/usr/local/sbin</filename>. The &man.dhcpd.8;
+ manual page installed with the port gives more
+ information about
<application>dhcpd</application>.</para>
</listitem>
<listitem>
<para><filename>/usr/local/etc/dhcpd.conf</filename></para>
+
<para><application>dhcpd</application> requires a
configuration file,
- <filename>/usr/local/etc/dhcpd.conf</filename> before
- it will start providing service to clients. This file
+ <filename>/usr/local/etc/dhcpd.conf</filename> before it
+ will start providing service to clients. This file
needs to contain all the information that should be
- provided to clients that are being serviced, along
- with information regarding the operation of the
- server. This configuration file is described
- by the &man.dhcpd.conf.5; manual page installed
- by the port.</para>
+ provided to clients that are being serviced, along with
+ information regarding the operation of the server. This
+ configuration file is described by the
+ &man.dhcpd.conf.5; manual page installed by the
+ port.</para>
</listitem>
<listitem>
<para><filename>/var/db/dhcpd.leases</filename></para>
+
<para>The DHCP server keeps a database of leases it has
issued in this file, which is written as a log. The
manual page &man.dhcpd.leases.5;, installed by the
@@ -3299,14 +3288,15 @@ dhcpd_ifaces="dc0"</programlisting>
<listitem>
<para><filename>/usr/local/sbin/dhcrelay</filename></para>
+
<para><application>dhcrelay</application> is used in
advanced environments where one DHCP server forwards a
request from a client to another DHCP server on a
separate network. If this functionality is required,
- then install the <filename
- role="package">net/isc-dhcp42-relay</filename> port.
- The &man.dhcrelay.8; manual page provided with the
- port contains more detail.</para>
+ then install the
+ <filename role="package">net/isc-dhcp42-relay</filename>
+ port. The &man.dhcrelay.8; manual page provided with
+ the port contains more detail.</para>
</listitem>
</itemizedlist>
</sect3>
@@ -3345,11 +3335,11 @@ dhcpd_ifaces="dc0"</programlisting>
of the <acronym>DNS</acronym> protocol.
<acronym>DNS</acronym> is the protocol through which names are
mapped to <acronym>IP</acronym> addresses, and vice versa.
- For example, a query for <hostid
- role="fqdn">www.FreeBSD.org</hostid> will receive a reply
- with the <acronym>IP</acronym> address of The &os; Project's
- web server, whereas, a query for <hostid
- role="fqdn">ftp.FreeBSD.org</hostid> will return the
+ For example, a query for
+ <hostid role="fqdn">www.FreeBSD.org</hostid> will receive a
+ reply with the <acronym>IP</acronym> address of The &os;
+ Project's web server, whereas, a query for
+ <hostid role="fqdn">ftp.FreeBSD.org</hostid> will return the
<acronym>IP</acronym> address of the corresponding
<acronym>FTP</acronym> machine. Likewise, the opposite can
happen. A query for an <acronym>IP</acronym> address can
@@ -3479,12 +3469,11 @@ dhcpd_ifaces="dc0"</programlisting>
</itemizedlist>
<para>As one can see, the more specific part of a hostname
- appears to its left. For example, <hostid
- role="domainname">example.org.</hostid> is more specific
- than <hostid>org.</hostid>, as <hostid>org.</hostid> is more
- specific than the root zone. The layout of each part of a
- hostname is
- much like a file system: the
+ appears to its left. For example,
+ <hostid role="domainname">example.org.</hostid> is more
+ specific than <hostid>org.</hostid>, as <hostid>org.</hostid>
+ is more specific than the root zone. The layout of each part
+ of a hostname is much like a file system: the
<filename class="directory">/dev</filename> directory falls
within the root, and so on.</para>
</sect2>
@@ -3493,8 +3482,8 @@ dhcpd_ifaces="dc0"</programlisting>
<title>Reasons to Run a Name Server</title>
<para>Name servers generally come in two forms: authoritative
- name servers, and caching (also known as resolving)
- name servers.</para>
+ name servers, and caching (also known as resolving) name
+ servers.</para>
<para>An authoritative name server is needed when:</para>
@@ -3505,10 +3494,10 @@ dhcpd_ifaces="dc0"</programlisting>
</listitem>
<listitem>
- <para>A domain, such as <hostid
- role="domainname">example.org</hostid>, is registered
- and <acronym>IP</acronym> addresses need to be assigned
- to hostnames under it.</para>
+ <para>A domain, such as
+ <hostid role="domainname">example.org</hostid>, is
+ registered and <acronym>IP</acronym> addresses need to be
+ assigned to hostnames under it.</para>
</listitem>
<listitem>
@@ -4109,7 +4098,7 @@ www IN CNAME example.
<variablelist>
<varlistentry>
<term><hostid
- role="domainname">example.org.</hostid></term>
+ role="domainname">example.org.</hostid></term>
<listitem>
<para>the domain name, also the origin for this
@@ -4141,16 +4130,16 @@ www IN CNAME example.
<term><literal>2006051501</literal></term>
<listitem>
- <para>the serial number of the file. This
- must be incremented each time the zone file is
- modified. Nowadays, many admins prefer a
+ <para>the serial number of the file. This must be
+ incremented each time the zone file is modified.
+ Nowadays, many admins prefer a
<literal>yyyymmddrr</literal> format for the serial
- number. <literal>2006051501</literal> would mean
- last modified 05/15/2006, the latter
- <literal>01</literal> being the first time the zone
- file has been modified this day. The serial number
- is important as it alerts slave name servers for a
- zone when it is updated.</para>
+ number. <literal>2006051501</literal> would mean last
+ modified 05/15/2006, the latter <literal>01</literal>
+ being the first time the zone file has been modified
+ this day. The serial number is important as it alerts
+ slave name servers for a zone when it is
+ updated.</para>
</listitem>
</varlistentry>
</variablelist>
@@ -4263,12 +4252,12 @@ mail IN A 192.168.
</indexterm>
<para>Domain Name System Security Extensions, or <acronym
- role="Domain Name Security Extensions">DNSSEC</acronym>
- for short, is a suite of specifications to protect resolving
- name servers from forged <acronym>DNS</acronym> data, such
- as spoofed <acronym>DNS</acronym> records. By using digital
- signatures, a resolver can verify the integrity of the
- record. Note that <acronym role="Domain Name Security
+ role="Domain Name Security Extensions">DNSSEC</acronym> for
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list