diff --git a/en_US.ISO8859-1/articles/diskless-x/article.sgml b/en_US.ISO8859-1/articles/diskless-x/article.sgml
index 7a58b55a55..55e28076c9 100644
--- a/en_US.ISO8859-1/articles/diskless-x/article.sgml
+++ b/en_US.ISO8859-1/articles/diskless-x/article.sgml
@@ -1,362 +1,362 @@
%man;
%trademarks;
]>
Diskless X Server: a how to guideJerryKendalljerry@kcis.com28-December-19961996Jerry Kendall
&tm-attrib.freebsd;
&tm-attrib.3com;
&tm-attrib.microsoft;
&tm-attrib.sun;
&tm-attrib.general;
With the help of some friends on the FreeBSD-hackers list, I have
been able to create a diskless X terminal. The creation of the X
terminal required first creating a diskless system with minimal
utilities mounted via NFS. These same steps were used to create 2
separate diskless systems. The first is altair.example.com. A diskless X terminal that I
run on my old 386DX-40. It has a 340Meg hard disk but, I did not want
to change it. So, it boots from antares.example.com across a Ethernet. The second
system is a 486DX2-66. I setup a diskless FreeBSD (complete) that
uses no local disk. The server in that case is a Sun 670MP running
&sunos; 4.1.3. The same setup configuration was needed for both.I am sure that there is stuff that needs to be added
to this. Please send me any comments.Creating the boot floppy (On the diskless system)Since the network boot loaders will not work with some of the TSR's
and such that &ms-dos; uses, it is best to create a dedicated boot floppy
- or, if you can, create an MS-DOS menu that will (via the
+ or, if you can, create an &ms-dos; menu that will (via the
config.sys/autoexec.bat files)
ask what configuration to load when the system starts. The later is the
- method that I use and it works great. My MS-DOS (6.x) menu is
+ method that I use and it works great. My &ms-dos; (6.x) menu is
below.config.sys[menu]
menuitem=normal, normal
menuitem=unix, unix
[normal]
....
normal config.sys stuff
...
[unix]autoexec.bat@ECHO OFF
goto %config%
:normal
...
normal autoexec.bat stuff
...
goto end
:unix
cd \netboot
nb8390.com
:endGetting the network boot programs (On the server)Compile the net-boot programs that are located in
/usr/src/sys/i386/boot/netboot. You should read
the comments at the top of the Makefile. Adjust as
required. Make a backup of the original in case it gets foobar'd. When
- the build is done, there should be 2 MS-DOS executables,
+ the build is done, there should be 2 &ms-dos; executables,
nb8390.com and nb3c509.com.
One of these two programs will be what you need to run on the diskless
server. It will load the kernel from the boot server. At this point,
- put both programs on the MS-DOS boot floppy created earlier.
+ put both programs on the &ms-dos; boot floppy created earlier.
Determine which program to run (On the diskless system)If you know the chipset that your Ethernet adapter uses, this is
easy. If you have the NS8390 chipset, or a NS8390 based chipset, use
- nb8390.com. If you have a &t3com; 509 based chipset,
+ nb8390.com. If you have a &tm.3com; 509 based chipset,
use the nb3C509.com boot program. If you are not
sure which you have, try using one, if it says No adapter
found, try the other. Beyond that, you are pretty much on
your own.Booting across the networkBoot the diskless system with out any config.sys/autoexec.bat
files. Try running the boot program for your Ethernet adapter.My Ethernet adapter is running in WD8013 16bit mode so I run
nb8390.comC:>cd \netbootC:>nb8390Boot from Network (Y/N) ?Y
BOOTP/TFTP/NFS bootstrap loader ESC for menu
Searching for adapter..
WD8013EBT base 0x0300, memory 0x000D8000, addr 00:40:01:43:26:66
Searching for server...At this point, my diskless system is trying to find a machine to act
as a boot server. Make note of the addr line above,
you will need this number later. Reset the diskless system and modify
your config.sys and
autoexec.bat files to do these steps automatically
for you. Perhaps in a menu. If you had to run
nb3c509.com instead of nb8390.com
the output is the same as above. If you got No adapter
found at the Searching for adapter...
message, verify that you did indeed set the compile time defines in the
Makefile correctly.Allowing systems to boot across the network (On the server)Make sure the /etc/inetd.conf file has entries
for tftp and bootps. Mine are listed below:tftp dgram udp wait nobody /usr/libexec/tftpd tftpd /tftpboot
#
# Additions by who ever you are
bootps dgram udp wait root /usr/libexec/bootpd bootpd /etc/bootptabIf you have to change the /etc/inetd.conf file,
send a HUP signal to inetd. To do this, get the
process ID of inetd with ps -ax | grep inetd | grep -v
grep. Once you have it, send it a HUP signal. Do this by
kill -HUP <pid>. This will force inetd to
re-read its config file.Did you remember to note the addr line from the
output of the boot loader on the diskless system? Guess what, here is
where you need it.Add an entry to /etc/bootptab (maybe creating the
file). It should be laid out identical to this:altair:\
:ht=ether:\
:ha=004001432666:\
:sm=255.255.255.0:\
:hn:\
:ds=199.246.76.1:\
:ip=199.246.76.2:\
:gw=199.246.76.1:\
:vm=rfc1048:The lines are as follows:altairthe diskless systems name without the domain name.ht=etherthe hardware type of ethernet.ha=004001432666the hardware address (the number noted above).sm=255.255.255.0the subnet mask.hntells server to send client's hostname to the
client.ds=199.246.76.1tells the client who the domain server is.ip=199.246.76.2tells the client what its IP address is.gw=199.246.76.1tells the client what the default gateway is.vm=...just leave it there.Be sure to setup the IP addresses correctly, the addresses above
are my own.Create the directory /tftpboot on the server it will contain the
configuration files for the diskless systems that the server will serve.
These files will be named cfg.ip where ip is the IP
address of the diskless system. The config file for altair is
/tftpboot/cfg.199.246.76.2. The contents is:rootfs 199.246.76.1:/DiskLess/rootfs/altair
hostname altair.example.comThe line hostname altair.example.com simply tells
the diskless system what its fully qualified domain name is.The line rootfs
199.246.76.1:/DiskLess/rootfs/altair tells the diskless
system where its NFS mountable root filesystem is located.The NFS mounted root filesystem will be mounted read
only.The hierarchy for the diskless system can be re-mounted allowing
read-write operations if required.I use my spare 386DX-40 as a dedicated X terminal.The hierarchy for altair is:/
/bin
/etc
/tmp
/sbin
/dev
/dev/fd
/usr
/var
/var/runThe actual list of files is:-r-xr-xr-x 1 root wheel 779984 Dec 11 23:44 ./kernel
-r-xr-xr-x 1 root bin 299008 Dec 12 00:22 ./bin/sh
-rw-r--r-- 1 root wheel 499 Dec 15 15:54 ./etc/rc
-rw-r--r-- 1 root wheel 1411 Dec 11 23:19 ./etc/ttys
-rw-r--r-- 1 root wheel 157 Dec 15 15:42 ./etc/hosts
-rw-r--r-- 1 root bin 1569 Dec 15 15:26 ./etc/XF86Config.altair
-r-x------ 1 bin bin 151552 Jun 10 1995 ./sbin/init
-r-xr-xr-x 1 bin bin 176128 Jun 10 1995 ./sbin/ifconfig
-r-xr-xr-x 1 bin bin 110592 Jun 10 1995 ./sbin/mount_nfs
-r-xr-xr-x 1 bin bin 135168 Jun 10 1995 ./sbin/reboot
-r-xr-xr-x 1 root bin 73728 Dec 13 22:38 ./sbin/mount
-r-xr-xr-x 1 root wheel 1992 Jun 10 1995 ./dev/MAKEDEV.local
-r-xr-xr-x 1 root wheel 24419 Jun 10 1995 ./dev/MAKEDEVIf you are not using &man.devfs.5; (which is the default
in FreeBSD 5.X), you should make sure that you
do not forget to run MAKEDEV all in the
dev directory.My /etc/rc for altair
is:#!/bin/sh
#
PATH=/bin:/
export PATH
#
# configure the localhost
/sbin/ifconfig lo0 127.0.0.1
#
# configure the ethernet card
/sbin/ifconfig ed0 199.246.76.2 netmask 0xffffff00
#
# mount the root filesystem via NFS
/sbin/mount antares:/DiskLess/rootfs/altair /
#
# mount the /usr filesystem via NFS
/sbin/mount antares:/DiskLess/usr /usr
#
/usr/X11R6/bin/XF86_SVGA -query antares -xf86config /etc/XF86Config.altair > /dev/null 2>&1
#
# Reboot after X exits
/sbin/reboot
#
# We blew up....
exit 1Any comments and all questions welcome.
diff --git a/en_US.ISO8859-1/articles/filtering-bridges/article.sgml b/en_US.ISO8859-1/articles/filtering-bridges/article.sgml
index ff47bee3d0..2db76c3cc9 100644
--- a/en_US.ISO8859-1/articles/filtering-bridges/article.sgml
+++ b/en_US.ISO8859-1/articles/filtering-bridges/article.sgml
@@ -1,394 +1,394 @@
%man;
%trademarks;
]>
Filtering BridgesAlexDupresysadmin@alexdupre.com$FreeBSD$
&tm-attrib.freebsd;
&tm-attrib.3com;
&tm-attrib.intel;
&tm-attrib.general;
Often it is useful to divide one physical network (like an
Ethernet) into two separate segments without having to create subnets,
and use a router to link them together. The device that connects the
two networks in this way is called a bridge. A FreeBSD system with
two network interfaces is enough in order to act as a bridge.A bridge works by scanning the addresses of MAC
level (Ethernet addresses) of the devices connected to each of its
network interfaces and then forwarding the traffic between the two
networks only if the source and the destination are on different
segments. Under many points of view a bridge is similar to an Ethernet
switch with only two ports.Why use a filtering bridge?More and more frequently, thanks to the lowering costs of broad band
Internet connections (xDSL) and also because of the reduction of
available IPv4 addresses, many companies are connected to the Internet
24 hours on 24 and with few (sometimes not even a power of 2) IP
addresses. In these situations it is often desirable to have a firewall
that filters incoming and outgoing traffic from and towards Internet,
but a packet filtering solution based on router may not be applicable,
either due to subnetting issues, the router is owned by the connectivity
supplier (ISP), or because it does not support such
functionalities. In these scenarios the use of a filtering bridge is
highly advised.A bridge-based firewall can be configured and inserted between the
xDSL router and your Ethernet hub/switch without any IP numbering
issues.How to InstallAdding bridge functionalities to a FreeBSD system is not difficult.
Since 4.5 release it is possible to load such functionalities as modules
instead of having to rebuild the kernel, simplifying the procedure a
great deal. In the following subsections I will explain both
installation ways.Do not follow both instructions: a procedure
excludes the other one. Select the best choice
according to your needs and abilities.Before going on, be sure to have at least two Ethernet cards that
support the promiscuous mode for both reception and transmission, since
they must be able to send Ethernet packets with any address, not just
their own. Moreover, to have a good throughput, the cards should be PCI
bus mastering cards. The best choices are still the Intel ðerexpress;
- Pro, followed by the &t3com; 3c9xx series. To simplify the firewall
+ Pro, followed by the &tm.3com; 3c9xx series. To simplify the firewall
configuration it may be useful to have two cards of different
manufacturers (using different drivers) in order to distinguish clearly
which interface is connected to the router and which to the inner
network.Kernel ConfigurationSo you have decided to use the older but well tested installation
method. To begin, you have to add the following rows to your kernel
configuration file:options BRIDGE
options IPFIREWALL
options IPFIREWALL_VERBOSEThe first line is to compile the bridge support, the second one is
the firewall and the third one is the logging functions of the
firewall.Now it is necessary to build and install the new kernel. You may
find detailed instructions in the Building
and Installing a Custom Kernel section of the FreeBSD
Handbook.Modules LoadingIf you have chosen to use the new and simpler installation
method, the only thing to do now is add the following row to
/boot/loader.conf:bridge_load="YES"In this way, during the system startup, the
bridge.ko module will be loaded together with the
kernel. It is not required to add a similar row for the
ipfw.ko module, since it will be loaded
automatically after the execution of the steps in the following
section.Final PreparationBefore rebooting in order to load the new kernel or the required
modules (according to the previously chosen installation method), you
have to make some changes to the /etc/rc.conf
configuration file. The default rule of the firewall is to reject all IP
packets. Initially we will set up an firewall, in order to verify
its operation without any issue related to packet filtering (in case you
are going to execute this procedure remotely, such configuration will
avoid you to remain isolated from the network). Put these lines in
/etc/rc.conf:firewall_enable="YES"
firewall_type="open"
firewall_quiet="YES"
firewall_logging="YES"The first row will enable the firewall (and will load the module
ipfw.ko if it is not compiled in the kernel), the
second one to set up it in mode (as explained in
/etc/rc.firewall), the third one to not show rules
loading and the fourth one to enable logging support.About the configuration of the network interfaces, the most used way
is to assign an IP to only one of the network cards, but the bridge will
work equally even if both interfaces or none has a configured IP. In the
last case (IP-less) the bridge machine will be still more hidden, as
inaccessible from the network: to configure it, you have to login from
console or through a third network interface separated from the bridge.
Sometimes, during the system startup, some programs require network
access, say for domain resolution: in this case it is necessary to
assign an IP to the external interface (the one connected to Internet,
where DNS server resides), since the bridge will be
activated at the end of the startup procedure. It means that the
fxp0 interface (in our case) must be mentioned
in the ifconfig section of the /etc/rc.conf file,
while the xl0 is not. Assigning an IP to both
the network cards does not make much sense, unless, during the start
procedure, applications should access to services on both Ethernet
segments.There is another important thing to know. When running IP over
Ethernet, there are actually two Ethernet protocols in use: one is IP,
the other is ARP. ARP does the
conversion of the IP address of a host into its Ethernet address
(MAC layer). In order to allow the communication
between two hosts separated by the bridge, it is necessary that the
bridge will forward ARP packets. Such protocol is not
included in the IP layer, since it exists only with IP over Ethernet.
The FreeBSD firewall filters exclusively on the IP layer and therefore
all non-IP packets (ARP included) will be forwarded
without being filtered, even if the firewall is configured to not permit
anything.Now it's time to reboot the system and use it as before: there will
be some new messages about the bridge and the firewall, but the bridge
will not be activated and the firewall, being in mode, will not
avoid any operations.If there are any problems, you should sort them out now
before proceeding.Enabling the BridgeAt this point, to enable the bridge, you have to execute the
following commands (having the shrewdness to replace the names of the
two network interfaces fxp0 and
xl0 with your own ones):&prompt.root; sysctl net.link.ether.bridge_cfg=fxp0:0,xl0:0
&prompt.root; sysctl net.link.ether.bridge_ipfw=1
&prompt.root; sysctl net.link.ether.bridge=1The first row specifies which interfaces should be activated by the
bridge, the second one will enable the firewall on the bridge and
finally the third one will enable the bridge.At this point you should be able to insert the machine between two
sets of hosts without compromising any communication abilities between
them. If so, the next step is to add the
net.link.ether.[blah]=[blah]
portions of these rows to the /etc/sysctl.conf
file, in order to have them execute at startup.Configuring The FirewallNow it is time to create your own file with custom firewall rules,
in order to secure the inside network. There will be some complication
in doing this because not all of the firewall functionalities are
available on bridged packets. Furthermore, there is a difference between
the packets that are in the process of being forwarded and packets that
are being received by the local machine. In general, incoming packets
are run through the firewall only once, not twice as is normally the
case; in fact they are filtered only upon receipt, so rules that use
or will never match. Personally, I use which is an
older syntax, but one that has a sense when you read it. Another
limitation is that you are restricted to use only or
commands for packets filtered by a bridge. Sophisticated things like
, or are not available. Such options can
still be used, but only on traffic to or from the bridge machine itself
(if it has an IP address).New in FreeBSD 4.0, is the concept of stateful filtering. This is a
big improvement for UDP traffic, which typically is a
request going out, followed shortly thereafter by a response with the
exact same set of IP addresses and port numbers (but with source and
destination reversed, of course). For firewalls that have no
statekeeping, there is almost no way to deal with this sort of traffic
as a single session. But with a firewall that can remember an outgoing
UDP packet and, for the next few minutes, allow a
response, handling UDP services is trivial. The
following example shows how to do it. It's possible to do the same thing
with TCP packets. This allows you to avoid some
denial of service attacks and other nasty tricks, but it also typically
makes your state table grow quickly in size.Let's look at an example setup. Note first that at the top of
/etc/rc.firewall there are already standard rules
for the loopback interface lo0, so we should not
have to care for them anymore. Custom rules should be put in a separate
file (say /etc/rc.firewall.local) and loaded at
system startup, by modifying the row of
/etc/rc.conf where we defined the
firewall:firewall_type="/etc/rc.firewall.local"You have to specify the full path, otherwise
it will not be loaded with the risk to remain isolated from the
network.For our example imagine to have the fxp0
interface connected towards the outside (Internet) and the
xl0 towards the inside
(LAN). The bridge machine has the IP 1.2.3.4 (it is not possible that your
ISP can give you a class A address like this, but for
our example it is good).# Things that we have kept state on before get to go through in a hurry
add check-state
# Throw away RFC 1918 networks
add drop all from 10.0.0.0/8 to any in via fxp0
add drop all from 172.16.0.0/12 to any in via fxp0
add drop all from 192.168.0.0/16 to any in via fxp0
# Allow the bridge machine to say anything it wants
# (if the machine is IP-less do not include these rows)
add pass tcp from 1.2.3.4 to any setup keep-state
add pass udp from 1.2.3.4 to any keep-state
add pass ip from 1.2.3.4 to any
# Allow the inside hosts to say anything they want
add pass tcp from any to any in via xl0 setup keep-state
add pass udp from any to any in via xl0 keep-state
add pass ip from any to any in via xl0
# TCP section
# Allow SSH
add pass tcp from any to any 22 in via fxp0 setup keep-state
# Allow SMTP only towards the mail server
add pass tcp from any to relay 25 in via fxp0 setup keep-state
# Allow zone transfers only by the slave name server [dns2.nic.it]
add pass tcp from 193.205.245.8 to ns 53 in via fxp0 setup keep-state
# Pass ident probes. It's better than waiting for them to timeout
add pass tcp from any to any 113 in via fxp0 setup keep-state
# Pass the "quarantine" range
add pass tcp from any to any 49152-65535 in via fxp0 setup keep-state
# UDP section
# Allow DNS only towards the name server
add pass udp from any to ns 53 in via fxp0 keep-state
# Pass the "quarantine" range
add pass udp from any to any 49152-65535 in via fxp0 keep-state
# ICMP section
# Pass 'ping'
add pass icmp from any to any icmptypes 8 keep-state
# Pass error messages generated by 'traceroute'
add pass icmp from any to any icmptypes 3
add pass icmp from any to any icmptypes 11
# Everything else is suspect
add drop log all from any to anyThose of you who have set up firewalls before may notice some things
missing. In particular, there are no anti-spoofing rules, in fact we did
not add:add deny all from 1.2.3.4/8 to any in via fxp0That is, drop packets that are coming in from the outside claiming
to be from our network. This is something that you would commonly do to
be sure that someone does not try to evade the packet filter, by
generating nefarious packets that look like they are from the inside.
The problem with that is that there is at least one
host on the outside interface that you do not want to ignore: the
router. But usually, the ISP anti-spoofs at their
router, so we do not need to bother that much.The last rule seems to be an exact duplicate of the default rule,
that is, do not let anything pass that is not specifically allowed. But
there is a difference: all suspected traffic will be logged.There are two rules for passing SMTP and
DNS traffic towards the mail server and the name
server, if you have them. Obviously the whole rule set should be
flavored to personal taste, this is only a specific example (rule format
is described accurately in the &man.ipfw.8; man page). Note that in
order for relay and ns to work, name service lookups must work
before the bridge is enabled. This is an example of
making sure that you set the IP on the correct network card.
Alternatively it is possible to specify the IP address instead of the
host name (required if the machine is IP-less).People that are used to setting up firewalls are probably also used
to either having a or a rule for ident packets
(TCP port 113). Unfortunately, this is not an
applicable option with the bridge, so the best thing is to simply pass
them to their destination. As long as that destination machine is not
running an ident daemon, this is relatively harmless. The alternative is
dropping connections on port 113, which creates some problems with
services like IRC (the ident probe must
timeout).The only other thing that is a little weird that you may have
noticed is that there is a rule to let the bridge machine speak, and
another for internal hosts. Remember that this is because the two sets
of traffic will take different paths through the kernel and into the
packet filter. The inside net will go through the bridge, while the
local machine will use the normal IP stack to speak. Thus the two rules
to handle the different cases. The in via
fxp0 rules work for both paths. In general, if
you use rules throughout the filter, you will need to make an
exception for locally generated packets, because they did not come in
via any of our interfaces.ContributorsMany parts of this article have been taken, updated and adapted from
an old text about bridging, edited by Nick Sayer. A pair of inspirations
are due to an introduction on bridging by Steve Peterson.A big thanks to Luigi Rizzo for the implementation of the bridge
code in FreeBSD and for the time he has dedicated to me answering all of
my related questions.A thanks goes out also to Tom Rhodes who looked over my job of
translation from Italian (the original language of this article) into
English.
diff --git a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
index 5ca4ec09c7..21c93e5473 100644
--- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
@@ -1,6777 +1,6777 @@
Advanced NetworkingSynopsisThis chapter will cover some of the more frequently used network
- services on Unix systems. We will cover how to define, setup, test and
+ services on &unix; systems. We will cover how to define, setup, test and
maintain all of the network services that FreeBSD utilizes. In addition,
there have been example configuration files included throughout this
chapter for you to benefit from.After reading this chapter, you will know:The basics of gateways and routes.How to make FreeBSD act as a bridge.How to setup a network filesystem.How to setup network booting on a diskless machine.How to setup a network information server for sharing user
accounts.How to setup automatic network settings using DHCP.How to setup a domain name server.How to synchronize the time and date, and setup a
time server, with the NTP protocol.How to setup network address translation.How to manage the inetd daemon.How to connect two computers via PLIP.How to setup IPv6 on a FreeBSD machine.Before reading this chapter, you should:Understand the basics of the /etc/rc scripts.Be familiar with basic network terminology.CoranthGryphonContributed by Gateways and RoutesroutinggatewaysubnetFor one machine to be able to find another over a network,
there must be a mechanism in place to describe how to get from
one to the other. This is called
routing. A route is a
defined pair of addresses: a destination and a
gateway. The pair indicates that if you are
trying to get to this destination,
communicate through this gateway. There
are three types of destinations: individual hosts, subnets, and
default. The default route is
used if none of the other routes apply. We will talk a little
bit more about default routes later on. There are also three
types of gateways: individual hosts, interfaces (also called
links), and Ethernet hardware addresses (MAC
addresses).
An ExampleTo illustrate different aspects of routing, we will use the
following example from netstat:&prompt.user; netstat -r
Routing tables
Destination Gateway Flags Refs Use Netif Expire
default outside-gw UGSc 37 418 ppp0
localhost localhost UH 0 181 lo0
test0 0:e0:b5:36:cf:4f UHLW 5 63288 ed0 77
10.20.30.255 link#1 UHLW 1 2421
example.com link#1 UC 0 0
host1 0:e0:a8:37:8:1e UHLW 3 4601 lo0
host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
host2.example.com link#1 UC 0 0
224 link#1 UC 0 0default routeThe first two lines specify the default route (which we
will cover in the next
section) and the localhost route.loopback deviceThe interface (Netif column) that this
routing table specifies to use for
localhost is lo0,
also known as the loopback device. This says to keep all
traffic for this destination internal, rather than sending it
out over the LAN, since it will only end up back where it
started.EthernetMAC addressThe next thing that stands out are the addresses beginning
with 0:e0:. These are Ethernet
hardware addresses, which are also known as MAC addresses.
FreeBSD will automatically identify any hosts
(test0 in the example) on the local Ethernet
and add a route for that host, directly to it over the
Ethernet interface, ed0. There is
also a timeout (Expire column) associated
with this type of route, which is used if we fail to hear from
the host in a specific amount of time. When this happens, the
route to this host will be automatically deleted. These hosts
are identified using a mechanism known as RIP (Routing
Information Protocol), which figures out routes to local hosts
based upon a shortest path determination.subnetFreeBSD will also add subnet routes for the local subnet (10.20.30.255 is the broadcast address for the
subnet 10.20.30, and example.com is the domain name associated
with that subnet). The designation link#1 refers
to the first Ethernet card in the machine. You will notice no
additional interface is specified for those.Both of these groups (local network hosts and local subnets) have
their routes automatically configured by a daemon called
routed. If this is not run, then only
routes which are statically defined (i.e. entered explicitly) will
exist.The host1 line refers to our host, which it
knows by Ethernet address. Since we are the sending host, FreeBSD
knows to use the loopback interface (lo0)
rather than sending it out over the Ethernet interface.The two host2 lines are an example of
what happens when we use an &man.ifconfig.8; alias (see the
section on Ethernet for reasons why we would do this). The
=> symbol after the
lo0 interface says that not only are
we using the loopback (since this address also refers to the
local host), but specifically it is an alias. Such routes
only show up on the host that supports the alias; all other
hosts on the local network will simply have a
link#1 line for such routes.The final line (destination subnet 224) deals
with multicasting, which will be covered in another section.Finally, various attributes of each route can be seen in
the Flags column. Below is a short table
of some of these flags and their meanings:UUp: The route is active.HHost: The route destination is a single host.GGateway: Send anything for this destination on to this
remote system, which will figure out from there where to send
it.SStatic: This route was configured manually, not
automatically generated by the system.CClone: Generates a new route based upon this route for
machines we connect to. This type of route is normally used
for local networks.WWasCloned: Indicated a route that was auto-configured
based upon a local area network (Clone) route.LLink: Route involves references to Ethernet
hardware.Default Routesdefault routeWhen the local system needs to make a connection to a remote host,
it checks the routing table to determine if a known path exists. If
the remote host falls into a subnet that we know how to reach (Cloned
routes), then the system checks to see if it can connect along that
interface.If all known paths fail, the system has one last option: the
default route. This route is a special type of gateway
route (usually the only one present in the system), and is always
marked with a c in the flags field. For hosts on a
local area network, this gateway is set to whatever machine has a
direct connection to the outside world (whether via PPP link,
DSL, cable modem, T1, or another network interface).If you are configuring the default route for a machine which
itself is functioning as the gateway to the outside world, then the
default route will be the gateway machine at your Internet Service
Provider's (ISP) site.Let us look at an example of default routes. This is a common
configuration:
[Local2] <--ether--> [Local1] <--PPP--> [ISP-Serv] <--ether--> [T1-GW]
The hosts Local1 and
Local2 are at your site.
Local1 is connected to an ISP via a dial up
PPP connection. This PPP server computer is connected through
a local area network to another gateway computer through an
external interface to the ISPs Internet feed.The default routes for each of your machines will be:HostDefault GatewayInterfaceLocal2Local1EthernetLocal1T1-GWPPPA common question is Why (or how) would we set
the T1-GW to be the default gateway for
Local1, rather than the ISP server it is
connected to?.Remember, since the PPP interface is using an address on the ISP's
local network for your side of the connection, routes for any other
machines on the ISP's local network will be automatically generated.
Hence, you will already know how to reach the T1-GW
machine, so there is no need for the intermediate step
of sending traffic to the ISP server.As a final note, it is common to use the address X.X.X.1 as the gateway address for your local
network. So (using the same example), if your local class-C address
space was 10.20.30 and your ISP was
using 10.9.9 then the default routes
would be:HostDefault RouteLocal2 (10.20.30.2)Local1 (10.20.30.1)Local1 (10.20.30.1, 10.9.9.30)T1-GW (10.9.9.1)Dual Homed Hostsdual homed hostsThere is one other type of configuration that we should cover, and
that is a host that sits on two different networks. Technically, any
machine functioning as a gateway (in the example above, using a PPP
connection) counts as a dual-homed host. But the term is really only
used to refer to a machine that sits on two local-area
networks.In one case, the machine has two Ethernet cards, each
having an address on the separate subnets. Alternately, the
machine may only have one Ethernet card, and be using
&man.ifconfig.8; aliasing. The former is used if two
physically separate Ethernet networks are in use, the latter
if there is one physical network segment, but two logically
separate subnets.Either way, routing tables are set up so that each subnet knows
that this machine is the defined gateway (inbound route) to the other
subnet. This configuration, with the machine acting as a router
between the two subnets, is often used when we need to implement
packet filtering or firewall security in either or both
directions.If you want this machine to actually forward packets
between the two interfaces, you need to tell FreeBSD to enable
this ability.Building a RouterrouterA network router is simply a system that forwards packets
from one interface to another. Internet standards and good
engineering practice prevent the FreeBSD Project from enabling
this by default in FreeBSD. You can enable this feature by
changing the following variable to YES in
&man.rc.conf.5;:gateway_enable=YES # Set to YES if this host will be a gatewayThis option will set the &man.sysctl.8; variable
net.inet.ip.forwarding to
1. If you should need to stop routing
temporarily, you can reset this to 0 temporarily.Your new router will need routes to know where to send the
traffic. If your network is simple enough you can use static
routes. FreeBSD also comes with the standard BSD routing
daemon &man.routed.8;, which speaks RIP (both version 1 and
version 2) and IRDP. Support for BGP v4, OSPF v2, and other
sophisticated routing protocols is available with the
net/zebra package.
Commercial products such as gated are also available for more
complex network routing solutions.BGPRIPOSPFEven when FreeBSD is configured in this way, it does not
completely comply with the Internet standard requirements for
routers. It comes close enough for ordinary use,
however.Routing Propagationrouting propagationWe have already talked about how we define our routes to the
outside world, but not about how the outside world finds us.We already know that routing tables can be set up so that all
traffic for a particular address space (in our examples, a class-C
subnet) can be sent to a particular host on that network, which will
forward the packets inbound.When you get an address space assigned to your site, your service
provider will set up their routing tables so that all traffic for your
subnet will be sent down your PPP link to your site. But how do sites
across the country know to send to your ISP?There is a system (much like the distributed DNS information) that
keeps track of all assigned address-spaces, and defines their point of
connection to the Internet Backbone. The Backbone are
the main trunk lines that carry Internet traffic across the country,
and around the world. Each backbone machine has a copy of a master
set of tables, which direct traffic for a particular network to a
specific backbone carrier, and from there down the chain of service
providers until it reaches your network.It is the task of your service provider to advertise to the
backbone sites that they are the point of connection (and thus the
path inward) for your site. This is known as route
propagation.TroubleshootingtracerouteSometimes, there is a problem with routing propagation, and some
sites are unable to connect to you. Perhaps the most useful command
for trying to figure out where routing is breaking down is the
&man.traceroute.8; command. It is equally useful if you cannot seem
to make a connection to a remote machine (i.e. &man.ping.8;
fails).The &man.traceroute.8; command is run with the name of the remote
host you are trying to connect to. It will show the gateway hosts
along the path of the attempt, eventually either reaching the target
host, or terminating because of a lack of connection.For more information, see the manual page for
&man.traceroute.8;.Multicast Routingmulticastoptions MROUTINGFreeBSD supports both multicast applications and multicast
routing natively. Multicast applications do not require any
special configuration of FreeBSD; applications will generally
run out of the box. Multicast routing
requires that support be compiled into the kernel:options MROUTINGIn addition, the multicast routing daemon, &man.mrouted.8;
must be configured to set up tunnels and DVMRP via
/etc/mrouted.conf. More details on
multicast configuration may be found in the man pages for
mrouted.EricAndersonWritten by Wireless Networkingwireless networking802.11wireless networkingIntroductionIt can be very useful to be able to use a computer without the
annoyance of having a network cable attached at all times. FreeBSD can
be used as a wireless client, and even as a wireless access
point.Wireless Modes of OperationThere are two different ways to configure 802.11 wireless devices:
BSS and IBSS.BSS ModeBSS mode is the mode that typically is used. BSS mode is
also called infrastructure mode. In this mode, a number of
wireless access points are connected to a wired network. Each
wireless network has its own name. This name is called the
SSID of the network.Wireless clients connect to these wireless access
points. The IEEE 802.11 standard defines the protocol that
wireless networks use to connect. A wireless client can be
tied to a specific network, when a SSID is set. A wireless
client can also attach to any network by not explicitly
setting a SSID.IBSS ModeIBSS mode, also called ad-hoc mode, is designed for point
to point connections. There are actually two types of ad-hoc
mode. One is IBSS mode, also called ad-hoc or IEEE ad-hoc
mode. This mode is defined by the IEEE 802.11 standards.
The second is called demo ad-hoc mode or Lucent ad-hoc mode
(and sometimes, confusingly, ad-hoc mode). This is the old,
pre-802.11 ad-hoc mode and should only be used for legacy
installations. We will not cover either of the ad-hoc modes
further.Infrastructure ModeAccess PointsAccess points are wireless networking devices that allow
one or more wireless clients to use the device as a central
hub. When using an access point, all clients communicate
through the access point. Multiple access points are often
used to cover a complete area such as a house, business, or
park with a wireless network.Access points typically have multiple network
connections: the wireless card, and one or more wired Ethernet
adapters for connection to the rest of the network.
Access points can either be purchased prebuilt, or you
can build your own with FreeBSD and a supported wireless card.
Several vendors make wireless access points and wireless cards
with various features.Building a FreeBSD Access Pointwireless networkingaccess pointRequirementsIn order to set up a wireless access point with
FreeBSD, you need to have a compatible wireless card.
Currently, only cards with the Prism chipset are
supported. You will also need a wired network card that is
supported by FreeBSD (this should not be difficult to find,
FreeBSD supports a lot of different devices). For this
guide, we will assume you want to &man.bridge.4; all traffic
between the wireless device and the network attached to the
wired network card.The hostap functionality that FreeBSD uses to implement
the access point works best with certain versions of
firmware. Prism 2 cards should use firmware version 1.3.4
or newer. Prism 2.5 and Prism 3 cards should use firmware
1.4.9. Older versions of the firmware way or may not
function correctly. At this time, the only way to update
- cards is with windows firmware update utilities available
+ cards is with &windows; firmware update utilities available
from your card's manufacturer.Setting It UpFirst, make sure your system can see the wireless card:&prompt.root; ifconfig -a
wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
ether 00:09:2d:2d:c9:50
media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps)
status: no carrier
ssid ""
stationname "FreeBSD Wireless node"
channel 10 authmode OPEN powersavemode OFF powersavesleep 100
wepmode OFF weptxkey 1Do not worry about the details now, just make sure it shows you
something to indicate you have a wireless card installed.
If you have trouble seeing the wireless interface, and you
are using a PC Card, you may want to check out
&man.pccardc.8; and &man.pccardd.8; manual pages for more
information.Next, you will need to load a module in order to get
the bridging part of FreeBSD ready for the access point. In
order to load the &man.bridge.4; module, simply run the
following command:&prompt.root; kldload bridgeIt should not have produced any errors when loading the
module. If it did, you may need to compile the
&man.bridge.4; code into your kernel. The Bridging section of the handbook
should be able to help you accomplish that task.Now that you have the bridging stuff done, we need to
tell the FreeBSD kernel which interfaces to bridge together.
We do that by using &man.sysctl.8;:&prompt.root; sysctl net.link.ether.bridge=1
&prompt.root; sysctl net.link.ether.bridge_cfg="wi0 xl0"
&prompt.root; sysctl net.inet.ip.forwarding=1Now it is time for the wireless card setup.The following command will set the card into an access point:
&prompt.root; ifconfig wi0 ssid my_net channel 11 media DS/11Mbps mediaopt hostap up stationname "FreeBSD AP"The &man.ifconfig.8; line brings the
wi0 interface up, sets its SSID to
my_net, and sets the station name to
FreeBSD AP. The sets the card into 11Mbps mode and is
needed for any to take effect.
The option places the
interface into access point mode. The option sets the 802.11b channel to use. The
&man.wicontrol.8; man page has valid channel options for
your regulatory domain.
Now you should have a complete functioning access point
up and running. You are encouraged to read
&man.wicontrol.8;, &man.ifconfig.8;, and &man.wi.4; for
further information.
It is also suggested that you read the section on encryption that follows.Status InformationOnce the access point is configured and operational,
operators will want to see the clients that are associated
with the access point. At any time, the operator may type:&prompt.root; wicontrol -l
1 station:
00:09:b7:7b:9d:16 asid=04c0, flags=3<ASSOC,AUTH>, caps=1<ESS>, rates=f<1M,2M,5.5M,11M>, sig=38/15
This shows that there's one station associated, along
with its parameters. The signal indicated should be used
as a relative indication of strength only. Its
translation to dBm or other units varies between different
firmware revisions.ClientsA wireless client is a system that accesses an access
point or another client directly. Typically, wireless clients only have one network device,
the wireless networking card.There are a few different ways to configure a wireless
client. These are based on the different wireless modes,
generally BSS (infrastructure mode, which requires an access
point), and IBSS (ad-hoc, or peer-to-peer mode). In our
example, we will use the most popular of the two, BSS mode, to
talk to an access point.RequirementsThere is only one real requirement for setting up FreeBSD as a wireless client.
You will need a wireless card that is supported by FreeBSD.Setting Up a Wireless FreeBSD ClientYou will need to know a few things about the wireless
network you are joining before you start. In this example, we
are joining a network that has a name of
my_net, and encryption turned off.Note: In this example, we are not using encryption, which
is a dangerous situation. In the next section, you will learn
how to turn on encryption, and why it is important to do so,
and why some encryption technologies still do not completely
protect you.Make sure your card is recognized by FreeBSD:&prompt.root; ifconfig -a
wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
ether 00:09:2d:2d:c9:50
media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps)
status: no carrier
ssid ""
stationname "FreeBSD Wireless node"
channel 10 authmode OPEN powersavemode OFF powersavesleep 100
wepmode OFF weptxkey 1Now, we will set the card to the correct settings for our
network:&prompt.root; ifconfig wi0 inet 192.168.0.20 netmask 255.255.255.0 ssid my_netReplace 192.168.0.20 and
255.255.255.0 with a valid IP
address and netmask on your wired network. Remember, our
access point is bridging the data between the wireless
network, and the wired network, so it will appear to the other
devices on your network that you are on the wired network just
as they are.Once you have done that, you should be able to ping hosts
on the wired network just as if you were connected using a
standard wired connection.If you are experiencing problems with your wireless
connection, check to make sure that your are associated
(connected) to the access point:&prompt.root; ifconfig wi0should return some information, and you should see:status: associatedIf it does not show associated, then you may be out of
range of the access point, do not have encryption on, or
possibly have a configuration problem.Encryptionwireless networkingencryptionEncryption on a wireless network is important because you
no longer have the ability to keep the network contained in a
well protected area. Your wireless data will be broadcast
across your entire neighborhood, so anyone who cares to read it
can. This is where encryption comes in. By encrypting the
data that is sent over the airwaves, you make it much more
difficult for any interested party to grab your data right out
of the air. The two most common ways to encrypt the data between your
client and the access point, are WEP, and &man.ipsec.4;.WEPWEPWEP is an abbreviation for Wired Equivalency Protocol.
WEP is an attempt to make wireless networks as safe and secure
as a wired network. Unfortunately, it has been cracked, and is
fairly trivial to break. This also means it is not something
to rely on when it comes to encrypting sensitive data. It is better than nothing, so use the following to turn on
WEP on your new FreeBSD access point:&prompt.root; ifconfig wi0 inet up ssid my_net wepmode on wepkey 0x1234567890 media DS/11Mbps mediaopt hostapAnd you can turn on WEP on a client with this command:&prompt.root; ifconfig wi0 inet 192.168.0.20 netmask 255.255.255.0 ssid my_net wepmode on wepkey 0x1234567890Note that you should replace the 0x1234567890 with a more unique key.IPsec&man.ipsec.4; is a much more robust and powerful tool for
encrypting data across a network. This is definitely the
preferred way to encrypt wireless data over a network. You can
read more about &man.ipsec.4; security and how to implement it
in the IPsec section of the
handbook.ToolsThere are a small number of tools available for use in
debugging and setting up your wireless network, and here we will
attempt to describe some of them and what they do.The bsd-airtools PackageThe bsd-airtools package is a
complete toolset that includes wireless auditing tools for WEP
key cracking, access point detection, etc.The bsd-airtools utilities can be
installed from the net/bsd-airtools port. Information on
installing ports can be found in of the
handbook.The program dstumbler is the packaged
tool that allows for access point discovery and signal to noise
ratio graphing. If you are having a hard time getting your
access point up and running, dstumbler may
help you get started.To test your wireless network security, you may choose to
use dweputils (dwepcrack,
dwepdump and dwepkeygen)
to help you determine if WEP is the right solution to your
wireless security needs.The wicontrol, ancontrol and raycontrol UtilitiesThese are the tools you use to control how your wireless
card behaves on the wireless network. In the examples above, we
have chosen to use &man.wicontrol.8;, since our wireless card is
a wi0 interface. If you had a Cisco
wireless device, it would come up as
an0, and therefore you would use
&man.ancontrol.8;.The ifconfig Commandifconfig&man.ifconfig.8; can be used to do many of the same options
as &man.wicontrol.8;, however it does lack a few options. Check
&man.ifconfig.8; for command line parameters and options.Supported CardsAccess PointsThe only cards that are currently supported for BSS (as an
access point) mode are devices based on the Prism 2, 2.5, or 3
chipsets. For a complete list, look at &man.wi.4;.ClientsAlmost all 802.11b wireless cards are currently supported
under FreeBSD. Most cards based on Prism, Spectrum24, Hermes,
Aironet, and Raylink will work as a wireless network card in
IBSS (ad-hoc, peer-to-peer, and BSS) mode.StevePetersonWritten by BridgingIntroductionIP subnetbridgeIt is sometimes useful to divide one physical network
(such as an Ethernet segment) into two separate network
segments without having to create IP subnets and use a router
to connect the segments together. A device that connects two
networks together in this fashion is called a
bridge. A FreeBSD system with two network
interface cards can act as a bridge.The bridge works by learning the MAC layer addresses
(Ethernet addresses) of the devices on each of its network interfaces.
It forwards traffic between two networks only when its source and
destination are on different networks.In many respects, a bridge is like an Ethernet switch with very
few ports.Situations Where Bridging Is AppropriateThere are two common situations in which a bridge is used
today.High Traffic on a SegmentSituation one is where your physical network segment is
overloaded with traffic, but you do not want for whatever reason to
subnet the network and interconnect the subnets with a
router.Let us consider an example of a newspaper where the Editorial and
Production departments are on the same subnetwork. The Editorial
users all use server A for file service, and the Production users
are on server B. An Ethernet is used to connect all users together,
and high loads on the network are slowing things down.If the Editorial users could be segregated on one
network segment and the Production users on another, the two
network segments could be connected with a bridge. Only the
network traffic destined for interfaces on the
other side of the bridge would be sent to the
other network, reducing congestion on each network
segment.Filtering/Traffic Shaping FirewallfirewallIP MasqueradingThe second common situation is where firewall functionality is
needed without IP Masquerading (NAT).An example is a small company that is connected via DSL
or ISDN to their ISP. They have a 13 globally-accessible IP
addresses from their ISP and have 10 PCs on their network.
In this situation, using a router-based firewall is
difficult because of subnetting issues.routerDSLISDNA bridge-based firewall can be configured and dropped into the
path just downstream of their DSL/ISDN router without any IP
numbering issues.Configuring a BridgeNetwork Interface Card SelectionA bridge requires at least two network cards to function.
Unfortunately, not all network interface cards as of FreeBSD 4.0
support bridging. Read &man.bridge.4; for details on the cards that
are supported.Install and test the two network cards before continuing.Kernel Configuration Changeskernel optionsoptions BRIDGETo enable kernel support for bridging, add the:options BRIDGEstatement to your kernel configuration file, and rebuild your
kernel.Firewall SupportfirewallIf you are planning to use the bridge as a firewall, you
will need to add the IPFIREWALL option as
well. Read for general
information on configuring the bridge as a firewall.If you need to allow non-IP packets (such as ARP) to flow
through the bridge, there is an undocumented firewall option that
must be set. This option is
IPFIREWALL_DEFAULT_TO_ACCEPT. Note that this
changes the default rule for the firewall to accept any packet.
Make sure you know how this changes the meaning of your ruleset
before you set it.Traffic Shaping SupportIf you want to use the bridge as a traffic shaper, you will need
to add the DUMMYNET option to your kernel
configuration. Read &man.dummynet.4; for further
information.Enabling the BridgeAdd the line:net.link.ether.bridge=1to /etc/sysctl.conf to enable the bridge at
runtime, and the line:net.link.ether.bridge_cfg=if1,if2to enable bridging on the specified interfaces (replace
if1 and
if2 with the names of your two
network interfaces). If you want the bridged packets to be
filtered by &man.ipfw.8;, you should add:net.link.ether.bridge_ipfw=1as well.Other InformationIf you want to be able to telnet into the bridge from the network,
it is OK to assign one of the network cards an IP address. The
consensus is that assigning both cards an address is a bad
idea.If you have multiple bridges on your network, there cannot be more
than one path between any two workstations. Technically, this means
that there is no support for spanning tree link management.A bridge can add latency to your ping times, especially for
traffic from one segment to another.TomRhodesReorganized and enhanced by BillSwingleWritten by NFSNFSAmong the many different filesystems that FreeBSD supports is
the Network File System, also known as NFS.
NFS allows a system to share directories and files
with others over a network. By using NFS, users and
programs can access files on remote systems almost as if they were local
files.Some of the most notable benefits that
NFS can provide are:Local workstations use less disk space because
commonly used data can be stored on a single machine and still
remain accessible to others over the network.There is no need for users to have separate home directories
on every network machine. Home directories could be setup on the
NFS server and made available throughout
the network.Storage devices such as floppy disks, CDROM drives, and
ZIP drives can be used by other machines on the network.
This may reduce the number of removable media drives
throughout the network.How NFS WorksNFS consists of at least two main parts:
a server and one or more clients. The client remotely accesses
the data that is stored
on the server machine. In order for this to function properly a few
processes have to be configured and running:In &os; 5.X, the portmap utility
has been replaced with the rpcbind utility. Thus,
in &os; 5.X the user is required to replace every instance of
portmap with rpcbind
in the forthcoming examples.The server has to be running the following daemons:NFSserverportmapmountdnfsdDaemonDescriptionnfsdThe NFS daemon which services requests from
the NFS clients.mountdThe NFS mount daemon which carries out
the requests that &man.nfsd.8; passes on to it.portmap The portmapper daemon
allows NFS clients to discover which port the NFS server
is using.The client can also run a daemon, known as
nfsiod. The
nfsiod daemon services the requests
from the NFS server. This is optional, and
improves performance, but is not required for normal and
correct operation. See the &man.nfsiod.8; manual page for
more information.
Configuring NFSNFSconfigurationNFS configuration is a relatively
straightforward process. The processes that need to be
running can all start at boot time with a few modifications to
your /etc/rc.conf file.On the NFS server, make sure that the
following options are configured in the
/etc/rc.conf file:portmap_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"mountd runs automatically whenever the
NFS server is enabled.On the client, make sure this option is present in
/etc/rc.conf:nfs_client_enable="YES"The /etc/exports file specifies which
filesystems NFS should export (sometimes
referred to as share). Each line in
/etc/exports specifies a filesystem to be
exported and which machines have access to that filesystem.
Along with what machines have access to that filesystem,
access options may also be specified. There are many such
options that can be used in this file but only a few will be
mentioned here. You can easily discover other options by
reading over the &man.exports.5; manual page.Here are a few example /etc/exports
entries:NFSexport examplesThe following examples give an idea of how to export filesystems,
although the settings may be different depending on
your environment and network configuration.
For instance, to export the /cdrom directory to
three example machines that have the same domain name as the server
(hence the lack of a domain name for each) or have entries in your
/etc/hosts file. The
flag makes the exported filesystem read-only. With this flag, the
remote system will not be able to write any changes to the
exported filesystem./cdrom -ro host1 host2 host3The following line exports /home to
three hosts by IP address. This is a useful setup if you have
a private network without a DNS server
configured. Optionally the /etc/hosts
file could be configured for internal hostnames; please review
&man.hosts.5; for more information. The
flag allows the subdirectories to be
mount points. In other words, it will not mount the
subdirectories but permit the client to mount only the
directories that are required or needed./home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4The following line exports /a so that
two clients from different domains may access the filesystem.
The flag allows the
root user on the remote system to write
data on the exported filesystem as root.
If the -maproot=root flag is not specified,
then even if a user has root access on
the remote system, they will not be able to modify files on
the exported filesystem./a -maproot=root host.example.com box.example.orgIn order for a client to access an exported filesystem,
the client must have permission to do so. Make sure the
client is listed in your /etc/exports
file.In /etc/exports, each line represents
the export information for one filesystem to one host. A
remote host can only be specified once per filesystem, and may
only have one default entry. For example, assume that
/usr is a single filesystem. The
following /etc/exports would be
invalid:/usr/src client
/usr/ports clientOne filesystem, /usr, has two lines
specifying exports to the same host, client.
The correct format for this situation is:/usr/src /usr/ports clientThe properties of one filesystem exported to a given host
must all occur on one line. Lines without a client specified
are treated as a single host. This limits how you can export
filesystems, but for most people this is not an issue.The following is an example of a valid export list, where
/usr and /exports
are local filesystems:# Export src and ports to client01 and client02, but only
# client01 has root privileges on it
/usr/src /usr/ports -maproot=root client01
/usr/src /usr/ports client02
# The client machines have root and can mount anywhere
# on /exports. Anyone in the world can mount /exports/obj read-only
/exports -alldirs -maproot=root client01 client02
/exports/obj -roYou must restart
mountd whenever you modify
/etc/exports so the changes can take effect.
This can be accomplished by sending the HUP signal
to the mountd process:&prompt.root; kill -HUP `cat /var/run/mountd.pid`Alternatively, a reboot will make FreeBSD set everything
up properly. A reboot is not necessary though.
Executing the following commands as root
should start everything up.On the NFS server:&prompt.root; portmap
&prompt.root; nfsd -u -t -n 4
&prompt.root; mountd -rOn the NFS client:&prompt.root; nfsiod -n 4Now everything should be ready to actually mount a remote file
system. In these examples the
server's name will be server and the client's
name will be client. If you only want to
temporarily mount a remote filesystem or would rather test the
configuration, just execute a command like this as root on the
client:NFSmounting&prompt.root; mount server:/home /mntThis will mount the /home directory
on the server at /mnt on the client. If
everything is set up correctly you should be able to enter
/mnt on the client and see all the files
that are on the server.If you want to automatically mount a remote filesystem
each time the computer boots, add the filesystem to the
/etc/fstab file. Here is an example:server:/home /mnt nfs rw 0 0The &man.fstab.5; manual page lists all the available options.Practical UsesNFS has many practical uses. Some of the more common
ones are listed below:NFSusesSet several machines to share a CDROM or other media
among them. This is cheaper and often a more convenient
method to install software on multiple machines.On large networks, it might be more convenient to
configure a central NFS server in which
to store all the user home directories. These home
directories can then be exported to the network so that
users would always have the same home directory,
regardless of which workstation they log in to.Several machines could have a common
/usr/ports/distfiles directory. That
way, when you need to install a port on several machines,
you can quickly access the source without downloading it
on each machine.WylieStilwellContributed by ChernLeeRewritten by Automatic Mounts with amdamdautomatic mounter daemon&man.amd.8; (the automatic mounter daemon)
automatically mounts a
remote filesystem whenever a file or directory within that
filesystem is accessed. Filesystems that are inactive for a
period of time will also be automatically unmounted by
amd. Using
amd provides a simple alternative
to permanent mounts, as permanent mounts are usually listed in
/etc/fstab.amd operates by attaching
itself as an NFS server to the /host and
/net directories. When a file is accessed
within one of these directories, amd
looks up the corresponding remote mount and automatically mounts
it. /net is used to mount an exported
filesystem from an IP address, while /host
is used to mount an export from a remote hostname.An access to a file within
/host/foobar/usr would tell
amd to attempt to mount the
/usr export on the host
foobar.Mounting an Export with amdYou can view the available mounts of a remote host with
the showmount command. For example, to
view the mounts of a host named foobar, you
can use:&prompt.user; showmount -e foobar
Exports list on foobar:
/usr 10.10.10.0
/a 10.10.10.0
&prompt.user; cd /host/foobar/usrAs seen in the example, the showmount shows
/usr as an export. When changing directories to
/host/foobar/usr, amd
attempts to resolve the hostname foobar and
automatically mount the desired export.amd can be started by the
startup scripts by placing the following lines in
/etc/rc.conf:amd_enable="YES"Additionally, custom flags can be passed to
amd from the
amd_flags option. By default,
amd_flags is set to:amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"The /etc/amd.map file defines the
default options that exports are mounted with. The
/etc/amd.conf file defines some of the more
advanced features of amd.Consult the &man.amd.8; and &man.amd.conf.5; manual pages for more
information.JohnLindContributed by Problems Integrating with Other SystemsCertain Ethernet adapters for ISA PC systems have limitations
which can lead to serious network problems, particularly with NFS.
This difficulty is not specific to FreeBSD, but FreeBSD systems
are affected by it.The problem nearly always occurs when (FreeBSD) PC systems are
networked with high-performance workstations, such as those made
by Silicon Graphics, Inc., and Sun Microsystems, Inc. The NFS
mount will work fine, and some operations may succeed, but
suddenly the server will seem to become unresponsive to the
client, even though requests to and from other systems continue to
be processed. This happens to the client system, whether the
client is the FreeBSD system or the workstation. On many systems,
there is no way to shut down the client gracefully once this
problem has manifested itself. The only solution is often to
reset the client, because the NFS situation cannot be
resolved.Though the correct solution is to get a higher
performance and capacity Ethernet adapter for the FreeBSD system,
there is a simple workaround that will allow satisfactory
operation. If the FreeBSD system is the
server, include the option
on the mount from the client. If the
FreeBSD system is the client, then mount the
NFS filesystem with the option . These
options may be specified using the fourth field of the
fstab entry on the client for automatic
mounts, or by using the parameter of the mount
command for manual mounts.It should be noted that there is a different problem,
sometimes mistaken for this one, when the NFS servers and clients
are on different networks. If that is the case, make
certain that your routers are routing the
necessary UDP information, or you will not get anywhere, no matter
what else you are doing.In the following examples, fastws is the host
(interface) name of a high-performance workstation, and
freebox is the host (interface) name of a FreeBSD
system with a lower-performance Ethernet adapter. Also,
/sharedfs will be the exported NFS
filesystem (see &man.exports.5;), and
/project will be the mount point on the
client for the exported filesystem. In all cases, note that
additional options, such as or
and may be desirable in
your application.Examples for the FreeBSD system (freebox) as
the client in /etc/fstab on freebox:fastws:/sharedfs /project nfs rw,-r=1024 0 0As a manual mount command on freebox:&prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /projectExamples for the FreeBSD system as the server in
/etc/fstab on fastws:freebox:/sharedfs /project nfs rw,-w=1024 0 0As a manual mount command on fastws:&prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /projectNearly any 16-bit Ethernet adapter will allow operation
without the above restrictions on the read or write size.For anyone who cares, here is what happens when the failure
occurs, which also explains why it is unrecoverable. NFS
typically works with a block size of 8 k (though it
may do fragments of smaller sizes). Since the maximum Ethernet
packet is around 1500 bytes, the NFS block gets
split into multiple Ethernet packets, even though it is still a
single unit to the upper-level code, and must be received,
assembled, and acknowledged as a unit. The
high-performance workstations can pump out the packets which
comprise the NFS unit one right after the other, just as close
together as the standard allows. On the smaller, lower capacity
cards, the later packets overrun the earlier packets of the same
unit before they can be transferred to the host and the unit as a
whole cannot be reconstructed or acknowledged. As a result, the
workstation will time out and try again, but it will try again
with the entire 8 K unit, and the process will be repeated, ad
infinitum.By keeping the unit size below the Ethernet packet size
limitation, we ensure that any complete Ethernet packet received
can be acknowledged individually, avoiding the deadlock
situation.Overruns may still occur when a high-performance workstations
is slamming data out to a PC system, but with the better cards,
such overruns are not guaranteed on NFS units. When
an overrun occurs, the units affected will be retransmitted, and
there will be a fair chance that they will be received, assembled,
and acknowledged.Jean-FrançoisDockèsUpdated by Diskless Operationdiskless workstationdiskless operationA FreeBSD machine can boot over the network and operate without a
local disk, using filesystems mounted from an NFS server. No system
modification is necessary, beyond standard configuration files.
Such a system is easy to set up because all the necessary elements
are readily available:There are at least two possible methods to load the kernel over
the network:
- PXE: Intel's Preboot Execution
+ PXE: The &intel; Preboot Execution
Environment system is a form of smart boot ROM built into some
networking cards or motherboards. See &man.pxeboot.8; for more
details.The etherboot
port (net/etherboot) produces
ROM-able code to boot kernels over the network. The
code can be either burnt into a boot PROM on a network
card, or loaded from a local floppy (or hard) disk
- drive, or from a running MS-DOS system. Many network
+ drive, or from a running &ms-dos; system. Many network
cards are supported.A sample script
(/usr/share/examples/diskless/clone_root) eases
the creation and maintenance of the workstation's root filesystem
on the server. The script will probably require a little
customization but it will get you started very quickly.Standard system startup files exist in /etc
to detect and support a diskless system startup.Swapping, if needed, can be done either to an NFS file or to
a local disk.There are many ways to set up diskless workstations. Many
elements are involved, and most can be customized to suit local
taste. The following will describe the setup of a complete system,
emphasizing simplicity and compatibility with the
standard FreeBSD startup scripts. The system described has the
following characteristics:The diskless workstations use a shared
read-only root filesystem, and a shared
read-only /usr.The root filesystem is a copy of a
standard FreeBSD root (typically the server's), with some
configuration files overridden by ones specific to diskless
operation or, possibly, to the workstation they belong to.The parts of the root which have to be
writable are overlaid with &man.mfs.8; filesystems. Any changes
will be lost when the system reboots.The kernel is loaded by etherboot
, using DHCP (or BOOTP) and TFTP.As described, this system is insecure. It should
live in a protected area of a network, and be untrusted by
other hosts.Setup InstructionsConfiguring DHCP/BOOTPdiskless operationbootingThere are two protocols that are commonly used to boot a
workstation that retrieves its configuration over the network: BOOTP
and DHCP. They are used at several points in the workstation
bootstrap:etherboot uses
DHCP (by default) or BOOTP (needs a configuration option) to
find the kernel. (PXE uses DHCP).The kernel uses BOOTP to locate the NFS
root.It is possible to configure a system to use only BOOTP.
The &man.bootpd.8; server program is included in the
base FreeBSD system.However, DHCP has a number of advantages over BOOTP (nicer
configuration files, possibility of using PXE, plus many others
not directly related to diskless operation), and we shall describe
both a pure BOOTP, and a BOOTP+DHCP configuration, with an
emphasis on the latter, which will use the ISC DHCP software
package.Configuration Using ISC DHCPDHCPdiskless operationThe isc-dhcp server can answer
both BOOTP and DHCP requests.As of release 4.4, isc-dhcp
3.0 is not part of the base
system. You will first need to install the
net/isc-dhcp3 port or the
corresponding package. Please refer to
for general information about ports and packages.Once isc-dhcp is installed, it
needs a configuration file to run, (normally named
/usr/local/etc/dhcpd.conf). Here follows
a commented example:
default-lease-time 600;
max-lease-time 7200;
authoritative;
option domain-name "example.com";
option domain-name-servers 192.168.4.1;
option routers 192.168.4.1;
subnet 192.168.4.0 netmask 255.255.255.0 {
use-host-decl-names on;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.4.255;
host margaux {
hardware ethernet 01:23:45:67:89:ab;
fixed-address margaux.example.com;
next-server 192.168.4.4;
filename "/tftpboot/kernel.diskless";
option root-path "192.168.4.4:/data/misc/diskless";
}
}
This option tells
dhcpd to send the value in the
host declarations as the hostname for the
diskless host. An alternate way would be to add an
option host-name
margaux inside the
host declarations.The
next-server directive designates
the TFTP server (the default is to use the same host as the
DHCP server).The
filename directive defines the file that
etherboot will load as a
kernel.
PXE appears to prefer a relative file
name, and it loads pxeboot, not the
kernel (option filename
"pxeboot").The
root-path option defines the path to
the root filesystem, in usual NFS notation.Configuration Using BOOTPBOOTPdiskless operationHere follows an equivalent bootpd
configuration. This would be found in
/etc/bootptab.Please note that etherboot
must be compiled with the non-default option
NO_DHCP_SUPPORT in order to use BOOTP,
and that PXE needs DHCP. The only
obvious advantage of bootpd is
that it exists in the base system.
.def100:\
:hn:ht=1:sa=192.168.4.4:vm=rfc1048:\
:sm=255.255.255.0:\
:ds=192.168.4.1:\
:gw=192.168.4.1:\
:hd="/tftpboot":\
:bf="/kernel.diskless":\
:rp="192.168.4.4:/data/misc/diskless":
margaux:ha=0123456789ab:tc=.def100
Preparing a Boot Program with
EtherbootEtherbootEtherboot's Web
site contains
extensive documentation mainly intended for Linux
systems, but nonetheless containing useful information. The
following will just outline how you would use
etherboot on a FreeBSD
system.You must first install the net/etherboot package or port.
The etherboot port can normally
be found in /usr/ports/net/etherboot.
If the ports tree is installed on your system, just typing
make in this directory should take care
of everything. Else refer to for
information about ports and packages.For our setup, we shall use a boot floppy. For other methods
(PROM, or dos program), please refer to the
etherboot documentation.To make a boot floppy, insert a floppy in the drive on the
machine where you installed etherboot,
then change your current directory to the src
directory in the etherboot tree and
type:
&prompt.root; gmake bin32/devicetype.fd0devicetype depends on the type of
the Ethernet card in the diskless workstation. Refer to the
NIC file in the same directory to determine the
right devicetype.Configuring the TFTP and NFS ServersTFTPdiskless operationNFSdiskless operationYou need to enable tftpd on the TFTP
server:Create a directory from which tftpd
will serve the files, i.e.: /tftpbootAdd this line to your
/etc/inetd.conf:tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpbootIt appears that at least some PXE versions want
the TCP version of TFTP. In this case, add a second line,
replacing dgram udp with stream
tcp.Tell inetd to reread its configuration
file:&prompt.root; kill -HUP `cat /var/run/inetd.pid`You can place the tftpboot
directory anywhere on the server. Make sure that the
location is set in both inetd.conf and
dhcpd.conf.You also need to enable NFS and export the
appropriate filesystem on the NFS server.Add this to /etc/rc.conf:nfs_server_enable="YES"Export the filesystem where the diskless root directory
is located by adding the following to
/etc/exports (adjust the volume mount
point and replace margaux
with the name of the diskless workstation):/data/misc -alldirs -ro margauxTell mountd to reread its configuration
file. If you actually needed to enable NFS in
/etc/rc.conf
at the first step, you probably want to reboot instead.&prompt.root; kill -HUP `cat /var/run/mountd.pid`Building a Diskless Kerneldiskless operationkernel configurationCreate a kernel configuration file for the diskless client
with the following options (in addition to the usual
ones):
options BOOTP # Use BOOTP to obtain IP address/hostname
options BOOTP_NFSROOT # NFS mount root filesystem using BOOTP info
options BOOTP_COMPAT # Workaround for broken bootp daemons.
You may also want to use BOOTP_NFSV3 and
BOOTP_WIRED_TO (refer to LINT).Build the kernel (See ),
and copy it to the tftp directory, under the name listed
in dhcpd.conf.Preparing the Root Filesystemroot file systemdiskless operationYou need to create a root filesystem for the diskless
workstations, in the location listed as
root-path in
dhcpd.conf.The easiest way to do this is to use the
/usr/share/examples/diskless/clone_root
shell script. This script needs customization, at least to adjust
the place where the filesystem will be created (the
DEST variable).Refer to the comments at the top of the script for
instructions. They explain how the base filesystem is built,
and how files may be selectively overridden by versions specific
to diskless operation, to a subnetwork, or to an individual
workstation. They also give examples for the diskless
/etc/fstab and
/etc/rc.conf files.The README files in
/usr/share/examples/diskless contain a lot
of interesting background information, but, together with the
other examples in the diskless directory,
they actually document a configuration method which is distinct
from the one used by clone_root and
/etc/rc.diskless[12], which is a little
confusing. Use them for reference only, except if you prefer
the method that they describe, in which case you will need
customized rc scripts.Configuring SwapIf needed, a swap file located on the server can be
accessed via NFS. The exact bootptab
or dhcpd.conf options are not clearly
documented at this time. The following configuration
suggestions have been reported to work in some installations
using isc-dhcp 3.0rc11.Add the following lines to
dhcpd.conf:
# Global section
option swap-path code 128 = string;
option swap-size code 129 = integer 32;
host margaux {
... # Standard lines, see above
option swap-path "192.168.4.4:/netswapvolume/netswap";
option swap-size 64000;
}
The idea is that, at least for a FreeBSD client,
DHCP/BOOTP option code 128 is the path to the NFS swap file,
and option code 129 is the swap size in kilobytes. Older
versions of dhcpd allowed a syntax of
option option-128 "..., which does not
seem to work any more./etc/bootptab would use the
following syntax instead:T128="192.168.4.4:/netswapvolume/netswap":T129=64000
On the NFS swap file server, create the swap
file(s)
&prompt.root; mkdir /netswapvolume/netswap
&prompt.root; cd /netswapvolume/netswap
&prompt.root; dd if=/dev/zero bs=1024 count=64000 of=swap.192.168.4.6
&prompt.root; chmod 0600 swap.192.168.4.6192.168.4.6 is the IP address
for the diskless client.On the NFS swap file server, add the following line to
/etc/exports:/netswapvolume -maproot=0:10 -alldirs margauxThen tell mountd to reread the
exports file, as above.Miscellaneous IssuesRunning with a Read-only /usrdiskless operation/usr read-onlyIf the diskless workstation is configured to run X, you
will have to adjust the xdm configuration file, which puts
the error log on /usr by default.Using a Non-FreeBSD ServerWhen the server for the root filesystem is not running FreeBSD,
you will have to create the root filesystem on a
FreeBSD machine, then copy it to its destination, using
tar or cpio.In this situation, there are sometimes
problems with the special files in /dev,
due to differing major/minor integer sizes. A solution to this
problem is to export a directory from the non-FreeBSD server,
mount this directory onto a FreeBSD machine, and run
MAKEDEV on the FreeBSD machine
to create the correct device entries (FreeBSD 5.0 and later
use &man.devfs.5; to allocate device nodes transparently for
the user, running MAKEDEV on these
versions is useless).ISDNISDNA good resource for information on ISDN technology and hardware is
Dan Kegel's ISDN
Page.A quick simple road map to ISDN follows:If you live in Europe you might want to investigate the ISDN card
section.If you are planning to use ISDN primarily to connect to the
Internet with an Internet Provider on a dial-up non-dedicated basis,
you might look into Terminal Adapters. This will give you the
most flexibility, with the fewest problems, if you change
providers.If you are connecting two LANs together, or connecting to the
Internet with a dedicated ISDN connection, you might consider
the stand alone router/bridge option.Cost is a significant factor in determining what solution you will
choose. The following options are listed from least expensive to most
expensive.HellmuthMichaelisContributed by ISDN CardsISDNcardsFreeBSD's ISDN implementation supports only the DSS1/Q.931
(or Euro-ISDN) standard using passive cards. Starting with
FreeBSD 4.4, some active cards are supported where the firmware
also supports other signaling protocols; this also includes the
first supported Primary Rate (PRI) ISDN card.Isdn4bsd allows you to connect
to other ISDN routers using either IP over raw HDLC or by using
synchronous PPP: either by using kernel PPP with isppp, a
modified sppp driver, or by using userland &man.ppp.8;. By using
userland &man.ppp.8;, channel bonding of two or more ISDN
B-channels is possible. A telephone answering machine
application is also available as well as many utilities such as
a software 300 Baud modem.Some growing number of PC ISDN cards are supported under
FreeBSD and the reports show that it is successfully used all
over Europe and in many other parts of the world.The passive ISDN cards supported are mostly the ones with
the Infineon (formerly Siemens) ISAC/HSCX/IPAC ISDN chipsets,
but also ISDN cards with chips from Cologne Chip (ISA bus only),
PCI cards with Winbond W6692 chips, some cards with the
Tiger300/320/ISAC chipset combinations and some vendor specific
chipset based cards such as the AVM Fritz!Card PCI V.1.0 and the
AVM Fritz!Card PnP.Currently the active supported ISDN cards are the AVM B1
(ISA and PCI) BRI cards and the AVM T1 PCI PRI cards.For documentation on isdn4bsd,
have a look at /usr/share/examples/isdn/
directory on your FreeBSD system or at the homepage of
isdn4bsd which also has pointers to hints, erratas and
much more documentation such as the isdn4bsd
handbook.In case you are interested in adding support for a
different ISDN protocol, a currently unsupported ISDN PC card or
otherwise enhancing isdn4bsd, please
get in touch with &a.hm;.For questions regarding the installation, configuration
and troubleshooting isdn4bsd, a
&a.isdn.name; mailing list is available.ISDN Terminal AdaptersTerminal adapters(TA), are to ISDN what modems are to regular
phone lines.modemMost TA's use the standard hayes modem AT command set, and can be
used as a drop in replacement for a modem.A TA will operate basically the same as a modem except connection
and throughput speeds will be much faster than your old modem. You
will need to configure PPP exactly the same
as for a modem setup. Make sure you set your serial speed as high as
possible.PPPThe main advantage of using a TA to connect to an Internet
Provider is that you can do Dynamic PPP. As IP address space becomes
more and more scarce, most providers are not willing to provide you
with a static IP anymore. Most stand-alone routers are not able to
accommodate dynamic IP allocation.TA's completely rely on the PPP daemon that you are running for
their features and stability of connection. This allows you to
upgrade easily from using a modem to ISDN on a FreeBSD machine, if you
already have PPP setup. However, at the same time any problems you
experienced with the PPP program and are going to persist.If you want maximum stability, use the kernel PPP option, not the user-land iijPPP.The following TA's are known to work with FreeBSD.Motorola BitSurfer and Bitsurfer ProAdtranMost other TA's will probably work as well, TA vendors try to make
sure their product can accept most of the standard modem AT command
set.The real problem with external TA's is that, like modems,
you need a good serial card in your computer.You should read the FreeBSD Serial
Hardware tutorial for a detailed understanding of
serial devices, and the differences between asynchronous and
synchronous serial ports.A TA running off a standard PC serial port (asynchronous) limits
you to 115.2 Kbs, even though you have a 128 Kbs connection.
To fully utilize the 128 Kbs that ISDN is capable of,
you must move the TA to a synchronous serial card.Do not be fooled into buying an internal TA and thinking you have
avoided the synchronous/asynchronous issue. Internal TA's simply have
a standard PC serial port chip built into them. All this will do is
save you having to buy another serial cable and find another empty
electrical socket.A synchronous card with a TA is at least as fast as a stand-alone
router, and with a simple 386 FreeBSD box driving it, probably more
flexible.The choice of sync/TA v.s. stand-alone router is largely a
religious issue. There has been some discussion of this in
the mailing lists. I suggest you search the archives for
the complete discussion.Stand-alone ISDN Bridges/RoutersISDNstand-alone bridges/routersISDN bridges or routers are not at all specific to FreeBSD
or any other operating system. For a more complete
description of routing and bridging technology, please refer
to a Networking reference book.In the context of this page, the terms router and bridge will
be used interchangeably.As the cost of low end ISDN routers/bridges comes down, it
will likely become a more and more popular choice. An ISDN
router is a small box that plugs directly into your local
Ethernet network, and manages its own connection to the other
bridge/router. It has built in software to communicate via
PPP and other popular protocols.A router will allow you much faster throughput than a
standard TA, since it will be using a full synchronous ISDN
connection.The main problem with ISDN routers and bridges is that
interoperability between manufacturers can still be a problem.
If you are planning to connect to an Internet provider, you
should discuss your needs with them.If you are planning to connect two LAN segments together,
such as your home LAN to the office LAN, this is the simplest
lowest
maintenance solution. Since you are buying the equipment for
both sides of the connection you can be assured that the link
will work.For example to connect a home computer or branch office
network to a head office network the following setup could be
used.Branch Office or Home Network10 base 2Network uses a bus based topology with 10 base 2
Ethernet (thinnet). Connect router to network cable with
AUI/10BT transceiver, if necessary.---Sun workstation
|
---FreeBSD box
|
---Windows 95 (Do not admit to owning it)
|
Stand-alone router
|
ISDN BRI line10 Base 2 EthernetIf your home/branch office is only one computer you can use a
twisted pair crossover cable to connect to the stand-alone router
directly.Head Office or Other LAN10 base TNetwork uses a star topology with 10 base T Ethernet
(Twisted Pair). -------Novell Server
| H |
| ---Sun
| |
| U ---FreeBSD
| |
| ---Windows 95
| B |
|___---Stand-alone router
|
ISDN BRI lineISDN Network DiagramOne large advantage of most routers/bridges is that they allow you
to have 2 separate independent PPP connections to
2 separate sites at the same time. This is not
supported on most TA's, except for specific (usually expensive) models
that
have two serial ports. Do not confuse this with channel bonding, MPP,
etc.This can be a very useful feature if, for example, you
have an dedicated ISDN connection at your office and would
like to tap into it, but do not want to get another ISDN line
at work. A router at the office location can manage a
dedicated B channel connection (64 Kbps) to the Internet
and use the other B channel for a separate data connection.
The second B channel can be used for dial-in, dial-out or
dynamically bonding (MPP, etc.) with the first B channel for
more bandwidth.IPX/SPXAn Ethernet bridge will also allow you to transmit more than just
IP traffic. You can also send IPX/SPX or whatever other protocols you
use.BillSwingleWritten by EricOgrenEnhanced by UdoErdelhoffNIS/YPWhat Is It?NISSolarisHP-UXAIXLinuxNetBSDOpenBSDNIS, which stands for Network Information Services, was
- developed by Sun Microsystems to centralize administration of Unix
- (originally SunOS) systems. It has now essentially become an
- industry standard; all major Unix systems (Solaris, HP-UX, AIX, Linux,
+ developed by Sun Microsystems to centralize administration of &unix;
+ (originally &sunos;) systems. It has now essentially become an
+ industry standard; all major &unix; like systems (&solaris;, HP-UX, &aix;, Linux,
NetBSD, OpenBSD, FreeBSD, etc) support NIS.yellow pagesNISNIS was formerly known as Yellow Pages, but because of
trademark issues, Sun changed the name. The old term (and yp) is
still often seen and used.NISdomainsIt is a RPC-based client/server system that allows a group
of machines within an NIS domain to share a common set of
configuration files. This permits a system administrator to set
up NIS client systems with only minimal configuration data and
add, remove or modify configuration data from a single
location.Windows NT
- It is similar to Windows NT's domain system; although the
+ It is similar to the &windowsnt; domain system; although the
internal implementation of the two are not at all similar,
the basic functionality can be compared.Terms/Processes You Should KnowThere are several terms and several important user processes
that you will come across when
attempting to implement NIS on FreeBSD, whether you are trying to
create an NIS server or act as an NIS client:portmapTermDescriptionNIS domainnameAn NIS master server and all of its clients
(including its slave servers) have a NIS
- domainname. Similar to an NT domain name, the NIS
+ domainname. Similar to an &windowsnt; domain name, the NIS
domainname does not have anything to do with DNS.portmapMust be running in order to enable RPC (Remote
Procedure Call, a network protocol used by NIS). If
portmap is not running, it will be
impossible to run an NIS server, or to act as an NIS
client.ypbindBinds an NIS client to its NIS
server. It will take the NIS domainname from the
system, and using RPC, connect to the
server. ypbind is the core of
client-server communication in an NIS environment; if
ypbind dies on a client machine, it
will not be able to access the NIS server.ypservShould only be running on NIS servers; this is the NIS
server process itself. If &man.ypserv.8; dies, then the
server will no longer be able to respond to NIS requests
(hopefully, there is a slave server to take over for
it). There are some implementations of NIS (but not the
FreeBSD one), that do not try to reconnect to another
server if the server it used before dies. Often, the
only thing that helps in this case is to restart the
server process (or even the whole server) or the
ypbind process on the client.
rpc.yppasswddAnother process that should only be running on
NIS master servers; this is a daemon that will allow NIS
clients to change their NIS passwords. If this daemon
is not running, users will have to login to the NIS
master server and change their passwords there.How Does It Work?There are three types of hosts in an NIS environment: master
servers, slave servers, and clients. Servers act as a central
repository for host configuration information. Master servers
hold the authoritative copy of this information, while slave
servers mirror this information for redundancy. Clients rely on
the servers to provide this information to them.Information in many files can be shared in this manner. The
master.passwd, group,
and hosts files are commonly shared via NIS.
Whenever a process on a client needs information that would
normally be found in these files locally, it makes a query to the
NIS server that it is bound to instead.Machine TypesNISmaster serverA NIS master server.
- This server, analogous to a Windows
- NT primary domain controller, maintains the files used by all
+ This server, analogous to a &windowsnt;
+ primary domain controller, maintains the files used by all
of the NIS clients. The passwd,
group, and other various files used by the
NIS clients live on the master server.It is possible for one machine to be an NIS
master server for more than one NIS domain. However, this will
not be covered in this introduction, which assumes a relatively
small-scale NIS environment.NISslave serverNIS slave servers.
- Similar to NT's backup domain
+ Similar to the &windowsnt; backup domain
controllers, NIS slave servers maintain copies of the NIS
master's data files. NIS slave servers provide the redundancy,
which is needed in important environments. They also help
to balance the load of the master server: NIS Clients always
attach to the NIS server whose response they get first, and
this includes slave-server-replies.NISclientNIS clients. NIS clients, like most
- NT workstations, authenticate against the NIS server (or the NT
- domain controller in the NT Workstation case) to log on.
+ &windowsnt; workstations, authenticate against the NIS server (or the &windowsnt;
+ domain controller in the &windowsnt; Workstation case) to log on.
Using NIS/YPThis section will deal with setting up a sample NIS
environment.This section assumes that you are running FreeBSD 3.3
or later. The instructions given here will
probably work for any version of FreeBSD greater
than 3.0, but there are no guarantees that this is
true.PlanningLet us assume that you are the administrator of a small
university lab. This lab, which consists of 15 FreeBSD machines,
currently has no centralized point of administration; each machine
has its own /etc/passwd and
/etc/master.passwd. These files are kept in
sync with each other only through manual intervention;
currently, when you add a user to the lab, you must run
adduser on all 15 machines.
Clearly, this has to change, so you have decided to convert the
lab to use NIS, using two of the machines as servers.Therefore, the configuration of the lab now looks something
like:Machine nameIP addressMachine roleellington10.0.0.2NIS mastercoltrane10.0.0.3NIS slavebasie10.0.0.4Faculty workstationbird10.0.0.5Client machinecli[1-11]10.0.0.[6-17]Other client machinesIf you are setting up a NIS scheme for the first time, it
is a good idea to think through how you want to go about it. No
matter what the size of your network, there are a few decisions
that need to be made.Choosing a NIS Domain NameNISdomainnameThis might not be the domainname that you
are used to. It is more accurately called the
NIS domainname. When a client broadcasts its
requests for info, it includes the name of the NIS domain
that it is part of. This is how multiple servers on one
network can tell which server should answer which request.
Think of the NIS domainname as the name for a group of hosts
that are related in some way.Some organizations choose to use their Internet
domainname for their NIS domainname. This is not
recommended as it can cause confusion when trying to debug
network problems. The NIS domainname should be unique
within your network and it is helpful if it describes the
group of machines it represents. For example, the Art
department at Acme Inc. might be in the
acme-art NIS domain. For this example,
assume you have chosen the name
test-domain.SunOS
- However, some operating systems (notably SunOS) use their
+ However, some operating systems (notably &sunos;) use their
NIS domain name as their Internet domain name.
If one or more machines on your network have this restriction,
you must use the Internet domain name as
your NIS domain name.Physical Server RequirementsThere are several things to keep in mind when choosing a
machine to use as a NIS server. One of the unfortunate things
about NIS is the level of dependency the clients have on the
server. If a client cannot contact the server for its NIS
domain, very often the machine becomes unusable. The lack of
user and group information causes most systems to temporarily
freeze up. With this in mind you should make sure to choose a
machine that will not be prone to being rebooted regularly, or
one that might be used for development. The NIS server should
ideally be a stand alone machine whose sole purpose in life is
to be an NIS server. If you have a network that is not very
heavily used, it is acceptable to put the NIS server on a
machine running other services, just keep in mind that if the
NIS server becomes unavailable, it will affect
all of your NIS clients adversely.NIS Servers The canonical copies of all NIS information are stored on
a single machine called the NIS master server. The databases
used to store the information are called NIS maps. In FreeBSD,
these maps are stored in
/var/yp/[domainname] where
[domainname] is the name of the NIS domain
being served. A single NIS server can support several domains
at once, therefore it is possible to have several such
directories, one for each supported domain. Each domain will
have its own independent set of maps.NIS master and slave servers handle all NIS requests with
the ypserv daemon. ypserv
is responsible for receiving incoming requests from NIS clients,
translating the requested domain and map name to a path to the
corresponding database file and transmitting data from the
database back to the client.Setting Up a NIS Master ServerNISserver configurationSetting up a master NIS server can be relatively straight
forward, depending on your needs. FreeBSD comes with support
for NIS out-of-the-box. All you need is to add the following
lines to /etc/rc.conf, and FreeBSD will
do the rest for you.nisdomainname="test-domain"
This line will set the NIS domainname to
test-domain
upon network setup (e.g. after reboot).nis_server_enable="YES"
This will tell FreeBSD to start up the NIS server processes
when the networking is next brought up.nis_yppasswdd_enable="YES"
This will enable the rpc.yppasswdd
daemon which, as mentioned above, will allow users to
change their NIS password from a client machine.Depending on your NIS setup, you may need to add
further entries. See the section about NIS servers
that are also NIS clients, below, for
details.Now, all you have to do is to run the command
/etc/netstart as superuser. It will
set up everything for you, using the values you defined in
/etc/rc.conf.Initializing the NIS MapsNISmapsThe NIS maps are database files,
that are kept in the /var/yp directory.
They are generated from configuration files in the
/etc directory of the NIS master, with one
exception: the /etc/master.passwd file.
This is for a good reason; you do not want to propagate
passwords to your root and other
administrative accounts to all the servers in the NIS domain.
Therefore, before we initialize the NIS maps, you should:&prompt.root; cp /etc/master.passwd /var/yp/master.passwd
&prompt.root; cd /var/yp
&prompt.root; vi master.passwdYou should remove all entries regarding system accounts
(bin, tty,
kmem, games, etc), as
well as any accounts that you do not want to be propagated to the
NIS clients (for example root and any other
UID 0 (superuser) accounts).Make sure the
/var/yp/master.passwd is neither group
nor world readable (mode 600)! Use the
chmod command, if appropriate.
- Tru64 Unix
+ Tru64 UNIXWhen you have finished, it is time to initialize the NIS
maps! FreeBSD includes a script named
ypinit to do this for you
(see its manual page for more information). Note that this
- script is available on most Unix Operating Systems, but not on all.
- On Digital Unix/Compaq Tru64 Unix it is called
+ script is available on most &unix; Operating Systems, but not on all.
+ On Digital UNIX/Compaq Tru64 UNIX it is called
ypsetup.
Because we are generating maps for an NIS master, we are
going to pass the option to
ypinit.
To generate the NIS maps, assuming you already performed
the steps above, run:ellington&prompt.root; ypinit -m test-domain
Server Type: MASTER Domain: test-domain
Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
At this point, we have to construct a list of this domains YP servers.
rod.darktech.org is already known as master server.
Please continue to add any slave servers, one per line. When you are
done with the list, type a <control D>.
master server : ellington
next host to add: coltrane
next host to add: ^D
The current list of NIS servers looks like this:
ellington
coltrane
Is this correct? [y/n: y] y
[..output from map generation..]
NIS Map update completed.
ellington has been setup as an YP master server without any errors.ypinit should have created
/var/yp/Makefile from
/var/yp/Makefile.dist.
When created, this file assumes that you are operating
in a single server NIS environment with only FreeBSD
machines. Since test-domain has
a slave server as well, you must edit
/var/yp/Makefile:ellington&prompt.root; vi /var/yp/MakefileYou should comment out the line that saysNOPUSH = "True"(if it is not commented out already).Setting up a NIS Slave ServerNISslave serverSetting up an NIS slave server is even more simple than
setting up the master. Log on to the slave server and edit the
file /etc/rc.conf as you did before.
The only difference is that we now must use the
option when running ypinit.
The option requires the name of the NIS
master be passed to it as well, so our command line looks
like:coltrane&prompt.root; ypinit -s ellington test-domain
Server Type: SLAVE Domain: test-domain Master: ellington
Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
There will be no further questions. The remainder of the procedure
should take a few minutes, to copy the databases from ellington.
Transferring netgroup...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byuser...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byhost...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring group.bygid...
ypxfr: Exiting: Map successfully transferred
Transferring group.byname...
ypxfr: Exiting: Map successfully transferred
Transferring services.byname...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.byname...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.byname...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring netid.byname...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring ypservers...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byname...
ypxfr: Exiting: Map successfully transferred
coltrane has been setup as an YP slave server without any errors.
Don't forget to update map ypservers on ellington.You should now have a directory called
/var/yp/test-domain. Copies of the NIS
master server's maps should be in this directory. You will
need to make sure that these stay updated. The following
/etc/crontab entries on your slave
servers should do the job:20 * * * * root /usr/libexec/ypxfr passwd.byname
21 * * * * root /usr/libexec/ypxfr passwd.byuidThese two lines force the slave to sync its maps with
the maps on the master server. Although these entries are
not mandatory, since the master server attempts to ensure
any changes to its NIS maps are communicated to its slaves
and because password information is vital to systems
depending on the server, it is a good idea to force the
updates. This is more important on busy networks where map
updates might not always complete.Now, run the command /etc/netstart on the
slave server as well, which again starts the NIS server.NIS Clients An NIS client establishes what is called a binding to a
particular NIS server using the
ypbind daemon.
ypbind checks the system's default
domain (as set by the domainname command),
and begins broadcasting RPC requests on the local network.
These requests specify the name of the domain for which
ypbind is attempting to establish a binding.
If a server that has been configured to serve the requested
domain receives one of the broadcasts, it will respond to
ypbind, which will record the server's
address. If there are several servers available (a master and
several slaves, for example), ypbind will
use the address of the first one to respond. From that point
on, the client system will direct all of its NIS requests to
that server. ypbind will
occasionally ping the server to make sure it is
still up and running. If it fails to receive a reply to one of
its pings within a reasonable amount of time,
ypbind will mark the domain as unbound and
begin broadcasting again in the hopes of locating another
server.Setting Up a NIS ClientNISclient configurationSetting up a FreeBSD machine to be a NIS client is fairly
straightforward.Edit the file /etc/rc.conf and
add the following lines in order to set the NIS domainname
and start ypbind upon network
startup:nisdomainname="test-domain"
nis_client_enable="YES"To import all possible password entries from the NIS
server, remove all user accounts from your
/etc/master.passwd file and use
vipw to add the following line to
the end of the file:+:::::::::This line will afford anyone with a valid account in
the NIS server's password maps an account. There are
many ways to configure your NIS client by changing this
line. See the netgroups
section below for more information.
For more detailed reading see O'Reilly's book on
Managing NFS and NIS.You should keep at least one local account (i.e.
not imported via NIS) in your
/etc/master.passwd and this
account should also be a member of the group
wheel. If there is something
wrong with NIS, this account can be used to log in
remotely, become root, and fix things.To import all possible group entries from the NIS
server, add this line to your
/etc/group file:+:*::After completing these steps, you should be able to run
ypcat passwd and see the NIS server's
passwd map.NIS SecurityIn general, any remote user can issue an RPC to
&man.ypserv.8; and retrieve the contents of your NIS maps,
provided the remote user knows your domainname. To prevent
such unauthorized transactions, &man.ypserv.8; supports a
feature called securenets which can be used to restrict access
to a given set of hosts. At startup, &man.ypserv.8; will
attempt to load the securenets information from a file called
/var/yp/securenets.This path varies depending on the path specified with the
option. This file contains entries that
consist of a network specification and a network mask separated
by white space. Lines starting with # are
considered to be comments. A sample securenets file might look
like this:# allow connections from local host -- mandatory
127.0.0.1 255.255.255.255
# allow connections from any host
# on the 192.168.128.0 network
192.168.128.0 255.255.255.0
# allow connections from any host
# between 10.0.0.0 to 10.0.15.255
# this includes the machines in the testlab
10.0.0.0 255.255.240.0If &man.ypserv.8; receives a request from an address that
matches one of these rules, it will process the request
normally. If the address fails to match a rule, the request
will be ignored and a warning message will be logged. If the
/var/yp/securenets file does not exist,
ypserv will allow connections from any
host.The ypserv program also has support for Wietse
Venema's
tcpwrapper package. This allows the
administrator to use the tcpwrapper configuration
files for access control instead of
/var/yp/securenets.While both of these access control mechanisms provide some
security, they, like the privileged port test, are
vulnerable to IP spoofing attacks. All
NIS-related traffic should be blocked at your firewall.Servers using /var/yp/securenets
may fail to serve legitimate NIS clients with archaic TCP/IP
implementations. Some of these implementations set all
host bits to zero when doing broadcasts and/or fail to
observe the subnet mask when calculating the broadcast
address. While some of these problems can be fixed by
changing the client configuration, other problems may force
the retirement of the client systems in question or the
abandonment of /var/yp/securenets.Using /var/yp/securenets on a
server with such an archaic implementation of TCP/IP is a
really bad idea and will lead to loss of NIS functionality
for large parts of your network.tcpwrapperThe use of the tcpwrapper
package increases the latency of your NIS server. The
additional delay may be long enough to cause timeouts in
client programs, especially in busy networks or with slow
NIS servers. If one or more of your client systems
suffers from these symptoms, you should convert the client
systems in question into NIS slave servers and force them
to bind to themselves.Barring Some Users from Logging OnIn our lab, there is a machine basie that is
supposed to be a faculty only workstation. We do not want to take this
machine out of the NIS domain, yet the passwd
file on the master NIS server contains accounts for both faculty and
students. What can we do?There is a way to bar specific users from logging on to a
machine, even if they are present in the NIS database. To do this,
all you must do is add
-username to the end of
the /etc/master.passwd file on the client
machine, where username is the username of
the user you wish to bar from logging in. This should preferably be
done using vipw, since vipw
will sanity check your changes to
/etc/master.passwd, as well as
automatically rebuild the password database when you
finish editing. For example, if we wanted to bar user
bill from logging on to basie
we would:basie&prompt.root; vipw[add -bill to the end, exit]
vipw: rebuilding the database...
vipw: done
basie&prompt.root; cat /etc/master.passwd
root:[password]:0:0::0:0:The super-user:/root:/bin/csh
toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh
daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+:::::::::
-bill
basie&prompt.root;UdoErdelhoffContributed by Using NetgroupsnetgroupsThe method shown in the previous section works reasonably
well if you need special rules for a very small number of
users and/or machines. On larger networks, you
will forget to bar some users from logging
onto sensitive machines, or you may even have to modify each
machine separately, thus losing the main benefit of NIS,
centralized administration.The NIS developers' solution for this problem is called
netgroups. Their purpose and semantics
- can be compared to the normal groups used by Unix file
+ can be compared to the normal groups used by &unix; file
systems. The main differences are the lack of a numeric id
and the ability to define a netgroup by including both user
accounts and other netgroups.Netgroups were developed to handle large, complex networks
with hundreds of users and machines. On one hand, this is
a Good Thing if you are forced to deal with such a situation.
On the other hand, this complexity makes it almost impossible to
explain netgroups with really simple examples. The example
used in the remainder of this section demonstrates this
problem.Let us assume that your successful introduction of NIS in
your laboratory caught your superiors' interest. Your next
job is to extend your NIS domain to cover some of the other
machines on campus. The two tables contain the names of the
new users and new machines as well as brief descriptions of
them.User Name(s)Descriptionalpha, betaNormal employees of the IT departmentcharlie, deltaThe new apprentices of the IT departmentecho, foxtrott, golf, ...Ordinary employeesable, baker, ...The current internsMachine Name(s)Descriptionwar, death, famine, pollutionYour most important servers. Only the IT
employees are allowed to log onto these
machines.pride, greed, envy, wrath, lust, slothLess important servers. All members of the IT
department are allowed to login onto these machines.one, two, three, four, ...Ordinary workstations. Only the
real employees are allowed to use
these machines.trashcanA very old machine without any critical data.
Even the intern is allowed to use this box.If you tried to implement these restrictions by separately
blocking each user, you would have to add one
-user line to each system's
passwd
for each user who is not allowed to login onto that system.
If you forget just one entry, you could be in trouble. It may
be feasible to do this correctly during the initial setup,
however you will eventually forget to add
the lines for new users during day-to-day operations. After
all, Murphy was an optimist.Handling this situation with netgroups offers several
advantages. Each user need not be handled separately;
you assign a user to one or more netgroups and allow or forbid
logins for all members of the netgroup. If you add a new
machine, you will only have to define login restrictions for
netgroups. If a new user is added, you will only have to add
the user to one or more netgroups. Those changes are
independent of each other; no more for each combination
of user and machine do... If your NIS setup is planned
carefully, you will only have to modify exactly one central
configuration file to grant or deny access to machines.The first step is the initialization of the NIS map
netgroup. FreeBSD's &man.ypinit.8; does not create this map by
default, but its NIS implementation will support it once it has
been created. To create an empty map, simply typeellington&prompt.root; vi /var/yp/netgroupand start adding content. For our example, we need at
least four netgroups: IT employees, IT apprentices, normal
employees and interns.IT_EMP (,alpha,test-domain) (,beta,test-domain)
IT_APP (,charlie,test-domain) (,delta,test-domain)
USERS (,echo,test-domain) (,foxtrott,test-domain) \
(,golf,test-domain)
INTERNS (,able,test-domain) (,baker,test-domain)IT_EMP, IT_APP etc.
are the names of the netgroups. Each bracketed group adds
one or more user accounts to it. The three fields inside a
group are:The name of the host(s) where the following items are
valid. If you do not specify a hostname, the entry is
valid on all hosts. If you do specify a hostname, you
will enter a realm of darkness, horror and utter confusion.The name of the account that belongs to this
netgroup.The NIS domain for the account. You can import
accounts from other NIS domains into your netgroup if you
are one of the unlucky fellows with more than one NIS
domain.Each of these fields can contain wildcards. See
&man.netgroup.5; for details.netgroupsNetgroup names longer than 8 characters should not be
used, especially if you have machines running other
operating systems within your NIS domain. The names are
case sensitive; using capital letters for your netgroup
names is an easy way to distinguish between user, machine
and netgroup names.Some NIS clients (other than FreeBSD) cannot handle
netgroups with a large number of entries. For example, some
- older versions of SunOS start to cause trouble if a netgroup
+ older versions of &sunos; start to cause trouble if a netgroup
contains more than 15 entries. You can
circumvent this limit by creating several sub-netgroups with
15 users or less and a real netgroup that consists of the
sub-netgroups:BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...]
BIGGRP2 (,joe16,domain) (,joe17,domain) [...]
BIGGRP3 (,joe31,domain) (,joe32,domain)
BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3You can repeat this process if you need more than 225
users within a single netgroup.Activating and distributing your new NIS map is
easy:ellington&prompt.root; cd /var/yp
ellington&prompt.root; makeThis will generate the three NIS maps
netgroup,
netgroup.byhost and
netgroup.byuser. Use &man.ypcat.1; to
check if your new NIS maps are available:ellington&prompt.user; ypcat -k netgroup
ellington&prompt.user; ypcat -k netgroup.byhost
ellington&prompt.user; ypcat -k netgroup.byuserThe output of the first command should resemble the
contents of /var/yp/netgroup. The second
command will not produce output if you have not specified
host-specific netgroups. The third command can be used to
get the list of netgroups for a user.The client setup is quite simple. To configure the server
war, you only have to start
&man.vipw.8; and replace the line+:::::::::with+@IT_EMP:::::::::Now, only the data for the users defined in the netgroup
IT_EMP is imported into
war's password database and only
these users are allowed to login.Unfortunately, this limitation also applies to the ~
function of the shell and all routines converting between user
names and numerical user IDs. In other words,
cd ~user will not work,
ls -l will show the numerical id instead of
the username and find . -user joe -print will
fail with No such user. To fix this, you will
have to import all user entries without allowing them
to login onto your servers.This can be achieved by adding another line to
/etc/master.passwd. This line should
contain:+:::::::::/sbin/nologin, meaning
Import all entries but replace the shell with
/sbin/nologin in the imported
entries. You can replace any field
in the passwd entry by placing a default value in your
/etc/master.passwd.Make sure that the line
+:::::::::/sbin/nologin is placed after
+@IT_EMP:::::::::. Otherwise, all user
accounts imported from NIS will have /sbin/nologin as their
login shell.After this change, you will only have to change one NIS
map if a new employee joins the IT department. You could use
a similar approach for the less important servers by replacing
the old +::::::::: in their local version
of /etc/master.passwd with something like
this:+@IT_EMP:::::::::
+@IT_APP:::::::::
+:::::::::/sbin/nologinThe corresponding lines for the normal workstations
could be:+@IT_EMP:::::::::
+@USERS:::::::::
+:::::::::/sbin/nologinAnd everything would be fine until there is a policy
change a few weeks later: The IT department starts hiring
interns. The IT interns are allowed to use the normal
workstations and the less important servers; and the IT
apprentices are allowed to login onto the main servers. You
add a new netgroup IT_INTERN, add the new IT interns to this
netgroup and start to change the config on each and every
machine... As the old saying goes: Errors in
centralized planning lead to global mess.NIS' ability to create netgroups from other netgroups can
be used to prevent situations like these. One possibility
is the creation of role-based netgroups. For example, you
could create a netgroup called
BIGSRV to define the login
restrictions for the important servers, another netgroup
called SMALLSRV for the less
important servers and a third netgroup called
USERBOX for the normal
workstations. Each of these netgroups contains the netgroups
that are allowed to login onto these machines. The new
entries for your NIS map netgroup should look like this:BIGSRV IT_EMP IT_APP
SMALLSRV IT_EMP IT_APP ITINTERN
USERBOX IT_EMP ITINTERN USERSThis method of defining login restrictions works
reasonably well if you can define groups of machines with
identical restrictions. Unfortunately, this is the exception
and not the rule. Most of the time, you will need the ability
to define login restrictions on a per-machine basis.Machine-specific netgroup definitions are the other
possibility to deal with the policy change outlined above. In
this scenario, the /etc/master.passwd of
each box contains two lines starting with +.
The first of them adds a netgroup with the accounts allowed to
login onto this machine, the second one adds all other
accounts with /sbin/nologin as shell. It
is a good idea to use the ALL-CAPS version of the machine name
as the name of the netgroup. In other words, the lines should
look like this:+@BOXNAME:::::::::
+:::::::::/sbin/nologinOnce you have completed this task for all your machines,
you will not have to modify the local versions of
/etc/master.passwd ever again. All
further changes can be handled by modifying the NIS map. Here
is an example of a possible netgroup map for this
scenario with some additional goodies.# Define groups of users first
IT_EMP (,alpha,test-domain) (,beta,test-domain)
IT_APP (,charlie,test-domain) (,delta,test-domain)
DEPT1 (,echo,test-domain) (,foxtrott,test-domain)
DEPT2 (,golf,test-domain) (,hotel,test-domain)
DEPT3 (,india,test-domain) (,juliet,test-domain)
ITINTERN (,kilo,test-domain) (,lima,test-domain)
D_INTERNS (,able,test-domain) (,baker,test-domain)
#
# Now, define some groups based on roles
USERS DEPT1 DEPT2 DEPT3
BIGSRV IT_EMP IT_APP
SMALLSRV IT_EMP IT_APP ITINTERN
USERBOX IT_EMP ITINTERN USERS
#
# And a groups for a special tasks
# Allow echo and golf to access our anti-virus-machine
SECURITY IT_EMP (,echo,test-domain) (,golf,test-domain)
#
# machine-based netgroups
# Our main servers
WAR BIGSRV
FAMINE BIGSRV
# User india needs access to this server
POLLUTION BIGSRV (,india,test-domain)
#
# This one is really important and needs more access restrictions
DEATH IT_EMP
#
# The anti-virus-machine mentioned above
ONE SECURITY
#
# Restrict a machine to a single user
TWO (,hotel,test-domain)
# [...more groups to follow]If you are using some kind of database to manage your user
accounts, you should be able to create the first part of the
map with your database's report tools. This way, new users
will automatically have access to the boxes.One last word of caution: It may not always be advisable
to use machine-based netgroups. If you are deploying a couple of
dozen or even hundreds of identical machines for student labs,
you should use role-based netgroups instead of machine-based
netgroups to keep the size of the NIS map within reasonable
limits.Important Things to RememberThere are still a couple of things that you will need to do
differently now that you are in an NIS environment.Every time you wish to add a user to the lab, you
must add it to the master NIS server only,
and you must remember to rebuild the NIS
maps. If you forget to do this, the new user will
not be able to login anywhere except on the NIS master.
For example, if we needed to add a new user
jsmith to the lab, we would:&prompt.root; pw useradd jsmith
&prompt.root; cd /var/yp
&prompt.root; make test-domainYou could also run adduser jsmith instead
of pw useradd jsmith.Keep the administration accounts out of the NIS
maps. You do not want to be propagating administrative
accounts and passwords to machines that will have users that
should not have access to those accounts.Keep the NIS master and slave
secure, and minimize their downtime.
If somebody either hacks or simply turns off
these machines, they have effectively rendered many people without
the ability to login to the lab.This is the chief weakness of any centralized administration
system, and it is probably the most important weakness. If you do
not protect your NIS servers, you will have a lot of angry
users!NIS v1 Compatibility FreeBSD's ypserv has some support
for serving NIS v1 clients. FreeBSD's NIS implementation only
uses the NIS v2 protocol, however other implementations include
support for the v1 protocol for backwards compatibility with older
systems. The ypbind daemons supplied
with these systems will try to establish a binding to an NIS v1
server even though they may never actually need it (and they may
persist in broadcasting in search of one even after they receive a
response from a v2 server). Note that while support for normal
client calls is provided, this version of ypserv does not handle
v1 map transfer requests; consequently, it cannot be used as a
master or slave in conjunction with older NIS servers that only
support the v1 protocol. Fortunately, there probably are not any
such servers still in use today.NIS Servers That Are Also NIS Clients Care must be taken when running ypserv in a multi-server
domain where the server machines are also NIS clients. It is
generally a good idea to force the servers to bind to themselves
rather than allowing them to broadcast bind requests and possibly
become bound to each other. Strange failure modes can result if
one server goes down and others are dependent upon it.
Eventually all the clients will time out and attempt to bind to
other servers, but the delay involved can be considerable and the
failure mode is still present since the servers might bind to each
other all over again.You can force a host to bind to a particular server by running
ypbind with the
flag. If you do not want to do this manually each time you
reboot your NIS server, you can add the following lines to
your /etc/rc.conf:nis_client_enable="YES" # run client stuff as well
nis_client_flags="-S NIS domain,server"See &man.ypbind.8; for further information.Password FormatsNISpassword formatsOne of the most common issues that people run into when trying
to implement NIS is password format compatibility. If your NIS
server is using DES encrypted passwords, it will only support
clients that are also using DES. For example, if you have
- Solaris NIS clients in your network, then you will almost certainly
+ &solaris; NIS clients in your network, then you will almost certainly
need to use DES encrypted passwords.To check which format your servers
and clients are using, look at /etc/login.conf.
If the host is configured to use DES encrypted passwords, then the
default class will contain an entry like this:default:\
:passwd_format=des:\
:copyright=/etc/COPYRIGHT:\
[Further entries elided]Other possible values for the passwd_format
capability include blf and md5
(for Blowfish and MD5 encrypted passwords, respectively).If you have made changes to /etc/login.conf,
you will also need to rebuild the login capability database, which is
achieved by running the following command as root:&prompt.root; cap_mkdb /etc/login.confThe format of passwords already in
/etc/master.passwd will not be updated until
a user changes their password for the first time after
the login capability database is rebuilt.Next, in order to ensure that passwords are encrypted with the
format that you have chosen, you should also check that the
crypt_default in /etc/auth.conf
gives precedence to your chosen password format. To do this, place
the format that you have chosen first in the list. For example, when
using DES encrypted passwords, the entry would be:crypt_default = des blf md5Having followed the above steps on each of the &os; based NIS
servers and clients, you can be sure that they all agree on which
password format is used within your network.
If you have trouble authenticating on an NIS client, this
is a pretty good place to start looking for possible problems.
Remember: if you want to deploy an NIS server for a heterogenous
network, you will probably have to use DES on all systems
because it is the lowest common standard.GregSutterWritten by DHCPWhat Is DHCP?Dynamic Host Configuration ProtocolDHCPInternet Software Consortium (ISC)DHCP, the Dynamic Host Configuration Protocol, describes
the means by which a system can connect to a network and obtain the
necessary information for communication upon that network. FreeBSD
uses the ISC (Internet Software Consortium) DHCP implementation, so
all implementation-specific information here is for use with the ISC
distribution.What This Section CoversThis section describes both the client-side and server-side
components of the ISC DHCP system. The client-side program,
dhclient, comes integrated within FreeBSD, and
the server-side portion is available from the
net/isc-dhcp3 port. The
&man.dhclient.8;, &man.dhcp-options.5;, and &man.dhclient.conf.5;
manual pages, in addition to the references below, are useful
resources.How It WorksUDPWhen dhclient, the DHCP client, is
executed on the client machine, it begins broadcasting
requests for configuration information. By default, these
requests are on UDP port 68. The server replies on UDP 67,
giving the client an IP address and other relevant network
information such as netmask, router, and DNS servers. All of
this information comes in the form of a DHCP
lease and is only valid for a certain time
(configured by the DHCP server maintainer). In this manner,
stale IP addresses for clients no longer connected to the
network can be automatically reclaimed.DHCP clients can obtain a great deal of information from
the server. An exhaustive list may be found in
&man.dhcp-options.5;.FreeBSD IntegrationFreeBSD fully integrates the ISC DHCP client,
dhclient. DHCP client support is provided
within both the installer and the base system, obviating the need
for detailed knowledge of network configurations on any network
that runs a DHCP server. dhclient has been
included in all FreeBSD distributions since 3.2.sysinstallDHCP is supported by
sysinstall. When configuring a
network interface within sysinstall, the first question
asked is, Do you want to try DHCP configuration of
this interface? Answering affirmatively will execute
dhclient, and if successful, will fill in
the network configuration information automatically.There are two things you must do to have your system use
DHCP upon startup:DHCPrequirementsMake sure that the bpf
device is compiled into your kernel. To do this, add
pseudo-device bpf to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see .The bpf device is already
part of the GENERIC kernel that is
supplied with FreeBSD, so if you do not have a custom
kernel, you should not need to create one in order to get
DHCP working.For those who are particularly security conscious,
you should be warned that bpf
is also the device that allows packet sniffers to work
correctly (although they still have to be run as
root). bpfis required to use DHCP, but if
you are very sensitive about security, you probably
should not add bpf to your
kernel in the expectation that at some point in the
future you will be using DHCP.Edit your /etc/rc.conf to
include the following:ifconfig_fxp0="DHCP"Be sure to replace fxp0 with the
designation for the interface that you wish to dynamically
configure, as described in
.If you are using a different location for
dhclient, or if you wish to pass additional
flags to dhclient, also include the
following (editing as necessary):dhcp_program="/sbin/dhclient"
dhcp_flags=""DHCPserverThe DHCP server, dhcpd, is included
as part of the net/isc-dhcp3 port in the ports
collection. This port contains the full ISC DHCP
distribution, consisting of client, server, relay agent and
documentation.
FilesDHCPconfiguration files/etc/dhclient.confdhclient requires a configuration file,
/etc/dhclient.conf. Typically the file
contains only comments, the defaults being reasonably sane. This
configuration file is described by the &man.dhclient.conf.5;
manual page./sbin/dhclientdhclient is statically linked and
resides in /sbin. The &man.dhclient.8;
manual page gives more information about
dhclient./sbin/dhclient-scriptdhclient-script is the FreeBSD-specific
DHCP client configuration script. It is described in
&man.dhclient-script.8;, but should not need any user
modification to function properly./var/db/dhclient.leasesThe DHCP client keeps a database of valid leases in this
file, which is written as a log. &man.dhclient.leases.5;
gives a slightly longer description.Further ReadingThe DHCP protocol is fully described in
RFC 2131.
An informational resource has also been set up at
dhcp.org.Installing and Configuring a DHCP ServerWhat This Section CoversThis section provides information on how to configure
a FreeBSD system to act as a DHCP server using the ISC
(Internet Software Consortium) implementation of the DHCP
suite.The server portion of the suite is not provided as part of
FreeBSD, and so you will need to install the
net/isc-dhcp3
port to provide this service. See for
more information on using the ports collection.DHCP Server InstallationDHCPinstallationIn order to configure your FreeBSD system as a DHCP server,
you will need to ensure that the &man.bpf.4;
device is compiled into your kernel. To do this, add
pseudo-device bpf to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see .The bpf device is already
part of the GENERIC kernel that is
supplied with FreeBSD, so you do not need to create a custom
kernel in order to get DHCP working.Those who are particularly security conscious
should note that bpf
is also the device that allows packet sniffers to work
correctly (although such programs still need privileged
access). bpfis required to use DHCP, but if
you are very sensitive about security, you probably
should not include bpf in your
kernel purely because you expect to use DHCP at some
point in the future.The next thing that you will need to do is edit the sample
dhcpd.conf which was installed by the
net/isc-dhcp3 port.
By default, this will be
/usr/local/etc/dhcpd.conf.sample, and you
should copy this to
/usr/local/etc/dhcpd.conf before proceeding
to make changes.Configuring the DHCP ServerDHCPdhcpd.confdhcpd.conf is
comprised of declarations regarding subnets and hosts, and is
perhaps most easily explained using an example :option domain-name "example.com";
option domain-name-servers 192.168.4.100;
option subnet-mask 255.255.255.0;
default-lease-time 3600;
max-lease-time 86400;
ddns-update-style none;
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.129 192.168.4.254;
option routers 192.168.4.1;
}
host mailhost {
hardware ethernet 02:03:04:05:06:07;
fixed-address mailhost.example.com;
}This option specifies the domain that will be provided
to clients as the default search domain. See
&man.resolv.conf.5; for more information on what this
means.This option specifies a comma separated list of DNS
servers that the client should use.The netmask that will be provided to clients.A client may request a specific length of time that a
lease will be valid. Otherwise the server will assign
a lease with this expiry value (in seconds).This is the maximum length of time that the server will
lease for. Should a client request a longer lease, a lease
will be issued, although it will only be valid for
max-lease-time seconds.This option specifies whether the DHCP server should
attempt to update DNS when a lease is accepted or released.
In the ISC implementation, this option is
required.This denotes which IP addresses should be used in
the pool reserved for allocating to clients. IP
addresses between, and including, the ones stated are
handed out to clients.Declares the default gateway that will be provided to
clients.The hardware MAC address of a host (so that the DHCP server
can recognize a host when it makes a request).Specifies that the host should always be given the same
IP address. Note that a hostname is OK here, since the DHCP
server will resolve the hostname itself before returning the
lease information.Once you have finished writing your
dhcpd.conf, you can proceed to start the
server by issuing the following command:&prompt.root; /usr/local/etc/rc.d/isc-dhcpd.sh startShould you need to make changes to the configuration of your
server in the future, it is important to note that sending a
SIGHUP signal to
dhcpd does not
result in the configuration being reloaded, as it does with most
daemons. You will need to send a SIGTERM
signal to stop the process, and then restart it using the command
above.FilesDHCPconfiguration files/usr/local/sbin/dhcpddhcpd is statically linked and
resides in /usr/local/sbin. The
dhcpd(8) manual page installed with the
port gives more information about
dhcpd./usr/local/etc/dhcpd.confdhcpd requires a configuration
file, /usr/local/etc/dhcpd.conf before it
will start providing service to clients. This file needs to
contain all the information that should be provided to clients
that are being serviced, along with information regarding the
operation of the server. This configuration file is described
by the dhcpd.conf(5) manual page installed
by the port./var/db/dhcpd.leasesThe DHCP server keeps a database of leases it has issued
in this file, which is written as a log. The manual page
dhcpd.leases(5), installed by the port
gives a slightly longer description./usr/local/sbin/dhcrelaydhcrelay is used in advanced
environments where one DHCP server forwards a request from a
client to another DHCP server on a separate network. The
dhcrelay(8) manual page provided with the
port contains more detail.ChernLeeContributed by DNSOverviewBINDFreeBSD utilizes, by default, a version of BIND (Berkeley
Internet Name Domain), which is the most common implementation of the
DNS protocol. DNS is the protocol through which names are mapped to
IP addresses, and vice versa. For example, a query for
www.FreeBSD.org
will receive a reply with the IP address of The FreeBSD Project's
web server, whereas, a query for ftp.FreeBSD.org
will return the IP
address of the corresponding FTP machine. Likewise, the opposite can
happen. A query for an IP address can resolve its hostname. It is
not necessary to run a name server to perform DNS lookups on a system.
DNSDNS is coordinated across the Internet through a somewhat
complex system of authoritative root name servers, and other
smaller-scale name servers who host and cache individual domain
information.
This document refers to BIND 8.x, as it is the stable version
used in FreeBSD. BIND 9.x in FreeBSD can be installed through
the net/bind9 port.
RFC1034 and RFC1035 dictate the DNS protocol.
Currently, BIND is maintained by the
Internet Software Consortium (www.isc.org).
TerminologyTo understand this document, some terms related to DNS must be
understood.TermDefinitionForward DNSMapping of hostnames to IP addressesOriginRefers to the domain covered in a particular zone
filenamed, BIND, name serverCommon names for the BIND name server package within
FreeBSDresolverResolverA system process through which a
machine queries a name server for zone informationreverse DNSReverse DNSThe opposite of forward DNS; mapping of IP addresses to
hostnamesroot zoneRoot zoneThe beginning of the Internet zone hierarchy.
All zones fall under the root zone, similar to how
all files in a file system fall under the root directory.ZoneAn individual domain, subdomain, or portion of the DNS administered by
the same authorityzonesexamplesExamples of zones:
. is the root zoneorg. is a zone under the root zoneexample.org is a zone under the
org. zonefoo.example.org. is a subdomain, a
zone under the example.org. zone1.2.3.in-addr.arpa is a zone referencing
all IP addresses which fall under the 3.2.1.* IP space.
As one can see, the more specific part of a hostname appears to
its left. For example, example.org. is more
specific than org., as org. is
more specific than the root zone. The layout of each part of
a hostname is much like a filesystem: the /dev
directory falls within the root, and so on.Reasons to Run a Name ServerName servers usually come in two forms: an authoritative
name server, and a caching name server.An authoritative name server is needed when:one wants to serve DNS information to the
world, replying authoritatively to queries.a domain, such as example.org, is
registered and IP addresses need to be assigned to hostnames
under it.an IP address block requires reverse DNS entries (IP to
hostname).a backup name server, called a slave, must reply to queries
when the primary is down or inaccessible.A caching name server is needed when:a local DNS server may cache and respond more quickly
than querying an outside name server.a reduction in overall network traffic is desired (DNS
traffic has been measured to account for 5% or more of total
Internet traffic).When one queries for www.FreeBSD.org, the
resolver usually queries the uplink ISP's name server, and retrieves
the reply. With a local, caching DNS server, the query only has to
be made once to the outside world by the caching DNS server. Every
additional query will not have to look to the outside of the local
network, since the information is cached locally.How It WorksIn FreeBSD, the BIND daemon is called
named for obvious reasons.FileDescriptionnamedthe BIND daemonndcname daemon control program/etc/namedbdirectory where BIND zone information resides/etc/namedb/named.confdaemon configuration file
Zone files are usually contained within the
/etc/namedb
directory, and contain the DNS zone information
served by the name server.
Starting BINDBINDstarting
Since BIND is installed by default, configuring it all is
relatively simple.
To ensure the named daemon is started at boot, put the following
modifications in /etc/rc.conf:
named_enable="YES"To start the daemon manually (after configuring it)&prompt.root; ndc startConfiguration FilesBINDconfiguration filesUsing make-localhostBe sure to:
&prompt.root; cd /etc/namedb
&prompt.root; sh make-localhostto properly create the local reverse DNS zone file in
/etc/namedb/localhost.rev.
/etc/namedb/named.conf// $FreeBSD$
//
// Refer to the named(8) manual page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
// details of how DNS is working. Even with simple mistakes, you can
// break connectivity for affected parties, or cause huge amount of
// useless Internet traffic.
options {
directory "/etc/namedb";
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.
/*
forwarders {
127.0.0.1;
};
*/
Just as the comment says, to benefit from an uplink's cache,
forwarders can be enabled here. Under normal
circumstances, a name server will recursively query the Internet
looking at certain name servers until it finds the answer it is
looking for. Having this enabled will have it query the uplink's
name server (or name server provided) first, taking advantage of
its cache. If the uplink name server in question is a heavily
trafficked, fast name server, enabling this may be worthwhile.
127.0.0.1
will not work here.
Change this IP address to a name server at your uplink. /*
* If there is a firewall between you and name servers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
/*
* If running in a sandbox, you may have to specify a different
* location for the dumpfile.
*/
// dump-file "s/named_dump.db";
};
// Note: the following will be supported in a future release.
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
// Setting up secondaries is way easier and the rough picture for this
// is explained below.
//
// If you enable a local name server, don't forget to enter 127.0.0.1
// into your /etc/resolv.conf so this server will be queried first.
// Also, make sure to enable it in /etc/rc.conf.
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
type master;
file "localhost.rev";
};
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example secondary config entries. It can be convenient to become
// a secondary at least for the zone where your own domain is in. Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is the first bytes of the respective IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to setup a primary zone, better make sure you fully
// understand how DNS and BIND works, however. There are sometimes
// unobvious pitfalls. Setting up a secondary is comparably simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
//
// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf).
// The directory containing the secondary zones must be write accessible
// to bind. The following sequence is suggested:
//
// mkdir /etc/namedb/s
// chown bind:bind /etc/namedb/s
// chmod 750 /etc/namedb/sFor more information on running BIND in a sandbox, see
Running named in a sandbox.
/*
zone "example.com" {
type slave;
file "s/example.com.bak";
masters {
192.168.1.1;
};
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "s/0.168.192.in-addr.arpa.bak";
masters {
192.168.1.1;
};
};
*/In named.conf, these are examples of slave
entries for a forward and reverse zone.For each new zone served, a new zone entry must be added to
named.confFor example, the simplest zone entry for
example.org can look like:zone "example.org" {
type master;
file "example.org";
};The zone is a master, as indicated by the
statement, holding its zone information in
/etc/namedb/example.org indicated by
the statement.zone "example.org" {
type slave;
file "example.org";
};In the slave case, the zone information is transferred from
the master name server for the particular zone, and saved in the
file specified. If and when the master server dies or is
unreachable, the slave name server will have the transferred
zone information and will be able to serve it.Zone Files
An example master zone file for example.org
(existing within /etc/namedb/example.org)
is as follows:
$TTL 3600
example.org. IN SOA ns1.example.org. admin.example.org. (
5 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; DNS Servers
@ IN NS ns1.example.org.
@ IN NS ns2.example.org.
; Machine Names
localhost IN A 127.0.0.1
ns1 IN A 3.2.1.2
ns2 IN A 3.2.1.3
mail IN A 3.2.1.10
@ IN A 3.2.1.30
; Aliases
www IN CNAME @
; MX Record
@ IN MX 10 mail.example.org.
Note that every hostname ending in a . is an
exact hostname, whereas everything without a trailing
. is referenced to the origin. For example,
www is translated into www +
origin. In our fictitious zone file, our origin
is example.org., so
www would translate to
www.example.org.
The format of a zone file follows:
recordname IN recordtype valueDNSrecords
The most commonly used DNS records:
SOAstart of zone authorityNSan authoritative name serverAA host addressCNAMEthe canonical name for an aliasMXmail exchangerPTRa domain name pointer (used in reverse DNS)
example.org. IN SOA ns1.example.org. admin.example.org. (
5 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 dayexample.org.the domain name, also the origin for this
zone file.ns1.example.org.the primary/authoritative name server for this
zoneadmin.example.org.the responsible person for this zone,
email address with @
replaced. (admin@example.org becomes
admin.example.org)5the serial number of the file. this
must be incremented each time the zone file is modified.
Nowadays, many admins prefer a
yyyymmddrr format for the serial
number. 2001041002 would mean last modified 04/10/2001,
the latter 02 being the second time the zone file has
been modified this day. The serial number is important
as it alerts slave name servers for a zone when it is
updated.
@ IN NS ns1.example.org.
This is an NS entry. Every name server that is going to reply
authoritatively for the zone must have one of these entries.
The @ as seen here could have been
example.org.
The @ translates to the origin.
localhost IN A 127.0.0.1
ns1 IN A 3.2.1.2
ns2 IN A 3.2.1.3
mail IN A 3.2.1.10
@ IN A 3.2.1.30
The A record indicates machine names. As seen above,
ns1.example.org would resolve to
3.2.1.2. Again,
the origin symbol, @, is
used here, thus meaning example.org
would resolve to 3.2.1.30.
www IN CNAME @
The canonical name record is usually used for giving aliases
to a machine. In the example, www is
aliased to the machine addressed to the origin, or
example.org
(3.2.1.30).
CNAMEs can be used to provide alias
hostnames, or round robin one hostname among multiple
machines.
@ IN MX 10 mail.example.org.
The MX record indicates which mail
servers are responsible for handling incoming mail for the
zone. mail.example.org is the
hostname of the mail server, and 10 being the priority of
that mail server.
One can have several mail servers, with priorities of 3, 2,
1. A mail server attempting to deliver to example.org would first try the
highest priority MX, then the second highest, etc, until the
mail can be properly delivered.
For in-addr.arpa zone files (reverse DNS), the same format is
used, except with PTR entries instead of
A or CNAME.
$TTL 3600
1.2.3.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (
5 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum
@ IN NS ns1.example.org.
@ IN NS ns2.example.org.
2 IN PTR ns1.example.org.
3 IN PTR ns2.example.org.
10 IN PTR mail.example.org.
30 IN PTR example.org.
This file gives the proper IP address to hostname mappings of our above
fictitious domain.
Caching Name ServerBINDcaching name server
A caching name server is a name server that is not
authoritative for any zones. It simply asks queries of its own,
and remembers them for later use. To set one up, just configure
the name server as usual, omitting any inclusions of zones.
Running named in a SandboxBINDrunning in a sandboxchrootFor added security you may want to run &man.named.8; as an
unprivileged user, and configure it to &man.chroot.8; into a
sandbox directory. This makes everything outside of the sandbox
inaccessible to the named daemon. Should
named be compromised, this will help to
reduce the damage that can be caused. By default, FreeBSD has a user
and a group called bind, intended for this
use.Various people would recommend that instead of configuring
named to chroot, you
should run named inside a &man.jail.8;.
This section does not attempt to cover this situation.Since named will not be able to
access anything outside of the sandbox (such as shared
libraries, log sockets, and so on), there are a number of steps
that need to be followed in order to allow
named to function correctly. In the
following checklist, it is assumed that the path to the sandbox
is /etc/namedb and that you have made no
prior modifications to the contents of this directory. Perform
the following steps as root.Create all directories that named
expects to see:&prompt.root; cd /etc/namedb
&prompt.root; mkdir -p bin dev etc var/tmp var/run master slave
&prompt.root; chown bind:bind slave var/*named only needs write access to
these directories, so that is all we give it.Rearrange and create basic zone and configuration files:&prompt.root; cp /etc/localtime etc
&prompt.root; mv named.conf etc && ln -sf etc/named.conf
&prompt.root; mv named.root master
&prompt.root; sh make-localhost && mv localhost.rev localhost-v6.rev master
&prompt.root; cat > master/named.localhost
$ORIGIN localhost.
$TTL 6h
@ IN SOA localhost. postmaster.localhost. (
1 ; serial
3600 ; refresh
1800 ; retry
604800 ; expiration
3600 ) ; minimum
IN NS localhost.
IN A 127.0.0.1
^DThis allows named to log the
correct time to &man.syslogd.8;If you are running a version of &os; prior to 4.9-RELEASE, build a statically linked copy of
named-xfer, and copy it into the sandbox:&prompt.root; cd /usr/src/lib/libisc
&prompt.root; make cleandir && make cleandir && make depend && make all
&prompt.root; cd /usr/src/lib/libbind
&prompt.root; make cleandir && make cleandir && make depend && make all
&prompt.root; cd /usr/src/libexec/named-xfer
&prompt.root; make cleandir && make cleandir && make depend && make NOSHARED=yes all
&prompt.root; cp named-xfer /etc/namedb/bin && chmod 555 /etc/namedb/bin/named-xferAfter your statically linked
named-xfer is installed some cleaning up
is required, to avoid leaving stale copies of libraries or
programs in your source tree:&prompt.root; cd /usr/src/lib/libisc
&prompt.root; make cleandir
&prompt.root; cd /usr/src/lib/libbind
&prompt.root; make cleandir
&prompt.root; cd /usr/src/libexec/named-xfer
&prompt.root; make cleandirThis step has been reported to fail occasionally. If this
happens to you, then issue the command:&prompt.root; cd /usr/src && make cleandir && make cleandirand delete your /usr/obj tree:&prompt.root; rm -fr /usr/obj && mkdir /usr/objThis will clean out any cruft from your
source tree, and retrying the steps above should then work.If you are running &os; version 4.9-RELEASE or later, then
the copy of named-xfer in
/usr/libexec is statically linked by default,
and you can simply use &man.cp.1; to copy it into your sandbox.Make a dev/null that
named can see and write to:&prompt.root; cd /etc/namedb/dev && mknod null c 2 2
&prompt.root; chmod 666 nullSymlink /var/run/ndc to
/etc/namedb/var/run/ndc:&prompt.root; ln -sf /etc/namedb/var/run/ndc /var/run/ndcThis simply avoids having to specify the
option to &man.ndc.8; every time you
run it. Since the contents of /var/run are deleted on boot,
if this is something that you find useful you
may wish to add this command to root's crontab, making use
of the option. See
&man.crontab.5; for more information regarding
this.Configure &man.syslogd.8; to create an extra
log socket that
named can write to. To do this,
add -l /etc/namedb/dev/log to the
syslogd_flags variable in
/etc/rc.conf.Arrange to have named start
and chroot itself to the sandbox by
adding the following to
/etc/rc.conf:named_enable="YES"
named_flags="-u bind -g bind -t /etc/namedb /etc/named.conf"Note that the configuration file
/etc/named.conf is denoted by a full
pathname relative to the sandbox, i.e. in
the line above, the file referred to is actually
/etc/namedb/etc/named.conf.The next step is to edit
/etc/namedb/etc/named.conf so that
named knows which zones to load and
where to find them on the disk. There follows a commented
example (anything not specifically commented here is no
different from the setup for a DNS server not running in a
sandbox):options {
directory "/";
named-xfer "/bin/named-xfer";
version ""; // Don't reveal BIND version
query-source address * port 53;
};
// ndc control socket
controls {
unix "/var/run/ndc" perm 0600 owner 0 group 0;
};
// Zones follow:
zone "localhost" IN {
type master;
file "master/named.localhost";
allow-transfer { localhost; };
notify no;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/localhost.rev";
allow-transfer { localhost; };
notify no;
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int" {
type master;
file "master/localhost-v6.rev";
allow-transfer { localhost; };
notify no;
};
zone "." IN {
type hint;
file "master/named.root";
};
zone "private.example.net" in {
type master;
file "master/private.example.net.db";
allow-transfer { 192.168.10.0/24; };
};
zone "10.168.192.in-addr.arpa" in {
type slave;
masters { 192.168.10.2; };
file "slave/192.168.10.db";
};The
directory statement is specified as
/, since all files that
named needs are within this
directory (recall that this is equivalent to a
normal user's
/etc/namedb.Specifies the full path
to the named-xfer binary (from
named's frame of reference). This
is necessary since named is
compiled to look for named-xfer in
/usr/libexec by default.Specifies the filename (relative
to the directory statement above) where
named can find the zonefile for this
zone.Specifies the filename
(relative to the directory statement above)
where named should write a copy of
the zonefile for this zone after successfully transferring it
from the master server. This is why we needed to change the
ownership of the directory slave to
bind in the setup stages above.After completing the steps above, either reboot your
server or restart &man.syslogd.8; and start &man.named.8;, making
sure to use the new options specified in
syslogd_flags and
named_flags. You should now be running a
sandboxed copy of named!SecurityAlthough BIND is the most common implementation of DNS,
there is always the issue of security. Possible and
exploitable security holes are sometimes found.
It is a good idea to subscribe to CERT and
freebsd-security-notifications
to stay up to date with the current Internet and FreeBSD security
issues.
If a problem arises, keeping sources up to date and having a
fresh build of named would not hurt.Further Reading
BIND/named manual pages: &man.ndc.8; &man.named.8; &man.named.conf.5;
Official ISC Bind
Page
BIND FAQO'Reilly
DNS and BIND 4th EditionRFC1034
- Domain Names - Concepts and FacilitiesRFC1035
- Domain Names - Implementation and SpecificationTomHukinsContributed by NTPNTPOverviewOver time, a computer's clock is prone to drift. As time
passes, the computer's clock becomes less accurate. NTP
(Network Time Protocol) is one way to ensure your clock is
right.Many Internet services rely on, or greatly benefit from,
computers' clocks being accurate. For example, a Web server
may receive requests to send a file if it has modified since a
certain time. Services such as &man.cron.8; run commands at a
given time. If the clock is inaccurate, these commands may
not run when expected.NTPntpdFreeBSD ships with the &man.ntpd.8; NTP server which can
be used to query other NTP servers to set the clock on your
machine or provide time services to others.Choosing Appropriate NTP ServersNTPchoosing serversIn order to synchronize your clock, you will need to find
one or more NTP servers to use. Your network administrator or
ISP may have setup an NTP server for this purpose—check
their documentation to see if this is the case. There is a
list of
publicly accessible NTP servers which you can use to
find an NTP server near to you. Make sure you are aware of
the policy for any servers you choose, and ask for permission
if required.Choosing several unconnected NTP servers is a good idea in
case one of the servers you are using becomes unreachable or
its clock is unreliable. &man.ntpd.8; uses the responses it
receives from other servers intelligently—it will favor
unreliable servers less than reliable ones.Configuring Your MachineNTPconfigurationBasic ConfigurationntpdateIf you only wish to synchronize your clock when the
machine boots up, you can use &man.ntpdate.8;. This may be
appropriate for some desktop machines which are frequently
rebooted and only require infrequent synchronization, but
most machines should run &man.ntpd.8;.Using &man.ntpdate.8; at boot time is also a good idea
for machines that run &man.ntpd.8;. &man.ntpd.8; changes the
clock gradually, whereas &man.ntpdate.8; sets the clock, no
matter how great the difference between a machine's current
clock setting and the correct time.To enable &man.ntpdate.8; at boot time, add
ntpdate_enable="YES" to
/etc/rc.conf. You will also need to
specify all servers you wish to synchronize with and any
flags to be passed to &man.ntpdate.8; in
ntpdate_flags.NTPntp.confGeneral ConfigurationNTP is configured by the
/etc/ntp.conf file in the format
described in &man.ntp.conf.5;. Here is a simple
example:server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net
driftfile /var/db/ntp.driftThe server option specifies which
servers are to be used, with one server listed on each line.
If a server is specified with the prefer
argument, as with ntplocal.example.com, that server is
preferred over other servers. A response from a preferred
server will be discarded if it differs significantly from
other servers' responses, otherwise it will be used without
any consideration to other responses. The
prefer argument is normally used for NTP
servers that are known to be highly accurate, such as those
with special time monitoring hardware.The driftfile option specifies which
file is used to store the system clock's frequency offset.
&man.ntpd.8; uses this to automatically compensate for the
clock's natural drift, allowing it to maintain a reasonably
correct setting even if it is cut off from all external time
sources for a period of time.The driftfile option specifies which
file is used to store information about previous responses
from the NTP servers you are using. This file contains
internal information for NTP. It should not be modified by
any other process.Controlling Access to Your ServerBy default, your NTP server will be accessible to all
hosts on the Internet. The restrict
option in &man.ntp.conf.5; allows you to control which
machines can access your server.If you want to deny all machines from accessing your NTP
server, add the following line to
/etc/ntp.confrestrict default ignoreIf you only want to
allow machines within your own network to synchronize their
clocks with your server, but ensure they are not allowed to
configure the server or used as peers to synchronize
against, addrestrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrapinstead, where 192.168.1.0 is
an IP address on your network and 255.255.255.0 is your network's
netmask./etc/ntp.conf can contain multiple
restrict options. For more details, see
the Access Control Support subsection of
&man.ntp.conf.5;.Running the NTP ServerTo ensure the NTP server is started at boot time, add the
line xntpd_enable="YES" to
/etc/rc.conf. If you wish to pass
additional flags to &man.ntpd.8; edit the
xntpd_flags parameter in
/etc/rc.conf.To start the server without rebooting your machine, run
ntpd being sure to specify any additional
parameters from xntpd_flags in
/etc/rc.conf. For example:&prompt.root; ntpd -p /var/run/ntpd.pidUsing &man.ntpd.8; with a Temporary Internet
Connectionntpd does not need a permanent
connection to the Internet to function properly. However, if
you have a temporary connection that is configured to dial out
on demand, it is a good idea to prevent NTP traffic from
triggering a dial out or keeping the connection alive. If you
are using user PPP, you can use filter
directives in /etc/ppp/ppp.conf. For
example: set filter dial 0 deny udp src eq 123
# Prevent NTP traffic from initiating dial out
set filter dial 1 permit 0 0
set filter alive 0 deny udp src eq 123
# Prevent incoming NTP traffic from keeping the connection open
set filter alive 1 deny udp dst eq 123
# Prevent outgoing NTP traffic from keeping the connection open
set filter alive 2 permit 0/0 0/0For more details see the PACKET
FILTERING section in &man.ppp.8; and the examples in
/usr/share/examples/ppp/.Some Internet access providers block low-numbered ports,
preventing NTP from functioning since replies never
reach your machine.Further InformationDocumentation for the NTP server can be found in
/usr/share/doc/ntp/ in HTML
format.ChernLeeContributed by Network Address TranslationOverviewnatdFreeBSD's Network Address Translation daemon, commonly known as
&man.natd.8; is a daemon that accepts incoming raw IP packets,
changes the source to the local machine and re-injects these packets
back into the outgoing IP packet stream. natd does this by changing
the source IP address and port such that when data is received back,
it is able to determine the original location of the data and forward
it back to its original requester.Internet connection sharingIP masqueradingThe most common use of NAT is to perform what is commonly known as
Internet Connection Sharing.SetupDue to the diminishing IP space in IPv4, and the increased number
of users on high-speed consumer lines such as cable or DSL, people are
increasingly in need of an Internet Connection Sharing solution. The
ability to connect several computers online through one connection and
IP address makes &man.natd.8; a reasonable choice.Most commonly, a user has a machine connected to a cable or DSL
line with one IP address and wishes to use this one connected computer to
provide Internet access to several more over a LAN.To do this, the FreeBSD machine on the Internet must act as a
gateway. This gateway machine must have two NICs--one for connecting
to the Internet router, the other connecting to a LAN. All the
machines on the LAN are connected through a hub or switch. _______ __________ ________
| | | | | |
| Hub |-----| Client B |-----| Router |----- Internet
|_______| |__________| |________|
|
____|_____
| |
| Client A |
|__________|Network LayoutA setup like this is commonly used to share an Internet
connection. One of the LAN machines is
connected to the Internet. The rest of the machines access
the Internet through that gateway
machine.kernelconfigurationConfigurationThe following options must be in the kernel configuration
file:options IPFIREWALL
options IPDIVERTAdditionally, at choice, the following may also be suitable:options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSEThe following must be in /etc/rc.conf:gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="fxp0"
natd_flags=""gateway_enable="YES"Sets up the machine to act as a gateway. Running
sysctl net.inet.ip.forwarding=1
would have the same effect.firewall_enable="YES"Enables the firewall rules in
/etc/rc.firewall at boot.firewall_type="OPEN"This specifies a predefined firewall ruleset that
allows anything in. See
/etc/rc.firewall for additional
types.natd_interface="fxp0"Indicates which interface to forward packets through
(the interface connected to the Internet).natd_flags=""Any additional configuration options passed to
&man.natd.8; on boot.Having the previous options defined in
/etc/rc.conf would run
natd -interface fxp0 at boot. This can also
be run manually.Each machine and interface behind the LAN should be
assigned IP address numbers in the private network space as
defined by RFC 1918
and have a default gateway of the natd machine's internal IP
address.For example, client a and
b behind the LAN have IP addresses of 192.168.0.2 and 192.168.0.3, while the natd machine's
LAN interface has an IP address of 192.168.0.1. Client a
and b's default gateway must be set to that
of the natd machine, 192.168.0.1. The natd machine's
external, or Internet interface does not require any special
modification for natd to work.Port RedirectionThe drawback with natd is that the LAN clients are not accessible
from the Internet. Clients on the LAN can make outgoing connections to
the world but cannot receive incoming ones. This presents a problem
if trying to run Internet services on one of the LAN client machines.
A simple way around this is to redirect selected Internet ports on the
natd machine to a LAN client.
For example, an IRC server runs on Client A, and a web server runs
on Client B. For this to work properly, connections received on ports
6667 (IRC) and 80 (web) must be redirected to the respective machines.
The -redirect_port must be passed to
&man.natd.8; with the proper options. The syntax is as follows: -redirect_port proto targetIP:targetPORT[-targetPORT]
[aliasIP:]aliasPORT[-aliasPORT]
[remoteIP[:remotePORT[-remotePORT]]]In the above example, the argument should be:
-redirect_port tcp 192.168.0.2:6667 6667
-redirect_port tcp 192.168.0.3:80 80
This will redirect the proper tcp ports to the
LAN client machines.
The -redirect_port argument can be used to indicate port
ranges over individual ports. For example, tcp
192.168.0.2:2000-3000 2000-3000 would redirect
all connections received on ports 2000 to 3000 to ports 2000
to 3000 on Client A.These options can be used when directly running
&man.natd.8; or placed within the
natd_flags="" option in
/etc/rc.conf.For further configuration options, consult &man.natd.8;Address Redirectionaddress redirectionAddress redirection is useful if several IP addresses are
available, yet they must be on one machine. With this,
&man.natd.8; can assign each LAN client its own external IP address.
&man.natd.8; then rewrites outgoing packets from the LAN clients
with the proper external IP address and redirects
all traffic incoming on that particular IP address back to
the specific LAN client. This is also known as static NAT.
For example, the IP addresses 128.1.1.1,
128.1.1.2, and
128.1.1.3 belong to the natd gateway
machine. 128.1.1.1 can be used
as the natd gateway machine's external IP address, while
128.1.1.2 and
128.1.1.3 are forwarded back to LAN
clients A and B.The -redirect_address syntax is as follows:localIPThe internal IP address of the LAN client.publicIPThe external IP address corresponding to the LAN client.In the example, this argument would read:Like -redirect_port, these arguments are also placed within
natd_flags of /etc/rc.conf. With address
redirection, there is no need for port redirection since all data
received on a particular IP address is redirected.The external IP addresses on the natd machine must be active and aliased
to the external interface. Look at &man.rc.conf.5; to do so.ChernLeeContributed by The inetdSuper-ServerOverview&man.inetd.8; is referred to as the Internet
Super-Server because it manages connections for several
daemons. Programs that provide network service are commonly
known as daemons. inetd serves as a
managing server for other daemons. When a connection is
received by inetd, it determines
which daemon the connection is destined for, spawns the
particular daemon and delegates the socket to it. Running one
instance of inetd reduces the overall
system load as compared to running each daemon individually in
stand-alone mode.Primarily, inetd is used to
spawn other daemons, but several trivial protocols are handled
directly, such as chargen,
auth, and
daytime.This section will cover the basics in configuring
inetd through its command-line
options and its configuration file,
/etc/inetd.conf.Settingsinetd is initialized through
the /etc/rc.conf system. The
inetd_enable option is set to
NO by default, but is often times turned on by
sysinstall with the medium security
profile. Placing:
inetd_enable="YES" or
inetd_enable="NO" into
/etc/rc.conf can enable or disable
inetd starting at boot time.Additionally, different command-line options can be passed
to inetd via the
inetd_flags option.Command-Line Optionsinetd synopsis:-dTurn on debugging.-lTurn on logging of successful connections.-wTurn on TCP Wrapping for external services (on by
default).-WTurn on TCP Wrapping for internal services which are
built into inetd (on by
default).-c maximumSpecify the default maximum number of simultaneous
invocations of each service; the default is unlimited.
May be overridden on a per-service basis with the
parameter.-C rateSpecify the default maximum number of times a
service can be invoked from a single IP address in one
minute; the default is unlimited. May be overridden on a
per-service basis with the
parameter.-R rateSpecify the maximum number of times a service can be
invoked in one minute; the default is 256. A rate of 0
allows an unlimited number of invocations.-aSpecify one specific IP address to bind to.
Alternatively, a hostname can be specified, in which case
the IPv4 or IPv6 address which corresponds to that
hostname is used. Usually a hostname is specified when
inetd is run inside a
&man.jail.8;, in which case the hostname corresponds to
the &man.jail.8; environment.When hostname specification is used and both IPv4
and IPv6 bindings are desired, one entry with the
appropriate protocol type for each binding is required for
each service in /etc/inetd.conf. For
example, a TCP-based service would need two entries, one
using tcp4 for the protocol and the other using
tcp6.-pSpecify an alternate file in which to store the
process ID.These options can be passed to
inetd using the
inetd_flags option in
/etc/rc.conf. By default,
inetd_flags is set to -wW,
which turns on TCP wrapping for
inetd's internal and external
services. For novice users, these parameters usually do not need
to be modified or even entered in
/etc/rc.conf.An external service is a daemon outside of
inetd, which is invoked when a
connection is received for it. On the other hand, an internal
service is one that inetd has the
facility of offering within itself.inetd.confConfiguration of inetd is
controlled through the /etc/inetd.conf
file.When a modification is made to
/etc/inetd.conf,
inetd can be forced to re-read its
configuration file by sending a HangUP signal to the
inetd process as shown:Sending inetd a HangUP Signal&prompt.root; kill -HUP `cat /var/run/inetd.pid`Each line of the configuration file specifies an
individual daemon. Comments in the file are preceded by a
#. The format of
/etc/inetd.conf is as follows:service-name
socket-type
protocol
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]]
user[:group][/login-class]
server-program
server-program-argumentsAn example entry for the ftpd daemon
using IPv4:ftp stream tcp nowait root /usr/libexec/ftpd ftpd -lservice-nameThis is the service name of the particular daemon.
It must correspond to a service listed in
/etc/services. This determines which
port inetd must listen to. If
a new service is being created, it must be placed in
/etc/services
first.socket-typeEither stream,
dgram, raw, or
seqpacket. stream
must be used for connection-based, TCP daemons, while
dgram is used for daemons utilizing the
UDP transport protocol.protocolOne of the following:ProtocolExplanationtcp, tcp4TCP IPv4udp, udp4UDP IPv4tcp6TCP IPv6udp6UDP IPv6tcp46Both TCP IPv4 and v6udp46Both UDP IPv4 and v6{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]] indicates whether the
daemon invoked from inetd is
able to handle its own socket or not.
socket types must use the wait
option, while stream socket daemons, which are usually
multi-threaded, should use .
usually hands off multiple sockets
to a single daemon, while spawns a
child daemon for each new socket.The maximum number of child daemons
inetd may spawn can be set using
the option. If a limit of ten
instances of a particular daemon is needed, a
/10 would be placed after
.In addition to , another
option limiting the maximum connections from a single
place to a particular daemon can be enabled.
does
just this. A value of ten here would limit any particular
IP address connecting to a particular service to ten
attempts per minute. This is useful to prevent
intentional or unintentional resource consumption and
Denial of Service (DoS) attacks to a machine.In this field, or
is mandatory.
and
are
optional.A stream-type multi-threaded daemon without any
or
limits
would simply be: nowaitThe same daemon with a maximum limit of ten daemons
would read: nowait/10Additionally, the same setup with a limit of twenty
connections per IP address per minute and a maximum
total limit of ten child daemons would read:
nowait/10/20These options are all utilized by the default
settings of the fingerd daemon,
as seen here:finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -suserThe user is the username that the particular daemon
should run as. Most commonly, daemons run as the
root user. For security purposes, it is
common to find some servers running as the
daemon user, or the least privileged
nobody user.server-programThe full path of the daemon to be executed when a
connection is received. If the daemon is a service
provided by inetd internally,
then should be
used.server-program-argumentsThis works in conjunction with
by specifying the
arguments, starting with argv[0], passed to the daemon on
invocation. If mydaemon -d is
the command line, mydaemon -d would be
the value of .
Again, if the daemon is an internal service, use
here.SecurityDepending on the security profile chosen at install, many
of inetd's daemons may be enabled by
default. If there is no apparent need for a particular daemon,
disable it! Place a # in front of the daemon in
question, and send a hangup signal
to inetd.
Some daemons, such as fingerd, may
not be desired at all because they provide an attacker with too
much information.Some daemons are not security-conscious and have long, or
non-existent timeouts for connection attempts. This allows an
attacker to slowly send connections to a particular daemon, thus
saturating available resources. It may be a good idea to place
and
limitations on certain daemons.By default, TCP wrapping is turned on. Consult the
&man.hosts.access.5; manual page for more information on placing
TCP restrictions on various inetd
invoked daemons.Miscellaneousdaytime,
time,
echo,
discard,
chargen, and
auth are all internally provided
services of inetd.The auth service provides identity
(ident, identd) network services, and is configurable to a certain
degree.Consult the &man.inetd.8; manual page for more in-depth
information.Parallel Line IP (PLIP)PLIPParallel Line IPPLIP lets us run TCP/IP between parallel ports. It is
useful on machines without network cards, or to install on
laptops. In this section, we will discuss:Creating a parallel (laplink) cable.Connecting two computers with PLIP.Creating a Parallel CableYou can purchase a parallel cable at most computer supply
stores. If you cannot do that, or you just want to know how
it is done, the following table shows how to make one out of a normal parallel
printer cable.
Setting Up PLIPGet a laplink cable.Confirm that both computers have a kernel with &man.lpt.4; driver
support.&prompt.root; grep lp /var/run/dmesg.boot
lpt0 at 0x378-0x37f irq 7 on isa
lpt0: Interrupt-driven
lp0: TCP/IP capable interfacePlug in the laplink cable into the parallel interface on
both computers.Configure the network interface parameters for lp0 on both
sites as root. For example, if you want connect
the host host1 with host2: host1 <-----> host2
IP Address 10.0.0.1 10.0.0.2Configure the interface on host1 by doing:&prompt.root; ifconfig lp0 10.0.0.1 10.0.0.2Configure the interface on host2 by doing:&prompt.root; ifconfig lp0 10.0.0.2 10.0.0.1You now should have a working connection. Please read the
manual pages &man.lp.4; and &man.lpt.4; for more details.You should also add both hosts to
/etc/hosts:127.0.0.1 localhost.my.domain localhost
10.0.0.1 host1.my.domain host1
10.0.0.2 host2.my.domainTo confirm the connection works, go to each host and ping
the other. For example, on host1:&prompt.root; ifconfig lp0
lp0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 --> 10.0.0.2 netmask 0xff000000
&prompt.root; netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
host2 host1 UH 4 127592 lp0
&prompt.root; ping -c 4 host2
PING host2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=2.774 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=2.530 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=2.556 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=2.714 ms
--- host2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.530/2.643/2.774/0.103 msAaronKaplanOriginally Written by TomRhodesRestructured and Added by IPv6IPv6 (also know as IPng IP next generation) is
the new version of the well known IP protocol (also know as
IPv4). Like the other current *BSD systems,
FreeBSD includes the KAME IPv6 reference implementation.
So your FreeBSD system comes with all you will need to experiment with IPv6.
This section focuses on getting IPv6 configured and running.In the early 1990s, people became aware of the rapidly
diminishing address space of IPv4. Given the expansion rate of the
Internet there were two major concerns:Running out of addresses. Today this is not so much of a concern
anymore since private address spaces
(10.0.0.0/8,
192.168.0.0/24,
etc.) and Network Address Translation (NAT) are
being employed.Router table entries were getting too large. This is
still a concern today.IPv6 deals with these and many other issues:128 bit address space. In other words theoretically there are
340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
available. This means there are approximately
6.67 * 10^27 IPv6 addresses per square meter on our planet.Routers will only store network aggregation addresses in their routing
tables thus reducing the average space of a routing table to 8192
entries.There are also lots of other useful features of IPv6 such as:Address autoconfiguration (RFC2462)Anycast addresses (one-out-of many)Mandatory multicast addressesIPsec (IP security)Simplified header structureMobile IPIPv4-to-IPv6 transition mechanismsFor more information see:IPv6 overview at Sun.comIPv6.orgKAME.net6bone.netBackground on IPv6 AddressesThere are different types of IPv6 addresses: Unicast, Anycast and
Multicast.Unicast addresses are the well known addresses. A packet sent
to a unicast address arrives exactly at the interface belonging to
the address.Anycast addresses are syntactically indistinguishable from unicast
addresses but they address a group of interfaces. The packet destined for
an anycast address will arrive at the nearest (in router metric)
interface. Anycast addresses may only be used by routers.Multicast addresses identify a group of interfaces. A packet destined
for a multicast address will arrive at all interfaces belonging to the
multicast group.The IPv4 broadcast address (usually xxx.xxx.xxx.255) is expressed
by multicast addresses in IPv6.Reserved IPv6 addresses:ipv6-address prefixlength(Bits) description Notes
:: 128 Bits unspecified cf. 0.0.0.0 in IPv4 address
::1 128 Bits loopback address cf. 127.0.0.1 in IPv4
::00:xx:xx:xx:xx 96 Bits embedded IPv4 The lower 32 bits are the
address IPv4 address. Also called
IPv4 compatible IPv6
address
::ff:xx:xx:xx:xx 96 Bits IPv4 mapped The lower 32 bits are the
IPv6 address IPv4 address. For hosts
which do not support IPv6
fe80:: - feb:: 10 Bits link-local cf. loopback address in
IPv4
fec0:: - fef:: 10 Bits site-local
ff:: 8 Bits multicast
001 (base 2) 3 Bits global unicast All global unicast
addresses are assigned from
this pool. The first 3 Bits
are 001.Reading IPv6 AddressesThe canonical form is represented as: x:x:x:x:x:x:x:x, each
x being a 16 Bit hex value. For example
FEBC:A574:382B:23C1:AA49:4592:4EFE:9982Often an address will have long substrings of all zeros
therefore each such substring can be abbreviated by ::.
For example fe80::1
corresponds to the canonical form
fe80:0000:0000:0000:0000:0000:0000:0001A third form is to write the last 32 Bit part in the
well known (decimal) IPv4 style with dots .
as separators. For example
2002::10.0.0.1
corresponds to the (hexadecimal) canonical representation
2002:0000:0000:0000:0000:0000:0a00:0001
which in turn is equivalent to
writing 2002::a00:1By now the reader should be able to understand the following:&prompt.root; ifconfigrl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.10 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::200:21ff:fe03:8e1%rl0 prefixlen 64 scopeid 0x1
ether 00:00:21:03:08:e1
media: Ethernet autoselect (100baseTX )
status: activefe80::200:21ff:fe03:8e1%rl0
is an auto configured link-local address. It includes the
scrambled Ethernet MAC as part of the auto configuration.For further information on the structure of IPv6 addresses
see RFC2373.Getting ConnectedCurrently there are four ways to connect to other IPv6 hosts and networks:Join the experimental 6boneGetting an IPv6 network from your upstream provider. Talk to your
Internet provider for instructions.Tunnel via 6-to-4Use the freenet6 port if you are on a dial-up connection.Here we will talk on how to connect to the 6bone since it currently seems
to be the most popular way.First take a look at the 6bone site and find a 6bone connection nearest to
you. Write to the responsible person and with a little bit of luck you
will be given instructions on how to set up your connection. Usually this
involves setting up a GRE (gif) tunnel.Here is a typical example on setting up a &man.gif.4; tunnel:&prompt.root; ifconfig gif0 create
&prompt.root; ifconfig gif0
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
&prompt.root; ifconfig gif0 tunnel MY_IPv4_ADDRHIS_IPv4_ADDR
&prompt.root; ifconfig gif0 inet6 alias MY_ASSIGNED_IPv6_TUNNEL_ENDPOINT_ADDRReplace the capitalized words by the information you received from the
upstream 6bone node.This establishes the tunnel. Check if the tunnel is working by &man.ping6.8;
'ing ff02::1%gif0. You should receive two ping replies.In case you are intrigued by the address ff02:1%gif0, this is a
multicast address. %gif0 states that the multicast address at network
interface gif0 is to be used. Since we ping a multicast address the
other endpoint of the tunnel should reply as well).By now setting up a route to your 6bone uplink should be rather
straightforward:&prompt.root; route add -inet6 default -interface gif0
&prompt.root; ping6 -n MY_UPLINK&prompt.root; traceroute6 www.jp.FreeBSD.org
(3ffe:505:2008:1:2a0:24ff:fe57:e561) from 3ffe:8060:100::40:2, 30 hops max, 12 byte packets
1 atnet-meta6 14.147 ms 15.499 ms 24.319 ms
2 6bone-gw2-ATNET-NT.ipv6.tilab.com 103.408 ms 95.072 ms *
3 3ffe:1831:0:ffff::4 138.645 ms 134.437 ms 144.257 ms
4 3ffe:1810:0:6:290:27ff:fe79:7677 282.975 ms 278.666 ms 292.811 ms
5 3ffe:1800:0:ff00::4 400.131 ms 396.324 ms 394.769 ms
6 3ffe:1800:0:3:290:27ff:fe14:cdee 394.712 ms 397.19 ms 394.102 msThis output will differ from machine to machine. By now you should be
able to reach the IPv6 site www.kame.net
and see the dancing tortoise - that is if you have a IPv6 enabled browser such as
mozilla.DNS in the IPv6 WorldThere are two new types of DNS records for IPv6:AAAA records,A6 recordsUsing AAAA records is straightforward. Assign your hostname to the new
IPv6 address you just got by adding:MYHOSTNAME AAAA MYIPv6ADDRTo your primary zone DNS file. In case you do not serve your own
DNS zones ask your DNS provider.
Current versions of bind (version 8.3 and 9)
support AAAA records.
diff --git a/en_US.ISO8859-1/books/handbook/book.sgml b/en_US.ISO8859-1/books/handbook/book.sgml
index 3d478cbcb1..366e2a0d09 100644
--- a/en_US.ISO8859-1/books/handbook/book.sgml
+++ b/en_US.ISO8859-1/books/handbook/book.sgml
@@ -1,241 +1,244 @@
%man;
%bookinfo;
%freebsd;
%chapters;
%authors;
%teams;
%mailing-lists;
%newsgroups;
%trademarks;
%txtfiles;
%pgpkeys;
]>
FreeBSD HandbookThe FreeBSD Documentation ProjectFebruary 1999199519961997199819992000200120022003The FreeBSD Documentation Project
&bookinfo.legalnotice;
&tm-attrib.freebsd;
&tm-attrib.3com;
&tm-attrib.3ware;
&tm-attrib.adaptec;
&tm-attrib.adobe;
&tm-attrib.apple;
&tm-attrib.corel;
&tm-attrib.creative;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.intuit;
&tm-attrib.linux;
&tm-attrib.lsilogic;
&tm-attrib.m-systems;
&tm-attrib.macromedia;
&tm-attrib.microsoft;
&tm-attrib.netscape;
&tm-attrib.opengroup;
&tm-attrib.oracle;
&tm-attrib.powerquest;
&tm-attrib.realnetworks;
&tm-attrib.redhat;
&tm-attrib.sap;
&tm-attrib.sun;
&tm-attrib.symantec;
+ &tm-attrib.thomson;
+ &tm-attrib.usrobotics;
&tm-attrib.waterloomaple;
&tm-attrib.wolframresearch;
+ &tm-attrib.xiph;
&tm-attrib.general;
Welcome to FreeBSD! This handbook covers the installation and day
to day use of FreeBSD &rel2.current;-RELEASE
and FreeBSD &rel.current;-RELEASE.
This manual is a work in progress and is the work
of many individuals. Many sections do not yet exist and some of those
that do exist need to be updated. If you are interested in helping
with this project, send email to the &a.doc;. The latest version of
this document is always available from the FreeBSD web site.
It may also be downloaded in a variety of formats and compression
options from the FreeBSD FTP
server or one of the numerous mirror sites. If you would prefer
to have a hard copy of the handbook, you can purchase one at the
FreeBSD Mall. You
may also want to search the
handbook.
&chap.preface;
Getting StartedThis part of the FreeBSD Handbook is for users and
administrators who are new to FreeBSD. These chapters:Introduce you to FreeBSD.Guide you through the installation process.Teach you some &unix; basics.Show you how to install the wealth of third party
applications available for FreeBSD.Introduce you to X, the &unix; windowing system, and
detail how to configure a desktop environment that makes you
more productive.We have tried to keep the number of forward references in
the text to a minimum so that you can read this section of the
Handbook from front to back with the minimum of page flipping
required.System AdministrationThe remaining chapters of the FreeBSD Handbook cover all
aspects of FreeBSD system administration. Each chapter
starts by describing what you will learn as a result of reading
the chapter, and also details what you are expected to know
before tackling the material.These chapters are designed to be read when
you need the information. You do not have to read them in any
particular order, nor do you need to read all of them before you
can begin using FreeBSD.Appendices
&chap.colophon;
diff --git a/en_US.ISO8859-1/books/handbook/desktop/chapter.sgml b/en_US.ISO8859-1/books/handbook/desktop/chapter.sgml
index 71de2c576f..8fdecd940c 100644
--- a/en_US.ISO8859-1/books/handbook/desktop/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/desktop/chapter.sgml
@@ -1,1164 +1,1162 @@
ChristopheJunietContributed by Desktop ApplicationsSynopsisFreeBSD can run a wide variety of desktop applications, such
as browsers and word processors. Most of these are available as
packages or can be automatically built from the ports
collection. Many new users expect to find these kinds of
applications on their desktop. This chapter will show you how
to install some popular desktop applications effortlessly,
either from their packages or from the ports collection.Note that when installing programs from the ports, they are
compiled from source. This can take a very long time, depending
on what you are compiling and the processing power of your
machine(s). If building from source takes a prohibitively long
amount of time for you, you can install most of the programs of
the ports collection from pre-built packages.As FreeBSD features Linux binary compatibility, many
applications originally developed for Linux are available for
your desktop. It is strongly recommended that you read
before installing any of the Linux
applications. Many of the ports using the Linux binary
compatibility start with linux-. Remember this
when you search for a particular port, for instance with
&man.whereis.1;. In the following text, it is assumed that you
have enabled Linux binary compatibility before installing any of
the Linux applications.Here are the categories covered by this chapter:Browsers (such as Mozilla,
- Netscape,
+ &netscape;,
Opera)Productivity (such as
KOffice,
AbiWord,
The GIMP,
OpenOffice.org)
- Document Viewers (such as Acrobat
- Reader,
+ Document Viewers (such as &acrobat.reader;,
gv,
Xpdf,
GQview)Finance (such as
GnuCash,
Gnumeric,
Abacus)Before reading this chapter, you should:Know how to install additional third-party software
().Know how to install additional Linux software
().For information on how to get a multimedia environment, read
. If you want to setup and use
electronic mail, please refer to .BrowsersFreeBSD does not come with a particular browser
pre-installed. Instead, the
www
directory of the ports collection contains a lot of browsers
ready to be installed. If you do not have time to compile
everything (this can take a very long time in some cases) many
of them are available as packages.KDE and
GNOME already provide HTML browsers.
Please refer to for more information on
how to setup these complete desktops.If you are looking for light-weight browsers, you should
investigate the ports collection for
www/dillo,
www/links, or
www/w3m.This section covers these applications:Application NameResources NeededInstallation from PortsMajor DependenciesMozillaheavyheavyGtk+
- Netscape
+ &netscape;heavylightLinux Binary CompatibilityOperalightlightFreeBSD version: None. Linux version: Linux Binary Compatibility and
linux-openmotifMozillaMozillaMozilla is perhaps the most
suitable browser for your FreeBSD Desktop. It is modern,
stable, and fully ported to FreeBSD. It features a very
standards-compliant HTML display engine. It provides a mail
and news reader. It even has a HTML composer if you plan to
write some web pages yourself. Users of
- Netscape will recognize the
+ &netscape; will recognize the
similarities with Communicator
suite, as both browsers shared the same basis.On slow machines, with a CPU speed less than 233MHz or
with less than 64MB of RAM, Mozilla
can be too resource-consuming to be fully usable. You may
want to look at the Opera browser
instead, described a little later in this chapter.If you cannot or do not want to compile
Mozilla for any reason, the FreeBSD
GNOME team has already done this for you. Just install the
package from the network by:&prompt.root; pkg_add -r mozillaIf the package is not available, and you have enough time
and disk space, you can get the source for
Mozilla, compile it and install it
on your system. This is accomplished by:&prompt.root; cd /usr/ports/www/mozilla
&prompt.root; make install cleanThe Mozilla port ensures a
correct initialization by running the chrome registry setup
with root privileges. However, if you
want to fetch some add-ons like mouse gestures, you must run
Mozilla as
root to get them properly
installed.Once you have completed the installation of
Mozilla, you do not need to be
root any longer. You can start
Mozilla as a browser by typing:&prompt.user; mozillaYou can start it directly as a mail and news reader as
shown below:&prompt.user; mozilla -mailTomRhodesContributed by
- Mozilla, &java;, and MacromediaFlash
+ Mozilla, &java;, and ¯omedia; &flash;Installing Mozilla is simple, but
unfortunately installing Mozilla with
support for add-ons like &java; and
- Macromedia
- Flash
+ ¯omedia; &flash;
consumes both time and disk
space.The first thing is to download the files which will be used
with Mozilla. Take your current web
browser up to
and
create an account on their website. Remember to save the username
and password from here as it may be needed in the future. Download
a copy of the file j2sdk-1_3_1-src.tar.gz and place this in
/usr/ports/distfiles/ as the port will not
fetch it automatically. This is due to license restrictions. While
we are here, download the java environment from
.
The filename is j2sdk-1_3_1_08-linux-i586.bin and is large (about 25
megabytes!). Like before, this file must be placed into
/usr/ports/distfiles/. Finally download a copy
of the java patchkit from
and place it
into /usr/ports/distfiles/.Install the java/jdk13 port
with the standard make install clean and
then install the www/flashpluginwrapper
port. This port requires
emulators/linux_base which is a
- large port. True that other flash plugins exist, however they have
+ large port. True that other &flash; plugins exist, however they have
not worked for me.Install the www/mozilla port,
if Mozilla is not already installed.
- Now copy the flash plug-in files with:
+ Now copy the &flash; plug-in files with:&prompt.root; cp /usr/local/lib/flash/libflashplayer.so \
/usr/X11R6/lib/browser_plugins/libflashplayer_linux.so&prompt.root; cp /usr/local/lib/flash/ShockwaveFlash.class \
/usr/X11R6/lib/browser_plugins/If you are using
www/mozilla-devel,
the destination directories will be different.Now add the following lines to the top of (but right under
#!/bin/sh) Mozilla startup script:
/usr/X11R6/bin/mozilla.LD_PRELOAD=/usr/local/lib/libflashplayer.so.1
export LD_PRELOAD
- This will enable the flash plug-in.
+ This will enable the &flash; plug-in.Now just start Mozilla with:&prompt.user; mozilla &And access the About Plug-ins option from the
Help menu. A list should appear with all the currently
- available plugins. java and
- shockwave flash should both be listed.
+ available plugins. &java; and
+ &shockwave; &flash; should both be listed.
- Netscape
+ &netscape;NetscapeThe ports collection contains several versions of the
- Netscape browser. Since the native FreeBSD ones contain a
+ &netscape; browser. Since the native FreeBSD ones contain a
serious security bug, installing them is strongly
discouraged. Instead, use a more recent Linux or DIGITAL UNIX
version.
- The latest stable release of the Netscape browser is
- Netscape 7. It can be installed
+ The latest stable release of the &netscape; browser is
+ &netscape; 7. It can be installed
from the ports collection:&prompt.root; cd /usr/ports/www/netscape7
&prompt.root; make install cleanThere are localized versions in the French, German, and
Japanese categories.
- Netscape 4.x versions are not
+ &netscape; 4.x versions are not
recommended because they are not compliant with today's
- standards. However, Netscape 7.x
- and newer versions are only available for the i386
+ standards. However, &netscape; 7.x
+ and newer versions are only available for the &i386;
platform.OperaOperaOpera is a very fast,
full-featured, and standards-compliant browser. It comes in
two favors: a native FreeBSD version and a
version that runs under Linux emulation.
For each operating system, there is a no-cost version of the
browser that displays advertising and an ad-free
version that can be purchased on the Opera web site.To browse the Web with the FreeBSD version of Opera,
install the package:&prompt.root; pkg_add -r operaSome FTP sites do not have all the packages, but the same
result can be obtained with the ports collection by
typing:&prompt.root; cd /usr/ports/www/opera
&prompt.root; make install cleanTo install the Linux version of
Opera, substitute
linux-opera in place of
opera in the examples above. The Linux
version is useful in situations requiring the use of plug-ins
that are only available for Linux, such as Adobe
- Acrobat Reader. In all other respects, the
+ &acrobat.reader;. In all other respects, the
FreeBSD and Linux versions appear to be functionally
identical.ProductivityWhen it comes to productivity, new users often look for a
good office suite or a friendly word processor. While some
desktop environments like
KDE already provide an office suite,
there is no default application. FreeBSD provides all that is
needed, regardless of your desktop environment.This section covers these applications:Application NameResources NeededInstallation from PortsMajor DependenciesKOfficelightheavyKDEAbiWordlightlightGtk+ or GNOMEThe GimplightheavyGtk+OpenOffice.orgheavyhuge
- GCC 3.1, JDK 1.3, Mozilla
+ GCC 3.1, &jdk; 1.3, MozillaKOfficeKOfficeoffice suiteKOfficeThe KDE community has provided its desktop environment
with an office suite which can be used outside
KDE. It includes the four standard
components that can be found in other office suites.
KWord is the word processor,
KSpread is the spreadsheet program,
KPresenter manages slide
presentations, and Kontour lets you
draw graphical documents.Before installing the latest
KOffice, make sure you have an
up-to-date version of KDE.To install KOffice as a
package, issue the following command:&prompt.root; pkg_add -r kofficeIf the package is not available, you can use the ports
collection. For instance, to install
KOffice for
KDE3, do:&prompt.root; cd /usr/ports/editors/koffice-kde3
&prompt.root; make install cleanAbiWordAbiWordAbiWord is a free word
- processing program similar in look and feel to Microsoft Word.
+ processing program similar in look and feel to µsoft; Word.
It is suitable for typing papers, letters, reports, memos, and
so forth. It is very fast, contains many features, and is
very user-friendly.AbiWord can import or export
many file formats, including some proprietary ones like
Microsoft .doc.AbiWord is available as a
package. You can install it by:&prompt.root; pkg_add -r AbiWord-gnomeIf the package is not available, it can be compiled from
the ports collection. The ports collection should be more
up to date. It can be done as follows:&prompt.root; cd /usr/ports/editors/AbiWord
&prompt.root; make install cleanThe GIMPThe GIMPFor image authoring or picture retouching,
The GIMP is a very sophisticated
image manipulation program. It can be used as a simple paint
program or as a quality photo retouching suite. It supports a
large number of plug-ins and features a scripting interface.
The GIMP can read and write a wide
range of file formats. It supports interfaces with scanners
and tablets.You can install the package by issuing this
command:&prompt.root; pkg_add -r gimpIf your FTP site does not have this package, you can use
the ports collection. The
graphics
directory of the ports collection also contains
The Gimp Manual. Here is how to
get them installed:&prompt.root; cd /usr/ports/graphics/gimp1
&prompt.root; make install clean
&prompt.root; cd /usr/ports/graphics/gimp-manual-pdf
&prompt.root; make install cleanThe
graphics
directory of the ports collection holds the development
version of The GIMP in
graphics/gimp-devel.
- HTML and PostScript versions of
+ HTML and &postscript; versions of
The Gimp Manual are in
graphics/gimp-manual-html and
graphics/gimp-manual-ps.OpenOffice.orgOpenOffice.orgoffice suiteOpenOffice.orgOpenOffice.org includes all of the
mandatory applications in a complete office productivity
suite: a word processor, a spreadsheet, a presentation manager,
and a drawing program. Its user interface is very similar
to other office suites, and it can import and export in various
popular file formats. It is available in a number of
different languages including interfaces, spell checkers, and
dictionaries.The word processor of
OpenOffice.org uses a native XML
file format for increased portability and flexibility. The
spreadsheet program features a macro language and it can be
interfaced with external databases.
OpenOffice.org is already stable
- and runs natively on Windows, Solaris, Linux, FreeBSD,
- and Mac OS X. More
+ and runs natively on &windows;, &solaris;, Linux, FreeBSD,
+ and &macos; X. More
information about OpenOffice.org
can be found on the
OpenOffice web site.
For FreeBSD specific information, and to directly
download packages use the FreeBSD OpenOffice
Porting Team's web site.To install OpenOffice.org,
do:&prompt.root; pkg_add -r openofficeOnce the package is installed, you must run the setup
program and choose a .
Run this command as the user who will use
OpenOffice.org:&prompt.user; openoffice-setupIf the OpenOffice.org packages
are not available, you still have the option to compile the
port. However, you must bear in mind that it requires a lot of
disk space and a fairly long time to compile.&prompt.root; cd /usr/ports/editors/openoffice
&prompt.root; make install cleanOnce this is done, run the setup as the user who will use
OpenOffice.org and choose a
by:&prompt.user; cd /usr/ports/editors/openoffice
&prompt.user; make install-userIf you want to use a localized version, here are the available
ports:LanguagePortArabiceditors/openoffice-arDanisheditors/openoffice-dkSpanisheditors/openoffice-esGreekeditors/openoffice-grItalianeditors/openoffice-itDutcheditors/openoffice-nlPolisheditors/openoffice-plSwedisheditors/openoffice-seTurkisheditors/openoffice-trFrenchfrench/openofficeGermangerman/openofficeJapanesejapanese/openofficeKoreankorean/openofficePortugueseportuguese/openofficeRussianrussian/openofficeDocument ViewersSome new document formats have recently gained popularity.
The standard viewers they require may not be available in the
base system. We will see how to install them in this
section.This section covers these applications:Application NameResources NeededInstallation from PortsMajor Dependencies
- Acrobat Reader
+ &acrobat.reader;lightlightLinux Binary CompatibilitygvlightlightXaw3dXpdflightlightFreeTypeGQviewlightlightGtk+ or GNOME
- Acrobat Reader
+ &acrobat.reader;Acrobat ReaderPDFviewingMany documents are now distributed as PDF files,
which stands for Portable Document Format. One
of the recommended viewers for these types of files is
- Acrobat Reader, released by Adobe
+ &acrobat.reader;, released by Adobe
for Linux. As FreeBSD can run Linux binaries, it is also
available for FreeBSD.
- To install the Acrobat Reader 5
+ To install the &acrobat.reader; 5
package, do:&prompt.root; pkg_add -r acroread5As usual, if the package is not available or you want the
latest version, you can use the ports collection as
well:&prompt.root; cd /usr/ports/print/acroread5
&prompt.root; make install clean
- Acrobat Reader is
+ &acrobat.reader; is
available in several different versions. At this time of
writing, there are:
print/acroread (version 3.0.2),
print/acroread4 (version 4.0.5), and
print/acroread5 (version 5.0.6).
They may not all have been packaged for your version of
FreeBSD. The ports collection will always contain
the latest versions.gvgvPDFviewingPostScriptviewing
- gv is a PostScript and PDF
+ gv is a &postscript; and PDF
viewer. It is originally based on
ghostview but it has a nicer look
thanks to the Xaw3d library. It is fast and its interface is
clean. gv has many features like
orientation, paper size, scale, or antialias. Almost any
operation can be done either from the keyboard or the
mouse.To install gv as a package,
do:&prompt.root; pkg_add -r gvIf you cannot get the package, you can use the ports
collection:&prompt.root; cd /usr/ports/print/gv
&prompt.root; make install cleanXpdfXpdfPDFviewingIf you want a small FreeBSD PDF viewer,
Xpdf is a light-weight and
efficient viewer. It requires very few resources and is
very stable. It uses the standard X fonts and does not
- require Motif or any other X toolkit.
+ require &motif; or any other X toolkit.
To install the Xpdf package,
issue this command:&prompt.root; pkg_add -r xpdfIf the package is not available or you prefer to use the
ports collection, do:&prompt.root; cd /usr/ports/graphics/xpdf
&prompt.root; make install cleanOnce the installation is complete, you can launch
Xpdf and use the right mouse button
to activate the menu.GQviewGQviewGQview is an image manager.
You can view a file with a single click, launch an external
editor, get thumbnail previews, and much more. It also
features a slideshow mode and some basic file operations. You
can manage image collections and easily find duplicates.
GQview can do full screen viewing
and supports internationalization.If you want to install the
GQview package, do:&prompt.root; pkg_add -r gqviewIf the package is not available or you prefer to use the
ports collection, do:&prompt.root; cd /usr/ports/graphics/gqview
&prompt.root; make install cleanFinanceIf, for any reason, you would like to manage your personal
finances on your FreeBSD Desktop, there are some powerful and
easy to use applications ready to be installed. Some of them
are compatible with widespread file formats like those of
- Quicken or Excel documents.
+ Quicken or Excel documents.
This section covers these applications:Application NameResources NeededInstallation from PortsMajor DependenciesGnuCashlightheavyGNOMEGnumericlightheavyGNOMEAbacuslightlightTcl/TkGnuCashGnuCashGnuCash is part of the
GNOME effort to provide
user-friendly yet powerful applications to end-users. With
GnuCash, you can keep track of your
income and expenses, your bank accounts, or your stocks. It
features an intuitive interface while remaining very
professional.GnuCash provides a smart
register, a hierarchical system of accounts, many keyboard
accelerators and auto-completion methods. It can split a
single transaction into several more detailed pieces.
GnuCash can import and merge
Quicken QIF files. It also handles most international date
and currency formats.To install GnuCash on your
system, do:&prompt.root; pkg_add -r gnucashIf the package is not available, you can use the ports
collection:&prompt.root; cd /usr/ports/finance/gnucash
&prompt.root; make install cleanGnumericGnumericspreadsheetGnumericGnumeric is a spreadsheet, part
of the GNOME desktop environment.
It features convenient automatic guessing of user
input according to the cell format and an autofill system for
many sequences. It can import files in a number of popular
formats like those of Excel, Lotus 1-2-3, or Quattro Pro.
Gnumeric supports graphs through
the math/guppi graphing
program. It has a large number of built-in functions and
allows all of the usual cell formats such as number, currency,
date, time, and much more.To install Gnumeric as a
package, type in:&prompt.root; pkg_add -r gnumericIf the package is not available, you can use the ports
collection by doing:&prompt.root; cd /usr/ports/math/gnumeric
&prompt.root; make install cleanAbacusAbacusspreadsheetAbacusAbacus is a small and easy to
use spreadsheet. It includes many built-in functions useful
in several domains such as statistics, finances, and
mathematics. It can import and export the Excel file format.
- Abacus can produce PostScript
+ Abacus can produce &postscript;
output.To install Abacus from its
package, do:&prompt.root; pkg_add -r abacusIf the package is not available, you can use the ports
collection by doing:&prompt.root; cd /usr/ports/deskutils/abacus
&prompt.root; make install cleanSummaryWhile FreeBSD is popular among ISPs for its performance and
stability, it is quite ready for day-to-day use as a desktop.
With several thousand applications available as
packages or
ports,
you can build a perfect desktop that suits all your needs.Once you have achieved the installation of your desktop, you
may want to go one step further with
misc/instant-workstation.
This meta-port allows you to build a typical set
of ports for a workstation. You can customize it by editing
/usr/ports/misc/instant-workstation/Makefile.
Follow the syntax used for the default set to add or remove
ports, and build it with the usual procedure.
Eventually, you will be able to create a big package that
corresponds to your very own desktop and install it to your
other workstations!Here is a quick review of all the desktop applications
covered in this chapter:Application NamePackage NamePorts NameMozillamozillawww/mozilla
- Netscape
+ &netscape;linux-netscape7www/netscape7Operalinux-operawww/linux-operaKOfficekoffice-kde3editors/koffice-kde3AbiWordAbiWord-gnomeeditors/AbiWordThe GIMPgimpgraphics/gimp1OpenOffice.orgopenofficeeditors/openoffice
- Acrobat Reader
+ &acrobat.reader;acroread5print/acroread5gvgvprint/gvXpdfxpdfgraphics/xpdfGQviewgqviewgraphics/gqviewGnuCashgnucashfinance/gnucashGnumericgnumericmath/gnumericAbacusabacusdeskutils/abacus
diff --git a/en_US.ISO8859-1/books/handbook/install/chapter.sgml b/en_US.ISO8859-1/books/handbook/install/chapter.sgml
index b416c29b6a..05374f9266 100644
--- a/en_US.ISO8859-1/books/handbook/install/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/install/chapter.sgml
@@ -1,5831 +1,5831 @@
JimMockRestructured, reorganized, and parts
rewritten by RandyPrattThe sysinstall walkthrough, screenshots, and general
copy by Installing FreeBSDSynopsisinstallationFreeBSD is provided with a text-based, easy to use installation
program called sysinstall. This is the
default installation program for FreeBSD, although vendors are free to
provide their own installation suite if they wish. This chapter
describes how to use sysinstall to install
FreeBSD.After reading this chapter, you will know:How to create the FreeBSD installation disks.How FreeBSD refers to, and subdivides, your hard disks.How to start sysinstall.The questions sysinstall will ask
you, what they mean, and how to answer them.Before reading this chapter, you should:Read the supported hardware list that shipped with the version
of FreeBSD you are installing, and verify that your hardware is
supported.In general, these installation instructions are written
for &i386; (PC compatible) architecture
computers. Where applicable, instructions specific to other
platforms (for example, Alpha) will be listed.Pre-installation TasksInventory Your ComputerBefore installing FreeBSD you should attempt to inventory the
components in your computer. The FreeBSD installation routines will
show you the components (hard disks, network cards, CDROM drives, and
so forth) with their model number and manufacturer. FreeBSD will also
attempt to determine the correct configuration for these devices,
which includes information about IRQ and IO port usage. Due to the
vagaries of PC hardware this process is not always completely
successful, and you may need to correct FreeBSD's determination of
your configuration.If you already have another operating system installed, such as
&windows; or Linux, it is a good idea to use the facilities provided
by those operating systems to see how your hardware is already
configured. If you are really not sure what settings an expansion
card is using, you may find it printed on the card itself. Popular IRQ
numbers are 3, 5, and 7, and IO port addresses are normally written as
hexadecimal numbers, such as 0x330.We recommend you print or write down this information before
installing FreeBSD. It may help to use a table, like this:
Sample Device InventoryDevice NameIRQIO port(s)NotesFirst hard diskN/AN/A40 GB, made by Seagate, first IDE masterCDROMN/AN/AFirst IDE slaveSecond hard diskN/AN/A20 GB, made by IBM, second IDE masterFirst IDE controller140x1f0Network cardN/AN/A&intel; 10/100ModemN/AN/A
- &t3com; 56K faxmodem, on COM1
+ &tm.3com; 56K faxmodem, on COM1…
Backup Your DataIf the computer you will be installing FreeBSD on contains
valuable data then ensure you have it backed up, and that you have
tested the backups before installing FreeBSD. The FreeBSD
installation routine will prompt you several times before writing any
data to your disk, but once that process has started it cannot be
undone.Decide Where to Install FreeBSDIf you want FreeBSD to use all your disk, then there is nothing
more to concern yourself with at this point — you can skip to the
next section.However, if you need FreeBSD to co-exist with other operating
systems then you need to have a rough understanding of how data is
laid out on the disk, and how this affects you.Disk Layouts for the &i386;A PC disk can be divided into discrete chunks. These chunks are
called partitions. By design, the PC only
supports four partitions per disk. These partitions are called
primary partitions. To work around this
limitation and allow more than four partitions, a new partition type
was created, the extended partition. A disk
may contain only one extended partition. Special partitions, called
logical partitions, can be created inside this
extended partition.Each partition has a partition ID, which is
a number used to identify the type of data on the partition. FreeBSD
partitions have the partition ID 165.In general, each operating system that you use will identify
partitions in a particular way. For example, DOS, and its
descendants, like &windows;, assign each primary and logical partition a
drive letter, starting with
C:.FreeBSD must be installed into a primary partition. FreeBSD can
keep all its data, including any files that you create, on this one
partition. However, if you have multiple disks, then you can create a
FreeBSD partition on all, or some, of them. When you install FreeBSD,
you must have one partition available. This might be a blank
partition that you have prepared, or it might be an existing partition
that contains data that you no longer care about.If you are already using all the partitions on all your disks, then
you will have to free one of them for FreeBSD using the tools
provided by the other operating systems you use (e.g.,
fdisk on DOS or &windows;).If you have a spare partition then you can use that. However, you
may need to shrink one or more of your existing partitions
first.A minimal installation of FreeBSD takes as little as 100 MB of disk
space. However, that is a very minimal install,
leaving almost no space for your own files. A more realistic minimum
is 250 MB without a graphical environment, and 350 MB or more if you
want a graphical user interface. If you intend to install a lot of
third party software as well, then you will need more space.You can use a commercial tool such as &partitionmagic;
to resize your partitions to make space for
FreeBSD. The tools directory on the CDROM
contains two free software tools which can carry out this task, namely
FIPS and
PResizer. Documentation for both of these
is available in the same directory.Incorrect use of these tools can delete the data on your disk.
Be sure that you have recent, working backups before using
them.Using an Existing Partition UnchangedSuppose that you have a computer with a single 4 GB disk that
already has a version of &windows; installed, and you have split the
disk into two drive letters, C: and
D:, each of which is 2 GB in size. You have
1 GB of data on C:, and 0.5 GB of data on
D:.This means that your disk has two partitions on it, one per
drive letter. You can copy all your existing data from
D: to C:, which
will free up the second partition, ready for FreeBSD.Shrinking an Existing PartitionSuppose that you have a computer with a single 4 GB disk that
already has a version of &windows; installed. When you installed
&windows; you created one large partition, giving you a
C: drive that is 4 GB in size. You are
currently using 1.5 GB of space, and want FreeBSD to have 2 GB of
space.In order to install FreeBSD you will need to either:Backup your &windows; data, and then reinstall &windows;,
asking for a 2 GB partition at install time.Use one of the tools such as &partitionmagic;,
described above, to shrink your &windows;
partition.Disk Layouts for the AlphaAlphaYou will need a dedicated disk for FreeBSD on the
Alpha. It is not possible to share a disk with another
operating system at this time. Depending on the specific
Alpha machine you have, this disk can either be a SCSI disk
or an IDE disk, as long as your machine is capable of
booting from it.Following the conventions of the Digital / Compaq
manuals all SRM input is shown in uppercase. SRM is case
insensitive.To find the names and types of disks in your machine, use
the SHOW DEVICE command from the SRM
console prompt:>>>SHOW DEVICE
dka0.0.0.4.0 DKA0 TOSHIBA CD-ROM XM-57 3476
dkc0.0.0.1009.0 DKC0 RZ1BB-BS 0658
dkc100.1.0.1009.0 DKC100 SEAGATE ST34501W 0015
dva0.0.0.0.1 DVA0
ewa0.0.0.3.0 EWA0 00-00-F8-75-6D-01
pkc0.7.0.1009.0 PKC0 SCSI Bus ID 7 5.27
pqa0.0.0.4.0 PQA0 PCI EIDE
pqb0.0.1.4.0 PQB0 PCI EIDEThis example is from a Digital Personal Workstation
433au and shows three disks attached to the machine. The
first is a CDROM drive called DKA0 and
the other two are disks and are called
DKC0 and
DKC100 respectively.Disks with names of the form DKx
are SCSI disks. For example DKA100
refers to a SCSI disk with SCSI target ID 1 on the first SCSI bus (A),
whereas DKC300 refers to a SCSI disk
with SCSI ID 3 on the third SCSI bus (C). Devicename
PKx refers to the SCSI host bus adapter. As
seen in the SHOW DEVICE output SCSI
CDROM drives are treated as any other SCSI hard disk drive.IDE disks have names similar to DQx,
while PQx is the associated IDE
controller.Collect Your Network Configuration DetailsIf you intend to connect to a network as part of your FreeBSD
installation (for example, if you will be installing from an FTP
site or an
NFS server), then you need to know your network configuration. You
will be prompted for this information during the installation so that
FreeBSD can connect to the network to complete the install.Connecting to an Ethernet Network or Cable/DSL ModemIf you connect to an Ethernet network, or you have an Internet
connection via cable or DSL, then you will need the following
information:IP address.IP address of the default gateway.Hostname.DNS server IP addresses.If you do not know this information, then ask your system
administrator or service provider. They may say that this
information is assigned automatically, using
DHCP. If so, make a note of this.Connecting Using a ModemIf you dial up to an ISP using a regular modem then you can
still install FreeBSD over the Internet, it will just take a very
long time.You will need to know:The phone number to dial for your ISP.The COM: port your modem is connected to.The username and password for your ISP account.Check for FreeBSD ErrataAlthough the FreeBSD project strives to ensure that each release
of FreeBSD is as stable as possible, bugs do occasionally creep into
the process. On very rare occasions those bugs affect the
installation process. As these problems are discovered and fixed they
are noted in the FreeBSD Errata, posted on the FreeBSD web site. You
should check the errata before installing to make sure that there are
no late-breaking problems which you should be aware of.Information about all the releases, including the errata for each
release, can be found on the
release
information section of the
FreeBSD web site.Obtain the FreeBSD Installation FilesThe FreeBSD installation process can install FreeBSD from files
located in the any of the following places:Local MediaA CDROM or DVDA DOS partition on the same computerA tapeFloppy disksNetworkAn FTP site, going through a firewall, or using an HTTP proxy,
as necessaryAn NFS serverA dedicated parallel or serial connectionIf you have purchased FreeBSD on CD or DVD then you already have
everything you need, and should proceed to the next section
(Preparing the Boot
Media).If you have not obtained the FreeBSD installation files you should
skip ahead to which explains how
to prepare to install FreeBSD from any of the above. After reading
that section, you should come back here, and read on to
.Prepare the Boot MediaThe FreeBSD installation process is started by booting your
computer into the FreeBSD installer—it is not a program you run
within another operating system. Your computer normally boots using
the operating system installed on your hard disk, but it can also be
configured to use a bootable floppy disk. It may also
be able to boot from a disk in the CDROM drive.If you have FreeBSD on CDROM or DVD (either one you purchased,
or you prepared yourself), and your computer allows you to boot from
the CDROM or DVD (typically a BIOS option called Boot
Order or similar) then you can skip this section. The
FreeBSD CDROM and DVD images are bootable and can be used to install
FreeBSD without any other special preparation.To create boot floppy images, follow these steps:Acquire the Boot Floppy ImagesThe boot disks are available on your installation media
in the floppies/ directory, and
can also be downloaded from the
floppies directory for the &i386; architecture and from this floppies directory for the Alpha architecture.The floppy images have a .flp extension.
The floppies/ directory contains a number of
different images, and the ones you will need to use depends on the
version of FreeBSD you are installing, and in some cases, the
hardware you are installing to. In most cases you will just need
two files, kern.flp and
mfsroot.flp. Additional device drivers may
be necessary for some systems. These drivers are provided
on the drivers.flp image. Check
README.TXT in the same directory for the
most up to date information about these floppy images.Your FTP program must use binary mode
to download these disk images. Some web browsers have been
known to use text (or
ASCII) mode, which will be apparent if you
cannot boot from the disks.Prepare the Floppy DisksYou must prepare one floppy disk per image file you had to
download. It is imperative that these disks are free from
defects. The easiest way to test this is to format the disks
for yourself. Do not trust pre-formatted floppies.If you try to install FreeBSD and the installation
program crashes, freezes, or otherwise misbehaves, one of
the first things to suspect is the floppies. Try writing
the floppy image files to some other disks and try
again.Write the Image Files to the Floppy DisksThe .flp files are
not regular files you copy to the disk.
Instead, they are images of the complete contents of the
disk. This means that you cannot use
commands like DOS' copy to write the
files. Instead, you must use specific tools to write the
images directly to the disk.DOSIf you are creating the floppies on a computer running
DOS/&windows;, then we provide a tool to do
this called fdimage.If you are using the floppies from the CDROM, and your
CDROM is the E: drive, then you would
run this:E:\>tools\fdimage floppies\kern.flp A:Repeat this command for each .flp
file, replacing the floppy disk each time, being sure to label
the disks with the name of the file that you copied to them.
Adjust the command line as necessary, depending on where you have
placed the .flp files. If you do not have
the CDROM, then fdimage can be downloaded from
the tools
directory on the FreeBSD FTP site.If you are writing the floppies on a &unix; system (such as
another FreeBSD system) you can use the &man.dd.1; command to
write the image files directly to disk. On FreeBSD, you would
run:&prompt.root; dd if=kern.flp of=/dev/fd0On FreeBSD, /dev/fd0 refers to the
first floppy disk (the A: drive).
/dev/fd1 would be the
B: drive, and so on. Other &unix;
variants might have different names for the floppy disk
devices, and you will need to check the documentation for the
system as necessary.You are now ready to start installing FreeBSD.Starting the InstallationBy default, the installation will not make any changes to your
disk(s) until you see the following message:Last Chance: Are you SURE you want continue the installation?
If you're running this on a disk with data you wish to save then WE
STRONGLY ENCOURAGE YOU TO MAKE PROPER BACKUPS before proceeding!
We can take no responsibility for lost disk contents!The install can be exited at any time prior to the final
warning without changing the contents of the hard drive. If you are
concerned that you have configured something incorrectly you can just
turn the computer off before this point, and no damage will be
done.BootingBooting for the &i386;Start with your computer turned off.Turn on the computer. As it starts it should display an
option to enter the system set up menu, or BIOS, commonly reached
by keys like F2, F10,
Del, or
AltS. Use whichever keystroke is indicated on screen. In
some cases your computer may display a graphic while it starts.
Typically, pressing Esc will dismiss the graphic
and allow you to see the necessary messages.Find the setting that controls which devices the system boots
from. This is commonly shown as a list of devices, such as
Floppy, CDROM,
First Hard Disk, and so on.If you needed to prepare boot floppies, then make sure that the
floppy disk is selected. If you are booting from the CDROM then
make sure that that is selected instead. In case of doubt, you
should consult the manual that came with your computer, and/or its
motherboard.Make the change, then save and exit. The computer should now
restart.If you needed to prepare boot floppies, as described in
then one of them will be the
first boot disc, probably the one containing
kern.flp. Put this disc in your floppy
drive.If you are booting from CDROM, then you will need to turn on
the computer, and insert the CDROM at the first
opportunity.If your computer starts up as normal, and loads your existing
operating system then either:The disks were not inserted early enough in the boot
process. Leave them in, and try restarting your
computer.The BIOS changes earlier did not work correctly. You
should redo that step until you get the right option.FreeBSD will start to boot. If you are booting from CDROM you
will see a display similar to this (version information omitted):Verifying DMI Pool Data ........
Boot from ATAPI CD-ROM :
1. FD 2.88MB System Type-(00)
Uncompressing ... done
BTX loader 1.00 BTX version is 1.01
Console: internal video/keyboard
BIOS drive A: is disk0
BIOS drive B: is disk1
BIOS drive C: is disk2
BIOS drive C: is disk3
BIOS 639kB/261120kB available memory
FreeBSD/i386 bootstrap loader, Revision 0.8
/kernel text=0x277391 data=0x3268c+0x332a8 |
|
Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [kernel] in 9 seconds... _If you are booting from floppy disc, you will see a display
similar to this (version information omitted):Verifying DMI Pool Data ........
BTX loader 1.00 BTX version is 1.01
Console: internal video/keyboard
BIOS drive A: is disk0
BIOS drive C: is disk1
BIOS 639kB/261120kB available memory
FreeBSD/i386 bootstrap loader, Revision 0.8
/kernel text=0x277391 data=0x3268c+0x332a8 |
Please insert MFS root floppy and press enter:Follow these instructions by removing the
kern.flp disc, insert the
mfsroot.flp disc, and press
Enter.Irrespective of whether you booted from floppy or CDROM, the
boot process will then get to this point:Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [kernel] in 9 seconds... _Either wait ten seconds, or press Enter. This
will then launch the kernel configuration menu.Booting for the AlphaAlphaStart with your computer turned off.Turn on the computer and wait for a boot monitor
prompt.If you needed to prepare boot floppies, as described in
then one of them will be the
first boot disc, probably the one containing
kern.flp. Put this disc in your floppy
drive and type the following command to boot the disk
(substituting the name of your floppy drive if
necessary):>>>BOOT DVA0 -FLAGS '' -FILE ''If you are booting from CDROM, insert the CDROM into
the drive and type the following command to start the
installation (substituting the name of the appropriate
CDROM drive if necessary):>>>BOOT DKA0 -FLAGS '' -FILE ''FreeBSD will start to boot. If you are booting from a
floppy disc, at some point you will see the message:Please insert MFS root floppy and press enter:Follow these instructions by removing the
kern.flp disc, insert the
mfsroot.flp disc, and press
Enter.Irrespective of whether you booted from floppy or CDROM, the
boot process will then get to this point:Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [kernel] in 9 seconds... _Either wait ten seconds, or press Enter. This
will then launch the kernel configuration menu.Kernel ConfigurationFrom FreeBSD versions 5.0 and later, userconfig has been depreciated
in favor of the new &man.device.hints.5; method. For more information
on &man.device.hints.5; please visit The kernel is the core of the operating
system. It is responsible for many things, including access to all
the devices you may have on your system, such as hard disks, network
cards, sound cards, and so on. Each piece of hardware supported by
the FreeBSD kernel has a driver associated with it. Each driver has a
two or three letter name, such as sa for the
SCSI sequential access driver, or sio for the
Serial I/O driver (which manages COM ports).When the kernel starts, each driver checks the system to see
whether or not the hardware it supports exists on your system. If it
does, then the driver configures the hardware and makes it available
to the rest of the kernel.This checking is commonly referred to as device
probing. Unfortunately, it is not always possible to do
this in a safe way. Some hardware drivers do not co-exist well,
and probing for one piece of hardware can sometimes leave
another in an inconsistent state. This is a basic
limitation of the PC design.Many older devices are called ISA devices—as opposed
to PCI devices. The ISA specification requires each device to have
some information hard coded into it, typically the Interrupt Request
Line number (IRQ) and IO port address that the driver uses. This
information is commonly set by using physical
jumpers on the card, or by using a DOS based
utility.This was often a source of problems, because it was not possible
to have two devices that shared the same IRQ or port address.Newer devices follow the PCI specification, which does not require
this, as the devices are supposed to cooperate with the BIOS, and be
told which IRQ and IO port addresses to use.If you have any ISA devices in your computer then FreeBSD's
driver for that device will need to be configured with the IRQ and
port address that you have set the card to. This is why carrying out
an inventory of your hardware (see ) can be useful.Unfortunately, the default IRQs and memory ports used by some
drivers clash. This is because some ISA devices are shipped with IRQs
or memory ports that clash. The defaults in FreeBSD's drivers are
deliberately set to mirror the manufacturer's defaults, so that, out
of the box, as many devices as possible will work.This is almost never an issue when running FreeBSD day-to-day.
Your computer will not normally contain two pieces of hardware that
clash, because one of them would not work (irrespective of the
operating system you are using).It becomes an issue when you are installing FreeBSD for the first
time because the kernel used to carry out the install has to contain
as many drivers as possible, so that many different hardware
configurations can be supported. This means that some of
those drivers will have conflicting configurations. The devices are
probed in a strict order, and if you own a device that is probed late
in the process, but conflicted with an earlier probe, then your
hardware might not function or be probed correctly when you install
FreeBSD.Because of this, the first thing you have the opportunity to do
when installing FreeBSD is look at the list of drivers that are
configured into the kernel, and either disable some of them, if you
do not own that device, or confirm (and alter) the driver's
configuration if you do own the device but the defaults are
wrong.This probably sounds much more complicated than it actually
is. shows the first kernel
configuration menu. We recommend that you choose the
Start kernel configuration in full-screen visual
mode option, as it presents the easiest interface for
the new user.The kernel configuration screen ()
is then divided into four sections.A collapsible list of all the drivers that are currently
marked as active, subdivided into groups such as
Storage, and Network. Each
driver is shown as a description, its two or three letter driver
name, and the IRQ and memory port used by that driver. In
addition, if an active driver conflicts with another active driver
then CONF is shown next to the driver name.
This section also shows the total number of conflicting drivers
that are currently active.Drivers that have been marked inactive. They remain in the
kernel, but they will not probe for their device when the kernel
starts. These are subdivided into groups in the same way as the
active driver list.More detail about the currently selected driver, including its
IRQ and memory port address.Information about the keystrokes that are valid at this point
in time.At this point there will always be conflicts listed. Do not worry
about this, it is to be expected; all the drivers are enabled, and
as has already been explained, some of them will conflict with one
another.You now have to work through the list of drivers, resolving the
conflicts.Resolving Driver ConflictsPress X. This will completely expand the
list of drivers, so you can see all of them. You will need to use
the arrow keys to scroll back and forth through the active driver
list. shows the result of
pressing X. Disable all the drivers for devices that you do not have. To
disable a driver, highlight it with the arrow keys and press
Del. The driver will be moved to the
Inactive Drivers list.If you inadvertently disable a device that you need then press
Tab to switch to the Inactive
Drivers list, select the driver that you disabled, and
press Enter to move it back to the active
list.Do not disable sc0. This controls
the screen, and you will need this unless you are installing
over a serial cable.Only disable atkbd0 if you are
using a USB keyboard. If you have a normal keyboard then you
must keep atkbd0.If there are no conflicts listed then you can skip this step.
Otherwise, the remaining conflicts need to be examined. If they
do not have the indication of an allowed conflict
in the message area, then either the IRQ/address for device probe
will need to be changed, or the IRQ/address
on the hardware will need to be changed.To change the driver's configuration for IRQ and IO port
address, select the device and press Enter. The
cursor will move to the third section of the screen, and you can
change the values. You should enter the values for IRQ and port
address that you discovered when you made your hardware inventory.
Press Q to finish editing the device's
configuration and return to the active driver list.If you are not sure what these figures should be then you can
try using -1. Some FreeBSD drivers can safely
probe the hardware to discover what the correct value should be,
and a value of -1 configures them to do
this.The procedure for changing the address on the hardware varies
from device to device. For some devices you may need to
physically remove the card from your computer and adjust jumper
settings or DIP switches. Other cards may have come with a DOS
floppy that contains the programs used to reconfigure the card.
In any case, you should refer to the documentation that came with
the device. This will obviously entail restarting your computer,
so you will need to boot back into the FreeBSD installation
routine when you have reconfigured the card.When all the conflicts have been resolved the screen will look
similar to .As you can see, the active driver list is now much smaller,
with only drivers for the hardware that actually exists being
listed.You can now save these changes, and move on to the next step
of the install. Press Q to quit the device
configuration interface. This message will appear:Save these parameters before exiting? ([Y]es/[N]o/[C]ancel)Answer Y to save the parameters to memory
(it will be saved to disk if you finish the install) and the
probing will start. After displaying the probe results in white
on black text sysinstall will start
and display its main menu
().Reviewing the Device Probe ResultsThe last few hundred lines that have been displayed on screen are
stored and can be reviewed.To review the buffer, press Scroll Lock. This
turns on scrolling in the display. You can then use the arrow keys, or
PageUp and PageDown to view the
results. Press Scroll Lock again to stop
scrolling.Do this now, to review the text that scrolled off the screen when
the kernel was carrying out the device probes. You will see text
similar to , although the precise
text will differ depending on the devices that you have in your
computer.Check the probe results carefully to make sure that FreeBSD found
all the devices you expected. If a device was not found, then it will
not be listed. If the device's driver required configuring
with the IRQ and port address then you should check that you entered
them correctly.If you need to make changes to the UserConfig device probing,
its easy to exit the sysinstall program
and start over again. Its also a good way to become more familiar
with the process.Use the arrow keys to select
Exit Install from the Main
Install Screen menu. The following message will display: User Confirmation Requested
Are you sure you wish to exit? The system will reboot
(be sure to remove any floppies from the drives).
[ Yes ] NoThe install program will start again if the CDROM is left
in the drive and [Yes] is selected.If you are booting from floppies it will be necessary to remove
the mfsroot.flp floppy and replace it with
kern.flp before rebooting.Introducing SysinstallThe sysinstall utility is the installation
application provided by the FreeBSD Project. It is console based and is
divided into a number of menus and screens that you can use to
configure and control the installation process.The sysinstall menu system is controlled
by the arrow keys, Enter, Space, and
other keys. A detailed description of these keys, and what they do, is
contained in sysinstall's usage
information.To review this information, ensure that the
Usage entry is highlighted and that the
[Select] button is selected, as shown in , then press Enter.The instructions for using the menu system will be displayed. After
reviewing them, press Enter to return to the Main
Menu.Selecting the Documentation MenuFrom the Main Menu, select Doc with
the arrow keys and
press Enter.This will display the Documentation Menu.It is important to read the documents provided.To view a document, select it with the arrow keys and
press Enter. When finished reading a document,
pressing Enter will return to the Documentation
Menu.To return to the Main Installation Menu, select
Exit with the
arrow keys and press Enter.Selecting the Keymap MenuTo change the keyboard mapping, use the arrow keys to select
Keymap from the menu and press
Enter.A different keyboard mapping may be chosen by selecting the
menu item using up/down arrow keys and pressing Space.
Pressing Space again will unselect the item.
When finished, choose the &gui.ok; using the arrow keys and press
Enter.Only a partial list is shown in this screen representation.
Selecting &gui.cancel; will use the default
keymap and return to the Main Install Menu.Installation Options ScreenSelect Options and press
Enter.The default values are usually fine for most users and do
not need to be changed. The release name will vary according
to the version being installed.The description of the selected item will appear at the
bottom of the screen highlighted in blue. Notice that one of the
options is Use Defaults to reset all
values to startup defaults.Press F1 to read the help screen about the
various options.Pressing Q will return to the Main Install
menu.Begin a Standard InstallationThe Standard installation is the
option recommended for those new to &unix; or FreeBSD. Use the arrow
keys to select Standard and
then press Enter to start the installation.Allocating Disk SpaceYour first task is to allocate disk space for FreeBSD, and label
that space so that sysinstall can prepare
it. In order to do this you need to know how FreeBSD expects to find
information on the disk.BIOS Drive NumberingBefore you install and configure FreeBSD on your system, there is an
important subject that you should be aware of, especially if you have
multiple hard drives.DOSMicrosoft WindowsIn a PC running a BIOS-dependent operating system such as
&ms-dos; or µsoft.windows;, the BIOS is able to abstract the
normal disk drive order, and
the operating system goes along with the change. This allows the user
to boot from a disk drive other than the so-called primary
master. This is especially convenient for some users who have
found that the simplest and cheapest way to keep a system backup is to
buy an identical second hard drive, and perform routine copies of the
first drive to the second drive using
Ghost or XCOPY
. Then, if the
first drive fails, or is attacked by a virus, or is scribbled upon by an
operating system defect, he can easily recover by instructing the BIOS
to logically swap the drives. It is like switching the cables on the
drives, but without having to open the case.SCSIBIOSMore expensive systems with SCSI controllers often include BIOS
extensions which allow the SCSI drives to be re-ordered in a similar
fashion for up to seven drives.A user who is accustomed to taking advantage of these features may
become surprised when the results with FreeBSD are not as expected.
FreeBSD does not use the BIOS, and does not know the logical BIOS
drive mapping. This can lead to very perplexing situations,
especially when drives are physically identical in geometry, and have
also been made as data clones of one another.When using FreeBSD, always restore the BIOS to natural drive
numbering before installing FreeBSD, and then leave it that way. If you
need to switch drives around, then do so, but do it the hard way, and
open the case and move the jumpers and cables.An Illustration from the Files of Bill and Fred's Exceptional
Adventures:Bill breaks-down an older Wintel box to make another FreeBSD box
for Fred. Bill installs a single SCSI drive as SCSI unit zero and
installs FreeBSD on it.Fred begins using the system, but after several days notices that
the older SCSI drive is reporting numerous soft errors and reports
this fact to Bill.After several more days, Bill decides it is time to address the
situation, so he grabs an identical SCSI drive from the disk drive
archive in the back room. An initial surface scan
indicates that
this drive is functioning well, so Bill installs this drive as SCSI
unit four and makes an image copy from drive zero to drive four. Now
that the new drive is installed and functioning nicely, Bill decides
that it is a good idea to start using it, so he uses features in the
SCSI BIOS to re-order the disk drives so that the system boots from
SCSI unit four. FreeBSD boots and runs just fine.Fred continues his work for several days, and soon Bill and Fred
decide that it is time for a new adventure -- time to upgrade to a
newer version of FreeBSD. Bill removes SCSI unit zero because it was
a bit flaky and replaces it with another identical disk drive from
the archive. Bill then installs the new version of
FreeBSD onto the new SCSI unit zero using Fred's magic Internet FTP
floppies. The installation goes well.Fred uses the new version of FreeBSD for a few days, and certifies
that it is good enough for use in the engineering department. It is
time to copy all of his work from the old version. So Fred mounts
SCSI unit four (the latest copy of the older FreeBSD version). Fred
is dismayed to find that none of his precious work is present on SCSI
unit four.Where did the data go?When Bill made an image copy of the original SCSI unit zero onto
SCSI unit four, unit four became the new clone.
When Bill re-ordered the SCSI BIOS so that he could boot from
SCSI unit four, he was only fooling himself.
FreeBSD was still running on SCSI unit zero.
Making this kind of BIOS change will cause some or all of the Boot and
Loader code to be fetched from the selected BIOS drive, but when the
FreeBSD kernel drivers take-over, the BIOS drive numbering will be
ignored, and FreeBSD will transition back to normal drive numbering.
In the illustration at hand, the system continued to operate on the
original SCSI unit zero, and all of Fred's data was there, not on SCSI
unit four. The fact that the system appeared to be running on SCSI
unit four was simply an artifact of human expectations.We are delighted to mention that no data bytes were killed or
harmed in any way by our discovery of this phenomenon. The older SCSI
unit zero was retrieved from the bone pile, and all of Fred's work was
returned to him, (and now Bill knows that he can count as high as
zero).Although SCSI drives were used in this illustration, the concepts
apply equally to IDE drives.Disk OrganizationThe smallest unit of organization that FreeBSD uses to find files
is the filename. Filenames are case-sensitive, which means that
readme.txt and README.TXT
are two separate files. FreeBSD does not use the extension
(.txt) of a file to determine whether the file is
program, or a document, or some other form of data.Files are stored in directories. A directory may contain no
files, or it may contain many hundreds of files. A directory can also
contain other directories, allowing you to build up a hierarchy of
directories within one another. This makes it much easier to organize
your data.Files and directories are referenced by giving the file or
directory name, followed by a forward slash, /,
followed by any other directory names that are necessary. If you have
directory foo, which contains directory
bar, which contains the file
readme.txt, then the full name, or
path to the file is
foo/bar/readme.txt.Directories and files are stored in a filesystem. Each filesystem
contains exactly one directory at the very top level, called the
root directory for that filesystem. This root
directory can then contain other directories.So far this is probably similar to any other operating system you
may have used. There are a few differences; for example, DOS uses
\ to separate file and directory names, while &macos;
uses :.FreeBSD does not use drive letters, or other drive names in the
path. You would not write c:/foo/bar/readme.txt
on FreeBSD.Instead, one filesystem is designated the root
filesystem. The root filesystem's root directory is
referred to as /. Every other filesystem is then
mounted under the root filesystem. No matter
how many disks you have on your FreeBSD system, every directory
appears to be part of the same disk.Suppose you have three filesystems, called A,
B, and C. Each filesystem has
one root directory, which contains two other directories, called
A1, A2 (and likewise
B1, B2 and
C1, C2).Call A the root filesystem. If you used the
ls command to view the contents of this directory
you would see two subdirectories, A1 and
A2. The directory tree looks like this: /
|
+--- A1
|
`--- A2A filesystem must be mounted on to a directory in another
filesystem. So now suppose that you mount filesystem
B on to the directory A1. The
root directory of B replaces A1,
and the directories in B appear accordingly: /
|
+--- A1
| |
| +--- B1
| |
| `--- B2
|
`--- A2Any files that are in the B1 or
B2 directories can be reached with the path
/A1/B1 or /A1/B2 as
necessary. Any files that were in /A1 have been
temporarily hidden. They will reappear if B is
unmounted from A.If B had been mounted on A2
then the diagram would look like this: /
|
+--- A1
|
`--- A2
|
+--- B1
|
`--- B2and the paths would be /A2/B1 and
/A2/B2 respectively.Filesystems can be mounted on top of one another. Continuing the
last example, the C filesystem could be mounted on
top of the B1 directory in the B
filesystem, leading to this arrangement: /
|
+--- A1
|
`--- A2
|
+--- B1
| |
| +--- C1
| |
| `--- C2
|
`--- B2Or C could be mounted directly on to the
A filesystem, under the A1
directory: /
|
+--- A1
| |
| +--- C1
| |
| `--- C2
|
`--- A2
|
+--- B1
|
`--- B2If you are familiar with DOS, this is similar, although not
identical, to the join command.This is not normally something you need to concern yourself with.
Typically you create filesystems when installing FreeBSD and decide
where to mount them, and then never change them unless you add a new
disk.It is entirely possible to have one large root filesystem, and not
need to create any others. There are some drawbacks to this approach,
and one advantage.Benefits of Multiple FilesystemsDifferent filesystems can have different mount
options. For example, with careful planning, the
root filesystem can be mounted read-only, making it impossible for
you to inadvertently delete or edit a critical file. Separating
user-writable filesystems, such as /home,
from other filesystems also allows them to be mounted
nosuid; this option prevents the
suid/guid bits on
executables stored on the filesystem from taking effect, possibly
improving security.FreeBSD automatically optimizes the layout of files on a
filesystem, depending on how the filesystem is being used. So a
filesystem that contains many small files that are written
frequently will have a different optimization to one that contains
fewer, larger files. By having one big filesystem this
optimization breaks down.FreeBSD's filesystems are very robust should you lose power.
However, a power loss at a critical point could still damage the
structure of the filesystem. By splitting your data over multiple
filesystems it is more likely that the system will still come up,
making it easier for you to restore from backup as necessary.Benefit of a Single FilesystemFilesystems are a fixed size. If you create a filesystem when
you install FreeBSD and give it a specific size, you may later
discover that you need to make the partition bigger. This is not
easily accomplished without backing up, recreating the filesystem
with the new size, and then restoring the backed up data.FreeBSD 4.4 and later versions feature the &man.growfs.8;
command, which makes it possible to increase the size of
filesystem on the fly, removing this limitation.Filesystems are contained in partitions. This does not have the
same meaning as the earlier usage of the term partition in this
chapter, because of FreeBSD's &unix; heritage. Each partition is
identified by a letter from a through to
h. Each partition can contain only one filesystem,
which means that filesystems are often described by either their
typical mount point in the filesystem hierarchy, or the letter of the
partition they are contained in.FreeBSD also uses disk space for swap
space. Swap space provides FreeBSD with
virtual memory. This allows your computer to
behave as though it has much more memory than it actually does. When
FreeBSD runs out of memory it moves some of the data that is not
currently being used to the swap space, and moves it back in (moving
something else out) when it needs it.Some partitions have certain conventions associated with
them.PartitionConventionaNormally contains the root filesystembNormally contains swap spacecNormally the same size as the enclosing slice. This
allows utilities that need to work on the entire slice (for
example, a bad block scanner) to work on the
c partition. You would not normally create
a filesystem on this partition.dPartition d used to have a special
meaning associated with it, although that is now gone. To
this day, some tools may operate oddly if told to work on
partition d, so
sysinstall will not normally create
partition d.Each partition-that-contains-a-filesystem is stored in what
FreeBSD calls a slice. Slice is FreeBSD's term
for what were earlier called partitions, and again, this is because of
FreeBSD's &unix; background. Slices are numbered, starting at 1,
through to 4.slicespartitionsdangerously dedicatedSlice numbers follow
the device name, prefixed with an s,
starting at 1. So da0s1
is the first slice on the first SCSI drive. There can only be
four physical slices on a disk, but you can have logical
slices inside physical slices of the appropriate type. These
extended slices are numbered starting at 5, so
ad0s5 is the first
extended slice on the first IDE disk. These devices are used by file
systems that expect to occupy a slice.Slices, dangerously dedicated physical
drives, and other drives contain
partitions, which are represented as
letters from a to h.
This letter is appended to the device name, so
da0a is the a partition on
the first da drive, which is dangerously dedicated.
ad1s3e is the fifth partition
in the third slice of the second IDE disk drive.Finally, each disk on the system is identified. A disk name
starts with a code that indicates the type of disk, and then a number,
indicating which disk it is. Unlike slices, disk numbering starts at
0. Common codes that you will see are listed in
.When referring to a partition FreeBSD requires that you also name
the slice and disk that contains the partition, and when referring to
a slice you should also refer to the disk name. Do this by listing
the disk name, s, the slice number, and then the
partition letter. Examples are shown in
. shows a conceptual
model of the disk layout that should help make things clearer.In order to install FreeBSD you must first configure the disk
slices, then create partitions within the slice you will use for
FreeBSD, and then create a filesystem (or swap space) in each
partition, and decide where that filesystem will be mounted.
Disk Device CodesCodeMeaningadATAPI (IDE) diskdaSCSI direct access diskacdATAPI (IDE) CDROMcdSCSI CDROMfdFloppy disk
Sample Disk, Slice, and Partition NamesNameMeaningad0s1aThe first partition (a) on the first
slice (s1) on the first IDE disk
(ad0).da1s2eThe fifth partition (e) on the
second slice (s2) on the second SCSI disk
(da1).Conceptual Model of a DiskThis diagram shows FreeBSD's view of the first IDE disk attached
to the system. Assume that the disk is 4 GB in size, and contains
two 2 GB slices (DOS partitions). The first slice contains a DOS
disk, C:, and the second slice contains a
FreeBSD installation. This example FreeBSD installation has three
partitions, and a swap partition.The three partitions will each hold a filesystem. Partition
a will be used for the root filesystem,
e for the /var directory
hierarchy, and f for the
/usr directory hierarchy..-----------------. --.
| | |
| DOS / Windows | |
: : > First slice, ad0s1
: : |
| | |
:=================: ==: --.
| | | Partition a, mounted as / |
| | > referred to as ad0s2a |
| | | |
:-----------------: ==: |
| | | Partition b, used as swap |
| | > referred to as ad0s2b |
| | | |
:-----------------: ==: | Partition c, no
| | | Partition e, used as /var > filesystem, all
| | > referred to as ad0s2e | of FreeBSD slice,
| | | | ad0s2c
:-----------------: ==: |
| | | |
: : | Partition f, used as /usr |
: : > referred to as ad0s2f |
: : | |
| | | |
| | --' |
`-----------------' --'Creating Slices Using FDiskNo changes you make at this point will be written to the disk.
If you think you have made a mistake and want to start again you can
use the menus to exit sysinstall and try
again. If you get confused and can not see how to exit you can
always turn your computer off.After choosing to begin a standard installation in
sysinstall you will be shown this
message: Message
In the next menu, you will need to set up a DOS-style ("fdisk")
partitioning scheme for your hard disk. If you simply wish to devote
all disk space to FreeBSD (overwriting anything else that might be on
the disk(s) selected) then use the (A)ll command to select the default
partitioning scheme followed by a (Q)uit. If you wish to allocate only
free space to FreeBSD, move to a partition marked "unused" and use the
(C)reate command.
[ OK ]
[ Press enter or space ]Press Enter as instructed. You will then be
shown a list of all the hard drives that the kernel found when it
carried out the device probes.
shows an example from a
system with two IDE disks. They have been called
ad0 and ad2.You might be wondering why ad1 is not
listed here. Why has it been missed?Consider what would happen if you had two IDE hard disks, one
as the master on the first IDE controller, and one as the master on
the second IDE controller. If FreeBSD numbered these as it found
them, as ad0 and
ad1 then everything would work.But if you then added a third disk, as the slave device on the
first IDE controller, it would now be ad1,
and the previous ad1 would become
ad2. Because device names (such as
ad1s1a) are used to find filesystems, you
may suddenly discover that some of your filesystems no longer
appear correctly, and you would need to change your FreeBSD
configuration.To work around this, the kernel can be configured to name IDE
disks based on where they are, and not the order in which they were
found. With this scheme the master disk on the second IDE
controller will always be
ad2, even if there are no
ad0 or ad1
devices.This configuration is the default for the FreeBSD kernel, which
is why this display shows ad0 and
ad2. The machine on which this screenshot
was taken had IDE disks on both master channels of the IDE
controllers, and no disks on the slave channels.You should select the disk on which you want to install FreeBSD,
and then press &gui.ok;.
FDisk will start, with a display similar to
that shown in .The FDisk display is broken into three
sections.The first section, covering the first two lines of the display,
shows details about the currently selected disk, including its FreeBSD
name, the disk geometry, and the total size of the disk.The second section shows the slices that are currently on the
disk, where they start and end, how large they are, the name FreeBSD
gives them, and their description and sub-type. This example shows two
small unused slices, which are artifacts of disk layout schemes on the
PC. It also shows one large FAT slice, which almost certainly appears
as C: in DOS / &windows;, and an extended
slice, which may contain other drive letters for DOS / &windows;.The third section shows the commands that are available in
FDisk.What you do now will depend on how you want to slice up your
disk.If you want to use FreeBSD for the entire disk (which will delete
all the other data on this disk when you confirm that you want
sysinstall to continue later in the
installation process) then you can press A, which
corresponds to the Use Entire Disk option.
The existing slices will be removed, and replaced with a small area
flagged as unused (again, an artifact of PC disk
layout), and then one large slice for FreeBSD. If you do this then
you should then select the newly created FreeBSD slice using the arrow
keys, and press S to mark the slice as being
bootable. The screen will then look very similar to
. Note the
A in the Flags column, which
indicates that this slice is active, and will be
booted from.If you will be deleting an existing slice to make space for
FreeBSD then you should select the slice using the arrow keys, and
then press D. You can then press C,
and be prompted for size of slice you want to create. Enter the
appropriate figure and press Enter.If you have already made space for FreeBSD (perhaps by using a
tool such as &partitionmagic;) then you can
press C to create a new slice. Again, you will be
prompted for the size of slice you would like to create.When finished, press Q. Your changes will be
saved in sysinstall, but will not yet be
written to disk.Install a Boot ManagerYou now have the option to install a boot manager. In general,
you should choose to install the FreeBSD boot manager if:You have more than one drive, and have installed FreeBSD onto
a drive other than the first one.You have installed FreeBSD alongside another operating system
on the same disk, and you want to choose whether to start FreeBSD
or the other operating system when you start the computer.Make your choice and press Enter.The help screen, reached by pressing F1,
discusses the problems that can be encountered when trying to share
the hard disk between operating systems.Creating Slices on Another DriveIf there is more than one drive, it will return to the
Select Drives screen after the boot manager selection. If you wish to
install FreeBSD on to more than one disk, then you can select another
disk here and repeat the slice process using
FDisk.The Tab key toggles between the last drive
selected, &gui.ok;, and
&gui.cancel;.Press the Tab once to toggle to the
&gui.ok;, then
press Enter
to continue with the installation.Creating Partitions Using
DisklabelYou must now create some partitions inside each slice that you
have just created. Remember that each partition is lettered, from
a through to h, and that
partitions b, c, and
d have conventional meanings that you should adhere
to.Certain applications can benefit from particular partition
schemes, especially if you are laying out partitions across more than
one disk. However, for this, your first FreeBSD installation, you do
not need to give too much thought to how you partition the disk. It
is more important that you install FreeBSD and start learning how to
use it. You can always re-install FreeBSD to change your partition
scheme when you are more familiar with the operating system.This scheme features four partitions—one for swap space, and
three for filesystems.
Partition Layout for First DiskPartitionFilesystemSizeDescriptiona/100 MBThis is the root filesystem. Every other filesystem
will be mounted somewhere under this one. 100 MB is a
reasonable size for this filesystem. You will not be storing
too much data on it, as a regular FreeBSD install will put
about 40 MB of data here. The remaining space is for temporary
data, and also leaves expansion space if future versions of
FreeBSD need more space in /.bN/A2-3 x RAMThe system's swap space is kept on this partition.
Choosing the right amount of swap space can be a bit of an
art. A good rule of thumb is that your swap
space should be two or three times as much as the
available physical memory (RAM).
You should also have at least 64 MB of swap, so if you have
less than 32 MB of RAM in your computer then set the swap
amount to 64 MB.
If you have more than one disk then you can put swap
space on each disk. FreeBSD will then use each disk for
swap, which effectively speeds up the act of swapping. In
this case, calculate the total amount of swap you need
(e.g., 128 MB), and then divide this by the number of disks
you have (e.g., two disks) to give the amount of swap you
should put on each disk, in this example, 64 MB of swap per
disk.e/var50 MBThe /var directory contains variable
length files; log files, and other administrative files. Many
of these files are read-from or written-to extensively during
FreeBSD's day-to-day running. Putting these files on another
filesystem allows FreeBSD to optimise the access of these
files without affecting other files in other directories that
do not have the same access pattern.f/usrRest of diskAll your other files will typically be stored in
/usr, and its subdirectories.
If you will be installing FreeBSD on to more than one disk then
you must also create partitions in the other slices that you
configured. The easiest way to do this is to create two partitions on
each disk, one for the swap space, and one for a filesystem.
Partition Layout for Subsequent DisksPartitionFilesystemSizeDescriptionbN/ASee descriptionAs already discussed, you can split swap space across
each disk. Even though the a partition is
free, convention dictates that swap space stays on the
b partition.e/disknRest of diskThe rest of the disk is taken up with one big partition.
This could easily be put on the a
partition, instead of the e partition.
However, convention says that the a
partition on a slice is reserved for the filesystem that will
be the root (/) filesystem. You do not
have to follow this convention, but
sysinstall does, so following it
yourself makes the installation slightly cleaner. You can
choose to mount this filesystem anywhere; this example
suggests that you mount them as directories
/diskn, where
n is a number that changes for each
disk. But you can use another scheme if you prefer.
Having chosen your partition layout you can now create it using
sysinstall. You will see this
message: Message
Now, you need to create BSD partitions inside of the fdisk
partition(s) just created. If you have a reasonable amount of disk
space (200MB or more) and don't have any special requirements, simply
use the (A)uto command to allocate space automatically. If you have
more specific needs or just don't care for the layout chosen by
(A)uto, press F1 for more information on manual layout.
[ OK ]
[ Press enter or space ]Press Enter to start the FreeBSD partition
editor, called Disklabel. shows the display when you first
start Disklabel. The display is divided in
to three sections.The first few lines show the name of the disk you are currently
working on, and the slice that contains the partitions you are
creating (at this point Disklabel calls
this the Partition name rather than slice name).
This display also shows the amount of free space within the slice;
that is, space that was set aside in the slice, but that has not yet
been assigned to a partition.The middle of the display shows the partitions that have been
created, the name of the filesystem that each partition contains,
their size, and some options pertaining to the creation of the
filesystem.The bottom third of the screen shows the keystrokes that are valid
in Disklabel.Disklabel can automatically create
partitions for you and assign them default sizes. Try this now, by
Pressing A. You will see a display similar to that
shown in . Depending on the size of
the disk you are using the defaults may or may not be appropriate.
This does not matter, as you do not have to accept the
defaults.Beginning with FreeBSD 4.5, the default partitioning assigns
the /tmp directory its own partition instead
of being part of the / partition. This
helps avoid filling the / partition with
temporary files.To delete the suggested partitions, and replace them with your
own, use the arrow keys to select the first partition, and press
D to delete it. Repeat this to delete all the
suggested partitions.To create the first partition (a, mounted as
/), make sure the disk information at the top of
the screen is selected, and press C. A dialog box
will appear prompting you for the size of the new partition (as shown
in ). You can enter the size as
the number of disk blocks you want to use, or, more usefully, as a
number followed by either M for megabytes,
G for gigabytes, or C for
cylinders.Beginning with FreeBSD 5.X, users can select
UFS2 using the Custom Newfs
(Z) option. Either create labels with
Auto Defaults and modify them with the Custom Newfs option, or
add during the regular creation period.
Do not forget to add for SoftUpdates if you use the Custom Newfs
option!The default size shown will create a partition that takes up the
rest of the slice. If you are using the partition sizes described
earlier, then delete the existing figure using
Backspace, and then type in
64M, as shown in
. Then press
&gui.ok;.Having chosen the partition's size you will then asked whether
this partition will contain a filesystem or swap space. The dialog
box is shown in . This first
partition will contain a filesystem, so check that
FS is selected and then press
Enter.Finally, because you are creating a filesystem, you must tell
Disklabel where the filesystem is to be
mounted. The dialog box is shown in
. The root filesystem's mount
point is /, so type /, and
then press Enter.The display will then update to show you the newly created
partition. You should repeat this procedure for the other
partitions. When you create the swap partition you will not be
prompted for the filesystem mount point, as swap partitions are never
mounted. When you create the final partition,
/usr, you can leave the suggested size as is, to
use the rest of the slice.Your final FreeBSD DiskLabel Editor screen will appear similar to
, although your values chosen may
be different. Press Q to finish.Choosing What to InstallSelect the Distribution SetDeciding which distribution set to install will depend largely
on the intended use of the system and the amount of disk space
available. The predefined options range from installing the
smallest possible configuration to everything. Those who are
new to &unix; and/or FreeBSD should almost certainly select one
of these canned options. Customizing a distribution set is
typically for the more experienced user.Press F1 for more information on the
distribution set options and what they contain. When finished
reviewing the help, pressing Enter will return
to the Select Distributions Menu.If a graphical user interface is desired then a distribution
set that is preceded by an X should be
chosen. The configuration of XFree86 and selection of a default
desktop is part of the post-installation steps.The default version of XFree86 that is installed depends on the
version of the FreeBSD that you are installing. For FreeBSD versions
prior to 4.6, XFree86 3.X is installed. For FreeBSD 4.6 and later,
XFree86 4.X is the default.You should check to see whether your video card is supported at the
XFree86 web site. If it
is not supported under the default version that FreeBSD will install,
you should select a distribution without X for installation. After
installation, install and configure the appropriate version of
XFree86 using the ports collection.If compiling a custom kernel is anticipated, select an option
which includes the source code. For more information on why a
custom kernel should be built or how to build a custom kernel see
.Obviously, the most versatile system is one that includes
everything. If there is adequate disk space, select
All as shown in
by using the arrow keys and
press Enter. If there is a concern about disk
space consider using an option that is more suitable for the
situation. Other distributions can be added after installation.Installing the Ports CollectionAfter selecting the desired distribution, an opportunity to
install the FreeBSD Ports Collection is presented. The ports
collection is an easy and convenient way to install software.
The ports collection does not contain the source code necessary
to compile the software. It is a collection of files which
automates the downloading, compiling and installation.
discusses how to use the ports
collection.The installation program does not check to see if you have
adequate space. Select this option only if you have
adequate hard disk space. User Confirmation Requested
Would you like to install the FreeBSD ports collection?
This will give you ready access to over &os.numports; ported software packages,
at a cost of around &ports.size; of disk space when "clean" and possibly much
more than that if a lot of the distribution tarballs are loaded
(unless you have the extra CDs from a FreeBSD CD/DVD distribution
available and can mount it on /cdrom, in which case this is far less
of a problem).
The ports collection is a very valuable resource and well worth having
on your /usr partition, so it is advisable to say Yes to this option.
For more information on the ports collection & the latest ports,
visit:
http://www.FreeBSD.org/ports
[ Yes ] NoSelect [ Yes ] with the arrow keys to
install the ports collection or [ No ] to
skip this option. Press Enter to continue.
The Choose Distributions menu will redisplay.If satisfied with the options, select
Exit with the arrow keys, ensure that
&gui.ok; is highlighted, and press
Enter to continue.Choosing Your Installation MediaIf Installing from a CDROM, use the arrow keys to highlight
Install from a FreeBSD CD/DVD. Ensure
that &gui.ok; is highlighted, then press
Enter to proceed with the installation.For other methods of installation, select the appropriate
option and follow the instructions.Press F1 to display the Online Help for
installation media. Press Enter to return
to the media selection menu.FTP Installation ModesinstallationnetworkFTPThere are three FTP installation modes you can choose from:
active FTP, passive FTP, or via a HTTP proxy.FTP Active, Install from an FTP
serverThis option will make all FTP transfers
use Active
mode. This will not work through firewalls, but will
often work with older FTP servers that do not support
passive mode. If your connection hangs with passive
mode (the default), try active!FTP Passive, Install from an FTP server through a
firewallFTPpassive modeThis option instructs FreeBSD to use
Passive mode for all FTP operations.
This allows the user to pass through firewalls
that do not allow incoming connections on random port
addresses.FTP via a HTTP proxy, Install from an FTP server
through a http proxyFTPvia a HTTP proxyThis option instructs FreeBSD to use the HTTP
protocol (like a web browser) to connect to a proxy
for all FTP operations. The proxy will translate
the requests and send them to the FTP server.
This allows the user to pass through firewalls
that do not allow FTP at all, but offer a HTTP
proxy.
In this case, you have to specify the proxy in
addition to the FTP server.For a proxy FTP server, you should usually give the name of the
server you really want as a part of the username, after an
@ sign. The proxy server then fakes
the real server. For example, assuming you want to install from
ftp.FreeBSD.org, using the proxy FTP
server foo.example.com, listening on port
1024.In this case, you go to the options menu, set the FTP username
to ftp@ftp.FreeBSD.org, and the password to your
email address. As your installation media, you specify FTP (or
passive FTP, if the proxy supports it), and the URL
ftp://foo.example.com:1234/pub/FreeBSD.Since /pub/FreeBSD from
ftp.FreeBSD.org is proxied under
foo.example.com, you are able to install
from that machine (which will fetch the files
from ftp.FreeBSD.org as your
installation requests them).Committing to the InstallationThe installation can now proceed if desired. This is also
the last chance for aborting the installation to prevent changes
to the hard drive. User Confirmation Requested
Last Chance! Are you SURE you want to continue the installation?
If you're running this on a disk with data you wish to save then WE
STRONGLY ENCOURAGE YOU TO MAKE PROPER BACKUPS before proceeding!
We can take no responsibility for lost disk contents!
[ Yes ] NoSelect [ Yes ] and press
Enter to proceed.The installation time will vary according to the distribution
chosen, installation media used, and the speed of the computer.
There will be a series of
messages displayed indicating the status.The installation is complete when the following message is
displayed: Message
Congratulations! You now have FreeBSD installed on your system.
We will now move on to the final configuration questions.
For any option you do not wish to configure, simply select No.
If you wish to re-enter this utility after the system is up, you may
do so by typing: /stand/sysinstall .
[ OK ]
[ Press enter to continue ]Press Enter to proceed with post-installation
configurations.Selecting [ No ] and pressing
Enter will abort
the installation so no changes will be made to your system. The
following message will appear: Message
Installation complete with some errors. You may wish to scroll
through the debugging messages on VTY1 with the scroll-lock feature.
You can also choose "No" at the next prompt and go back into the
installation menus to retry whichever operations have failed.
[ OK ]This message is generated because nothing was installed.
Pressing Enter will return to the
Main Installation Menu to exit the installation.Post-installationConfiguration of various options follows the successful
installation. An option can be configured by re-entering the
configuration options before booting the new FreeBSD
system or after installation using
/stand/sysinstall and selecting
Configure.Network Device ConfigurationIf you previously configured PPP for an FTP install, this screen
will not display and can be configured later as described
above.For detailed information on Local Area Networks and
configuring FreeBSD as a gateway/router refer to the
Advanced Networking
chapter. User Confirmation Requested
Would you like to configure any Ethernet or SLIP/PPP network devices?
[ Yes ] NoTo configure a network device, select
[ Yes ] and press Enter.
Otherwise, select [ No ] to continue.Select the interface to be configured with the arrow keys and press
Enter. User Confirmation Requested
Do you want to try IPv6 configuration of the interface?
Yes [ No ]In this private local area network the current Internet
type protocol (IPv4) was sufficient and [ No ]
was selected with the arrow keys and Enter
pressed.If you want to try the new Internet protocol (IPv6), choose
[ Yes ] and press Enter.
It will take several seconds to scan for RA servers. User Confirmation Requested
Do you want to try DHCP configuration of the interface?
Yes [ No ]If DHCP (Dynamic Host Configuration Protocol) is not required
select [ No ] with the arrow keys and press
Enter.Selecting [ Yes ] will execute
dhclient, and if successful, will fill
in the network configuration information automatically. Refer to
for more information.The following Network Configuration screen shows the
configuration of the Ethernet device for a system that will act
as the gateway for a Local Area Network.Use Tab to select the information fields and
fill in appropriate information:HostThe fully-qualified hostname, e.g. k6-2.example.com in
this case.DomainThe name of the domain that your machine is
in, e.g. example.com for this case.IPv4 GatewayIP address of host forwarding packets to non-local
destinations. Fill this in only if the machine is a node
on the network. Leave this field blank
if the machine is the gateway to the Internet for the
network.Name serverIP address of your local DNS server. There is no local
DNS server on this private local area network so the IP
address of the provider's DNS server
(208.163.10.2) was used.IPv4 addressThe IP address to be used for this interface was
192.168.0.1NetmaskThe address block being used for this local area
network is a Class C block
(192.168.0.0 -
192.168.255.255).
The default netmask is for a Class C network
(255.255.255.0).Extra options to ifconfigAny interface-specific options to ifconfig
you would like to add. There were none in this case.Use Tab to select &gui.ok;
when finished and press Enter. User Confirmation Requested
Would you like to Bring Up the ed0 interface right now?
[ Yes ] NoChoosing [ Yes ] and pressing
Enter will bring
the machine up on the network and be ready for use after leaving
the installation.Configure Gateway User Confirmation Requested
Do you want this machine to function as a network gateway?
[ Yes ] NoIf the machine will be acting as the gateway for a local area
network and forwarding packets between other machines then select
[ Yes ] and press Enter.
If the machine is a node on a network then
select [ No ] and press
Enter to continue.Configure Internet Services User Confirmation Requested
Do you want to configure inetd and the network services that it provides?
Yes [ No ]If [ No ] is selected, various services
such telnetd will not be enabled. This
means that remote users will not be able to
telnet into this machine. Local users
will be still be able to access remote machines with
telnet.These services can be enabled after installation by editing
/etc/inetd.conf with your favorite text editor.
See for more information.Select [ Yes ] if you wish to
configure these services during install. An additional
confirmation will display: User Confirmation Requested
The Internet Super Server (inetd) allows a number of simple Internet
services to be enabled, including finger, ftp and telnetd. Enabling
these services may increase risk of security problems by increasing
the exposure of your system.
With this in mind, do you wish to enable inetd?
[ Yes ] NoSelect [ Yes ] to continue. User Confirmation Requested
inetd(8) relies on its configuration file, /etc/inetd.conf, to determine
which of its Internet services will be available. The default FreeBSD
inetd.conf(5) leaves all services disabled by default, so they must be
specifically enabled in the configuration file before they will
function, even once inetd(8) is enabled. Note that services for
IPv6 must be separately enabled from IPv4 services.
Select [Yes] now to invoke an editor on /etc/inetd.conf, or [No] to
use the current settings.
[ Yes ] NoSelecting [ Yes ] will allow adding
services by deleting the # at the beginning
of a line.After adding the desired services, pressing Esc
will display a menu which will allow exiting and saving
the changes.Anonymous FTP User Confirmation Requested
Do you want to have anonymous FTP access to this machine?
Yes [ No ]Deny Anonymous FTPSelecting the default [ No ] and pressing
Enter will still allow users who have accounts
with passwords to use FTP to access the machine.Allow Anonymous FTPAnyone can access your machine if you elect to allow
anonymous FTP connections. The security implications should be
considered before enabling this option. For more information
about security see .To allow anonymous FTP, use the arrow keys to select
[ Yes ] and press Enter.
The following screen (or similar) will display:Pressing F1 will display the help:This screen allows you to configure the anonymous FTP user.
The following configuration values are editable:
UID: The user ID you wish to assign to the anonymous FTP user.
All files uploaded will be owned by this ID.
Group: Which group you wish the anonymous FTP user to be in.
Comment: String describing this user in /etc/passwd
FTP Root Directory:
Where files available for anonymous FTP will be kept.
Upload subdirectory:
Where files uploaded by anonymous FTP users will go.The ftp root directory will be put in /var
by default. If you do not have enough room there for the
anticipated FTP needs, the /usr directory
could be used by setting the FTP Root Directory to
/usr/ftp.When you are satisfied with the values, press
Enter to continue. User Confirmation Requested
Create a welcome message file for anonymous FTP users?
[ Yes ] NoIf you select [ Yes ] and press
Enter, an editor will automatically start
allowing you to edit the message.This is a text editor called ee. Use the
instructions to change the message or change the message later
using a text editor of your choice. Note the file name/location
at the bottom of the editor screen.Press Esc and a pop-up menu will default
to a) leave editor. Press
Enter to exit and continue.Configure Network File ServicesNetwork File Services (NFS) allows sharing of files across a
network. A machine can be configured as a server, a client, or
both. Refer to for a more information.NFS Server User Confirmation Requested
Do you want to configure this machine as an NFS server?
Yes [ No ]If there is no need for a Network File System server or
client, select [ No ] and press
Enter.If [ Yes ] is chosen, a message will
pop-up indicating that the exports file must be
created. Message
Operating as an NFS server means that you must first configure an
/etc/exports file to indicate which hosts are allowed certain kinds of
access to your local filesystems.
Press [Enter] now to invoke an editor on /etc/exports
[ OK ]Press Enter to continue. A text editor will
start allowing the exports file to be created
and edited.Use the instructions to add the actual exported filesystems
now or later using a text editor of your choice. Note the
file name/location at the bottom of the editor screen.Press Esc and a pop-up menu will default to
a) leave editor. Press
Enter to exit and continue.NFS Client User Confirmation Requested
Do you want to configure this machine as an NFS client?
Yes [ No ]With the arrow keys, select [ Yes ]
or [ No ] as appropriate and
press Enter.Security ProfileA security profile is a set of
configuration options that attempts to achieve the desired
ratio of security to convenience by enabling and disabling
certain programs and other settings. The more severe the
security profile, the fewer programs will be enabled by
default. This is one of the basic principles of security: do
not run anything except what you must.Please note that the security profile is just a default
setting. All programs can be enabled and disabled after you
have installed FreeBSD by editing or adding the appropriate
line(s) to /etc/rc.conf. For more
information, please see the &man.rc.conf.5; manual
page.The following table describes what each of the security
profiles does. The columns are the choices you have for a
security profile, and the rows are the program or feature that
the profile enables or disables.
Possible Security ProfilesExtremeModerate&man.sendmail.8;NOYES&man.sshd.8;NOYES&man.portmap.8;NOMAYBE
The portmapper is enabled if the machine has
been configured as an NFS client or server earlier
in the installation.NFS serverNOYES&man.securelevel.8;YES
If you choose a security profile that sets the
securelevel to Extreme or
High, you must be aware of the
implications. Please read the &man.init.8;
manual page and pay particular attention to the
meanings of the security levels, or you may have
significant trouble later!NO
User Confirmation Requested
Do you want to select a default security profile for this host (select
No for "medium" security)?
[ Yes ] NoSelecting [ No ] and pressing
Enter will set the security profile to medium.Selecting [ Yes ] and pressing
Enter will allow selecting a different security
profile.Press F1 to display the help. Press
Enter to return to selection menu.Use the arrow keys to choose Medium
unless your are sure that another level is required for your needs.
With &gui.ok; highlighted, press
Enter.An appropriate confirmation message will display depending on
which security setting was chosen. Message
Moderate security settings have been selected.
Sendmail and SSHd have been enabled, securelevels are
disabled, and NFS server setting have been left intact.
PLEASE NOTE that this still does not save you from having
to properly secure your system in other ways or exercise
due diligence in your administration, this simply picks
a standard set of out-of-box defaults to start with.
To change any of these settings later, edit /etc/rc.conf
[OK] Message
Extreme security settings have been selected.
Sendmail, SSHd, and NFS services have been disabled, and
securelevels have been enabled.
PLEASE NOTE that this still does not save you from having
to properly secure your system in other ways or exercise
due diligence in your administration, this simply picks
a more secure set of out-of-box defaults to start with.
To change any of these settings later, edit /etc/rc.conf
[OK]Press Enter to continue with the
post-installation configuration.The security profile is not a silver bullet! Even if
you use the extreme setting, you need to keep up with
security issues by reading an appropriate mailing
list, using good passwords and passphrases, and
generally adhering to good security practices. It simply
sets up the desired security to convenience ratio out of the
box.System Console SettingsThere are several options available to customize the system
console. User Confirmation Requested
Would you like to customize your system console settings?
[ Yes ] NoTo view and configure the options, select
[ Yes ] and press
Enter.A commonly used option is the screen saver. Use the arrow keys
to select Saver and then press
Enter.Select the desired screen saver using the arrow keys
and then press Enter. The System Console
Configuration menu will redisplay.The default time interval is 300 seconds. To change the time
interval, select Saver again. At the
Screen Saver Options menu, select Timeout
using the arrow keys and press Enter. A pop-up
menu will appear:The value can be changed, then select &gui.ok;
and press Enter to return to the System Console
Configuration menu.Selecting Exit and pressing
Enter will continue with the post-installation
configurations.Setting the Time ZoneSetting the time zone for your machine will allow it to
automatically correct for any regional time changes and perform
other time zone related functions properly.The example shown is for a machine located in the Eastern
time zone of the United States. Your selections will vary according
to your geographical location. User Confirmation Requested
Would you like to set this machine's time zone now?
[ Yes ] NoSelect [ Yes ] and press
Enter to set the time zone. User Confirmation Requested
Is this machine's CMOS clock set to UTC? If it is set to local time
or you don't know, please choose NO here!
Yes [ No ]Select [ Yes ]
or [ No ] according to how the machine's
clock is configured and press Enter.The appropriate region is selected using the arrow keys
and then press Enter.Select the appropriate country using the arrow keys
and press Enter.The appropriate time zone is selected using the arrow
keys and pressing Enter. Confirmation
Does the abbreviation 'EDT' look reasonable?
[ Yes ] NoConfirm the abbreviation for the time zone is correct.
If it looks okay, press Enter to continue with
the post-installation configuration.Linux Compatibility User Confirmation Requested
Would you like to enable Linux binary compatibility?
[ Yes ] NoSelecting [ Yes ] and pressing
Enter will allow
running Linux software on FreeBSD. The install will proceed to add
the appropriate packages for Linux compatibility.If installing by FTP, the machine will need to be connected to
the Internet. Sometimes a remote ftp site will not have all the
distributions like the Linux binary compatibility. This can
be installed later if necessary.Mouse SettingsThis option will allow you to cut and paste text in the
console and user programs with a 3-button mouse. If using a 2-button
mouse, refer to manual page, &man.moused.8;, after installation for
details on emulating the 3-button style. This example depicts a
non-USB mouse configuration: User Confirmation Requested
Does this system have a non-USB mouse attached to it?
[ Yes ] No Select [ Yes ] for a non-USB mouse or
[ No ] for a USB mouse and press
Enter.Use the arrow keys to select Type and
press Enter.The mouse used in this example is a PS/2 type, so the default
Auto was appropriate. To change protocol,
use the arrow keys to select another option. Ensure that &gui.ok; is
highlighted and press Enter to exit this menu.Use the arrow keys to select Port and
press Enter.This system had a PS/2 mouse, so the default
PS/2 was appropriate. To change the port,
use the arrow keys and then press Enter.Last, the mouse daemon is enabled and tested.The cursor moved around the screen so the mouse daemon is
running.Select [ Yes ] to return to the previous
menu then select Exit with the arrow keys
and press Enter to return to continue with the
post-installation configuration.Configure X ServerIn order to use a graphical user interface such as
KDE, GNOME,
or others, the X server will need to be configured.In order to run XFree86 as a
non root user you will need to
have x11/wrapper installed.
This is installed by default beginning with FreeBSD 4.7. For
earlier versions this can be added
from the Package Selection menu.To see whether your video card is supported, check the
XFree86 web site. User Confirmation Requested
Would you like to configure your X server at this time?
[ Yes ] NoIt is necessary to know your monitor specifications and
video card information. Equipment damage can occur if settings
are incorrect. If you do not have this information, select
[ No ] and perform the configuration
after installation when you have the information using
/stand/sysinstall, selecting
Configure and then
XFree86.
If you have graphics card and monitor information, select
[ Yes ] and press Enter
to proceed with configuring the X server.There are several ways to configure the X server.
Use the arrow keys to select one of the methods and press
Enter. Be sure to read all instructions
carefully.The xf86cfg and
xf86cfg -textmode may make the screen
go dark and take a few seconds to start. Be patient.The following will illustrate the use of the
xf86config configuration tool. The
configuration choices you make will depend on the hardware in the
system so your choices will probably be different than those
shown: Message
You have configured and been running the mouse daemon.
Choose "/dev/sysmouse" as the mouse port and "SysMouse" or
"MouseSystems" as the mouse protocol in the X configuration utility.
[ OK ]
[ Press enter to continue ]This indicates that the mouse daemon previously configured has been
detected.
Press Enter to continue.Starting xf86config will display
a brief introduction:This program will create a basic XF86Config file, based on menu selections you
make.
The XF86Config file usually resides in /usr/X11R6/etc/X11 or /etc/X11. A sample
XF86Config file is supplied with XFree86; it is configured for a standard
VGA card and monitor with 640x480 resolution. This program will ask for a
pathname when it is ready to write the file.
You can either take the sample XF86Config as a base and edit it for your
configuration, or let this program produce a base XF86Config file for your
configuration and fine-tune it.
Before continuing with this program, make sure you know what video card
you have, and preferably also the chipset it uses and the amount of video
memory on your video card. SuperProbe may be able to help with this.
Press enter to continue, or ctrl-c to abort.Pressing Enter will start the mouse
configuration. Be sure to follow the instructions and use
Mouse Systems as the mouse protocol and
/dev/sysmouse as the mouse port even if
using a PS/2 mouse is shown as an illustration.First specify a mouse protocol type. Choose one from the following list:
1. Microsoft compatible (2-button protocol)
2. Mouse Systems (3-button protocol) & FreeBSD moused protocol
3. Bus Mouse
4. PS/2 Mouse
5. Logitech Mouse (serial, old type, Logitech protocol)
6. Logitech MouseMan (Microsoft compatible)
7. MM Series
8. MM HitTablet
9. Microsoft IntelliMouse
If you have a two-button mouse, it is most likely of type 1, and if you have
a three-button mouse, it can probably support both protocol 1 and 2. There are
two main varieties of the latter type: mice with a switch to select the
protocol, and mice that default to 1 and require a button to be held at
boot-time to select protocol 2. Some mice can be convinced to do 2 by sending
a special sequence to the serial port (see the ClearDTR/ClearRTS options).
Enter a protocol number: 2
You have selected a Mouse Systems protocol mouse. If your mouse is normally
in Microsoft-compatible mode, enabling the ClearDTR and ClearRTS options
may cause it to switch to Mouse Systems mode when the server starts.
Please answer the following question with either 'y' or 'n'.
Do you want to enable ClearDTR and ClearRTS? n
You have selected a three-button mouse protocol. It is recommended that you
do not enable Emulate3Buttons, unless the third button doesn't work.
Please answer the following question with either 'y' or 'n'.
Do you want to enable Emulate3Buttons? y
Now give the full device name that the mouse is connected to, for example
/dev/tty00. Just pressing enter will use the default, /dev/mouse.
On FreeBSD, the default is /dev/sysmouse.
Mouse device: /dev/sysmouseThe keyboard is the next item to be configured. A generic
101-key model is shown for illustration. Any name may be used
for the variant or simply press Enter to accept
the default value.Please select one of the following keyboard types that is the better
description of your keyboard. If nothing really matches,
choose 1 (Generic 101-key PC)
1 Generic 101-key PC
2 Generic 102-key (Intl) PC
3 Generic 104-key PC
4 Generic 105-key (Intl) PC
5 Dell 101-key PC
6 Everex STEPnote
7 Keytronic FlexPro
8 Microsoft Natural
9 Northgate OmniKey 101
10 Winbook Model XP5
11 Japanese 106-key
12 PC-98xx Series
13 Brazilian ABNT2
14 HP Internet
15 Logitech iTouch
16 Logitech Cordless Desktop Pro
17 Logitech Internet Keyboard
18 Logitech Internet Navigator Keyboard
19 Compaq Internet
20 Microsoft Natural Pro
21 Genius Comfy KB-16M
22 IBM Rapid Access
23 IBM Rapid Access II
24 Chicony Internet Keyboard
25 Dell Internet Keyboard
Enter a number to choose the keyboard.
1
Please select the layout corresponding to your keyboard
1 U.S. English
2 U.S. English w/ ISO9995-3
3 U.S. English w/ deadkeys
4 Albanian
5 Arabic
6 Armenian
7 Azerbaidjani
8 Belarusian
9 Belgian
10 Bengali
11 Brazilian
12 Bulgarian
13 Burmese
14 Canadian
15 Croatian
16 Czech
17 Czech (qwerty)
18 Danish
Enter a number to choose the country.
Press enter for the next page
1
Please enter a variant name for 'us' layout. Or just press enter
for default variant
us
Please answer the following question with either 'y' or 'n'.
Do you want to select additional XKB options (group switcher,
group indicator, etc.)? nNext, we proceed to the configuration for the monitor. Do not
exceed the ratings of your monitor. Damage could occur. If you
have any doubts, do the configuration after you have the
information.Now we want to set the specifications of the monitor. The two critical
parameters are the vertical refresh rate, which is the rate at which the
whole screen is refreshed, and most importantly the horizontal sync rate,
which is the rate at which scanlines are displayed.
The valid range for horizontal sync and vertical sync should be documented
in the manual of your monitor. If in doubt, check the monitor database
/usr/X11R6/lib/X11/doc/Monitors to see if your monitor is there.
Press enter to continue, or ctrl-c to abort.
You must indicate the horizontal sync range of your monitor. You can either
select one of the predefined ranges below that correspond to industry-
standard monitor types, or give a specific range.
It is VERY IMPORTANT that you do not specify a monitor type with a horizontal
sync range that is beyond the capabilities of your monitor. If in doubt,
choose a conservative setting.
hsync in kHz; monitor type with characteristic modes
1 31.5; Standard VGA, 640x480 @ 60 Hz
2 31.5 - 35.1; Super VGA, 800x600 @ 56 Hz
3 31.5, 35.5; 8514 Compatible, 1024x768 @ 87 Hz interlaced (no 800x600)
4 31.5, 35.15, 35.5; Super VGA, 1024x768 @ 87 Hz interlaced, 800x600 @ 56 Hz
5 31.5 - 37.9; Extended Super VGA, 800x600 @ 60 Hz, 640x480 @ 72 Hz
6 31.5 - 48.5; Non-Interlaced SVGA, 1024x768 @ 60 Hz, 800x600 @ 72 Hz
7 31.5 - 57.0; High Frequency SVGA, 1024x768 @ 70 Hz
8 31.5 - 64.3; Monitor that can do 1280x1024 @ 60 Hz
9 31.5 - 79.0; Monitor that can do 1280x1024 @ 74 Hz
10 31.5 - 82.0; Monitor that can do 1280x1024 @ 76 Hz
11 Enter your own horizontal sync range
Enter your choice (1-11): 6
You must indicate the vertical sync range of your monitor. You can either
select one of the predefined ranges below that correspond to industry-
standard monitor types, or give a specific range. For interlaced modes,
the number that counts is the high one (e.g. 87 Hz rather than 43 Hz).
1 50-70
2 50-90
3 50-100
4 40-150
5 Enter your own vertical sync range
Enter your choice: 2
You must now enter a few identification/description strings, namely an
identifier, a vendor name, and a model name. Just pressing enter will fill
in default names.
The strings are free-form, spaces are allowed.
Enter an identifier for your monitor definition: HitachiThe selection of a video card driver from a list is
next. If you pass your card on the list, continue to press
Enter and the list will repeat. Only an
excerpt from the list is shown:Now we must configure video card specific settings. At this point you can
choose to make a selection out of a database of video card definitions.
Because there can be variation in Ramdacs and clock generators even
between cards of the same model, it is not sensible to blindly copy
the settings (e.g. a Device section). For this reason, after you make a
selection, you will still be asked about the components of the card, with
the settings from the chosen database entry presented as a strong hint.
The database entries include information about the chipset, what driver to
run, the Ramdac and ClockChip, and comments that will be included in the
Device section. However, a lot of definitions only hint about what driver
to run (based on the chipset the card uses) and are untested.
If you can't find your card in the database, there's nothing to worry about.
You should only choose a database entry that is exactly the same model as
your card; choosing one that looks similar is just a bad idea (e.g. a
GemStone Snail 64 may be as different from a GemStone Snail 64+ in terms of
hardware as can be).
Do you want to look at the card database? y
288 Matrox Millennium G200 8MB mgag200
289 Matrox Millennium G200 SD 16MB mgag200
290 Matrox Millennium G200 SD 4MB mgag200
291 Matrox Millennium G200 SD 8MB mgag200
292 Matrox Millennium G400 mgag400
293 Matrox Millennium II 16MB mga2164w
294 Matrox Millennium II 4MB mga2164w
295 Matrox Millennium II 8MB mga2164w
296 Matrox Mystique mga1064sg
297 Matrox Mystique G200 16MB mgag200
298 Matrox Mystique G200 4MB mgag200
299 Matrox Mystique G200 8MB mgag200
300 Matrox Productiva G100 4MB mgag100
301 Matrox Productiva G100 8MB mgag100
302 MediaGX mediagx
303 MediaVision Proaxcel 128 ET6000
304 Mirage Z-128 ET6000
305 Miro CRYSTAL VRX Verite 1000
Enter a number to choose the corresponding card definition.
Press enter for the next page, q to continue configuration.
288
Your selected card definition:
Identifier: Matrox Millennium G200 8MB
Chipset: mgag200
Driver: mga
Do NOT probe clocks or use any Clocks line.
Press enter to continue, or ctrl-c to abort.
Now you must give information about your video card. This will be used for
the "Device" section of your video card in XF86Config.
You must indicate how much video memory you have. It is probably a good
idea to use the same approximate amount as that detected by the server you
intend to use. If you encounter problems that are due to the used server
not supporting the amount memory you have (e.g. ATI Mach64 is limited to
1024K with the SVGA server), specify the maximum amount supported by the
server.
How much video memory do you have on your video card:
1 256K
2 512K
3 1024K
4 2048K
5 4096K
6 Other
Enter your choice: 6
Amount of video memory in Kbytes: 8192
You must now enter a few identification/description strings, namely an
identifier, a vendor name, and a model name. Just pressing enter will fill
in default names (possibly from a card definition).
Your card definition is Matrox Millennium G200 8MB.
The strings are free-form, spaces are allowed.
Enter an identifier for your video card definition:Next, the video modes are set for the resolutions
desired. Typically, useful ranges are 640x480, 800x600, and 1024x768
but those are a function of video card capability, monitor size,
and eye comfort. When selecting a color depth, select the highest
mode that your card will support.For each depth, a list of modes (resolutions) is defined. The default
resolution that the server will start-up with will be the first listed
mode that can be supported by the monitor and card.
Currently it is set to:
"640x480" "800x600" "1024x768" "1280x1024" for 8-bit
"640x480" "800x600" "1024x768" "1280x1024" for 16-bit
"640x480" "800x600" "1024x768" "1280x1024" for 24-bit
Modes that cannot be supported due to monitor or clock constraints will
be automatically skipped by the server.
1 Change the modes for 8-bit (256 colors)
2 Change the modes for 16-bit (32K/64K colors)
3 Change the modes for 24-bit (24-bit color)
4 The modes are OK, continue.
Enter your choice: 2
Select modes from the following list:
1 "640x400"
2 "640x480"
3 "800x600"
4 "1024x768"
5 "1280x1024"
6 "320x200"
7 "320x240"
8 "400x300"
9 "1152x864"
a "1600x1200"
b "1800x1400"
c "512x384"
Please type the digits corresponding to the modes that you want to select.
For example, 432 selects "1024x768" "800x600" "640x480", with a
default mode of 1024x768.
Which modes? 432
You can have a virtual screen (desktop), which is screen area that is larger
than the physical screen and which is panned by moving the mouse to the edge
of the screen. If you don't want virtual desktop at a certain resolution,
you cannot have modes listed that are larger. Each color depth can have a
differently-sized virtual screen
Please answer the following question with either 'y' or 'n'.
Do you want a virtual screen that is larger than the physical screen? n
For each depth, a list of modes (resolutions) is defined. The default
resolution that the server will start-up with will be the first listed
mode that can be supported by the monitor and card.
Currently it is set to:
"640x480" "800x600" "1024x768" "1280x1024" for 8-bit
"1024x768" "800x600" "640x480" for 16-bit
"640x480" "800x600" "1024x768" "1280x1024" for 24-bit
Modes that cannot be supported due to monitor or clock constraints will
be automatically skipped by the server.
1 Change the modes for 8-bit (256 colors)
2 Change the modes for 16-bit (32K/64K colors)
3 Change the modes for 24-bit (24-bit color)
4 The modes are OK, continue.
Enter your choice: 4
Please specify which color depth you want to use by default:
1 1 bit (monochrome)
2 4 bits (16 colors)
3 8 bits (256 colors)
4 16 bits (65536 colors)
5 24 bits (16 million colors)
Enter a number to choose the default depth.
4Finally, the configuration needs to be saved. Be sure
to enter /etc/XF86Config as the location
for saving the configuration.I am going to write the XF86Config file now. Make sure you don't accidently
overwrite a previously configured one.
Shall I write it to /etc/X11/XF86Config? yIf the configuration fails, you can try the configuration again
by selecting [ Yes ] when the following
message appears: User Confirmation Requested
The XFree86 configuration process seems to have
failed. Would you like to try again?
[ Yes ] NoIf you have trouble configuring XFree86, select
[ No ] and press Enter
and continue with the installation process. After installation
you can use xf86cfg -textmode or
xf86config to access the command line
configuration utilities as root. There is
an additional method for configuring XFree86 described in
. If you choose not to configure
XFree86 at this time the next menu will be for package
selection.The default setting which allows the server to be killed
is the hotkey sequence CtrlAltBackspace. This
can be executed if something is wrong with the server settings and
prevent hardware damage.The default setting that allows video mode switching will
permit changing of the mode while running X with the hotkey
sequence
CtrlAlt+ or
CtrlAlt-.
After installation, the display can be adjusted for height,
width, or centering by using xvidtune
after you have XFree86 running with
xvidtune.There are warnings that improper settings can
damage your equipment. Heed them. If in doubt, do not do
it. Instead, use the monitor controls to adjust the display for
X Window. There may be some display differences when switching
back to text mode, but it is better than damaging equipment.Read the &man.xvidtune.1; manual page before making
any adjustments.Following a successful XFree86 configuration, it will proceed
to the selection of a default desktop.Select Default X DesktopThere are a variety of window managers available. They range
from very basic environments to full desktop environments with a
large suite of software. Some require only minimal disk space and
low memory while others with more features require much more. The
best way to determine which is most suitable for you is to try a few
different ones. Those are available from the ports collection or as
packages and can be added after installation.You can select one of the popular desktops to be installed
and configured as the default desktop. This will allow you
to start it right after installation.Use the arrow keys to select a desktop and press
Enter. Installation of the selected desktop will
proceed.Install PackagesThe packages are pre-compiled binaries and are a convenient
way to install software.Installation of one package is shown for purposes of
illustration. Additional packages can also be added at this
time if desired. After installation
/stand/sysinstall can be used to add additional
packages. User Confirmation Requested
The FreeBSD package collection is a collection of hundreds of
ready-to-run applications, from text editors to games to WEB servers
and more. Would you like to browse the collection now?
[ Yes ] NoSelecting [ Yes ] and pressing
Enter will be
followed by the Package Selection screens:All packages available will be displayed if
All is selected or you can select a
particular category. Highlight your selection with the arrow
keys and press Enter.A menu will display showing all the packages available for
the selection made:The bash shell is shown selected.
Select as many as desired by highlighting the package and pressing the
Space key. A short description of each package will
appear in the lower left corner of the screen.Pressing the Tab key will toggle between the last
selected package, &gui.ok;, and &gui.cancel;.When you have finished marking the packages for installation,
press Tab once to toggle to the &gui.ok; and press
Enter to return to the Package Selection menu.The left and right arrow keys will also toggle between &gui.ok;
and &gui.cancel;. This method can also be used to select &gui.ok; and
press Enter to return to the Package Selection
menu.Use the arrow keys to select [ Install ]
and press Enter. You will then need to confirm
that you want to install the packages:Selecting &gui.ok; and pressing Enter will start
the package installation. Installing messages will appear until
completed. Make note if there are any error messages.The final configuration continues after packages are
installed.Add Users/GroupsYou should add at least one user during the installation so
that you can use the system without being logged in as
root. The root partition is generally small
and running applications as root can quickly
fill it. A bigger danger is noted below: User Confirmation Requested
Would you like to add any initial user accounts to the system? Adding
at least one account for yourself at this stage is suggested since
working as the "root" user is dangerous (it is easy to do things which
adversely affect the entire system).
[ Yes ] NoSelect [ Yes ] and press
Enter to continue with adding a user.Select User with the arrow keys
and press Enter.The following descriptions will appear in the lower part of
the screen as the items are selected with Tab
to assist with entering the required information:Login IDThe login name of the new user (mandatory).UIDThe numerical ID for this user (leave blank for
automatic choice).GroupThe login group name for this user (leave blank for
automatic choice).PasswordThe password for this user (enter this field with
care!).Full nameThe user's full name (comment).Member groupsThe groups this user belongs to (i.e. gets access
rights for).Home directoryThe user's home directory (leave blank for
default).Login shellThe user's login shell (leave blank for
default, e.g. /bin/sh).The login shell was changed from /bin/sh to
/usr/local/bin/bash to use the
bash shell that was previously installed as
a package. Do not try to use a shell that does not exist or you will
not be able to login.The user was also added to the wheel group
to be able to become a superuser with root
privileges.When you are satisfied, press &gui.ok; and
the User and Group Management menu will redisplay:Groups could also be added at this time if specific needs
are known. Otherwise, this may be accessed through using
/stand/sysinstall after installation is
completed.When you are finished adding users, select
Exit with the arrow keys and press
Enter to continue the installation.Set the root Password Message
Now you must set the system manager's password.
This is the password you'll use to log in as "root".
[ OK ]
[ Press enter to continue ]Press Enter to set the root
password.The password will need to be typed in twice correctly. Needless to
say, make sure you have a way of finding the password if you
forget.Changing local password for root.
New password :
Retype new password :The installation will continue after the password is
successfully entered.Exiting InstallIf you need to configure additional network devices or to
do any other configurations, you can do it at this point or
after installation with /stand/sysinstall. User Confirmation Requested
Visit the general configuration menu for a chance to set any last
options?
Yes [ No ]Select [ No ] with the arrow keys
and press Enter to return to the Main
Installation Menu.Select [X Exit Install] with the arrow
keys and press Enter. You will be asked to
confirm exiting the installation: User Confirmation Requested
Are you sure you wish to exit? The system will reboot (be sure to
remove any floppies from the drives).
[ Yes ] NoSelect [ Yes ] and remove the floppy if
booting from the floppy. The CDROM drive is locked until the machine
starts to reboot. The CDROM drive is then unlocked and the disk can
be removed from drive (quickly).The system will reboot so watch for any error messages that
may appear.FreeBSD BootupFreeBSD Bootup on the &i386;If everything went well, you will see messages scroll
off the screen and you will arrive at a login prompt. You can view
the content of the messages by pressing Scroll-Lock
and using PgUp and PgDn.
Pressing Scroll-Lock again will return
to the prompt.The entire message may not display (buffer limitation) but
it can be viewed from the command line after logging in by typing
dmesg at the prompt.Login using the username/password you set during installation
(rpratt, in this example). Avoid logging in as
root except when necessary.Typical boot messages (version information omitted):Copyright (c) 1992-2002 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
Timecounter "i8254" frequency 1193182 Hz
CPU: AMD-K6(tm) 3D processor (300.68-MHz 586-class CPU)
Origin = "AuthenticAMD" Id = 0x580 Stepping = 0
Features=0x8001bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8,MMX>
AMD Features=0x80000800<SYSCALL,3DNow!>
real memory = 268435456 (262144K bytes)
config> di sn0
config> di lnc0
config> di le0
config> di ie0
config> di fe0
config> di cs0
config> di bt0
config> di aic0
config> di aha0
config> di adv0
config> q
avail memory = 256311296 (250304K bytes)
Preloaded elf kernel "kernel" at 0xc0491000.
Preloaded userconfig_script "/boot/kernel.conf" at 0xc049109c.
md0: Malloc disk
Using $PIR table, 4 entries at 0xc00fde60
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <VIA 82C598MVP (Apollo MVP3) PCI-PCI (AGP) bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <Matrox MGA G200 AGP graphics accelerator> at 0.0 irq 11
isab0: <VIA 82C586 PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C586 ATA33 controller> port 0xe000-0xe00f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <VIA 83C572 USB controller> port 0xe400-0xe41f irq 10 at device 7.2 on pci0
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
chip1: <VIA 82C586B ACPI interface> at device 7.3 on pci0
ed0: <NE2000 PCI Ethernet (RealTek 8029)> port 0xe800-0xe81f irq 9 at
device 10.0 on pci0
ed0: address 52:54:05:de:73:1b, type NE2000 (16 bit)
isa0: too many dependant configs (8)
isa0: unexpected small tag 14
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <keyboard controller (i8042)> at port 0x60-0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model Generic PS/2 mouse, device ID 0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x1 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/15 bytes threshold
ppbus0: IEEE1284 device found /NIBBLE
Probing for PnP devices on ppbus0:
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
ad0: 8063MB <IBM-DHEA-38451> [16383/16/63] at ata0-master using UDMA33
ad2: 8063MB <IBM-DHEA-38451> [16383/16/63] at ata1-master using UDMA33
acd0: CDROM <DELTA OTC-H101/ST3 F/W by OIPD> at ata0-slave using PIO4
Mounting root from ufs:/dev/ad0s1a
swapon: adding /dev/ad0s1b as swap device
Automatic boot in progress...
/dev/ad0s1a: FILESYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1a: clean, 48752 free (552 frags, 6025 blocks, 0.9% fragmentation)
/dev/ad0s1f: FILESYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1f: clean, 128997 free (21 frags, 16122 blocks, 0.0% fragmentation)
/dev/ad0s1g: FILESYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1g: clean, 3036299 free (43175 frags, 374073 blocks, 1.3% fragmentation)
/dev/ad0s1e: filesystem CLEAN; SKIPPING CHECKS
/dev/ad0s1e: clean, 128193 free (17 frags, 16022 blocks, 0.0% fragmentation)
Doing initial network setup: hostname.
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::5054::5ff::fede:731b%ed0 prefixlen 64 tentative scopeid 0x1
ether 52:54:05:de:73:1b
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
Additional routing options: IP gateway=YES TCP keepalive=YES
routing daemons:.
additional daemons: syslogd.
Doing additional network setup:.
Starting final network daemons: creating ssh RSA host key
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
cd:76:89:16:69:0e:d0:6e:f8:66:d0:07:26:3c:7e:2d root@k6-2.example.com
creating ssh DSA host key
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
f9:a1:a9:47:c4:ad:f9:8d:52:b8:b8:ff:8c:ad:2d:e6 root@k6-2.example.com.
setting ELF ldconfig path: /usr/lib /usr/lib/compat /usr/X11R6/lib
/usr/local/lib
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout /usr/X11R6/lib/aout
starting standard daemons: inetd cron sshd usbd sendmail.
Initial rc.i386 initialization:.
rc.i386 configuring syscons: blank_time screensaver moused.
Additional ABI support: linux.
Local package initialization:.
Additional TCP options:.
FreeBSD/i386 (k6-2.example.com) (ttyv0)
login: rpratt
Password:Generating the RSA and DSA keys may take some time on slower
machines. This happens only on the initial boot-up of a new
installation. Subsequent boots will be faster.If the X server has been configured and a Default Desktop
chosen, it can be started by typing startx at
the command line.Bootup of FreeBSD on the AlphaAlphaOnce the install procedure has finished, you will be
able to start FreeBSD by typing something like this to the
SRM prompt:>>>BOOT DKC0This instructs the firmware to boot the specified
disk. To make FreeBSD boot automatically in the future, use
these commands:>>>SET BOOT_OSFLAGS A>>>SET BOOT_FILE ''>>>SET BOOTDEF_DEV DKC0>>>SET AUTO_ACTION BOOTThe boot messages will be similar (but not identical) to
those produced by FreeBSD booting on the &i386;.FreeBSD ShutdownIt is important to properly shutdown the operating
system. Do not just turn off power. First, become a superuser by
typing su at the command line and entering the
root password. This will work only if the user
is a member of the wheel group.
Otherwise, login as root and use
shutdown -h now.The operating system has halted.
Please press any key to reboot.It is safe to turn off the power after the shutdown command
has been issued and the message Please press any key to reboot
appears. If any key is pressed instead of turning off the power
switch, the system will reboot.You could also use the
CtrlAltDel
key combination to reboot the system, however this is not recommended
during normal operation.Supported HardwarehardwareFreeBSD currently runs on a wide variety of ISA, VLB, EISA, and PCI
bus-based PCs with Intel, AMD, Cyrix, or NexGen x86
processors, as well as a number of machines based on the Compaq Alpha
processor. Support for generic IDE or ESDI drive configurations,
various SCSI controllers, PCMCIA cards, USB devices, and network and
serial cards is also provided. FreeBSD also supports IBM's microchannel
(MCA) bus.A list of supported hardware is provided with each FreeBSD release
in the FreeBSD Hardware Notes. This document can usually be found in a
file named HARDWARE.TXT, in the top-level directory
of a CDROM or FTP distribution or in
sysinstall's documentation menu. It lists,
for a given architecture, what hardware devices are known to be
supported by each release of FreeBSD. Copies of the supported
hardware list for various releases and architectures can also be
found on the Release
Information page of the FreeBSD Web site.TroubleshootinginstallationtroubleshootingThe following section covers basic installation troubleshooting,
such as common problems people have reported. There are also a few
questions and answers for people wishing to dual-boot FreeBSD with
&ms-dos;.What to Do If Something Goes WrongDue to various limitations of the PC architecture, it is
impossible for probing to be 100% reliable, however, there are a
few things you can do if it fails.Check the Hardware Notes document for your version of
FreeBSD to make sure your hardware is
supported.If your hardware is supported and you still experience
lock-ups or other problems, reset your computer, and when the
visual kernel configuration option is given, choose it. This will
allow you to go through your hardware and supply information to the
system about it. The kernel on the boot disks is configured
assuming that most hardware devices are in their factory default
configuration in terms of IRQs, IO addresses, and DMA channels. If
your hardware has been reconfigured, you will most likely need to
use the configuration editor to tell FreeBSD where to find
things.It is also possible that a probe for a device not present will
cause a later probe for another device that is present to fail. In
that case, the probes for the conflicting driver(s) should be
disabled.Some installation problems can be avoided or alleviated
by updating the firmware on various hardware components, most notably
the motherboard. The motherboard firmware may also be referred to
as BIOS and most of the motherboard or computer
manufactures have a website where the upgrades and upgrade information
may be located.Most manufacturers strongly advise against upgrading the motherboard
BIOS unless there is a good reason for doing so, which
could possibly be a critical update of sorts. The upgrade process
can go wrong, causing permanent damage to the
BIOS chip.Do not disable any drivers you will need during the
installation, such as your screen (sc0).
If the installation wedges or fails mysteriously after leaving
the configuration editor, you have probably removed or changed
something you should not have. Reboot and try again.In configuration mode, you can:List the device drivers installed in the kernel.Disable device drivers for hardware that is not present in
your system.Change IRQs, DRQs, and IO port addresses used by a device
driver.After adjusting the kernel to match your hardware
configuration, type Q to boot with the new
settings. Once the installation has completed, any changes you
made in the configuration mode will be permanent so you do not have
to reconfigure every time you boot. It is still highly likely that
you will eventually want to build a custom kernel.Dealing with Existing &ms-dos; PartitionsDOSMany users wish to install &os; on PCs inhabited by
µsoft; based operating systems. For those instances, &os; has a
utility known as FIPS. This utility can be found
in the tools directory on the install CD-ROM, or downloaded
from one of various &os; mirrors.The FIPS utility allows you to split an
existing &ms-dos; partition into two pieces, preserving the original
partition and allowing you to install onto the second free piece.
You first need to defragment your &ms-dos; partition using the &windows;;
Disk Defragmenter utility (go into Explorer, right-click on
the hard drive, and choose to defrag your hard drive), or use
Norton Disk Tools. Now you can run the
FIPS utility. It will prompt you for the rest of
the information, just follow the on screen instructions. Afterwards, you can
reboot and install &os; on the new free slice. See the Distributions menu
for an estimate of how much free space you will need for the kind of
installation you want.There is also a very useful product from PowerQuest
(http://www.powerquest.com) called
&partitionmagic;. This application has far more
functionality than FIPS, and is highly recommended
if you plan to add/remove operating systems often. It does cost money, so if you
plan to install &os; and keep it installed, FIPS
will probably be fine for you.Using &ms-dos; File SystemsAt this time, &os; does not support file systems compressed with the
Double Space™ application. Therefore the file
system will need to be uncompressed before &os; can access the data. This
can be done by running the Compression Agent
located in the Start> Programs >
System Tools menu.&os; can support &ms-dos; based file systems. This requires you use
the &man.mount.msdos.8; command (in &os; 5.X, the command is &man.mount.msdosfs.8;)
with the required parameters. The utilities most common usage is:&prompt.root; mount_msdos /dev/ad0s1 /mntIn this example, the &ms-dos; file system is located on the first partition of
the primary hard disk. Your situation may be different, check the output from
the dmesg, and mount commands. They should
produce enough information too give an idea of the partition layout.Extended &ms-dos; file systems are usually mapped after the &os;
partitions. In other words, the slice number may be higher than the ones
&os; is using. For instance, the first &ms-dos; partition may be
/dev/ad0s1, the &os; partition may be
/dev/ad0s2, with the extended &ms-dos; partition being
located on /dev/ad0s3. To some, this can be confusing
at first.Alpha User's Questions and AnswersAlphaThis section answers some commonly asked questions about
installing FreeBSD on Alpha systems.Can I boot from the ARC or Alpha BIOS Console?ARCAlpha BIOSSRMNo. &os;, like Compaq Tru64 and VMS, will only boot
from the SRM console.Help, I have no space! Do I need to delete
everything first?Unfortunately, yes.Can I mount my Compaq Tru64 or VMS filesystems?No, not at this time.ValentinoVaschettoContributed by Advanced Installation GuideThis section describes how to install FreeBSD in exceptional
cases.Installing FreeBSD on a System without a Monitor or
Keyboardinstallationheadless (serial console)serial consoleThis type of installation is called a headless
install, because the machine that you are trying to install
FreeBSD on either does not have a monitor attached to it, or does not
even have a VGA output. How is this possible you ask? Using a
serial console. A serial console is basically using another
machine to act as the main display and keyboard for a
system. To do this, just follow these steps:Fetch the Right Boot Floppy ImagesFirst you will need to get the right disk images so
that you can boot into the install program. The secret
with using a serial console is that you tell the boot
loader to send I/O through a serial port instead of
displaying console output to the VGA device and trying to
read input from a local keyboard. Enough of that now,
let's get back to getting these disk images.You will need to get
kern.flp
and
mfsroot.flp
from the
floppies directory.Write the Image Files to the Floppy DisksThe image files, such as kern.flp, are
not regular files that you copy to the disk.
Instead, they are images of the complete contents of the
disk.This means that you can not use
commands like DOS' copy to write the
files. Instead, you must use specific tools to write the
images directly to the disk.fdimageIf you are creating the floppies on a computer running
DOS then we provide a tool to do this called
fdimage.If you are using the floppies from the CDROM, and
your CDROM is the E: drive then
you would run this:E:\>tools\fdimage floppies\kern.flp A:Repeat this command for each .flp
file, replacing the floppy disk each time. Adjust the
command line as necessary, depending on where you have
placed the .flp files. If you do not
have the CDROM then fdimage can be
downloaded from the tools
directory on the FreeBSD FTP site.If you are writing the floppies on a &unix; system (such
as another FreeBSD system) you can use the &man.dd.1;
command to write the image files directly to disk. On
FreeBSD you would run:&prompt.root; dd if=kern.flp of=/dev/fd0On FreeBSD /dev/fd0 refers to
the first floppy disk (the A:
drive). /dev/fd1 would be the
B: drive, and so on. Other &unix;
variants might have different names for the floppy disk
devices, and you will need to check the documentation for
the system as necessary.Enabling the Boot Floppies to Boot into a Serial
ConsoleDo not try to mount the floppy if it is write-protected.mountIf you were to boot into the floppies that you just
made, FreeBSD would boot into its normal install mode. We
want FreeBSD to boot into a serial console for our
install. To do this, you have to mount the
kern.flp floppy onto your FreeBSD
system using the &man.mount.8; command.&prompt.root; mount /dev/fd0 /mntNow that you have the floppy mounted, you must
change into the floppy directory:&prompt.root; cd /mntHere is where you must set the floppy to boot into a
serial console. You have to make a file called
boot.config containing
/boot/loader -h. All this does is pass a flag to the bootloader to
boot into a serial console.&prompt.root; echo "/boot/loader -h" > boot.configNow that you have your floppy configured correctly,
you must unmount the floppy using the &man.umount.8;
command:&prompt.root; cd /
&prompt.root; umount /mntNow you can remove the floppy from the floppy
drive.Connecting Your Null Modem Cablenull modem cableYou now need to connect a null modem cable between
the two machines. Just connect the cable to the serial
ports of the 2 machines. A normal serial cable
will not work here, you need a null modem
cable because it has some of the wires inside crossed
over.Booting Up for the InstallIt is now time to go ahead and start the install. Put
the kern.flp floppy in the floppy
drive of the machine you are doing the headless install
on, and power on the machine.Connecting to Your Headless MachinecuNow you have to connect to that machine with
&man.cu.1;:&prompt.root; cu -l /dev/cuaa0That's it! You should be able to control the headless machine
through your cu session now. It will ask you to
put in the mfsroot.flp, and then it will come up
with a selection of what kind of terminal to use. Just select the
FreeBSD color console and proceed with your install!Preparing Your Own Installation MediaTo prevent repetition, FreeBSD disk in this context
means a FreeBSD CDROM or DVD that you have purchased, or produced
yourself.There may be some situations in which you need to create your own
FreeBSD installation media and/or source. This might be physical media,
such as a tape, or a source that sysinstall
can use to retrieve the files, such as a local FTP site, or an &ms-dos;
partition. For example:You have many machines connected to your local network, and one
FreeBSD disk. You want to create a local FTP site using the
contents of the FreeBSD disk, and then have your machines use this
local FTP site instead of needing to connect to the Internet.You have a FreeBSD disk, FreeBSD does not recognize your CD/DVD
drive, but DOS/&windows; does. You want to copy the FreeBSD
installations files to a DOS partition on the same computer, and
then install FreeBSD using those files.The computer you want to install on does not have a CD/DVD
drive, or a network card, but you can connect a
Laplink-style serial or parallel cable to a computer
that does.You want to create a tape that can be used to install
FreeBSD.Creating an Installation CDROMAs part of each release, the FreeBSD project makes available five
CDROM images (ISO images). These images can be written
(burned) to CDs if you have a CD writer, and then used
to install FreeBSD. If you have a CD writer, and bandwidth is cheap,
then this is the easiest way to install FreeBSD.Download the Correct ISO ImagesThe ISO images for each release can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/ISO-IMAGES-arch/version or the closest mirror.
Substitute arch and
version as appropriate.That directory will normally contain the following images:
FreeBSD ISO Image Names and MeaningsFilenameContainsversion-mini.isoEverything you need to install FreeBSD.version-disc1.isoEverything you need to install FreeBSD, and as many
additional third party packages as would fit on the
disc.version-disc2.isoA live filesystem, which is used in
conjunction with the Repair facility in
sysinstall. A copy of the
FreeBSD CVS tree. As many additional third party packages
as would fit on the disc.version-disc3.isoAs many additional third party packages as would fit
on the disc.version-disc4.isoAs many additional third party packages as would fit
on the disc.
The mini ISO was only produced for FreeBSD 4.4 and
subsequent releases. The images for discs two, three, and four
were only produced for FreeBSD 4.5 and subsequent
releases.You must download one of either the mini
ISO image, or the image of disc one. Do not download both of them,
since the disc one image contains everything that the mini ISO
image contains.Use the mini ISO if Internet access is cheap for you. It will
let you install FreeBSD, and you can then install third party
packages by downloading them using the ports/packages system (see
) as
necessary.Use the image of disc one if you want a reasonable selection
of third party packages on the disc as well.The additional disc images are useful, but not essential,
especially if you have high-speed access to the Internet.Write the CDsYou must then write the CD images to disc. If you will be
doing this on another FreeBSD system then see
for more information (in
particular, and
).If you will be doing this on another platform then you will
need to use whatever utilities exist to control your CD writer on
that platform.Creating a Local FTP Site with a FreeBSD DiskinstallationnetworkFTPFreeBSD disks are laid out in the same way as the FTP site. This
makes it very easy for you to create a local FTP site that can be used
by other machines on your network when installing FreeBSD.On the FreeBSD computer that will host the FTP site, ensure
that the CDROM is in the drive, and mounted on
/cdrom.&prompt.root; mount /cdromCreate an account for anonymous FTP in
/etc/passwd. Do this by editing
/etc/passwd using &man.vipw.8; and adding
this line.ftp:*:99:99::0:0:FTP:/cdrom:/nonexistentEnsure that the FTP service is enabled in
/etc/inetd.conf.Anyone with network connectivity to your machine can now
chose a media type of FTP and type in
ftp://your machine
after picking Other in the FTP sites menu during
the install.This approach is OK for a machine that is on your local network,
and that is protected by your firewall. Offering up FTP services to
other machines over the Internet (and not your local network)
exposes your computer to the attention of crackers and other
undesirables. We strongly recommend that you follow good security
practices if you do this.Creating Installation FloppiesinstallationfloppiesIf you must install from floppy disk (which we suggest you
do not do), either due to unsupported
hardware or simply because you insist on doing things the hard
way, you must first prepare some floppies for the installation.At a minimum, you will need as many 1.44 MB or 1.2 MB floppies
as it takes to hold all the files in the
bin (binary distribution) directory. If
you are preparing the floppies from DOS, then they
MUST be formatted using the &ms-dos;
FORMAT command. If you are using &windows;,
use Explorer to format the disks (right-click on the
A: drive, and select Format.Do not trust factory pre-formatted
floppies. Format them again yourself, just to be sure. Many
problems reported by our users in the past have resulted from
the use of improperly formatted media, which is why we are
making a point of it now.If you are creating the floppies on another FreeBSD machine,
a format is still not a bad idea, though you do not need to put
a DOS filesystem on each floppy. You can use the
disklabel and newfs
commands to put a UFS filesystem on them instead, as the
following sequence of commands (for a 3.5" 1.44 MB floppy)
illustrates:&prompt.root; fdformat -f 1440 fd0.1440
&prompt.root; disklabel -w -r fd0.1440 floppy3
&prompt.root; newfs -t 2 -u 18 -l 1 -i 65536 /dev/fd0Use fd0.1200 and
floppy5 for 5.25" 1.2 MB disks.Then you can mount and write to them like any other
filesystem.After you have formatted the floppies, you will need to copy
the files to them. The distribution files are split into chunks
conveniently sized so that 5 of them will fit on a conventional
1.44 MB floppy. Go through all your floppies, packing as many
files as will fit on each one, until you have all of the
distributions you want packed up in this fashion. Each
distribution should go into a subdirectory on the floppy, e.g.:
a:\bin\bin.aa,
a:\bin\bin.ab, and so on.Once you come to the Media screen during the install
process, select Floppy and you will be prompted
for the rest.Installing from an &ms-dos; Partitioninstallationfrom MS-DOSTo prepare for an installation from an &ms-dos; partition,
copy the files from the distribution into a directory
called freebsd in the root directory of the
partition. For example, c:\freebsd. The
directory structure of the CDROM or FTP site must be partially
reproduced within this directory, so we suggest using the DOS
xcopy command if you are copying it from a CD.
For example, to prepare for a minimal installation of
FreeBSD:C:\>md c:\freebsdC:\>xcopy e:\bin c:\freebsd\bin\ /sC:\>xcopy e:\manpages c:\freebsd\manpages\ /sAssuming that C: is where you have
free space and E: is where your CDROM
is mounted.If you do not have a CDROM drive, you can download the
distribution from ftp.FreeBSD.org.
Each distribution is in its own directory; for example, the
base distribution can be found in the &rel.current;/base/
directory.In the 4.X and older releases of &os; the base
distribution is called bin. Adjust the sample
commands and URLs above accordingly, if you are using one of these
versions.For as many distributions you wish to install from an &ms-dos;
partition (and you have the free space for), install each one
under c:\freebsd — the
BIN distribution is the only one required for
a minimum installation.Creating an Installation Tapeinstallationfrom QIC/SCSI TapeInstalling from tape is probably the easiest method, short
of an online FTP install or CDROM install. The installation
program expects the files to be simply tarred onto the tape.
After getting all of the distribution files you are interested
in, simply tar them onto the tape:&prompt.root; cd /freebsd/distdir
&prompt.root; tar cvf /dev/rwt0 dist1 ... dist2When you go to do the installation, you should also make
sure that you leave enough room in some temporary directory
(which you will be allowed to choose) to accommodate the
full contents of the tape you have created.
Due to the non-random access nature of tapes, this method of
installation requires quite a bit of temporary storage. You
should expect to require as much temporary storage as you have
stuff written on tape.When starting the installation, the tape must be in the
drive before booting from the boot
floppy. The installation probe may otherwise fail to find
it.Before Installing over a Networkinstallationnetworkserial (SLIP or PPP)installationnetworkparallel (PLIP)installationnetworkEthernetThere are three types of network installations you can do.
Serial port (SLIP or PPP), Parallel port (PLIP (laplink cable)),
or Ethernet (a standard Ethernet controller (includes some
PCMCIA)).The SLIP support is rather primitive, and limited primarily
to hard-wired links, such as a serial cable running between a
laptop computer and another computer. The link should be
hard-wired as the SLIP installation does not currently offer a
dialing capability; that facility is provided with the PPP
utility, which should be used in preference to SLIP whenever
possible.If you are using a modem, then PPP is almost certainly
your only choice. Make sure that you have your service
provider's information handy as you will need to know it fairly
early in the installation process.If you use PAP or CHAP to connect your ISP (in other words, if
you can connect to the ISP in &windows; without using a script), then
all you will need to do is type in dial at the
ppp prompt. Otherwise, you will need to
know how to dial your ISP using the AT commands
specific to your modem, as the PPP dialer provides only a very
simple terminal emulator. Please refer to the user-ppp handbook and FAQ entries for further information.
If you have problems, logging can be directed to the screen using
the command set log local ....If a hard-wired connection to another FreeBSD (2.0-R or
later) machine is available, you might also consider installing
over a laplink parallel port cable. The data rate
over the parallel port is much higher than what is typically
possible over a serial line (up to 50 kbytes/sec), thus resulting
in a quicker installation.Finally, for the fastest possible network installation, an
Ethernet adapter is always a good choice! FreeBSD supports most
common PC Ethernet cards; a table of supported cards (and their
required settings) is provided in the Hardware Notes for each
release of FreeBSD. If you are using one of the supported PCMCIA
Ethernet cards, also be sure that it is plugged in
before the laptop is powered on! FreeBSD does
not, unfortunately, currently support hot insertion of PCMCIA cards
during installation.You will also need to know your IP address on the network,
the netmask value for your address class, and the name of your
machine. If you are installing over a PPP connection and do not
have a static IP, fear not, the IP address can be dynamically
assigned by your ISP. Your system administrator can tell you
which values to use for your particular network setup. If you
will be referring to other hosts by name rather than IP address,
you will also need a name server and possibly the address of a
gateway (if you are using PPP, it is your provider's IP address)
to use in talking to it. If you want to install by FTP via a
HTTP proxy, you will also need the proxy's address.
If you do not know the answers to all or most of these questions,
then you should really probably talk to your system administrator
or ISP before trying this type of
installation.Before Installing via NFSinstallationnetworkNFSThe NFS installation is fairly straight-forward. Simply
copy the FreeBSD distribution files you want onto a server
somewhere and then point the NFS media selection at it.If this server supports only privileged port
(as is generally the default for Sun workstations), you will
need to set this option in the Options menu before
installation can proceed.If you have a poor quality Ethernet card which suffers
from very slow transfer rates, you may also wish to toggle the
appropriate Options flag.In order for NFS installation to work, the server must
support subdir mounts, e.g., if your FreeBSD 3.4 distribution
directory lives on:
ziggy:/usr/archive/stuff/FreeBSD, then
ziggy will have to allow the direct mounting
of /usr/archive/stuff/FreeBSD, not just
/usr or
/usr/archive/stuff.In FreeBSD's /etc/exports file, this
is controlled by the . Other NFS
servers may have different conventions. If you are getting
permission denied messages from the server, then
it is likely that you do not have this enabled
properly.
diff --git a/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml b/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml
index cf0c70a40e..30a370809e 100644
--- a/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml
@@ -1,979 +1,979 @@
Andrey A.ChernovContributed by Michael C.WuRewritten by Localization - I18N/L10N Usage and SetupSynopsisFreeBSD is a very distributed project with users and
contributors located all over the world. This chapter discusses
the internationalization and localization features of FreeBSD
that allow non-English speaking users to get real work done.
There are many aspects of the i18n implementation in both the system
and application levels, so where applicable we refer the reader
to more specific sources of documentation.After reading this chapter, you will know:How different languages and locales are encoded
on modern operating systems.How to set the locale for your login
shell.How to configure your console for non-English
languages.How to use X Windows effectively with different
languages.Where to find more information about writing
i18n-compliant applications.Before reading this chapter, you should:Know how to install additional third-party
applications ().The BasicsWhat Is I18N/L10N?internationalizationlocalizationDevelopers shortened internationalization into the term I18N,
counting the number of letters between the first and the last
letters of internationalization. L10N uses the same naming
scheme, coming from localization. Combined
together, I18N/L10N methods, protocols, and applications allow
users to use languages of their choice.I18N applications are programmed using I18N kits under
libraries. It allows for developers to write a simple file and
translate displayed menus and texts to each language. We strongly
encourage programmers to follow this convention.Why Should I Use I18N/L10N?I18N/L10N is used whenever you wish to either view, input, or
process data in non-English languages.What Languages Are Supported in the I18N Effort?I18N and L10N are not FreeBSD specific. Currently, one can
choose from most of the major languages of the World, including
but not limited to: Chinese, German, Japanese, Korean, French,
Russian, Vietnamese and others.Using LocalizationIn all its splendor, I18N is not FreeBSD-specific and is a
convention. We encourage you to help FreeBSD in following this
convention.localeLocalization settings are based on three main terms:
Language Code, Country Code, and Encoding. Locale names are
constructed from these parts as follows:LanguageCode_CountryCode.EncodingLanguage and Country Codeslanguage codescountry codesIn order to localize a FreeBSD system to a specific language
- (or any other I18N-supporting Unixes), the user needs to find out
+ (or any other I18N-supporting &unix; like systems), the user needs to find out
the codes for the specify country and language (country
codes tell applications what variation of given
language to use). In addition, web
browsers, SMTP/POP servers, web servers, etc. make decisions based on
them. The following are examples of language/country codes:Language/Country CodeDescriptionen_USEnglish - United Statesru_RURussian for Russiazh_TWTraditional Chinese for TaiwanEncodingsencodingsASCIISome languages use non-ASCII encodings that are 8-bit, wide
or multibyte characters, see &man.multibyte.3; for more
details. Older applications do not recognize them
and mistake them for control characters. Newer applications
usually do recognize 8-bit characters. Depending on the
implementation, users may be required to compile an application
with wide or multibyte characters support, or configure it correctly.
To be able to input and process wide or multibyte characters, the FreeBSD Ports collection has provided
each language with different programs. Refer to the I18N
documentation in the respective FreeBSD Port.Specifically, the user needs to look at the application
documentation to decide on how to configure it correctly or to
pass correct values into the configure/Makefile/compiler.Some things to keep in mind are:Language specific single C chars character sets
(see &man.multibyte.3;), i.e.,
ISO-8859-1, ISO-8859-15, KOI8-R, CP437.Wide or multibyte encodings, i.e. EUC, Big5.You can check the active list of character sets at the
IANA Registry.FreeBSD versions 4.5 and up use X11-compatible locale
encodings instead.I18N ApplicationsIn the FreeBSD Ports and Package system, I18N applications
have been named with I18N in their names for
easy identification. However, they do not always support the
language needed.Setting LocaleUsually it is sufficient to export the value of the locale name
as LANG in the login shell. This could be done in
the user's ~/.login_conf file or in the
startup file of the user's shell (~/.profile,
~/.bashrc, ~/.cshrc).
There is no need to set the locale subsets such as
LC_CTYPE, LC_CTIME. Please
refer to language-specific FreeBSD documentation for more
information.You should set the following two environment variables in your configuration
files:POSIX
- LANG for POSIX &man.setlocale.3; family
+ LANG for &posix; &man.setlocale.3; family
functionsMIMEMM_CHARSET for applications' MIME character
setThis includes the user shell configuration, the specific application
configuration, and the X11 configuration.Setting Locale Methodslocalelogin classThere are two methods for setting locale, and both are
described below. The first (recommended one) is by assigning
the environment variables in login
class, and the second is by adding the environment
variable assignments to the system's shell startup file.Login Classes MethodThis method allows environment variables needed for locale
name and MIME character sets to be assigned once for every
possible shell instead of adding specific shell assignments to
each shell's startup file. User
Level Setup can be done by an user himself and Administrator Level Setup require
superuser privileges.User Level SetupHere is a minimal example of a
.login_conf file in user's home
directory which has both variables set for Latin-1
encoding:me:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:Traditional ChineseBIG-5 encodingHere is an example of a
.login_conf that sets the variables
for Traditional Chinese in BIG-5 encoding. Notice the many
more variables set because some software does not respect
locale variables correctly for Chinese, Japanese, and Korean.#Users who do not wish to use monetary units or time formats
#of Taiwan can manually change each variable
me:\
lang=zh_TW.Big5:\
lc_all=zh_TW.Big:\
lc_collate=zh_TW.Big5:\
lc_ctype=zh_TW.Big5:\
lc_messages=zh_TW.Big5:\
lc_monetary=zh_TW.Big5:\
lc_numeric=zh_TW.Big5:\
lc_time=zh_TW.Big5:\
charset=big5:\
xmodifiers="@im=xcin": #Setting the XIM Input ServerSee Administrator Level
Setup and &man.login.conf.5; for more details.Administrator Level SetupVerify that the user's login class in
/etc/login.conf sets the correct
language. Make sure these settings
appear in /etc/login.conf:language_name:accounts_title:\
:charset=MIME_charset:\
:lang=locale_name:\
:tc=default:So sticking with our previous example using Latin-1, it
would look like this:german:German Users Accounts:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:\
:tc=default:Changing Login Classes with &man.vipw.8;vipwUse vipw to add new users, and make
the entry look like this:user:password:1111:11:language:0:0:User Name:/home/user:/bin/shChanging Login Classes with &man.adduser.8;adduserlogin classUse adduser to add new users, and do
the following:Set defaultclass =
language in
/etc/adduser.conf. Keep in mind
you must enter a default class for
all users of other languages in this case.An alternative variant is answering the specified
language each time that
Enter login class: default []:
appears from &man.adduser.8;.Another alternative is to use the following for each
user of a different language that you wish to
add:&prompt.root; adduser -class languageChanging Login Classes with &man.pw.8;pwIf you use &man.pw.8; for adding new users, call it in
this form:&prompt.root; pw useradd user_name -L languageShell Startup File MethodThis method is not recommended because it requires a
different setup for each possible shell program chosen. Use
the Login Class Method
instead.MIMElocaleTo add the locale name and MIME character set, just set
the two environment variables shown below in the
/etc/profile and/or
/etc/csh.login shell startup files. We
will use the German language as an example below:In /etc/profile:LANG=de_DE.ISO8859-1; export LANGMM_CHARSET=ISO-8859-1; export MM_CHARSETOr in /etc/csh.login:setenv LANG de_DE.ISO8859-1setenv MM_CHARSET ISO-8859-1Alternatively, you can add the above instructions to
/usr/share/skel/dot.profile (similar to
what was used in /etc/profile above), or
/usr/share/skel/dot.login (similar to
what was used in /etc/csh.login
above).For X11:In $HOME/.xinitrc:LANG=de_DE.ISO8859-1; export LANGOr:setenv LANG de_DE.ISO8859-1Depending on your shell (see above).Console SetupFor all single C chars character sets, set the correct
console fonts in /etc/rc.conf for the
language in question with:font8x16=font_name
font8x14=font_name
font8x8=font_nameThe font_name here is taken from
the /usr/share/syscons/fonts directory,
without the .fnt suffix.sysinstallkeymapscreenmapAlso be sure to set the correct keymap and screenmap for your
single C chars character set through
/stand/sysinstall.
Once inside sysinstall, choose Configure, then
Console. Alternatively, you can add the
following to /etc/rc.conf:scrnmap=screenmap_name
keymap=keymap_name
keychange="fkey_number sequence"The screenmap_name here is taken
from the /usr/share/syscons/scrnmaps
directory, without the .scm suffix. A
screenmap with a corresponding mapped font is usually needed as a
workaround for expanding bit 8 to bit 9 on a VGA adapter's font
character matrix in pseudographics area, i.e., to move letters out
of that area if screen font uses a bit 8 column.If you have the moused daemon
enabled by setting the following
in your /etc/rc.conf:moused_enable="YES"then examine the mouse cursor information in the next
paragraph.mousedBy default the mouse cursor of the &man.syscons.4; driver occupies the
0xd0-0xd3 range in the character set. If your language uses this
range, you need to move the cursor's range outside of it. To enable
the workaround for FreeBSD versions before 5.0, insert the following
line into your kernel configuration:options SC_MOUSE_CHAR=0x03For the FreeBSD versions 4.4 and up insert the following line
into /etc/rc.conf:mousechar_start=3The keymap_name here is taken from
the /usr/share/syscons/keymaps directory,
without the .kbd suffix. If you're
uncertain which keymap to use, you use can &man.kbdmap.1; to test
keymaps without rebooting.The keychange is usually needed to program
function keys to match the selected terminal type because
function key sequences cannot be defined in the key map.Also be sure to set the correct console terminal type in
/etc/ttys for all ttyv*
entries. Current pre-defined correspondences are:Character SetTerminal TypeISO-8859-1 or ISO-8859-15cons25l1ISO-8859-2cons25l2ISO-8859-7cons25l7KOI8-Rcons25rKOI8-Ucons25uCP437 (VGA default)cons25US-ASCIIcons25wFor wide or multibyte characters languages, use the correct
FreeBSD port in your
/usr/ports/language
directory. Some ports appear as console while the system sees it
as serial vtty's, hence you must reserve enough vtty's for both
X11 and the pseudo-serial console. Here is a partial list of
applications for using other languages in console:LanguageLocationTraditional Chinese (BIG-5)chinese/big5conJapanesejapanese/ja-kon2-* or
japanese/Mule_WnnKoreankorean/ko-hanX11 SetupAlthough X11 is not part of the FreeBSD Project, we have
included some information here for FreeBSD users. For more
details, refer to the XFree86
web site or whichever X11 Server you use.In ~/.Xresources, you can additionally
tune application specific I18N settings (e.g., fonts, menus,
etc.).Displaying FontsX11 True Type font server
- Install the X11 True Type-Common server (x11-servers/XttXF86srv-common) and
- install the language truetype fonts. Setting the correct
+ Install the X11 &truetype; Common server (x11-servers/XttXF86srv-common) and
+ install the language &truetype; fonts. Setting the correct
locale should allow you to view your selected language in menus
and such.Inputting Non-English CharactersX11 Input Method (XIM)The X11 Input Method (XIM) Protocol is a new standard for
all X11 clients. All X11 applications should be written as XIM
clients that take input from XIM Input servers. There are
several XIM servers available for different languages.Printer SetupSome single C chars character sets are usually hardware
coded into printers. Wide or multibyte
character sets require special setup and we recommend using
apsfilter. You may also convert the
- document to PostScript or PDF formats using language specific
+ document to &postscript; or PDF formats using language specific
converters.Kernel and File SystemsThe FreeBSD fast filesystem (FFS) is 8-bit clean, so it can be used
with any single C chars character set (see &man.multibyte.3;),
but there is no character set
name stored in the filesystem; i.e., it is raw 8-bit and does not
know anything about encoding order. Officially, FFS does not
support any form of wide or multibyte character sets yet. However, some
wide or multibyte character sets have independent patches for FFS
enabling such support. They are only temporary unportable
solutions or hacks and we have decided to not include them in the
source tree. Refer to respective languages' web sites for more
informations and the patch files.DOSUnicode
- The FreeBSD MS-DOS filesystem has the configurable ability to
- convert between MS-DOS, Unicode character sets and chosen
+ The FreeBSD &ms-dos; filesystem has the configurable ability to
+ convert between &ms-dos;, Unicode character sets and chosen
FreeBSD filesystem character sets. See &man.mount.msdos.8; for
details.Compiling I18N ProgramsMany FreeBSD Ports have been ported with I18N support. Some
of them are marked with -I18N in the port name. These and many
other programs have built in support for I18N and need no special
consideration.MySQLHowever, some applications such as
MySQL need to be have the
Makefile configured with the specific
charset. This is usually done in the
Makefile or done by passing a value to
configure in the source.Localizing FreeBSD to Specific LanguagesAndrey A.ChernovOriginally contributed by Russian Language (KOI8-R Encoding)localizationRussianFor more information about KOI8-R encoding, see the KOI8-R References
(Russian Net Character Set).Locale SetupPut the following lines into your
~/.login_conf file:me:My Account:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:See earlier in this chapter for examples of setting up the
locale.Console SetupFor the FreeBSD versions before 5.0 add the following line
to your kernel configuration file:options SC_MOUSE_CHAR=0x03For the FreeBSD versions 4.4 and up insert the following
line into /etc/rc.conf:mousechar_start=3Use following settings in
/etc/rc.conf:keymap="ru.koi8-r"
scrnmap="koi8-r2cp866"
font8x16="cp866b-8x16"
font8x14="cp866-8x14"
font8x8="cp866-8x8"For each ttyv* entry in
/etc/ttys, use
cons25r as the terminal type.See earlier in this chapter for examples of setting up the
console.Printer SetupprintersSince most printers with Russian characters come with
hardware code page CP866, a special output filter is needed
to convert from KOI8-R to CP866. Such a filter is installed by
default as /usr/libexec/lpr/ru/koi2alt.
A Russian printer /etc/printcap entry
should look like:lp|Russian local line printer:\
:sh:of=/usr/libexec/lpr/ru/koi2alt:\
:lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs:See &man.printcap.5; for a detailed description.
- MS-DOS FS and Russian Filenames
+ &ms-dos; FS and Russian FilenamesThe following example &man.fstab.5; entry enables support
- for Russian filenames in mounted MS-DOS filesystems:
+ for Russian filenames in mounted &ms-dos; filesystems:
/dev/ad0s2 /dos/c msdos rw,-Wkoi2dos,-Lru_RU.KOI8-R 0 0The option selects the locale name
used, and sets the character conversion
table. To use the option, be sure to
- mount /usr before the MS-DOS partition
+ mount /usr before the &ms-dos; partition
because the conversion tables are located in
/usr/libdata/msdosfs. For more
informations, see the &man.mount.msdos.8; manual
page.X11 SetupDo non-X locale
setup first as described.The Russian KOI8-R locale
may not work with old XFree86 releases (lower than 3.3).
XFree86 4.X is now the default
version of the X Window System on FreeBSD.
This should not be an
issue unless you are using an old version of
FreeBSD.Go to the
russian/X.language directory
and issue the following command:&prompt.root; make installThe above port installs the latest version of the KOI8-R
fonts. XFree86 3.3 already has some KOI8-R fonts, but these
are scaled better.Check the "Files" section
in your /etc/XF86Config file.
The following
lines must be added before any other
FontPath entries:FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/misc"
FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/75dpi"
FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/100dpi"If you use a high resolution video mode, swap the 75 dpi
and 100 dpi lines.To activate a Russian keyboard, add the following to the
"Keyboard" section of your
XF86Config file.For XFree86 3.X:XkbLayout "ru"
XkbOptions "grp:caps_toggle"For XFree86 4.X:Option "XkbLayout" "ru"
Option "XkbOptions" "grp:caps_toggle"Also make sure that XkbDisable is
turned off (commented out) there.The RUS/LAT switch will be CapsLock.
The old CapsLock function is still
available via ShiftCapsLock (in LAT mode
only).
- If you have Windows keys on your keyboard,
+ If you have &windows; keys on your keyboard,
and notice that some non-alphabetical keys are mapped
incorrectly in RUS mode, add the following line in your
XF86Config file.For XFree86 3.X:XkbVariant "winkeys"For XFree86 4.X:Option "XkbVariant" "winkeys"The Russian XKB keyboard may not work with old XFree86
versions, see the above
note for more information. The Russian XKB
keyboard may also not work with non-localized
applications as well. Minimally localized applications
should call a XtSetLanguageProc (NULL, NULL,
NULL); function early in the program.
See
KOI8-R for X Window for more instructions on
localizing X11 applications.Traditional Chinese Localization for TaiwanlocalizationTraditional ChineseThe FreeBSD-Taiwan Project has an I18N/L10N tutorial for
FreeBSD at
using many Chinese ports.
The editor for the zh-L10N-tut is Clive Lin
Clive@CirX.org. You can also cvsup the following
collections at freebsd.sinica.edu.tw:CollectionDescriptionoutta-port tag=.Beta-quality ports collection for Chinesezh-L10N-tut tag=.Localizing FreeBSD Tutorial in BIG-5 Traditional
Chinesezh-doc tag=.FreeBSD Documentation Translation to BIG-5 Traditional
ChineseChuan-Hsing Shen s874070@mail.yzu.edu.tw has
created the Chinese
FreeBSD Collection (CFC) using FreeBSD-Taiwan's
zh-L10N-tut. The packages and the script files
are available at .German Language Localization (for All ISO 8859-1
Languages)localizationGermanSlaven Rezic eserte@cs.tu-berlin.de wrote a
tutorial how to use umlauts on a FreeBSD machine. The tutorial
is written in German and available at
.Japanese and Korean Language LocalizationlocalizationJapaneselocalizationKoreanFor Japanese, refer to
,
and for Korean, refer to
.Non-English FreeBSD DocumentationSome FreeBSD contributors have translated parts of FreeBSD to
other languages. They are available through links on the main site or in
/usr/share/doc.
diff --git a/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml b/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml
index 6a6bb41f80..010205847e 100644
--- a/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml
@@ -1,1411 +1,1411 @@
RossLippertEdited by MultimediaSynopsisFreeBSD supports a wide variety of sound cards, allowing you
to enjoy high fidelity output from your computer. This includes
the ability to record and playback audio in the MPEG Audio Layer
3 (MP3), WAV, and Ogg Vorbis formats as well as many other
formats. The FreeBSD Ports Collection also contains
applications allowing you to edit your recorded audio, add sound
effects, and control attached MIDI devices.With some willingness to experiment, FreeBSD can support
playback of video files and DVD's. The number of applications
to encode, convert, and playback various video media is more
limited than the number of sound applications. For example as
of this writing, there is no good re-encoding application in the
FreeBSD Ports Collection, which could be use to convert
between formats, as there is with audio/sox. However, the software
landscape in this area is changing rapidly.This chapter will describe the necessary steps to configure
your sound card. The configuration and installation of XFree86
() has already taken care of the
hardware issues for your video card, though there may be some
tweaks to apply for better playback.After reading this chapter, you will know:How to configure your system so that your sound card is
recognized.Methods to test that your card is working using
sample applications.How to troubleshoot your sound setup.How to playback and encode MP3s and other audio.How video is supported by XFree86.Some video player/encoder ports which give good results.How to playback DVD's, .mpg and .avi files.How to rip CD and DVD information into files.Before reading this chapter, you should:Know how to configure and install a new kernel ().For the video sections, it is assumed that XFree86 4.X
(x11/XFree86-4) has been
installed. XFree86 3.X may work, but it has not been tested
with what is described in this chapter. If you find that
something described here does work with XFree86 3.X please
let us know.Trying to mount an audio CD
or a video DVD with the &man.mount.8; command will
result in an error, at least, and a kernel
panic, at worst. These media have specialized
encodings which differ from the usual ISO-filesystem.MosesMooreContributed by Setting Up the Sound CardLocating the Correct DevicePCIISAsound cardsBefore you begin, you should know the model of the card you
have, the chip it uses, and whether it is a PCI or ISA card.
FreeBSD supports a wide variety of both PCI and ISA cards. If
you do not see your card in the following list, check the
&man.pcm.4; manual page. This is not a complete list; however,
it does list some of the most common cards.Crystal 4237, 4236, 4232, 4231Yamaha OPL-SAxOPTi931Ensoniq AudioPCI 1370/1371ESS Solo-1/1ENeoMagic 256AV/ZX
- Sound Blaster Pro, 16, 32, AWE64, AWE128, Live
+ &soundblaster; Pro, 16, 32, AWE64, AWE128, LiveCreative ViBRA16Advanced Asound 100, 110, and Logic ALS120ES 1868, 1869, 1879, 1888Gravis UltraSoundAureal Vortex 1 or 2kernelconfigurationTo use your sound device, you will need to load the proper
device driver. This may be accomplished in one of two ways.
The easiest way is to simply load a kernel module for your sound
card with &man.kldload.8;. Alternatively, you may statically
compile in support for your sound card in your kernel. The
sections below provide the information you need to add support
for your hardware in this manner. For more information about
recompiling your kernel, please see .Creative, Advance, and ESS Sound CardsIf you have one of the above cards, you will need to
add:device pcmto your kernel configuration file. If you have a PnP ISA
card, you will also need to add:device sbcFor a non-PnP ISA card, add:device pcm
device sbc0 at isa? port 0x220 irq 5 drq 1 flags 0x15to your kernel configuration file. The settings shown
above are the defaults. You may need to change the IRQ or the
other settings to match your card. See the &man.sbc.4; manual
page for more information.The Sound Blaster Live is not supported under FreeBSD 4.0
without a patch, which this section will not cover. It is
recommended that you update to the latest -STABLE before
trying to use this card.Gravis UltraSound CardsFor a PnP ISA card, you will need to add:device pcm
device guscto your kernel configuration file. If you have a non-PnP
ISA card, you will need to add:device pcm
device gus0 at isa? port 0x220 irq 5 drq 1 flags 0x13to your kernel configuration file. You may need to change
the IRQ or the other settings to match your card. See the
&man.gusc.4; manual page for more information.Crystal Sound CardsFor Crystal cards, you will need to add:device pcm
device csato your kernel configuration file.Generic SupportFor PnP ISA or PCI cards, you will need to add:device pcmto your kernel configuration file. If you have a non-PnP
ISA sound card that does not have a bridge driver, you will
need to add:device pcm0 at isa? irq 10 drq 1 flags 0x0to your kernel configuration file. You may need to change
the IRQ or the other settings to match your card.Onboard SoundSome systems with built-in motherboard sound devices may
require the following option in your kernel
configuration:options PNPBIOSCreating and Testing the Device Nodesdevice nodesAfter you reboot, log in and check for the device in the
/var/run/dmesg.boot file, as shown below:&prompt.root; grep pcm /var/run/dmesg.boot
pcm0: <SB16 DSP 4.11> on sbc0The output from your system may look different. If no
pcm devices show up, something went
wrong earlier. If that happens, go through your kernel
configuration file again and make sure you chose the correct
device. Common problems are listed in .If you are running FreeBSD 5.0 or later, you can
safely skip the rest of this section. These versions use
&man.devfs.5; to automatically create devices nodes.If the previous command returned
pcm0, you will have to run the
following as root:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV snd0If the command returned pcm1,
follow the same steps as shown above, replacing
snd0 with
snd1.The above commands will not create a
/dev/snd device!MAKEDEV will create a group of device
nodes, including:DeviceDescription/dev/audio
- SPARC-compatible audio device
+ &sparc; compatible audio device/dev/dspDigitized voice device/dev/dspWLike /dev/dsp, but 16 bits
per sample/dev/midiRaw midi access device/dev/mixerControl port mixer device/dev/musicLevel 2 sequencer interface/dev/sequencerSequencer device/dev/pssProgrammable device interfaceIf all goes well, you should now have a functioning sound
card. If your CD-ROM or DVD-ROM drive is properly coupled to
your sound card, you can put a CD in the drive and play it
with &man.cdcontrol.1;:&prompt.user; cdcontrol -f /dev/acd0c play 1Various applications, such as audio/workman offer a better
interface. You may want to install an application such as
audio/mpg123 to listen to
MP3 audio files.Common ProblemsErrorSolutiondevice nodesunsupported subdevice XXOne or more of the device nodes was not created
correctly. Repeat the steps above.I/O portsb_dspwr(XX) timed outThe I/O port is not set correctly.IRQbad irq XXThe IRQ is set incorrectly. Make sure that
the set IRQ and the sound IRQ are the same.xxx: gus pcm not attached, out of memoryThere is not enough available memory to use
the device.DSPxxx: can't open /dev/dsp!Check with fstat | grep dsp
if another application is holding the device open.
Noteworthy troublemakers are esound and KDE's sound
support.MunishChopraContributed by Utilizing Multiple Sound SourcesIt is often desirable to have multiple sources of sound that
are able to play simultaneously, such as when
esound or
artsd do not support sharing of the
sound device with a certain application.FreeBSD lets you do this through Virtual Sound
Channels, which can be set with the &man.sysctl.8;
facility. Virtual channels allow you to multiplex your sound
card's playback channels by mixing sound in the kernel.To set the number of virtual channels, there are two sysctl
knobs which, if you are the root user, can
be set like this:&prompt.root; sysctl hw.snd.pcm0.vchans=4
&prompt.root; sysctl hw.snd.maxautovchans=4The above example allocates four virtual channels, which is a
practical number for everyday use. hw.snd.pcm0.vchans
is the number of virtual channels pcm0 has, and is configurable
once a device has been attached.
hw.snd.maxautovchans is the number of virtual channels
a new audio device is given when it is attached using
&man.kldload.8;. Since the pcm module
can be loaded independently of the hardware drivers,
hw.snd.maxautovchans can store how many
virtual channels any devices which are attached later will be
given.If you are not using &man.devfs.5;, you will have to point
your applications at /dev/dsp0.x, where
x is 0 to 3 if hw.snd.pcm.0.vchans is set
to 4 as in the above example. On a system using &man.devfs.5;, the above will automatically be
allocated transparently to the user.ChernLeeContributed by MP3 AudioMP3 (MPEG Layer 3 Audio) accomplishes near CD-quality sound,
leaving no reason to let your FreeBSD workstation fall short of
its offerings.MP3 PlayersBy far, the most popular XFree86 MP3 player is
XMMS (X Multimedia System).
Winamp
skins can be used with XMMS since the
GUI is almost identical to that of Nullsoft's
Winamp.
XMMS also has native plug-in
support.XMMS can be installed from the
multimedia/xmms port or package.XMMS' interface is intuitive,
with a playlist, graphic equalizer, and more. Those familiar
with Winamp will find
XMMS simple to use.The audio/mpg123 port is an alternative,
command-line MP3 player.mpg123 can be run by specifying
the sound device and the MP3 file on the command line, as
shown below:&prompt.root; mpg123 -a /dev/dsp1.0 Foobar-GreatestHits.mp3
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
Version 0.59r (1999/Jun/15). Written and copyrights by Michael Hipp.
Uses code from various people. See 'README' for more!
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
Playing MPEG stream from BT - Foobar-GreastHits.mp3 ...
MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo
/dev/dsp1.0 should be replaced with the
dsp device entry on your system.Ripping CD Audio TracksBefore encoding a CD or CD track to MP3, the audio data on
the CD must be ripped onto the hard drive. This is done by
copying the raw CDDA (CD Digital Audio) data to WAV
files.The cdda2wav tool, which is a part of
the sysutils/cdrtools
suite, is used for ripping audio information from CDs and the
information associated with them.With the audio CD in the drive, the following command can
be issued (as root) to rip an entire CD
into individual (per track) WAV files:&prompt.root; cdda2wav -D 0,1,0 -Bcdda2wav will support
ATAPI (IDE) CDROM drives. To rip from an IDE drive, specify
the device name in place of the SCSI unit numbers. For
example, to rip track 7 from an IDE drive:&prompt.root; cdda2wav -D /dev/acd0a -t 7The
indicates the SCSI device 0,1,0,
which corresponds to the output of cdrecord
-scanbus.To rip individual tracks, make use of the
option as shown:&prompt.root; cdda2wav -D 0,1,0 -t 7This example rips track seven of the audio CDROM. To rip
a range of tracks, for example, track one to seven, specify a
range:&prompt.root; cdda2wav -D 0,1,0 -t 1+7The utility &man.dd.1; can also be used to extract audio tracks
on ATAPI drives, read
for more information on that possibility.Encoding MP3sNowadays, the mp3 encoder of choice is
lame.
Lame can be found at
audio/lame in the ports tree.Using the ripped WAV files, the following command will
convert audio01.wav to
audio01.mp3:&prompt.root; lame -h -b 128 \
--tt "Foo Song Title" \
--ta "FooBar Artist" \
--tl "FooBar Album" \
--ty "2001" \
--tc "Ripped and encoded by Foo" \
--tg "Genre" \
audio01.wav audio01.mp3128 kbits seems to be the standard MP3 bitrate in use.
Many enjoy the higher quality 160, or 192. The higher the
bitrate, the more disk space the resulting MP3 will
consume--but the quality will be higher. The
option turns on the higher quality
but a little slower mode. The options beginning with
indicate ID3 tags, which usually contain
song information, to be embedded within the MP3 file.
Additional encoding options can be found by consulting the
lame man page.Decoding MP3sIn order to burn an audio CD from MP3s, they must be
converted to a non-compressed WAV format. Both
XMMS and
mpg123 support the output of MP3 to
an uncompressed file format.Writing to Disk in XMMS:Launch XMMS.Right-click on the window to bring up the
XMMS menu.Select Preference under
Options.Change the Output Plugin to Disk Writer
Plugin.Press Configure.Enter (or choose browse) a directory to write the
uncompressed files to.Load the MP3 file into XMMS
as usual, with volume at 100% and EQ settings turned
off.Press Play —
XMMS will appear as if it is
playing the MP3, but no music will be heard. It is
actually playing the MP3 to a file.Be sure to set the default Output Plugin back to what
it was before in order to listen to MP3s again.Writing to stdout in mpg123:Run mpg123 -s audio01.mp3
> audio01.pcmXMMS writes a file in the WAV
format, while mpg123 converts the
MP3 into raw PCM audio data. Both of these formats can be
used with cdrecord to create audio CDs.
You have to use raw PCM with &man.burncd.8;.
If you use WAV files, you will notice a small tick sound at the
beginning of each track, this sound is the header of the WAV
file. You can simply remove the header of a WAV file with the
utility SoX (it can be installed from
the audio/sox port or
package):&prompt.user; sox -t wav -r 44100 -s -w -c 2 track.wav track.rawRead for more information on using a
CD burner in FreeBSD.RossLippertContributed by Video PlaybackVideo playback is a very new and rapidly developing application
area. Be patient. Not everything is going to work as smoothly as
it did with sound.Before you begin, you should know the model of the video
card you have and the chip it uses. While XFree86 supports a
wide variety of video cards, fewer give good playback
performance. To obtain a list of extensions supported by the
X server using your card use the command &man.xdpyinfo.1; while
X11 is running.It is a good idea to have a short MPEG file which can be
treated as a test file for evaluating various players and
options. Since some DVD players will look for DVD media in
/dev/dvd by default, or have this device
name hardcoded in them, you might find it useful to make
symbolic links to the proper devices:&prompt.root; ln -sf /dev/acd0c /dev/dvd
&prompt.root; ln -sf /dev/racd0c /dev/rdvdOn FreeBSD 5.X, which uses &man.devfs.5; there
is a slightly different set of recommended links:&prompt.root; ln -sf /dev/acd0c /dev/dvd
&prompt.root; ln -sf /dev/acd0c /dev/rdvdAdditionally, DVD decryption, which requires invoking
special DVD-ROM functions, requires write permission on the DVD
devices.kernel optionsoptions CPU_ENABLE_SSEkernel optionsoptions USER_LDTSome of the ports discussed rely on the following kernel
options to build correctly. Before attempting to build, add
these options to the kernel configuration file, build a new kernel, and reboot:option CPU_ENABLE_SSE
option USER_LDTTo enhance the shared memory X11 interface, it is
recommended that the values of some &man.sysctl.8; variables
should be increased:kern.ipc.shmmax=67108864
kern.ipc.shmall=32768Determining Video CapabilitiesXVideoSDLDGAThere are several possible ways to display video under X11.
What will really work is largely hardware dependent. Each
method described below will have varying quality across
different hardware. Secondly, the rendering of video in X11 is
a topic receiving a lot of attention lately, and with each
version of XFree86 there may be significant improvement.A list of common video interfaces:X11: normal X11 output using shared memory.XVideo: an extension to the X11
interface which supports video in any X11 drawable.SDL: the Simple Directmedia Layer.DGA: the Direct Graphics Access.SVGAlib: low level console graphics layer.XVideoXFree86 4.X has an extension called
XVideo (aka Xvideo, aka Xv, aka xv) which
allows video to be directly displayed in drawable objects
through a special acceleration. This extension provides very
good quality playback even on low-end machines (for example my
PIII 400 Mhz laptop). Unfortunately, the list of cards in which
this feature is supported out of the box is
currently:3DFX Voodoo 3
- Intel i810 and i815
+ &intel; i810 and i815some S3 chips (such as Savage/IX and Savage/MX)If your card is not one of these, do not be disappointed yet.
XFree86 4.X adds new xv capabilities with each release
A popular familiar graphics card with generally very good
XFree86 performance, nVidia, has yet to release the specifications
on their XVideo support to the XFree86 team. It may be some time
before XFree86 fully support XVideo for these cards..
To check whether the extension is running,
use xvinfo:&prompt.user; xvinfoXVideo is supported for your card if the result looks like:X-Video Extension version 2.2
screen #0
Adaptor #0: "Savage Streams Engine"
number of ports: 1
port base: 43
operations supported: PutImage
supported visuals:
depth 16, visualID 0x22
depth 16, visualID 0x23
number of attributes: 5
"XV_COLORKEY" (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 2110)
"XV_BRIGHTNESS" (range -128 to 127)
client settable attribute
client gettable attribute (current value is 0)
"XV_CONTRAST" (range 0 to 255)
client settable attribute
client gettable attribute (current value is 128)
"XV_SATURATION" (range 0 to 255)
client settable attribute
client gettable attribute (current value is 128)
"XV_HUE" (range -180 to 180)
client settable attribute
client gettable attribute (current value is 0)
maximum XvImage size: 1024 x 1024
Number of image formats: 7
id: 0x32595559 (YUY2)
guid: 59555932-0000-0010-8000-00aa00389b71
bits per pixel: 16
number of planes: 1
type: YUV (packed)
id: 0x32315659 (YV12)
guid: 59563132-0000-0010-8000-00aa00389b71
bits per pixel: 12
number of planes: 3
type: YUV (planar)
id: 0x30323449 (I420)
guid: 49343230-0000-0010-8000-00aa00389b71
bits per pixel: 12
number of planes: 3
type: YUV (planar)
id: 0x36315652 (RV16)
guid: 52563135-0000-0000-0000-000000000000
bits per pixel: 16
number of planes: 1
type: RGB (packed)
depth: 0
red, green, blue masks: 0x1f, 0x3e0, 0x7c00
id: 0x35315652 (RV15)
guid: 52563136-0000-0000-0000-000000000000
bits per pixel: 16
number of planes: 1
type: RGB (packed)
depth: 0
red, green, blue masks: 0x1f, 0x7e0, 0xf800
id: 0x31313259 (Y211)
guid: 59323131-0000-0010-8000-00aa00389b71
bits per pixel: 6
number of planes: 3
type: YUV (packed)
id: 0x0
guid: 00000000-0000-0000-0000-000000000000
bits per pixel: 0
number of planes: 0
type: RGB (packed)
depth: 1
red, green, blue masks: 0x0, 0x0, 0x0Also note that the formats listed (YUV2, YUV12, etc) are not
present with every implementation of XVideo and their absence may
hinder some players.If the result looks like:X-Video Extension version 2.2
screen #0
no adaptors presentThen XVideo is probably not supported for your card.If XVideo is not supported for your card, this only means
that it will be more difficult for your display to meet the
computational demands of rendering video. Depending on your
video card and processor, though, you might still be able to
have a satisfying experience. You should probably read about
ways of improving performance in the advanced reading .Simple Directmedia LayerThe Simple Directmedia Layer, SDL, was intended to be a
- porting layer between Microsoft Windows, BeOS, and Unix,
+ porting layer between µsoft.windows;, BeOS, and &unix;,
allowing cross-platform applications to be developed which made
efficient use of sound and graphics. The SDL layer provides a
low-level abstraction to the hardware which can sometimes be
more efficient than the X11 interface.The SDL can be found at devel/sdl12Direct Graphics AccessDirect Graphics Access is an XFree86 extension which allows
a program to bypass the X server and directly alter the
framebuffer. Because it relies on a low level memory mapping to
effect this sharing, programs using it must must be run as
root.The DGA extension can be tested and benchmarked by
&man.dga.1;. When dga is running, it
changes the colors of the display whenever a key is pressed. To
quit, use q.Ports and Packages Dealing with Videovideo portsvideo packagesThis section discusses the software available from the
FreeBSD Ports Collection which can be used for video playback.
Video playback is a very active area of software development,
and the capabilities of various applications are bound to
diverge somewhat from the descriptions given here.Firstly, it is important to know that many of the video
applications which run on FreeBSD were developed as Linux
applications. Many of these applications are still
beta-quality. Some of the problems that you may encounter with
video packages on FreeBSD include :An application cannot playback a file which another
application produced.An application cannot playback a file which the
application itself produced.The same application on two different machines,
rebuilt on each machine for that machine, plays back the same
file differently.A seemingly trivial filter like rescaling of the image
size results in very bad artifacts from a buggy rescaling
routine.An application frequently dumps core.Documentation is not installed with the port and can be
found either on the web or under the port's 'work'
directory.Many of these applications may also exhibit
Linux-isms. That is, there may be
issues resulting from the way some standard libraries are
implemented in the Linux distributions, or some features of the
Linux kernel which have been assumed by the authors of the
applications. These issues are not always noticed and worked around
by the port maintainers, which can lead to problems like
these:The use of /proc/cpuinfo to detect
processor characteristics.A misuse of threads which causes a program to hang upon
completion instead of truly terminating.Software not yet in the FreeBSD Ports Collection
which is commonly used in conjunction with the application.So far, these application developers have been cooperative with
port maintainers to minimize the work-arounds needed for
port-ing.MPlayerMPlayer is a recently developed and rapidly developing
video player. The goals of the MPlayer team are speed and
flexibility on Linux and other Unices. The project was
started when the team founder got fed up with bad playback
performance on then available players. Some would say that
the graphical interface has been sacrificed for a streamlined
design. However, once
you get used to the command line options and the key-stroke
controls, it works very well.Building MPlayerMPlayermakingMPlayer resides in multimedia/mplayer.
MPlayer performs a variety of
hardware checks during the build process, resulting in a
binary which will not be portable from one system to
another. Therefore, it is important to build it from
ports and not to use a binary package. Additionally, a
number of options can be specified in the make
command line, as described at the start of the build.&prompt.root; cd /usr/ports/multimedia/mplayer
&prompt.root; make
You can enable additional compilation optimizations
by defining WITH_OPTIMIZED_CFLAGS
You can enable GTK GUI by defining WITH_GUI.
You can enable DVD support by defining WITH_DVD.
You can enable SVGALIB support by defining WITH_SVGALIB.
You can enable VORBIS sound support by defining WITH_VORBIS.
You can enable XAnim DLL support by defining WITH_XANIM.
If you have x11-toolkits/gtk12 installed, then
you might as well enable the GUI. Otherwise, it is not
worth the effort. If you intend to play (possibly CSS
encoded) DVD's with MPlayer you must enable the DVD support
option here Unauthorized DVD playback is a
serious criminal act in some countries. Check local laws
before enabling this option.. Some
reasonable options are:&prompt.root; make WITH_DVD=yes WITH_SVGALIB=yesAs of this writing, the MPlayer port will build its HTML
documentation and one executable,
mplayer. It can also be made to build an
encoder, mencoder, which is a tool for
re-encoding video. A modification to the
Makefile can enable it. It may be
enabled by default in subsequent versions of the port.The HTML documentation for MPlayer is very informative.
If the reader finds the information on video hardware and
interfaces in this chapter lacking, the MPlayer documentation
is a very thorough supplement. You should definitely take
the time to read the MPlayer
documentation if you are looking for information about video
- support in Unix.
+ support in &unix;.
Using MPlayerMPlayeruseAny user of MPlayer must set up a
.mplayer subdirectory of her
home directory. To create this necessary subdirectory,
you can type the following:&prompt.user; cd /usr/ports/multimedia/mplayer
&prompt.user; make install-userThe command options for mplayer are
listed in the manual page. For even more detail there is HTML
documentation. In this section, we will describe only a few
common uses.To play a file, such as
testfile.avi,
through one of the various video interfaces set the
option:&prompt.user; mplayer -vo xv testfile.avi&prompt.user; mplayer -vo sdl testfile.avi&prompt.user; mplayer -vo x11 testfile.avi&prompt.root; mplayer -vo dga testfile.avi&prompt.root; mplayer -vo 'sdl:dga' testfile.aviIt is worth trying all of these options, as their relative
performance depends on many factors and will vary significantly
with hardware.To play from a DVD, replace the
testfile.avi with where <N> is
the title number to play and
DEVICE is the
device node for the DVD-ROM. For example, to play title 3
from /dev/dvd:&prompt.root; mplayer -vo dga -dvd 2 /dev/dvdTo stop, pause, advance and so on, consult the
keybindings, which are output by running mplayer
-h or read the manual page.Additional important options for playback are:
which engages the fullscreen mode
and which helps performance.In order for the mplayer command line to not become too
large, the user can create a file
.mplayer/config and set default options
there:vo=xv
fs=yes
zoom=yesFinally, mplayer can be used to rip a
DVD title into a .vob file. To dump
out the second title from a DVD, type this:&prompt.root; mplayer -dumpstream -dumpfile out.vob -dvd 2 /dev/dvdThe output file, out.vob, will be
MPEG and can be manipulated by the other packages described
in this section.mencodermencoderIf you opt to install mencoder when
you build MPlayer, be forewarned
that it is still an experimental component. Before using
mencoder it is a good idea to
familiarize yourself with the options from the HTML
documentation. There is a manual page, but it is not very
useful without the HTML documentation. There are innumerable ways to
improve quality, lower bitrate, and change formats, and some
of these tricks may make the difference between good
or bad performance. Here are a couple of examples to get
you going. First a simple copy:&prompt.user; mencoder input.avi -oac copy -ovc copy -o output.aviImproper combinations of command line options can yield
output files that are
unplayable even by mplayer. Thus, if you
just want to rip to a file, stick to the
in mplayer.To convert input.avi to the MPEG4
codec with MPEG3 audio encoding (audio/lame is required):&prompt.user; mencoder input.avi -oac mp3lame -lameopts br=192 \
-ovc lavc -lavcopts vcodec=mpeg4:vhq -o output.aviThis has produced output playable by mplayer
and xine.input.avi can be replaced with
and run as
root to re-encode a DVD title
directly. Since you are likely to be dissatisfied with
your results the first time around, it is recommended you
dump the title to a file and work on the file.The xine Video PlayerThe xine video player is a project of wide scope aiming not only at being an
all in one video solution, but also in producing a reusable base
library and a modular executable which can be extended with
plugins. It comes both as a package and as a port, multimedia/xine.The xine player
is still very rough around the edges, but it is clearly off to a
good start. In practice, xine requires either a fast CPU with a
fast video card, or support for the XVideo extension. The GUI is
usable, but a bit clumsy.As of this writing, there is no input module shipped with
xine which will play CSS encoded DVD's. There are third party
builds which do have modules for this built in them, but none
of these are in the FreeBSD Ports Collection.Compared to MPlayer, xine does more for the user, but at the
same time, takes some of the more fine-grained control away from
the user. The xine video player
performs best on XVideo interfaces.By default, xine player will
start up in a graphical user interface. The menus can then be
used to open a specific file:&prompt.user; xineAlternatively, it may be invoked to play a file immediately
without the GUI interface with the command:&prompt.user; xine -g -p mymovie.aviThe transcode UtilitiesThe software transcode is not a player, but a suite of tools for
re-encoding .avi and .mpg files. With transcode, one has the
ability to merge video files, repair broken files, using command
line tools with stdin/stdout stream
interfaces.Like MPlayer, transcode is very experimental software which
must be build from the port multimedia/transcode. Using a great
many options to the make command. I
recommend:&prompt.root; make WITH_LIBMPEG2=yesIf you plan to install multimedia/avifile, then add the
WITH_AVIFILE option to your
make command line, as shown here:&prompt.root; make WITH_AVIFILE=yes WITH_LIBMPEG2=yesHere are two examples of using transcode
for video conversion which produce rescaled output. The first
encodes the output to an openDIVX AVI file, while the second
encodes to the much more portable MPEG format.&prompt.user; transcode -i input.vob -x vob -V -Z 320x240 \
-y opendivx -N 0x55 -o output.avi&prompt.user; transcode -i input.vob -x vob -V -Z 320x240 \
-y mpeg -N 0x55 -o output.tmp
&prompt.user; tcmplex -o output.mpg -i output.tmp.m1v -p output.tmp.mpa -m 1There is a manual page for transcode, but
there is little documentation for the various tc* utilities (such as
tcmplex) which are also installed.
However, the command line option can
always be given to get curt usage instructions for a
command.In comparison, transcode runs
significantly slower than mencoder, but it
has a better chance of producing a more widely playable file.
MPEGs created by transcode have been known to
play on older copies of
- Windows Media Player and Apple's QuickTime, for example.
+ &windows.media; Player and Apple's &quicktime;, for example.
Further ReadingThe various video software packages for FreeBSD are
developing rapidly. It is quite possible that in the near
future many of the problems discussed here will have been
resolved. In the mean time, those who
want to get the very most out of FreeBSD's A/V capabilities will
have to cobble together knowledge from several FAQs and tutorials
and use a few different applications. This section exists to
give the reader pointers to such additional information.The
MPlayer documentation
is very technically informative.
These documents should probably be consulted by anyone wishing
- to obtain a high level of expertise with Unix video. The
+ to obtain a high level of expertise with &unix; video. The
MPlayer mailing list is hostile to anyone who has not bothered
to read the documentation, so if you plan on making bug reports
to them, RTFM.The
xine HOWTO
contains a chapter on performance improvement
which is general to all players.Finally, there are some other promising applications which
the reader may try:Avifile which
is also a port multimedia/avifile.Ogle
which is also a port multimedia/ogle.Xtheater
diff --git a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
index 8ad583c9b8..745550530a 100644
--- a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
@@ -1,3274 +1,3274 @@
JimMockRestructured, reorganized, and updated by PPP and SLIPSynopsisPPPSLIPFreeBSD has a number of ways to link one computer to
another. To establish a network or Internet connection through a
dial-up modem, or to allow others to do so through you, requires
the use of PPP or SLIP. This chapter describes setting up
these modem-based communication services in detail.After reading this chapter, you will know:How to setup User PPP.How to setup Kernel PPP.How to setup PPPoE (PPP over
Ethernet).How to setup PPPoA (PPP over
ATM).How to configure and setup a SLIP client and
server.PPPuser PPPPPPkernel PPPPPPover EthernetBefore reading this chapter, you should:Be familiar with basic network terminology.Understand the basics and purpose of a dialup connection
and PPP and/or SLIP.You may be wondering what the main difference is between User
PPP and kernel PPP. The answer is simple; user PPP processes the
inbound and outbound data in userland rather than in the kernel.
This is expensive in terms of copying the data between the kernel
and userland, but allows a far more feature-rich ppp implementation.
User PPP uses the tun device to communicate
with the outside world whereas kernel-ppp uses the
ppp device.Throughout in this chapter, user ppp will simply be
referred to as ppp unless a distinction needs to be made between it
and any other PPP software such as pppd.
Unless otherwise stated, all of the commands explained in this
section should be executed as root.TomRhodesUpdated and enhanced by BrianSomersOriginally contributed by NikClaytonWith input from DirkFrömbergPeterChildsUsing User PPPUser PPPAssumptionsThis document assumes you have the following:ISPPPPAn account with an Internet Service Provider (ISP) which
you connect to using PPP.You have a modem or
other device connected to your system and configured
correctly which allows you to connect to your ISP.The dial-up number(s) of your ISP.PAPCHAP
- Unix
+ UNIXlogin namepasswordYour login name and password. (Either a
- regular Unix-style login and password pair, or a PAP or CHAP
+ regular &unix; style login and password pair, or a PAP or CHAP
login and password pair.)nameserverThe IP address of one or more name servers.
Normally, you will be given two IP addresses by your ISP to
use for this. If they have not given you at least one, then
you can use the enable dns command in
ppp.conf and
ppp will set the name servers for
you. This feature depends on your ISPs PPP implementation
supporting DNS negotiation.The following information may be supplied by your ISP, but
is not completely necessary:The IP address of your ISP's gateway. The gateway is
the machine to which you will connect and will be set up as
your default route. If you do not have
this information, we can make one up and your ISP's PPP
server will tell us the correct value when we connect.This IP number is referred to as
HISADDR by
ppp.The netmask you should use. If your ISP has not
provided you with one, you can safely use 255.255.255.255.static IP addressIf your ISP provides you with a static IP address and
hostname, you can enter it. Otherwise, we simply let the
peer assign whatever IP address it sees fit.If you do not have any of the required information, contact
your ISP.Throughout this section, many of the examples showing
the contents of configuration files are numbered by line.
These numbers serve to aid in the presentation and
discussion only and are not meant to be placed in the actual
file. Proper indentation with tab and space characters is
also important.Creating PPP Device NodesPPPcreating device nodesUnder normal circumstances, most users will only need
one tun device
(/dev/tun0). References to
tun0 below may be changed to
tunN
where N is any unit number
corresponding to your system.For FreeBSD installations that do not have &man.devfs.5; enabled
(FreeBSD 4.X and earlier), the existence of the
tun0 device should be verified (this is not
necessary if &man.devfs.5; is enabled as device nodes will be created
on demand).The easiest way to make sure that the
tun0 device is configured correctly
is to remake the device. To remake the device, do the
following:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV tun0If you need 16 tunnel devices in your kernel, you will need
to create them. This can be done by executing the following
commands:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV tun15Automatic PPP ConfigurationPPPconfigurationBoth ppp and pppd
(the kernel level implementation of PPP) use the configuration
files located in the /etc/ppp directory.
Examples for user ppp can be found in
/usr/share/examples/ppp/.Configuring ppp requires that you edit a
number of files, depending on your requirements. What you put
in them depends to some extent on whether your ISP allocates IP
addresses statically (i.e., you get given one IP address, and
always use that one) or dynamically (i.e., your IP address
changes each time you connect to your ISP).PPP and Static IP AddressesPPPwith static IP addressesYou will need to edit the
/etc/ppp/ppp.conf configuration file. It
should look similar to the example below.Lines that end in a : start in
the first column (beginning of the line)— all other
lines should be indented as shown using spaces or
tabs.1 default:
2 set log Phase Chat LCP IPCP CCP tun command
3 ident user-ppp VERSION (built COMPILATIONDATE)
4 set device /dev/cuaa0
5 set speed 115200
6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
7 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
8 set timeout 180
9 enable dns
10
11 provider:
12 set phone "(123) 456 7890"
13 set authname foo
14 set authkey bar
15 set login "TIMEOUT 10 \"\" \"\" gin:--gin: \\U word: \\P col: ppp"
16 set timeout 300
17 set ifaddr x.x.x.xy.y.y.y 255.255.255.255 0.0.0.0
18 add default HISADDRLine 1:Identifies the default entry. Commands in this
entry are executed automatically when ppp is run.Line 2:Enables logging parameters. When the configuration
is working satisfactorily, this line should be reduced
to saying
set log phase tun
in order to avoid excessive log file sizes.Line 3:Tells PPP how to identify itself to the peer.
PPP identifies itself to the peer if it has any trouble
negotiating and setting up the link, providing information
that the peers administrator may find useful when
investigating such problems.Line 4:Identifies the device to which the modem is
connected. COM1 is
/dev/cuaa0 and
COM2 is
/dev/cuaa1.Line 5:Sets the speed you want to connect at. If 115200
does not work (it should with any reasonably new modem),
try 38400 instead.Line 6 & 7:PPPuser PPPThe dial string. User PPP uses an expect-send
syntax similar to the &man.chat.8; program. Refer to
the manual page for information on the features of this
language.Note that this command continues onto the next line
for readability. Any command in
ppp.conf may do this if the last
character on the line is a ``\'' character.Line 8:Sets the idle timeout for the link. 180 seconds
is the default, so this line is purely cosmetic.Line 9:Tells PPP to ask the peer to confirm the local
resolver settings. If you run a local name server, this
line should be commented out or removed.Line 10:A blank line for readability. Blank lines are ignored
by PPP.Line 11:Identifies an entry for a provider called
provider. This could be changed
to the name of your ISP so
that later you can use the
to start the connection.Line 12:Sets the phone number for this provider. Multiple
phone numbers may be specified using the colon
(:) or pipe character
(|)as a separator. The difference
between the two separators is described in &man.ppp.8;.
To summarize, if you want to rotate through the numbers,
use a colon. If you want to always attempt to dial the
first number first and only use the other numbers if the
first number fails, use the pipe character. Always
quote the entire set of phone numbers as shown.You must enclose the phone number in quotation marks
(") if there is any intention on using
spaces in the phone number. This can cause a simple, yet
subtle error.Line 13 & 14:Identifies the user name and password. When
- connecting using a Unix-style login prompt, these
+ connecting using a &unix; style login prompt, these
values are referred to by the set
login command using the \U and \P
variables. When connecting using PAP or CHAP, these
values are used at authentication time.Line 15:PAPCHAPIf you are using PAP or CHAP, there will be no login
at this point, and this line should be commented out or
removed. See PAP and CHAP
authentication for further details.The login string is of the same chat-like syntax as
the dial string. In this example, the string works for
a service whose login session looks like this:J. Random Provider
login: foo
password: bar
protocol: pppYou will need to alter this script to suit your
own needs. When you write this script for the first
time, you should ensure that you have enabled
chat logging so you can determine if
the conversation is going as expected.Line 16:timeoutSets the default idle timeout (in seconds) for the
connection. Here, the connection will be closed
automatically after 300 seconds of inactivity. If you
never want to timeout, set this value to zero or use
the command line switch.Line 17:ISPSets the interface addresses. The string
x.x.x.x should be
replaced by the IP address that your provider has
allocated to you. The string
y.y.y.y should be
replaced by the IP address that your ISP indicated
for their gateway (the machine to which you
connect). If your ISP has not given you a gateway
address, use 10.0.0.2/0. If you need to
use a guessed address, make sure that
you create an entry in
/etc/ppp/ppp.linkup as per the
instructions for PPP and Dynamic IP
addresses. If this line is omitted,
ppp cannot run in
mode.Line 18:Adds a default route to your ISP's gateway. The
special word HISADDR is replaced with
the gateway address specified on line 9. It is
important that this line appears after line 9,
otherwise HISADDR will not yet be
initialized.If you do not wish to run ppp in ,
this line should be moved to the
ppp.linkup file.It is not necessary to add an entry to
ppp.linkup when you have a static IP
address and are running ppp in mode as your
routing table entries are already correct before you connect.
You may however wish to create an entry to invoke programs after
connection. This is explained later with the sendmail
example.Example configuration files can be found in the
/usr/share/examples/ppp/ directory.PPP and Dynamic IP AddressesPPPwith dynamic IP addressesIPCPIf your service provider does not assign static IP
addresses, ppp can be configured to
negotiate the local and remote addresses. This is done by
guessing an IP address and allowing
ppp to set it up correctly using the IP
Configuration Protocol (IPCP) after connecting. The
ppp.conf configuration is the same as
PPP and Static IP
Addresses, with the following change:17 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255Again, do not include the line number, it is just for
reference. Indentation of at least one space is
required.Line 17:The number after the / character
is the number of bits of the address that ppp will
insist on. You may wish to use IP numbers more
appropriate to your circumstances, but the above example
will always work.The last argument (0.0.0.0) tells
PPP to start negotiations using address 0.0.0.0 rather than 10.0.0.1 and is necessary for some
ISPs. Do not use 0.0.0.0 as the first
argument to set ifaddr as it prevents
PPP from setting up an initial route in
mode.If you are not running in mode, you
will need to create an entry in
/etc/ppp/ppp.linkup.
ppp.linkup is used after a connection has
been established. At this point, ppp will
have assigned the interface addresses and it will now be
possible to add the routing table entries:1 provider:
2 add default HISADDRLine 1:On establishing a connection,
ppp will look for an entry in
ppp.linkup according to the
following rules: First, try to match the same label
as we used in ppp.conf. If
that fails, look for an entry for the IP address of
our gateway. This entry is a four-octet IP style
label. If we still have not found an entry, look
for the MYADDR entry.Line 2:This line tells ppp to add a
default route that points to
HISADDR.
HISADDR will be replaced with the
IP number of the gateway as negotiated by the
IPCP.See the pmdemand entry in the files
/usr/share/examples/ppp/ppp.conf.sample
and
/usr/share/examples/ppp/ppp.linkup.sample
for a detailed example.Receiving Incoming CallsPPPreceiving
incoming callsWhen you configure ppp to
receive incoming calls on a machine connected to a LAN, you
must decide if you wish to forward packets to the LAN. If you
do, you should allocate the peer an IP number from your LAN's
subnet, and use the command enable proxy in
your /etc/ppp/ppp.conf file. You should
also confirm that the /etc/rc.conf file
contains the following:gateway_enable="YES"Which getty?Configuring FreeBSD for Dial-up
Services provides a good description on enabling
dial-up services using &man.getty.8;.An alternative to getty is mgetty,
a smarter version of getty designed
with dial-up lines in mind.The advantages of using mgetty is
that it actively talks to modems,
meaning if port is turned off in
/etc/ttys then your modem will not answer
the phone.Later versions of mgetty (from
0.99beta onwards) also support the automatic detection of
PPP streams, allowing your clients script-less access to
your server.Refer to Mgetty and
AutoPPP for more information on
mgetty.PPP PermissionsThe ppp command must normally be
run as the root user. If however,
you wish to allow ppp to run in
server mode as a normal user by executing
ppp as described below, that user
must be given permission to run ppp
by adding them to the network group
in /etc/group.You will also need to give them access to one or more
sections of the configuration file using the
allow command:allow users fred maryIf this command is used in the default
section, it gives the specified users access to
everything.PPP Shells for Dynamic-IP UsersPPP shellsCreate a file called
/etc/ppp/ppp-shell containing the
following:#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`
if [ x$IDENT = xdialup ]; then
IDENT=`basename $TTY`
fi
echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENTThis script should be executable. Now make a symbolic
link called ppp-dialup to this script
using the following commands:&prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialupYou should use this script as the
shell for all of your dialup users.
This is an example from /etc/password
for a dialup PPP user with username
pchilds (remember do not directly edit
the password file, use vipw).pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialupCreate a /home/ppp directory that
is world readable containing the following 0 byte
files:-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhostswhich prevents /etc/motd from being
displayed.PPP Shells for Static-IP UsersPPP shellsCreate the ppp-shell file as above,
and for each account with statically assigned IPs create a
symbolic link to ppp-shell.For example, if you have three dialup customers,
fred, sam, and
mary, that you route class C networks
for, you would type the following:&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-maryEach of these users dialup accounts should have their
shell set to the symbolic link created above (for example,
mary's shell should be
/etc/ppp/ppp-mary).Setting Up ppp.conf for Dynamic-IP UsersThe /etc/ppp/ppp.conf file should
contain something along the lines of:default:
set debug phase lcp chat
set timeout 0
ttyd0:
set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
enable proxy
ttyd1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxyThe indenting is important.The default: section is loaded for
each session. For each dialup line enabled in
/etc/ttys create an entry similar to
the one for ttyd0: above. Each line
should get a unique IP address from your pool of IP
addresses for dynamic users.Setting Up ppp.conf for Static-IP
UsersAlong with the contents of the sample
/usr/share/examples/ppp/ppp.conf
above you should add a section for each of the
statically assigned dialup users. We will continue with
our fred, sam,
and mary example.fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
sam:
set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255The file /etc/ppp/ppp.linkup
should also contain routing information for each static
IP user if required. The line below would add a route
for the 203.14.101.0
class C via the client's ppp link.fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
sam:
add 203.14.102.0 netmask 255.255.255.0 HISADDR
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDRmgetty and AutoPPPmgettyAutoPPPLCPConfiguring and compiling mgetty
with the AUTO_PPP option enabled
allows mgetty to detect the LCP phase
of PPP connections and automatically spawn off a ppp
shell. However, since the default login/password
sequence does not occur it is necessary to authenticate
users using either PAP or CHAP.This section assumes the user has successfully
configured, compiled, and installed a version of
mgetty with the
AUTO_PPP option (v0.99beta or
later).Make sure your
/usr/local/etc/mgetty+sendfax/login.config
file has the following in it:/AutoPPP/ - - /etc/ppp/ppp-pap-dialupThis will tell mgetty to run the
ppp-pap-dialup script for detected
PPP connections.Create a file called
/etc/ppp/ppp-pap-dialup containing the
following (the file should be executable):#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENTFor each dialup line enabled in
/etc/ttys, create a corresponding entry
in /etc/ppp/ppp.conf. This will
happily co-exist with the definitions we created
above.pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxyEach user logging in with this method will need to have
a username/password in
/etc/ppp/ppp.secret file, or
alternatively add the following option to authenticate users
via PAP from /etc/password file.enable passwdauthIf you wish to assign some users a static IP number,
you can specify the number as the third argument in
/etc/ppp/ppp.secret. See
/usr/share/examples/ppp/ppp.secret.sample
for examples.MS ExtensionsDNSNetBIOSPPPMicrosoft extensionsIt is possible to configure PPP to supply DNS and
NetBIOS nameserver addresses on demand.To enable these extensions with PPP version 1.x, the
following lines might be added to the relevant section of
/etc/ppp/ppp.conf.enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5And for PPP version 2 and above:accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5This will tell the clients the primary and secondary
name server addresses, and a NetBIOS nameserver host.In version 2 and above, if the
set dns line is omitted, PPP will use the
values found in /etc/resolv.conf.PAP and CHAP AuthenticationPAPCHAPSome ISPs set their system up so that the authentication
part of your connection is done using either of the PAP or
CHAP authentication mechanisms. If this is the case, your ISP
will not give a login: prompt when you
connect, but will start talking PPP immediately.PAP is less secure than CHAP, but security is not normally
an issue here as passwords, although being sent as plain text
with PAP, are being transmitted down a serial line only.
There is not much room for crackers to
eavesdrop.Referring back to the PPP
and Static IP addresses or PPP and Dynamic IP addresses
sections, the following alterations must be made:7 set login
…
12 set authname MyUserName
13 set authkey MyPasswordLine 7:Your ISP will not normally require that you log into
the server if you are using PAP or CHAP. You must
therefore disable your set login
string.Line 12:This line specifies your PAP/CHAP user name. You
will need to insert the correct value for
MyUserName.Line 13:passwordThis line specifies your PAP/CHAP password. You
will need to insert the correct value for
MyPassword. You may want to
add an additional line, such as:15 accept PAPor15 accept CHAPto make it obvious that this is the intention, but
PAP and CHAP are both accepted by default.Changing Your ppp Configuration on the
FlyIt is possible to talk to the ppp
program while it is running in the background, but only if a
suitable diagnostic port has been set up. To do this, add the
following line to your configuration:set server /var/run/ppp-tun%d DiagnosticPassword 0177This will tell PPP to listen to the specified
- Unix-domain socket, asking clients for the specified
+ &unix; domain socket, asking clients for the specified
password before allowing access. The
%d in the name is replaced with the
tun device number that is in
use.Once a socket has been set up, the &man.pppctl.8;
program may be used in scripts that wish to manipulate the
running program.Using PPP Network Address Translation CapabilityPPPNATPPP has ability to use internal NAT without kernel diverting
capabilities. This functionality may be enabled by the following
line in /etc/ppp/ppp.conf:nat enable yesAlternatively, PPP NAT may be enabled by command-line
option -nat. There is also
/etc/rc.conf knob named
ppp_nat, which is enabled by default.If you use this feature, you may also find useful
the following /etc/ppp/ppp.conf options
to enable incoming connections forwarding:nat port tcp 10.0.0.2:ftp ftp
nat port tcp 10.0.0.2:http httpor do not trust the outside at allnat deny_incoming yesFinal System ConfigurationPPPconfigurationYou now have ppp configured, but there
are a few more things to do before it is ready to work. They
all involve editing the /etc/rc.conf
file.Working from the top down in this file, make sure the
hostname= line is set, e.g.:hostname="foo.example.com"If your ISP has supplied you with a static IP address and
name, it is probably best that you use this name as your host
name.Look for the network_interfaces variable.
If you want to configure your system to dial your ISP on demand,
make sure the tun0 device is added to
the list, otherwise remove it.network_interfaces="lo0 tun0"
ifconfig_tun0=The ifconfig_tun0 variable should be
empty, and a file called
/etc/start_if.tun0 should be created.
This file should contain the line:ppp -auto mysystemThis script is executed at network configuration time,
starting your ppp daemon in automatic mode. If you have a LAN
for which this machine is a gateway, you may also wish to use
the switch. Refer to the manual page
for further details.Set the router program to NO with
following line in your
/etc/rc.conf:router_enable="NO"routedIt is important that the routed daemon is
not started (it is started by default), as
routed tends to delete the default routing
table entries created by ppp.It is probably worth your while ensuring that the
sendmail_flags line does not include the
option, otherwise
sendmail will attempt to do a network lookup
every now and then, possibly causing your machine to dial out.
You may try:sendmail_flags="-bd"sendmailThe downside of this is that you must force
sendmail to re-examine the mail queue
whenever the ppp link is up by typing:&prompt.root; /usr/sbin/sendmail -qYou may wish to use the !bg command in
ppp.linkup to do this automatically:1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30mSMTPIf you do not like this, it is possible to set up a
dfilter to block SMTP traffic. Refer to the
sample files for further details.Now the only thing left to do is reboot the machine.All that is left is to reboot the machine. After rebooting,
you can now either type:&prompt.root; pppand then dial provider to start the PPP
session, or, if you want ppp to establish
sessions automatically when there is outbound traffic (and
you have not created the start_if.tun0
script), type:&prompt.root; ppp -auto providerSummaryTo recap, the following steps are necessary when setting up
ppp for the first time:Client side:Ensure that the tun device is
built into your kernel.Ensure that the
tunN device
file is available in the /dev
directory.Create an entry in
/etc/ppp/ppp.conf. The
pmdemand example should suffice for
most ISPs.If you have a dynamic IP address, create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf
file.Create a start_if.tun0 script if
you require demand dialing.Server side:Ensure that the tun device is
built into your kernel.Ensure that the
tunN device
file is available in the /dev
directory.Create an entry in /etc/passwd
(using the &man.vipw.8; program).Create a profile in this users home directory that runs
ppp -direct direct-server or
similar.Create an entry in
/etc/ppp/ppp.conf. The
direct-server example should
suffice.Create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf
file.Gennady B.SorokopudParts originally contributed by RobertHuffUsing Kernel PPPSetting Up Kernel PPPPPPkernel PPPBefore you start setting up PPP on your machine, make sure
that pppd is located in
/usr/sbin and the directory
/etc/ppp exists.pppd can work in two modes:As a client — you want to connect your
machine to the outside world via a PPP serial connection or
modem line.PPPserverAs a server — your machine is located on
the network, and is used to connect other computers using
PPP.In both cases you will need to set up an options file
(/etc/ppp/options or
~/.ppprc if you have more than one user on
your machine that uses PPP).You will also need some modem/serial software (preferably
kermit), so you can dial and
establish a connection with the remote host.TrevRoydhouseBased on information provided by Using pppd as a ClientPPPclientCiscoThe following /etc/ppp/options might be
used to connect to a Cisco terminal server PPP line.crtscts # enable hardware flow control
modem # modem control line
noipdefault # remote PPP server must supply your IP address.
# if the remote host does not send your IP during IPCP
# negotiation, remove this option
passive # wait for LCP packets
domain ppp.foo.com # put your domain name here
:<remote_ip> # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be your
# default routerTo connect:kermitmodemDial to the remote host using kermit (or some other modem
program), and enter your user name and password (or whatever
is needed to enable PPP on the remote host).Exit kermit (without
hanging up the line).Enter the following:&prompt.root; /usr/src/usr.sbin/pppd.new/pppd /dev/tty0119200Be sure to use the appropriate speed and device name.Now your computer is connected with PPP. If the connection
fails, you can add the option to the
/etc/ppp/options file, and check console messages
to track the problem.Following /etc/ppp/pppup script will make
all 3 stages automatic:#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200kermit/etc/ppp/kermit.dial is a kermit
script that dials and makes all necessary authorization on the
remote host (an example of such a script is attached to the end
of this document).Use the following /etc/ppp/pppdown script
to disconnect the PPP line:#!/bin/sh
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill -TERM ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptestCheck to see if PPP is still running by executing
/usr/etc/ppp/ppptest, which should look like
this:#!/bin/sh
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'pppd running: PID=' ${pid-NONE}
else
echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0To hang up the modem, execute
/etc/ppp/kermit.hup, which should
contain:set line /dev/tty01 ; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exitHere is an alternate method using chat
instead of kermit.The following two files are sufficient to accomplish a
pppd connection./etc/ppp/options:/dev/cuaa1 115200
crtscts # enable hardware flow control
modem # modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault # remote PPP serve must supply your IP address.
# if the remote host doesn't send your IP during
# IPCP negotiation, remove this option
passive # wait for LCP packets
domain <your.domain> # put your domain name here
: # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be
# your default router/etc/ppp/login.chat.script:The following should go on a single line.ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number>
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id>
TIMEOUT 5 sword: <password>Once these are installed and modified correctly, all you need
to do is run pppd, like so:&prompt.root; pppdUsing pppd as a Server/etc/ppp/options should contain something
similar to the following:crtscts # Hardware flow control
netmask 255.255.255.0 # netmask ( not required )
192.114.208.20:192.114.208.165 # ip's of local and remote hosts
# local ip must be different from one
# you assigned to the ethernet ( or other )
# interface on your machine.
# remote IP is ip address that will be
# assigned to the remote machine
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem lineThe following /etc/ppp/pppserv script
will enable tell pppd to behave as a
server:#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete
# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200Use this /etc/ppp/pppservdown script to
stop the server:#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noansThe following kermit script
(/etc/ppp/kermit.ans) will enable/disable
autoanswer mode on your modem. It should look like this:set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
; autoanswer mod
inp 5 OK
echo \13
exitA script named /etc/ppp/kermit.dial is
used for dialing and authenticating on the remote host. You will
need to customize it for your needs. Put your login and password
in this script; you will also need to change the input statement
depending on responses from your modem and remote host.;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto ; Then SET CARRIER if necessary,
set dial display on ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0 ; login prompt counter
goto slhup
:slcmd ; put the modem in command mode
echo Put the modem in command mode.
clear ; Clear unread characters from input buffer
pause 1
output +++ ; hayes escape sequence
input 1 OK\13\10 ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd ; if modem doesn't answer OK, try again
:slhup ; hang up the phone
clear ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13 ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd ; if no OK answer, put modem in command mode
:sldial ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10 ; put phone number here
assign \%x 0 ; zero the time counter
:look
clear ; Clear unread characters from input buffer
increment \%x ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup
:sllogin ; login
assign \%x 0 ; zero the time counter
pause 1
echo Looking for login prompt.
:slloop
increment \%x ; Count the seconds
clear ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop ; try 10 times to get a login prompt
else goto slhup ; hang up and start again if 10 failures
:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit
:slnodial
echo \7No dialtone. Check the telephone line!\7
exit 1
; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:TomRhodesContributed by Troubleshooting PPP ConnectionsPPPtroubleshootingThis section covers a few issues which may arise when
using PPP over a modem connection. For instance, perhaps you
need to know exactly what prompts the system you are dialing
into will present. Some ISPs present the
ssword prompt, and others will present
password; if the ppp
script is not written accordingly, the login attempt will
fail. The most common way to debug ppp
connections is by connecting manually. The following
information will walk you through a manual connection step by
step.Check the Device NodesIf you reconfigured your kernel then you recall the
sio device. If you did not
configure your kernel, there is no reason to worry. Just
check the dmesg output for the modem
device with:&prompt.root;dmesg | grep sioYou should get some pertinent output about the
sio devices. These are the COM
ports we need. If your modem acts like a standard serial
port then you should see it listed on
sio1, or COM2. If so, you are not
required to rebuild the kernel, you just need to make the
serial device. You can do this by changing your directory
to /dev and running the
MAKEDEV script like above. Now make
the serial devices with:&prompt.root; sh MAKEDEV cuaa0 cuaa1 cuaa2 cuaa3which will create the serial devices for your system.
When matching up sio modem is on sio1 or
COM2 if you are in DOS, then your
modem device would be /dev/cuaa1.Connecting ManuallyConnecting to the Internet by manually controlling
ppp is quick, easy, and a great way to
debug a connection or just get information on how your
ISP treats ppp client
connections. Lets start PPP from
the command line. Note that in all of our examples we will
use example as the hostname of the
machine running PPP. You start
ppp by just typing
ppp:&prompt.root; pppWe have now started ppp.ppp ON example> set device /dev/cuaa1We set our modem device, in this case it is
cuaa1.ppp ON example> set speed 115200Set the connection speed, in this case we
are using 115,200 kbps.ppp ON example> enable dnsTell ppp to configure our
resolver and add the nameserver lines to
/etc/resolv.conf. If ppp
cannot determine our hostname, we can set one manually later.ppp ON example> termSwitch to terminal mode so that we can manually
control the modem.deflink: Entering terminal mode on /dev/cuaa1
type '~h' for helpat
OK
atdt123456789Use at to initialize the modem,
then use atdt and the number for your
ISP to begin the dial in process.CONNECTConfirmation of the connection, if we are going to have
any connection problems, unrelated to hardware, here is where
we will attempt to resolve them.ISP Login:myusernameHere you are prompted for a username, return the
prompt with the username that was provided by the
ISP.ISP Pass:mypasswordThis time we are prompted for a password, just
reply with the password that was provided by the
ISP. Just like logging into
&os;, the password will not echo.Shell or PPP:pppDepending on your ISP this prompt
may never appear. Here we are being asked if we wish to
use a shell on the provider, or to start
ppp. In this example, we have chosen
to use ppp as we want an Internet
connection.Ppp ON example>Notice that in this example the first
has been capitalized. This shows that we have successfully
connected to the ISP.PPp ON example>We have successfully authenticated with our
ISP and are waiting for the
assigned IP address.PPP ON example>We have made an agreement on an IP
address and successfully completed our connection.PPP ON example>add default HISADDRHere we add our default route, we need to do this before
we can talk to the outside world as currently the only
established connection is with the peer. If this fails due to
existing routes you can put a bang character
! in front of the .
Alternatively, you can set this before making the actual
connection and it will negotiate a new route
accordingly.If everything went good we should now have an active
connection to the Internet, which could be thrown into the
background using CTRLz If you notice the
PPP return to ppp then
we have lost our connection. This is good to know because it
shows our connection status. Capital P's show that we have a
connection to the ISP and lowercase p's
show that the connection has been lost for whatever reason.
ppp only has these 2 states.DebuggingIf you have a direct line and cannot seem to make a
connection, then turn hardware flow
CTS/RTS to off with the . This is mainly the case if you are
connected to some PPP capable
terminal servers, where PPP hangs
when it tries to write data to your communication link, so
it would be waiting for a CTS, or Clear
To Send signal which may never come. If you use this option
however, you should also use the
option, which may be required to defeat hardware dependent
on passing certain characters from end to end, most of the
time XON/XOFF. See the &man.ppp.8; manual page for more
information on this option, and how it is used.If you have an older modem, you may need to use the
. Parity is set at none
be default, but is used for error checking (with a large
increase in traffic) on older modems and some
ISPs. You may need this option for
the Compuserve ISP.PPP may not return to the
command mode, which is usually a negotiation error where
the ISP is waiting for your side to start
negotiating. At this point, using the ~p
command will force ppp to start sending the configuration
information.If you never obtain a login prompt, then most likely you
need to use PAP or
CHAP authentication instead of the
- Unix-style in the example above. To use
+ &unix; style in the example above. To use
PAP or CHAP just add
the following options to PPP
before going into terminal mode:ppp ON example> set authname myusernameWhere myusername should be
replaced with the username that was assigned by the
ISP.ppp ON example> set authkey mypasswordWhere mypassword should be
replaced with the password that was assigned by the
ISP.If you connect fine, but cannot seem to find any domain
name, try to use &man.ping.8; with an IP
address and see if you can get any return information. If
you experience 100 percent (100%) packet loss, then its most
likely that you were not assigned a default route. Double
check that the option
was set during the connection. If you can connect to a
remote IP address then it is possible
that a resolver address has not been added to the
/etc/resolv.conf. This file should
look like:domain example.com
nameserver x.x.x.x
nameserver y.y.y.yWhere x.x.x.x and
y.y.y.y should be replaced with
the IP address of your
ISP's DNS servers. This information may
or may not have been provided when you signed up, but a
quick call to your ISP should remedy
that.You could also have &man.syslog.3; provide a logging
function for your PPP connection.
Just add:!ppp
*.* /var/log/ppp.logto /etc/syslog.conf. In most cases, this
functionality already exists.JimMockContributed (from http://node.to/freebsd/how-tos/how-to-freebsd-pppoe.html) by Using PPP over Ethernet (PPPoE)PPPover EthernetPPPoEPPP, over EthernetThis section describes how to set up PPP over Ethernet
(PPPoE).Configuring the KernelNo kernel configuration is necessary for PPPoE any longer. If
the necessary netgraph support is not built into the kernel, it will
be dynamically loaded by ppp.Setting Up ppp.confHere is an example of a working
ppp.conf:default:
set log Phase tun command # you can add more detailed logging if you wish
set ifaddr 10.0.0.1/0 10.0.0.2/0
name_of_service_provider:
set device PPPoE:xl1 # replace xl1 with your ethernet device
set authname YOURLOGINNAME
set authkey YOURPASSWORD
set dial
set login
add default HISADDRRunning PPPAs root, you can run:&prompt.root; ppp -ddial name_of_service_providerStarting PPP at BootAdd the following to your /etc/rc.conf
file:ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO
ppp_profile="name_of_service_provider"Using a PPPoE Service TagSometimes it will be necessary to use a service tag to establish
your connection. Service tags are used to distinguish between
different PPPoE servers attached to a given network.You should have been given any required service tag information
in the documentation provided by your ISP. If you cannot locate
it there, ask your ISP's tech support personnel.As a last resort, you could try the method suggested by the
Roaring Penguin
PPPoE program which can be found in the ports collection. Bear in mind however,
this may de-program your modem and render it useless, so
think twice before doing it. Simply install the program shipped
with the modem by your provider. Then, access the
System menu from the program. The name of your
profile should be listed there. It is usually
ISP.The profile name (service tag) will be used in the PPPoE
configuration entry in ppp.conf as the provider
part of the set device command (see the &man.ppp.8;
manual page for full details). It should look like this:set device PPPoE:xl1:ISPDo not forget to change xl1
to the proper device for your Ethernet card.Do not forget to change ISP
to the profile you have just found above.For additional information, see:Cheaper
Broadband with FreeBSD on DSL by Renaud
Waldura.
Nutzung von T-DSL und T-Online mit FreeBSD
by Udo Erdelhoff (in German).
- PPPoE with a 3Com HomeConnect ADSL Modem Dual Link
+ PPPoE with a &tm.3com; HomeConnect ADSL Modem Dual LinkThis modem does not follow RFC 2516
(A Method for transmitting PPP over Ethernet
(PPPoE), written by L. Mamakos, K. Lidl, J. Evarts,
D. Carrel, D. Simone, and R. Wheeler). Instead, different packet
type codes have been used for the Ethernet frames. Please complain
to 3Com if you think it
should comply with the PPPoE specification.In order to make FreeBSD capable of communicating with this
device, a sysctl must be set. This can be done automatically at
boot time by updating /etc/sysctl.conf:net.graph.nonstandard_pppoe=1or can be done for immediate effect with the command
sysctl net.graph.nonstandard_pppoe=1.Unfortunately, because this is a system-wide setting, it is
not possible to talk to a normal PPPoE client or server and a
- 3Com HomeConnect ADSL Modem at the same time.
+ &tm.3com; HomeConnect ADSL Modem at the same time.
Using PPP over ATM (PPPoA)PPPover ATMPPPoAPPP, over ATMThe following describes how to set up PPP over ATM (PPPoA).
PPPoA is a popular choice among European DSL providers.
- Using PPPoA with the Alcatel SpeedTouch USB
+ Using PPPoA with the Alcatel &speedtouch; USBPPPoA support for this device is supplied as a port in
FreeBSD because the firmware is distributed under Alcatel's
license agreement and can not be redistributed freely
with the base system of FreeBSD.To install the software, simply use the ports collection. Install the
net/pppoa port and follow the
instructions provided with it.
- Like many USB devices, the Alcatel SpeedTouch USB needs to
+ Like many USB devices, the Alcatel &speedtouch; USB needs to
download firmware from the host computer to operate properly.
It is possible to automate this process in &os; so that this
transfer takes place whenever the device is plugged into a USB
port. The following information can be added to the
/etc/usbd.conf file to enable this
automatic firmware transfer. This file must be edited as the
root user.device "Alcatel SpeedTouch USB"
devname "ugen[0-9]+"
vendor 0x06b9
product 0x4061
attach "/usr/local/sbin/modem_run -f /usr/local/libdata/mgmt.o"To enable the USB daemon, usbd,
put the following the line into
/etc/rc.conf:usbd_enable="YES"It is also possible to set up
PPP to dial up at startup. To do
this add the following lines to
/etc/rc.conf. Again, for this procedure
you will need to be logged in as the root
user.ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="adsl"For this to work correctly you will need to have used the
sample ppp.conf which is supplied with the
net/pppoa port.Using mpdYou can use mpd to connect to a
variety of services, in particular PPTP services. You can find
mpd in the ports collection,
net/mpd. Many ADSL modems
require that a PPTP tunnel is created between the modem and
- computer, one such modem is the Alcatel SpeedTouch
+ computer, one such modem is the Alcatel &speedtouch;
Home.First you must install the port, and then you can
configure mpd to suit your
requirements and provider settings. The port places a set of
sample configuration files which are well documented in
PREFIX/etc/mpd/.
Note here that PREFIX means the directory
into which your ports are installed, this defaults to
/usr/local/. A complete guide to
configuring mpd is available in
HTML format once the port has been installed. It is placed in
PREFIX/share/mpd/.
Here is a sample configuration for connecting to an ADSL
service with mpd. The configuration
is spread over two files, first the
mpd.conf.default:
load adsl
adsl:
new -i ng0 adsl adsl
set bundle authname username
set bundle password password
set bundle disable multilink
set link no pap acfcomp protocomp
set link disable chap
set link accept chap
set link keep-alive 30 10
set ipcp no vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface route default
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
openThe username used to authenticate with your ISP.The password used to authenticate with your ISP.The mpd.links file contains information about
the link, or links, you wish to establish. An example
mpd.links to accompany the above example is given
beneath.adsl:
set link type pptp
set pptp mode active
set pptp enable originate incoming outcall
set pptp self 10.0.0.1
set pptp peer 10.0.0.138The IP address of your &os; computer which you will be
using mpd from.The IP address of your ADSL modem. For the Alcatel
- SpeedTouch Home this address defaults to 10.0.0.138.It is possible to initialize the connection easily by issuing the
following command as root.&prompt.root; mpd -badslYou can see the status of the connection with the following
command.&prompt.user; ifconfig ng0
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500
inet 216.136.204.117 --> 204.152.186.171 netmask 0xffffffffUsing mpd is the recommended way to
connect to an ADSL service with &os;.Using pptpclientIt is also possible to use FreeBSD to connect to other PPPoA
services using
net/pptpclient.To use net/pptpclient to
connect to a DSL service, install the port or package and edit your
/etc/ppp/ppp.conf. You will need to be
root to perform both of these operations. An
example section of ppp.conf is given
below. For further information on ppp.conf
options consult the ppp manual page,
&man.ppp.8;.adsl:
set log phase chat lcp ipcp ccp tun command
set timeout 0
enable dns
set authname username
set authkey password
set ifaddr 0 0
add default HISADDRThe username of your account with the DSL provider.The password for your account.Because you must put your account's password in the
ppp.conf file in plain text form you should
make sure than nobody can read the contents of this file. The
following series of commands will make sure the file is only
readable by the root account. Refer to the
manuals pages for &man.chmod.1; and &man.chown.8; for further
information.&prompt.root; chown root:wheel /etc/ppp/ppp.conf
&prompt.root; chmod 600 /etc/ppp/ppp.confThis will open a tunnel for a PPP session to your DSL router.
Ethernet DSL modems have a preconfigured LAN IP address which you
- connect to. In the case of the Alcatel SpeedTouch Home this address is
+ connect to. In the case of the Alcatel &speedtouch; Home this address is
10.0.0.138. Your routers documentation
should tell you which address your device uses. To open the tunnel and
start a ppp session execute the following
command.&prompt.root; pptp addressispYou may wish to add an ampersand (&) to the
end of the previous command because pptp
will not return your prompt to you otherwise.A tun virtual tunnel device will be
created for interaction between the pptp
and ppp processes. Once you have been
returned to your prompt, or the pptp
process has confirmed a connection you can examine the tunnel like
so.&prompt.user; ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 216.136.204.21 --> 204.152.186.171 netmask 0xffffff00
Opened by PID 918If you are unable to connect, check the configuration of
your router, which is usually accessible via
telnet or with a web browser. If you still
cannot connect you should examine the output of the
pptp command and the contents of the
ppp log file,
/var/log/ppp.log for clues.SatoshiAsamiOriginally contributed by GuyHelmerWith input from PieroSeriniUsing SLIPSLIPSetting Up a SLIP ClientSLIPclientThe following is one way to set up a FreeBSD machine for SLIP
on a static host network. For dynamic hostname assignments (your
address changes each time you dial up), you probably need to
have a more complex setup.First, determine which serial port your modem is connected to.
Many people setup a symbolic link, such as
/dev/modem, to point to the real device name,
/dev/cuaaN. This allows you to
abstract the actual device name should you ever need to move
the modem to a different port. It can become quite cumbersome when you
need to fix a bunch of files in /etc and
.kermrc files all over the system!/dev/cuaa0 is
COM1, cuaa1 is
COM2, etc.Make sure you have the following in your kernel configuration
file:pseudo-device sl 1It is included in the GENERIC kernel, so
this should not be a problem unless you have deleted it.Things You Have to Do Only OnceAdd your home machine, the gateway and nameservers to
your /etc/hosts file. Mine looks like
this:127.0.0.1 localhost loghost
136.152.64.181 water.CS.Example.EDU water.CS water
136.152.64.1 inr-3.CS.Example.EDU inr-3 slip-gateway
128.32.136.9 ns1.Example.EDU ns1
128.32.136.12 ns2.Example.EDU ns2Make sure you have before
in your
/etc/host.conf on FreeBSD versions
prior to 5.0. Since FreeBSD 5.0, the system uses
the file /etc/nsswitch.conf instead,
make sure you have before
in the line
of this file. Without these parameters funny
things may happen.Edit the /etc/rc.conf file.Set your hostname by editing the line that
says:hostname="myname.my.domain"Your machine's full Internet hostname should be
placed here.Add sl0 to the list of
network interfaces by changing the line that
says:network_interfaces="lo0"to:network_interfaces="lo0 sl0"Set the startup flags of sl0 by adding a
line:ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"default routeDesignate the default router by changing the
line:defaultrouter="NO"to:defaultrouter="slip-gateway"Make a file /etc/resolv.conf which
contains:domain CS.Example.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12nameserverdomain nameAs you can see, these set up the nameserver hosts. Of
course, the actual domain names and addresses depend on your
environment.Set the password for root and
toor (and any other
accounts that do not have a password).Reboot your machine and make sure it comes up with the
correct hostname.Making a SLIP ConnectionSLIPconnecting withDial up, type slip at the prompt,
enter your machine name and password. What is required to
be entered depends on your environment. If you use
kermit, you can try a script like this:# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0aOf course, you have to change the hostname and password
to fit yours. After doing so, you can just type
slip from the kermit prompt to
connect.Leaving your password in plain text anywhere in the
filesystem is generally a bad idea.
Do it at your own risk.Leave the kermit there (you can suspend it by
Ctrlz) and as root, type:&prompt.root; slattach -h -c -s 115200 /dev/modemIf you are able to ping hosts on the
other side of the router, you are connected! If it does not
work, you might want to try instead of
as an argument to
slattach.How to Shutdown the ConnectionDo the following:&prompt.root; kill -INT `cat /var/run/slattach.modem.pid`to kill slattach. Keep in mind you must be
root to do the above. Then go back to
kermit (by running fg if you suspended it) and
exit from
it (q).The slattach manual page says you have
to use ifconfig sl0 down
to mark the interface down, but this does not
seem to make any difference for me.
(ifconfig sl0 reports the same thing.)Some times, your modem might refuse to drop the carrier
(mine often does). In that case, simply start kermit and quit
it again. It usually goes out on the second try.TroubleshootingIf it does not work, feel free to ask me. The things that
people tripped over so far:Not using or in
slattach (This should not be fatal,
but some users have reported that this solves their
problems.)Using instead of
(might be hard to see the difference on
some fonts).Try ifconfig sl0 to see your
interface status. For example, you might get:&prompt.root; ifconfig sl0
sl0: flags=10<POINTOPOINT>
inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00If you get no route to host
messages from ping, there may be a problem with your
routing table. You can use the netstat -r
command to display the current routes :&prompt.root; netstat -r
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
(root node)
(root node)
Route Tree for Protocol Family inet:
(root node) =>
default inr-3.Example.EDU UG 8 224515 sl0 - -
localhost.Exampl localhost.Example. UH 5 42127 lo0 - 0.438
inr-3.Example.ED water.CS.Example.E UH 1 0 sl0 - -
water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438
(root node)The preceding examples are from a relatively busy system.
The numbers on your system will vary depending on
network activity.Setting Up a SLIP ServerSLIPserverThis document provides suggestions for setting up SLIP Server
services on a FreeBSD system, which typically means configuring
your system to automatically startup connections upon login for
remote SLIP clients.PrerequisitesTCP/IP networkingThis section is very technical in nature, so background
knowledge is required. It is assumed that you are familiar with
the TCP/IP network protocol, and in particular, network and node
addressing, network address masks, subnetting, routing, and
routing protocols, such as RIP. Configuring SLIP services on a
dial-up server requires a knowledge of these concepts, and if
you are not familiar with them, please read a copy of either
Craig Hunt's TCP/IP Network Administration
published by O'Reilly & Associates, Inc. (ISBN Number
0-937175-82-X), or Douglas Comer's books on the TCP/IP
protocol.modemIt is further assumed that you have already setup your
modem(s) and configured the appropriate system files to allow
logins through your modems. If you have not prepared your
system for this yet, please see the tutorial for configuring
dialup services; if you have a World-Wide Web browser available,
browse the list of tutorials at http://www.FreeBSD.org/.
You may also want to check the manual pages for &man.sio.4; for
information on the serial port device driver and &man.ttys.5;,
&man.gettytab.5;, &man.getty.8;, & &man.init.8; for
information relevant to configuring the system to accept logins
on modems, and perhaps &man.stty.1; for information on setting
serial port parameters (such as clocal for
directly-connected serial interfaces).Quick OverviewIn its typical configuration, using FreeBSD as a SLIP server
works as follows: a SLIP user dials up your FreeBSD SLIP Server
system and logs in with a special SLIP login ID that uses
/usr/sbin/sliplogin as the special user's
shell. The sliplogin program browses the
file /etc/sliphome/slip.hosts to find a
matching line for the special user, and if it finds a match,
connects the serial line to an available SLIP interface and then
runs the shell script
/etc/sliphome/slip.login to configure the
SLIP interface.An Example of a SLIP Server LoginFor example, if a SLIP user ID were
Shelmerg, Shelmerg's
entry in /etc/master.passwd would look
something like this:Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliploginWhen Shelmerg logs in,
sliplogin will search
/etc/sliphome/slip.hosts for a line that
had a matching user ID; for example, there may be a line in
/etc/sliphome/slip.hosts that
reads:Shelmerg dc-slip sl-helmer 0xfffffc00 autocompsliplogin will find that matching line,
hook the serial line into the next available SLIP interface,
and then execute /etc/sliphome/slip.login
like this:/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocompIf all goes well,
/etc/sliphome/slip.login will issue an
ifconfig for the SLIP interface to which
sliplogin attached itself (slip interface
0, in the above example, which was the first parameter in the
list given to slip.login) to set the
local IP address (dc-slip), remote IP address
(sl-helmer), network mask for the SLIP
interface (0xfffffc00), and
any additional flags (autocomp). If
something goes wrong, sliplogin usually
logs good informational messages via the
daemon syslog facility, which usually logs
to /var/log/messages (see the manual
pages for &man.syslogd.8; and &man.syslog.conf.5; and perhaps
check /etc/syslog.conf to see to what
syslogd is logging and where it is
logging to.OK, enough of the examples — let us dive into
setting up the system.Kernel ConfigurationkernelconfigurationFreeBSD's default kernels usually come with two SLIP
interfaces defined (sl0 and
sl1); you can use netstat
-i to see whether these interfaces are defined in your
kernel.Sample output from netstat -i:Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ed0 1500 <Link>0.0.c0.2c.5f.4a 291311 0 174209 0 133
ed0 1500 138.247.224 ivory 291311 0 174209 0 133
lo0 65535 <Link> 79 0 79 0 0
lo0 65535 loop localhost 79 0 79 0 0
sl0* 296 <Link> 0 0 0 0 0
sl1* 296 <Link> 0 0 0 0 0The sl0 and
sl1 interfaces shown from
netstat -i indicate that there are
two SLIP interfaces built into the kernel. (The asterisks after
the sl0 and sl1 indicate
that the interfaces are down.)However, FreeBSD's default kernel does not come configured
to forward packets (by default, your FreeBSD machine will not act
as a
router) due to Internet RFC requirements for Internet hosts (see
RFCs 1009 [Requirements for Internet Gateways], 1122
[Requirements for Internet Hosts — Communication Layers],
and perhaps 1127 [A Perspective on the Host Requirements RFCs]).
If you want your FreeBSD SLIP Server to act as a router, you
will have to edit the /etc/rc.conf file and
change the setting of the gateway_enable variable to
.You will then need to reboot for the new settings to take
effect.You will notice that near the end of the default kernel
configuration file (/sys/i386/conf/GENERIC)
is a line that reads:pseudo-device sl 2SLIPThis is the line that defines the number of SLIP devices
available in the kernel; the number at the end of the line is
the maximum number of SLIP connections that may be operating
simultaneously.Please refer to on
Configuring the FreeBSD Kernel for help in
reconfiguring your kernel.Sliplogin ConfigurationAs mentioned earlier, there are three files in the
/etc/sliphome directory that are part of
the configuration for /usr/sbin/sliplogin
(see &man.sliplogin.8; for the actual manual page for
sliplogin): slip.hosts,
which defines the SLIP users and their associated IP
addresses; slip.login, which usually just
configures the SLIP interface; and (optionally)
slip.logout, which undoes
slip.login's effects when the serial
connection is terminated.slip.hosts Configuration/etc/sliphome/slip.hosts contains
lines which have at least four items separated by
whitespace:SLIP user's login IDLocal address (local to the SLIP server) of the SLIP
linkRemote address of the SLIP linkNetwork maskThe local and remote addresses may be host names
(resolved to IP addresses by
/etc/hosts or by the domain name
service, depending on your specifications in the file
/etc/nsswitch.conf on
FreeBSD 5.X, in /etc/host.conf
if you use FreeBSD 4.X), and the network mask may be
a name that can be resolved by a lookup into
/etc/networks. On a sample system,
/etc/sliphome/slip.hosts looks like
this:#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocompAt the end of the line is one or more of the
options. — no header
compression — compress
headers — compress headers if
the remote end allows it — disable ICMP packets
(so any ping packets will be dropped instead
of using up your bandwidth)SLIPTCP/IP networkingYour choice of local and remote addresses for your SLIP
links depends on whether you are going to dedicate a TCP/IP
subnet or if you are going to use proxy ARP on
your SLIP server (it is not true proxy ARP, but
that is the terminology used in this section to describe it).
If you are not sure which method to select or how to assign IP
addresses, please refer to the TCP/IP books referenced in
the SLIP Prerequisites ()
and/or consult your IP network manager.If you are going to use a separate subnet for your SLIP
clients, you will need to allocate the subnet number out of
your assigned IP network number and assign each of your SLIP
client's IP numbers out of that subnet. Then, you will
probably need to configure a static route to the SLIP
subnet via your SLIP server on your nearest IP router.EthernetOtherwise, if you will use the proxy ARP
method, you will need to assign your SLIP client's IP
addresses out of your SLIP server's Ethernet subnet, and you
will also need to adjust your
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout scripts to use
&man.arp.8; to manage the proxy-ARP entries in the SLIP
server's ARP table.slip.login ConfigurationThe typical /etc/sliphome/slip.login
file looks like this:#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6This slip.login file merely runs
ifconfig for the appropriate SLIP interface
with the local and remote addresses and network mask of the
SLIP interface.If you have decided to use the proxy ARP
method (instead of using a separate subnet for your SLIP
clients), your /etc/sliphome/slip.login
file will need to look something like this:#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pubThe additional line in this
slip.login, arp -s
$5 00:11:22:33:44:55 pub, creates an ARP entry
in the SLIP server's ARP table. This ARP entry causes the
SLIP server to respond with the SLIP server's Ethernet MAC
address whenever another IP node on the Ethernet asks to
speak to the SLIP client's IP address.EthernetMAC addressWhen using the example above, be sure to replace the
Ethernet MAC address (00:11:22:33:44:55) with the MAC address of
your system's Ethernet card, or your proxy ARP
will definitely not work! You can discover your SLIP server's
Ethernet MAC address by looking at the results of running
netstat -i; the second line of the output
should look something like:ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116This indicates that this particular system's Ethernet MAC
address is 00:02:c1:28:5f:4a
— the periods in the Ethernet MAC address given by
netstat -i must be changed to colons and
leading zeros should be added to each single-digit hexadecimal
number to convert the address into the form that &man.arp.8;
desires; see the manual page on &man.arp.8; for complete
information on usage.When you create
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout, the
execute bit (chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout)
must be set, or sliplogin will be unable
to execute it.slip.logout Configuration/etc/sliphome/slip.logout is not
strictly needed (unless you are implementing proxy
ARP), but if you decide to create it, this is an
example of a basic
slip.logout script:#!/bin/sh -
#
# slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 downIf you are using proxy ARP, you will want to
have /etc/sliphome/slip.logout remove the
ARP entry for the SLIP client:#!/bin/sh -
#
# @(#)slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5The arp -d $5 removes the ARP entry
that the proxy ARPslip.login added when the SLIP client
logged in.It bears repeating: make sure
/etc/sliphome/slip.logout has the execute
bit set after you create it (ie, chmod 755
/etc/sliphome/slip.logout).Routing ConsiderationsSLIProutingIf you are not using the proxy ARP method for
routing packets between your SLIP clients and the rest of your
network (and perhaps the Internet), you will probably
have to add static routes to your closest default router(s) to
route your SLIP client subnet via your SLIP server.Static Routesstatic routesAdding static routes to your nearest default routers
can be troublesome (or impossible if you do not have
authority to do so...). If you have a multiple-router
network in your organization, some routers, such as those
made by Cisco and Proteon, may not only need to be
configured with the static route to the SLIP subnet, but
also need to be told which static routes to tell other
routers about, so some expertise and
troubleshooting/tweaking may be necessary to get
static-route-based routing to work.Running gatedgatedgated is proprietary software now and
will not be available as source code to the public anymore
(more info on the gated website). This
section only exists to ensure backwards compatibility for
those that are still using an older version.An alternative to the headaches of static routes is to
install gated on your FreeBSD SLIP server
and configure it to use the appropriate routing protocols
(RIP/OSPF/BGP/EGP) to tell other routers about your SLIP
subnet.
You'll need to write a /etc/gated.conf
file to configure your gated; here is a sample, similar to
what the author used on a FreeBSD SLIP server:#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
rip yes {
interface sl noripout noripin ;
interface ed ripin ripout version 1 ;
traceoptions route ;
} ;
#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
traceoptions remnants request routes info interface ;
} ;
#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#
export proto rip interface ed {
proto direct {
xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
} ;
} ;
#
# Accept routes from RIP via ed Ethernet interfaces
import proto rip interface ed {
all ;
} ;RIPThe above sample gated.conf file
broadcasts routing information regarding the SLIP subnet
xxx.xxx.yy via RIP onto the
Ethernet; if you are using a different Ethernet driver than
the ed driver, you will need to
change the references to the ed
interface appropriately. This sample file also sets up
tracing to /var/tmp/gated.output for
debugging gated's activity; you can
certainly turn off the tracing options if
gated works OK for you. You will need to
change the xxx.xxx.yy's into the
network address of your own SLIP subnet (be sure to change the
net mask in the proto direct clause as
well).Once you have installed and configured
gated on your system, you will need to
tell the FreeBSD startup scripts to run
gated in place of
routed. The easiest way to accomplish
this is to set the router and
router_flags variables in
/etc/rc.conf. Please see the manual
page for gated for information on
command-line parameters.
diff --git a/en_US.ISO8859-1/books/handbook/serialcomms/chapter.sgml b/en_US.ISO8859-1/books/handbook/serialcomms/chapter.sgml
index a741c8b725..f6d10f0956 100644
--- a/en_US.ISO8859-1/books/handbook/serialcomms/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/serialcomms/chapter.sgml
@@ -1,2625 +1,2625 @@
Serial CommunicationsSynopsisserial communications
- Unix has always had support for serial communications. In fact,
- the very first Unix machines relied on serial lines for user input
+ &unix; has always had support for serial communications. In fact,
+ the very first &unix; machines relied on serial lines for user input
and output. Things have changed a lot from the days when the average
terminal consisted of a 10-character-per-second serial
printer and a keyboard. This chapter will cover some of the ways in
which FreeBSD uses serial communications.After reading this chapter, you will know:How to connect terminals to your FreeBSD
system.How to use a modem to dial out to remote
hosts.How to allow remote users to login to your
system with a modem.How to boot your system from a serial
console.Before reading this chapter, you should:Know how to configure and install a new kernel ().
- Understand Unix permissions and processes ().
+ Understand &unix; permissions and processes ().Have access to the technical manual for the
serial hardware (modem or multi-port card) that you would like
to use with FreeBSD.IntroductionTerminologybits-per-secondbpsBits per Second — the rate at which data is
transmittedDTEDTEData Terminal Equipment — for example, your
computerDCEDCEData Communications Equipment — your modemRS-232RS-232C cablesEIA standard for hardware serial communicationsWhen talking about communications data rates, this section
does not use the term baud. Baud refers to the
number of electrical state transitions that may be made in a
period of time, while bps (bits per second) is
the correct term to use (at least it does not
seem to bother the curmudgeons quite as much).Cables and PortsTo connect a modem or terminal to your FreeBSD system, you
will need a serial port on your computer and the proper cable to connect
to your serial device. If you are already familiar with your
hardware and the cable it requires, you can safely skip this
section.CablesThere are several different kinds of serial cables. The
two most common types for our purposes are null-modem cables
and standard (straight) RS-232 cables. The documentation
for your hardware should describe the type of cable
required.Null-modem Cablesnull-modem cableA null-modem cable passes some signals, such as signal
ground, straight through, but switches other signals. For
example, the send data pin on one end goes to the
receive data pin on the other end.If you like making your own cables, you can construct
a null-modem cable for use with
terminals. This table shows the RS-232C signal names and the pin
numbers on a DB-25 connector.SignalPin #Pin #SignalSG7connects to7SGTxD2connects to3RxDRxD3connects to2TxDRTS4connects to5CTSCTS5connects to4RTSDTR20connects to6DSRDCD86DSRDSR6connects to20DTRConnect Data Set Ready (DSR) and
Data Carrier Detect (DCD) internally in the
connector hood, and then to Data Terminal
Ready (DTR) in the remote hood.Standard RS-232C CablesRS-232C cablesA standard serial cable passes all the RS-232C signals
straight-through. That is, the send data pin on one
end of the cable goes to the send data pin on the
other end. This is the type of cable to use to connect a modem to your
FreeBSD system, and is also appropriate for some
terminals.PortsSerial ports are the devices through which data is transferred
between the FreeBSD host computer and the terminal. This section
describes the kinds of ports that exist and how they are addressed
in FreeBSD.Kinds of PortsSeveral kinds of serial ports exist. Before you purchase or
construct a cable, you need to make sure it will fit the ports on
your terminal and on the FreeBSD system.Most terminals will have DB25 ports. Personal computers,
including PCs running FreeBSD, will have DB25 or DB9 ports. If you
have a multiport serial card for your PC, you may have RJ-12 or
RJ-45 ports.See the documentation that accompanied the hardware for
specifications on the kind of port in use. A visual inspection of
the port often works too.Port NamesIn FreeBSD, you access each serial port through an entry in
the /dev directory. There are two different
kinds of entries:Call-in ports are named
/dev/ttydN
where N is the port number,
starting from zero. Generally, you use the call-in port for
terminals. Call-in ports require that the serial line assert
the data carrier detect (DCD) signal to work correctly.Call-out ports are named
/dev/cuaaN.
You usually do not use the call-out port for terminals, just
for modems. You may use the call-out port if the serial cable
or the terminal does not support the carrier detect
signal.If you have connected a terminal to the first serial port
- (COM1 in MS-DOS), then you will
+ (COM1 in &ms-dos;), then you will
use /dev/ttyd0 to refer to the terminal. If
the terminal is on the second serial port (also known as
COM2), use
/dev/ttyd1, and so forth.Kernel ConfigurationFreeBSD supports four serial ports by default. In the
- MS-DOS world, these are known as
+ &ms-dos; world, these are known as
COM1,
COM2,
COM3, and
COM4. FreeBSD currently supports
dumb multiport serial interface cards, such as
the BocaBoard 1008 and 2016, as well as more
intelligent multi-port cards such as those made by Digiboard
and Stallion Technologies. However, the default kernel only looks
for the standard COM ports.To see if your kernel recognizes any of your serial ports, watch
for messages while the kernel is booting, or use the
/sbin/dmesg command to replay the kernel's boot
messages. In particular, look for messages that start with the
characters sio.To view just the messages that have the word
sio, use the command:&prompt.root; /sbin/dmesg | grep 'sio'For example, on a system with four serial ports, these are the
serial-port specific kernel boot messages:sio0 at 0x3f8-0x3ff irq 4 on isa
sio0: type 16550A
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16550A
sio2 at 0x3e8-0x3ef irq 5 on isa
sio2: type 16550A
sio3 at 0x2e8-0x2ef irq 9 on isa
sio3: type 16550AIf your kernel does not recognize all of your serial
ports, you will probably need to configure a custom FreeBSD
kernel for your system. For detailed information on
configuring your kernel, please see .The relevant device lines for your kernel configuration
file would look like this, for FreeBSD 4.X:device sio0 at isa? port IO_COM1 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? port IO_COM3 irq 5
device sio3 at isa? port IO_COM4 irq 9and like this, for FreeBSD 5.X:device sioYou can comment-out or completely remove lines for devices
you do not have in the case of FreeBSD 4.X; for
FreeBSD 5.X you have to edit your
/boot/device.hints file to configure your
serial ports. Please refer to the &man.sio.4; manual page for
more information on serial ports and multiport boards configuration.
Be careful if you are using a configuration
file that was previously used for a different version of
FreeBSD because the device flags and the syntax have changed between
versions.port IO_COM1 is a substitution for
port 0x3f8, IO_COM2 is
0x2f8, IO_COM3 is
0x3e8, and IO_COM4 is
0x2e8, which are fairly common port addresses for
their respective serial ports; interrupts 4, 3, 5, and 9 are fairly
common interrupt request lines. Also note that regular serial ports
cannot share interrupts on ISA-bus PCs
(multiport boards have on-board electronics that allow all the
16550A's on the board to share one or two interrupt request
lines).Device Special FilesMost devices in the kernel are accessed through device
special files, which are located in the
/dev directory. The sio
devices are accessed through the
/dev/ttydN (dial-in)
and /dev/cuaaN
(call-out) devices. FreeBSD also provides initialization devices
(/dev/ttyidN and
/dev/cuai0N) and
locking devices
(/dev/ttyldN and
/dev/cual0N). The
initialization devices are used to initialize communications port
parameters each time a port is opened, such as
crtscts for modems which use
RTS/CTS signaling for flow control. The locking
devices are used to lock flags on ports to prevent users or programs
changing certain parameters; see the manual pages &man.termios.4;,
&man.sio.4;, and &man.stty.1; for
information on the terminal settings, locking and initializing
devices, and setting terminal options, respectively.Making Device Special FilesFreeBSD 5.0 includes the &man.devfs.5;
filesystem which automatically creates device nodes as
needed. If you are running a version of FreeBSD with
devfs enabled then you can safely skip
this section.A shell script called MAKEDEV in the
/dev directory manages the device special
files. To use MAKEDEV to make dial-up device
special files for COM1 (port 0),
cd to /dev and issue the
command MAKEDEV ttyd0. Likewise, to make dial-up
device special files for COM2 (port 1),
use MAKEDEV ttyd1.MAKEDEV not only creates the
/dev/ttydN device
special files, but also the
/dev/cuaaN,
/dev/cuaiaN,
/dev/cualaN,
/dev/ttyldN,
and
/dev/ttyidN
nodes.After making new device special files, be sure to check the
permissions on the files (especially the
/dev/cua* files) to make sure that only users
who should have access to those device special files can read and
write on them — you probably do not want to allow your average
user to use your modems to dial-out. The default permissions on the
/dev/cua* files should be sufficient:crw-rw---- 1 uucp dialer 28, 129 Feb 15 14:38 /dev/cuaa1
crw-rw---- 1 uucp dialer 28, 161 Feb 15 14:38 /dev/cuaia1
crw-rw---- 1 uucp dialer 28, 193 Feb 15 14:38 /dev/cuala1These permissions allow the user uucp and
users in the group dialer to use the call-out
devices.Serial Port ConfigurationttydcuaaThe ttydN (or
cuaaN) device is the
regular device you will want to open for your applications. When a
process opens the device, it will have a default set of terminal I/O
settings. You can see these settings with the command&prompt.root; stty -a -f /dev/ttyd1When you change the settings to this device, the settings are in
effect until the device is closed. When it is reopened, it goes back to
the default set. To make changes to the default set, you can open and
adjust the settings of the initial state device. For
example, to turn on mode, 8 bit communication,
and flow control by default for
ttyd5, type:&prompt.root; stty -f /dev/ttyid5 clocal cs8 ixon ixoffrc filesrc.serialSystem-wide initialization of the serial devices is
controlled in /etc/rc.serial. This file
affects the default settings of serial devices.To prevent certain settings from being changed by an
application, make adjustments to the lock state
device. For example, to lock the speed of
ttyd5 to 57600 bps, type:&prompt.root; stty -f /dev/ttyld5 57600Now, an application that opens
ttyd5 and tries to change the speed of
the port will be stuck with 57600 bps.MAKEDEVNaturally, you should make the initial state and lock state devices
writable only by the root account.SeanKellyContributed by TerminalsterminalsTerminals provide a convenient and low-cost way to access
your FreeBSD system when you are not at the computer's console or on
a connected network. This section describes how to use terminals with
FreeBSD.Uses and Types of Terminals
- The original Unix systems did not have consoles. Instead, people
+ The original &unix; systems did not have consoles. Instead, people
logged in and ran programs through terminals that were connected to
the computer's serial ports. It is quite similar to using a modem and
terminal software to dial into a remote system to do text-only
work.Today's PCs have consoles capable of high quality graphics, but
the ability to establish a login session on a serial port still exists
- in nearly every Unix-style operating system today; FreeBSD is no
+ in nearly every &unix; style operating system today; FreeBSD is no
exception. By using a terminal attached to an unused serial port, you
can log in and run any text program that you would normally run on the
console or in an xterm window in the X Window
System.For the business user, you can attach many terminals to a FreeBSD
system and place them on your employees' desktops. For a home user, a
- spare computer such as an older IBM PC or a Macintosh can be a
+ spare computer such as an older IBM PC or a &macintosh; can be a
terminal wired into a more powerful computer running FreeBSD. You can
turn what might otherwise be a single-user computer into a powerful
multiple user system.For FreeBSD, there are three kinds of terminals:Dumb terminalsPCs acting as terminalsX terminalsThe remaining subsections describe each kind.Dumb TerminalsDumb terminals are specialized pieces of hardware that let you
connect to computers over serial lines. They are called
dumb because they have only enough computational power
to display, send, and receive text. You cannot run any programs on
them. It is the computer to which you connect them that has all the
power to run text editors, compilers, email, games, and so
forth.There are hundreds of kinds of dumb terminals made by many
manufacturers, including Digital Equipment Corporation's VT-100 and
Wyse's WY-75. Just about any kind will work with FreeBSD. Some
high-end terminals can even display graphics, but only certain
software packages can take advantage of these advanced
features.Dumb terminals are popular in work environments where workers do
not need access to graphical applications such as those provided by
the X Window System.PCs Acting as TerminalsIf a dumb terminal has just
enough ability to display, send, and receive text, then certainly
any spare personal computer can be a dumb terminal. All you need is
the proper cable and some terminal emulation
software to run on the computer.Such a configuration is popular in homes. For example, if your
spouse is busy working on your FreeBSD system's console, you can do
some text-only work at the same time from a less powerful personal
computer hooked up as a terminal to the FreeBSD system.X TerminalsX terminals are the most sophisticated kind of terminal
available. Instead of connecting to a serial port, they usually
connect to a network like Ethernet. Instead of being relegated to
text-only applications, they can display any X application.We introduce X terminals just for the sake of completeness.
However, this chapter does not cover setup,
configuration, or use of X terminals.ConfigurationThis section describes what you need to configure on your FreeBSD
system to enable a login session on a terminal. It assumes you have
already configured your kernel to support the serial port to which the
terminal is connected—and that you have connected it.Recall from that the
init process is responsible for all process
control and initialization at system startup. One of the
tasks performed by init is to read the
/etc/ttys file and start a
getty process on the available terminals.
The getty process is responsible for
reading a login name and starting the login
program.Thus, to configure terminals for your FreeBSD system the
following steps should be taken as root:Add a line to /etc/ttys for the entry in
the /dev directory for the serial port if it
is not already there.Specify that /usr/libexec/getty be run on
the port, and specify the appropriate
getty type from the
/etc/gettytab file.Specify the default terminal type.Set the port to on.Specify whether the port should be
secure.Force init to reread the
/etc/ttys file.As an optional step, you may wish to create a custom
getty type for use in step 2 by making an
entry in /etc/gettytab. This chapter does
not explain how to do so; you are encouraged to see the
&man.gettytab.5; and the &man.getty.8; manual pages for more
information.Adding an Entry to /etc/ttysThe /etc/ttys file lists all of the ports
on your FreeBSD system where you want to allow logins. For example,
the first virtual console ttyv0 has an entry in
this file. You can log in on the console using this entry. This
file also contains entries for the other virtual consoles, serial ports,
and pseudo-ttys. For a hardwired terminal, just list the serial
port's /dev entry without the
/dev part (for example,
/dev/ttyv0 would be listed as
ttyv0).A default FreeBSD install includes an
/etc/ttys file with support for the first
four serial ports: ttyd0 through
ttyd3. If you are attaching a terminal
to one of those ports, you do not need to add another entry.Adding Terminal Entries to
/etc/ttysSuppose we would like to connect two terminals to the
system: a Wyse-50 and an old 286 IBM PC running
Procomm terminal software
emulating a VT-100 terminal. We connect the Wyse to the
second serial port and the 286 to the sixth serial port (a
port on a multiport serial card). The corresponding
entries in the /etc/ttys file would
look like this:ttyd1 "/usr/libexec/getty std.38400" wy50 on insecure
ttyd5 "/usr/libexec/getty std.19200" vt100 on insecure
The first field normally specifies the name of
the terminal special file as it is found in
/dev.The second field is the command to execute for
this line, which is usually &man.getty.8;.
getty initializes and opens the
line, sets the speed, prompts for a user name and then
executes the &man.login.1; program.The getty program accepts one
(optional) parameter on its command line, the
getty type. A
getty type configures
characteristics on the terminal line, like bps rate
and parity. The getty program reads
these characteristics from the file
/etc/gettytab.The file /etc/gettytab
contains lots of entries for terminal lines both old
and new. In almost all cases, the entries that start
with the text std will work for
hardwired terminals. These entries ignore parity.
There is a std entry for each bps
rate from 110 to 115200. Of course, you can add your
own entries to this file. The &man.gettytab.5; manual
page provides more information.When setting the getty
type in the /etc/ttys file, make
sure that the communications settings on the terminal
match.For our example, the Wyse-50 uses no parity and
connects at 38400 bps. The 286 PC uses no parity and
connects at 19200 bps.The third field is the type of terminal usually
connected to that tty line. For dial-up ports,
unknown or
dialup is typically used in this
field since users may dial up with practically any
type of terminal or software. For hardwired
terminals, the terminal type does not change, so you
can put a real terminal type from the &man.termcap.5;
database file in this field.For our example, the Wyse-50 uses the real
terminal type while the 286 PC running
Procomm will be set to
emulate at VT-100. The fourth field specifies if the port should be
enabled. Putting on here will have
the init process start the program
in the second field, getty. If you
put off in this field, there will
be no getty, and hence no logins on
the port.The final field is used to specify whether the
port is secure. Marking a port as secure means that
you trust it enough to allow the
root account (or any account with
a user ID of 0) to login from that port. Insecure
ports do not allow root logins.
On an insecure port, users must login from
unprivileged accounts and then use &man.su.1; or a
similar mechanism to gain superuser privileges.It is highly recommended that you use
insecure
even for terminals that are behind locked doors. It
is quite easy to login and use su
if you need superuser privileges.Force init to Reread
/etc/ttysAfter making the necessary changes to the
/etc/ttys file you should send a SIGHUP
(hangup) signal to the init process to
force it to re-read its configuration file. For example:&prompt.root; kill -HUP 1init is always the first process run
on a system, therefore it will always have PID 1.If everything is set up correctly, all cables are in
place, and the terminals are powered up, then a
getty process should be running on each
terminal and you should see login prompts on your terminals
at this point.Troubleshooting Your ConnectionEven with the most meticulous attention to detail, something could
still go wrong while setting up a terminal. Here is a list of
symptoms and some suggested fixes.No Login Prompt AppearsMake sure the terminal is plugged in and powered up. If it
is a personal computer acting as a terminal, make sure it is
running terminal emulation software on the correct serial
port.Make sure the cable is connected firmly to both the terminal
and the FreeBSD computer. Make sure it is the right kind of
cable.Make sure the terminal and FreeBSD agree on the bps rate and
parity settings. If you have a video display terminal, make
sure the contrast and brightness controls are turned up. If it
is a printing terminal, make sure paper and ink are in good
supply.Make sure that a getty process is running
and serving the terminal. For example, to get a list of
running getty processes with
ps, type:&prompt.root; ps -axww|grep gettyYou should see an entry for the terminal. For
example, the following display shows that a
getty is running on the second serial
port ttyd1 and is using the
std.38400 entry in
/etc/gettytab:22189 d1 Is+ 0:00.03 /usr/libexec/getty std.38400 ttyd1If no getty process is running, make sure
you have enabled the port in /etc/ttys.
Also remember to run kill -HUP 1
after modifying the ttys file.If the getty process is running
but the terminal still does not display a login prompt,
or if it displays a prompt but will not allow you to
type, your terminal or cable may not support hardware
handshaking. Try changing the entry in
/etc/ttys from
std.38400 to
3wire.38400 remember to run
kill -HUP 1 after modifying
/etc/ttys). The
3wire entry is similar to
std, but ignores hardware
handshaking. You may need to reduce the baud rate or
enable software flow control when using
3wire to prevent buffer
overflows.If Garbage Appears Instead of a Login PromptMake sure the terminal and FreeBSD agree on the bps rate and
parity settings. Check the getty processes
to make sure the
correct getty type is in use. If
not, edit /etc/ttys and run kill
-HUP 1.Characters Appear Doubled; the Password Appears When TypedSwitch the terminal (or the terminal emulation software)
from half duplex or local echo to
full duplex.GuyHelmerContributed by SeanKellyAdditions by Dial-in Servicedial-in serviceConfiguring your FreeBSD system for dial-in service is very
similar to connecting terminals except that you are dealing with
modems instead of terminals.External vs. Internal ModemsExternal modems seem to be more convenient for dial-up, because
external modems often can be semi-permanently configured via
parameters stored in non-volatile RAM and they usually provide
lighted indicators that display the state of important RS-232
signals. Blinking lights impress visitors, but lights are also very
useful to see whether a modem is operating properly.Internal modems usually lack non-volatile RAM, so their
configuration may be limited only to setting DIP switches. If your
internal modem has any signal indicator lights, it is probably
difficult to view the lights when the system's cover is in
place.Modems and CablesmodemIf you are using an external modem, then you will of
course need the proper cable. A standard RS-232C serial
cable should suffice as long as all of the normal signals
are wired:Transmitted Data (SD)Received Data (RD)Request to Send (RTS)Clear to Send (CTS)Data Set Ready (DSR)Data Terminal Ready (DTR)Carrier Detect (CD)Signal Ground (SG)FreeBSD needs the RTS and
CTS signals for flow-control at speeds above
2400 bps, the CD signal to detect when a call has
been answered or the line has been hung up, and the
DTR signal to reset the modem after a session is
complete. Some cables are wired without all of the needed signals,
so if you have problems, such as a login session not going away when
the line hangs up, you may have a problem with your cable.
- Like other Unix-like operating systems, FreeBSD uses the
+ Like other &unix; like operating systems, FreeBSD uses the
hardware signals to find out when a call has been answered
or a line has been hung up and to hangup and reset the modem
after a call. FreeBSD avoids sending commands to the modem
or watching for status reports from the modem. If you are
familiar with connecting modems to PC-based bulletin board
systems, this may seem awkward.Serial Interface ConsiderationsFreeBSD supports NS8250-, NS16450-, NS16550-, and NS16550A-based
EIA RS-232C (CCITT V.24) communications interfaces. The 8250 and
16450 devices have single-character buffers. The 16550 device
provides a 16-character buffer, which allows for better system
performance. (Bugs in plain 16550's prevent the use of the
16-character buffer, so use 16550A's if possible). Because
single-character-buffer devices require more work by the operating
system than the 16-character-buffer devices, 16550A-based serial
interface cards are much preferred. If the system has many active
serial ports or will have a heavy load, 16550A-based cards are
better for low-error-rate communications.Quick OverviewgettyAs with terminals, init spawns a
getty process for each configured serial
port for dial-in connections. For example, if a modem is
attached to /dev/ttyd0, the command
ps ax might show this: 4850 ?? I 0:00.09 /usr/libexec/getty V19200 ttyd0When a user dials the modem's line and the modems connect, the
CD (Carrier Detect) line is reported by the modem.
The kernel
notices that carrier has been detected and completes
getty's open of the port. getty
sends a login: prompt at the specified initial line
speed. getty watches to see if legitimate
characters are received, and, in a typical configuration, if it finds
junk (probably due to the modem's connection speed being different
than getty's speed), getty tries
adjusting the line speeds until it receives reasonable
characters./usr/bin/loginAfter the user enters his/her login name,
getty executes
/usr/bin/login, which completes the login
by asking for the user's password and then starting the user's
shell.Configuration FilesThere are three system configuration files in the
/etc directory that you will probably need to
edit to allow dial-up access to your FreeBSD system. The first,
/etc/gettytab, contains configuration information
for the /usr/libexec/getty daemon. Second,
/etc/ttys holds information that tells
/sbin/init what tty devices
should have getty processes running on them.
Lastly, you can place port initialization commands in the
/etc/rc.serial script.
- There are two schools of thought regarding dial-up modems on Unix.
+ There are two schools of thought regarding dial-up modems on &unix;.
One group likes to configure their modems and systems so that no matter
at what speed a remote user dials in, the local computer-to-modem
RS-232 interface runs at a locked speed. The benefit of this
configuration is that the remote user always sees a system login
prompt immediately. The downside is that the system does not know
what a user's true data rate is, so full-screen programs like Emacs
will not adjust their screen-painting methods to make their response
better for slower connections.The other school configures their modems' RS-232 interface to vary
its speed based on the remote user's connection speed. For example,
V.32bis (14.4 Kbps) connections to the modem might make the modem run
its RS-232 interface at 19.2 Kbps, while 2400 bps connections make the
modem's RS-232 interface run at 2400 bps. Because
getty does not understand any particular modem's
connection speed reporting, getty gives a
login: message at an initial speed and watches the
characters that come back in response. If the user sees junk, it is
assumed that they know they should press the
Enter key until they see a recognizable
prompt. If the data rates do not match, getty sees
anything the user types as junk, tries going to the next
speed and gives the login: prompt again. This
procedure can continue ad nauseam, but normally only takes a keystroke
or two before the user sees a good prompt. Obviously, this login
sequence does not look as clean as the former
locked-speed method, but a user on a low-speed
connection should receive better interactive response from full-screen
programs.This section will try to give balanced configuration information,
but is biased towards having the modem's data rate follow the
connection rate./etc/gettytab/etc/gettytab/etc/gettytab is a &man.termcap.5;-style
file of configuration information for &man.getty.8;. Please see the
&man.gettytab.5; manual page for complete information on the
format of the file and the list of capabilities.Locked-speed ConfigIf you are locking your modem's data communications rate at a
particular speed, you probably will not need to make any changes
to /etc/gettytab.Matching-speed ConfigYou will need to setup an entry in
/etc/gettytab to give
getty information about the speeds you wish to
use for your modem. If you have a 2400 bps modem, you can
probably use the existing D2400 entry.#
# Fast dialup terminals, 2400/1200/300 rotary (can start either way)
#
D2400|d2400|Fast-Dial-2400:\
:nx=D1200:tc=2400-baud:
3|D1200|Fast-Dial-1200:\
:nx=D300:tc=1200-baud:
5|D300|Fast-Dial-300:\
:nx=D2400:tc=300-baud:If you have a higher speed modem, you will probably need to
add an entry in /etc/gettytab; here is an
entry you could use for a 14.4 Kbps modem with a top interface
speed of 19.2 Kbps:#
# Additions for a V.32bis Modem
#
um|V300|High Speed Modem at 300,8-bit:\
:nx=V19200:tc=std.300:
un|V1200|High Speed Modem at 1200,8-bit:\
:nx=V300:tc=std.1200:
uo|V2400|High Speed Modem at 2400,8-bit:\
:nx=V1200:tc=std.2400:
up|V9600|High Speed Modem at 9600,8-bit:\
:nx=V2400:tc=std.9600:
uq|V19200|High Speed Modem at 19200,8-bit:\
:nx=V9600:tc=std.19200:This will result in 8-bit, no parity connections.The example above starts the communications rate at 19.2 Kbps
(for a V.32bis connection), then cycles through 9600 bps (for
V.32), 2400 bps, 1200 bps, 300 bps, and back to 19.2 Kbps.
Communications rate cycling is implemented with the
nx= (next table) capability.
Each of the lines uses a tc= (table
continuation) entry to pick up the rest of the
standard settings for a particular data rate.If you have a 28.8 Kbps modem and/or you want to take
advantage of compression on a 14.4 Kbps modem, you need to use a
higher communications rate than 19.2 Kbps. Here is an example of
a gettytab entry starting a 57.6 Kbps:#
# Additions for a V.32bis or V.34 Modem
# Starting at 57.6 Kbps
#
vm|VH300|Very High Speed Modem at 300,8-bit:\
:nx=VH57600:tc=std.300:
vn|VH1200|Very High Speed Modem at 1200,8-bit:\
:nx=VH300:tc=std.1200:
vo|VH2400|Very High Speed Modem at 2400,8-bit:\
:nx=VH1200:tc=std.2400:
vp|VH9600|Very High Speed Modem at 9600,8-bit:\
:nx=VH2400:tc=std.9600:
vq|VH57600|Very High Speed Modem at 57600,8-bit:\
:nx=VH9600:tc=std.57600:If you have a slow CPU or a heavily loaded system and do
not have 16550A-based serial ports, you may receive
siosilo errors at 57.6 Kbps./etc/ttys/etc/ttysConfiguration of the /etc/ttys file
was covered in .
Configuration for modems is similar but we must pass a
different argument to getty and specify a
different terminal type. The general format for both
locked-speed and matching-speed configurations is:ttyd0 "/usr/libexec/getty xxx" dialup onThe first item in the above line is the device special file for
this entry — ttyd0 means
/dev/ttyd0 is the file that this
getty will be watching. The second item,
"/usr/libexec/getty
xxx"
(xxx will be replaced by the initial
gettytab capability) is the process
init will run on the device. The third item,
dialup, is the default terminal type. The fourth
parameter, on, indicates to
init that the line is operational. There can be
a fifth parameter, secure, but it should only be
used for terminals which are physically secure (such as the system
console).The default terminal type (dialup in the
example above) may depend on local preferences.
dialup is the traditional default terminal type
on dial-up lines so that users may customize their login scripts to
notice when the terminal is dialup and
automatically adjust their terminal type. However, the author finds
it easier at his site to specify vt102 as the
default terminal type, since the users just use VT102 emulation on
their remote systems.After you have made changes to /etc/ttys,
you may send the init process a
HUP signal to re-read the file. You can use the
command
&prompt.root; kill -HUP 1
to send the signal. If this is your first time setting up the
system, you may want to wait until your modem(s) are properly
configured and connected before signaling init.
Locked-speed ConfigFor a locked-speed configuration, your
ttys entry needs to have a fixed-speed entry
provided to getty. For a modem whose port
speed is locked at 19.2 Kbps, the ttys entry
might look like this:ttyd0 "/usr/libexec/getty std.19200" dialup onIf your modem is locked at a different data rate,
substitute the appropriate value for
std.speed
instead of std.19200. Make sure that
you use a valid type listed in
/etc/gettytab.Matching-speed ConfigIn a matching-speed configuration, your
ttys entry needs to reference the appropriate
beginning auto-baud (sic) entry in
/etc/gettytab. For example, if you added the
above suggested entry for a matching-speed modem that starts at
19.2 Kbps (the gettytab entry containing the
V19200 starting point), your
ttys entry might look like this:ttyd0 "/usr/libexec/getty V19200" dialup on/etc/rc.serialrc filesrc.serialHigh-speed modems, like V.32, V.32bis, and V.34 modems,
need to use hardware (RTS/CTS) flow
control. You can add stty commands to
/etc/rc.serial to set the hardware flow
control flag in the FreeBSD kernel for the modem
ports.For example to set the termios flag
crtscts on serial port #1's
(COM2) dial-in and dial-out initialization
devices, the following lines could be added to
/etc/rc.serial:# Serial port initial configuration
stty -f /dev/ttyid1 crtscts
stty -f /dev/cuai01 crtsctsModem SettingsIf you have a modem whose parameters may be permanently set in
non-volatile RAM, you will need to use a terminal program (such as
- Telix under MS-DOS or tip under FreeBSD) to set the
+ Telix under &ms-dos; or tip under FreeBSD) to set the
parameters. Connect to the modem using the same communications speed
as the initial speed getty will use and configure
the modem's non-volatile RAM to match these requirements:CD asserted when connectedDTR asserted for operation; dropping DTR
hangs up line and resets modemCTS transmitted data flow controlDisable XON/XOFF flow controlRTS received data flow controlQuiet mode (no result codes)No command echoPlease read the documentation for your modem to find out what
commands and/or DIP switch settings you need to give it.
- For example, to set the above parameters on a USRobotics
- Sportster 14,400 external modem, one could give these commands to
+ For example, to set the above parameters on a &usrobotics;
+ &sportster; 14,400 external modem, one could give these commands to
the modem:ATZ
AT&C1&D2&H1&I0&R2&WYou might also want to take this opportunity to adjust other
settings in the modem, such as whether it will use V.42bis and/or MNP5
compression.
- The USR Sportster 14,400 external modem also has some DIP switches
+ The &usrobotics; &sportster; 14,400 external modem also has some DIP switches
that need to be set; for other modems, perhaps you can use these
settings as an example:Switch 1: UP — DTR NormalSwitch 2: N/A (Verbal Result Codes/Numeric Result
Codes)Switch 3: UP — Suppress Result CodesSwitch 4: DOWN — No echo, offline commandsSwitch 5: UP — Auto AnswerSwitch 6: UP — Carrier Detect NormalSwitch 7: UP — Load NVRAM DefaultsSwitch 8: N/A (Smart Mode/Dumb Mode)Result codes should be disabled/suppressed for dial-up modems to
avoid problems that can occur if getty mistakenly
gives a login: prompt to a modem that is in command
mode and the modem echoes the command or returns a result
code. This sequence can result in a extended, silly conversation
between getty and the modem.Locked-speed ConfigFor a locked-speed configuration, you will need to configure the
modem to maintain a constant modem-to-computer data rate independent
- of the communications rate. On a USR Sportster 14,400 external
+ of the communications rate. On a &usrobotics; &sportster; 14,400 external
modem, these commands will lock the modem-to-computer data rate at
the speed used to issue the commands:ATZ
AT&B1&WMatching-speed ConfigFor a variable-speed configuration, you will need to configure
your modem to adjust its serial port data rate to match the incoming
- call rate. On a USR Sportster 14,400 external modem, these commands
+ call rate. On a &usrobotics; &sportster; 14,400 external modem, these commands
will lock the modem's error-corrected data rate to the speed used to
issue the commands, but allow the serial port rate to vary for
non-error-corrected connections:ATZ
AT&B2&WChecking the Modem's ConfigurationMost high-speed modems provide commands to view the modem's
current operating parameters in a somewhat human-readable fashion.
- On the USR Sportster 14,400 external modems, the command
+ On the &usrobotics; &sportster; 14,400 external modems, the command
ATI5 displays the settings that are stored in the
non-volatile RAM. To see the true operating parameters of the modem
- (as influenced by the USR's DIP switch settings), use the commands
+ (as influenced by the modem's DIP switch settings), use the commands
ATZ and then ATI4.If you have a different brand of modem, check your modem's
manual to see how to double-check your modem's configuration
parameters.TroubleshootingHere are a few steps you can follow to check out the dial-up modem
on your system.Checking Out the FreeBSD SystemHook up your modem to your FreeBSD system, boot the system, and,
if your modem has status indication lights, watch to see whether the
modem's DTR indicator lights when the
login: prompt appears on the system's console
— if it lights up, that should mean that FreeBSD has started a
getty process on the appropriate communications
port and is waiting for the modem to accept a call.If the DTR indicator does not light, login to
the FreeBSD system through the console and issue a ps
ax to see if FreeBSD is trying to run a
getty process on the correct port. You should see
lines like these among the processes displayed: 114 ?? I 0:00.10 /usr/libexec/getty V19200 ttyd0
115 ?? I 0:00.10 /usr/libexec/getty V19200 ttyd1If you see something different, like this: 114 d0 I 0:00.10 /usr/libexec/getty V19200 ttyd0and the modem has not accepted a call yet, this means that
getty has completed its open on the
communications port. This could indicate a problem with the cabling
or a mis-configured modem, because getty should
not be able to open the communications port until
CD (carrier detect) has been asserted by the
modem.If you do not see any getty processes waiting
to open the desired
ttydN port,
double-check your entries in /etc/ttys to see
if there are any mistakes there. Also, check the log file
/var/log/messages to see if there are any log
messages from init or getty
regarding any problems. If there are any messages, triple-check the
configuration files /etc/ttys and
/etc/gettytab, as well as the appropriate
device special files /dev/ttydN, for any
mistakes, missing entries, or missing device special files.Try Dialing InTry dialing into the system; be sure to use 8 bits, no parity,
and 1
stop bit on the remote system. If you do not get a prompt right
away, or get garbage, try pressing Enter
about once per second. If you still do not see a
login: prompt after a while, try sending a
BREAK. If you are using a high-speed modem to do
the dialing, try dialing again after locking the dialing modem's
- interface speed (via AT&B1 on a USR
- Sportster, for example).
+ interface speed (via AT&B1 on a &usrobotics;
+ &sportster; modem, for example).
If you still cannot get a login: prompt, check
/etc/gettytab again and double-check
thatThe initial capability name specified in
/etc/ttys for the line matches a name of a
capability in /etc/gettytabEach nx= entry matches another
gettytab capability nameEach tc= entry matches another
gettytab capability nameIf you dial but the modem on the FreeBSD system will not answer,
make sure that the modem is configured to answer the phone when
DTR is asserted. If the modem seems to be
configured correctly, verify that the DTR line is
asserted by checking the modem's indicator lights (if it has
any).If you have gone over everything several times and it still does
not work, take a break and come back to it later. If it still does
not work, perhaps you can send an electronic mail message to the
&a.questions; describing your modem and your problem, and the good
folks on the list will try to help.Dial-out Servicedial-out serviceThe following are tips for getting your host to be able to connect
over the modem to another computer. This is appropriate for
establishing a terminal session with a remote host.This is useful to log onto a BBS.This kind of connection can be extremely helpful to get a file on
the Internet if you have problems with PPP. If you need to FTP
something and PPP is broken, use the terminal session to FTP it. Then
use zmodem to transfer it to your machine.My Stock Hayes Modem Is Not Supported, What Can I Do?Actually, the manual page for tip is out of date.
There is a generic Hayes dialer already built in. Just use
at=hayes in your /etc/remote
file.The Hayes driver is not smart enough to recognize some of the
advanced features of newer modems—messages like
BUSY, NO DIALTONE, or
CONNECT 115200 will just confuse it. You should
turn those messages off when you use tip (using
ATX0&W).Also, the dial timeout for tip is 60 seconds.
Your modem should use something less, or else tip will think there is
a communication problem. Try ATS7=45&W.As shipped, tip does not yet support
Hayes modems fully. The solution is to edit the file
tipconf.h in the directory
/usr/src/usr.bin/tip/tip. Obviously you need the
source distribution to do this.Edit the line #define HAYES 0 to
#define HAYES 1. Then make and
make install. Everything works nicely after
that.How Am I Expected to Enter These AT Commands?/etc/remoteMake what is called a direct entry in your
/etc/remote file. For example, if your modem is
hooked up to the first serial port, /dev/cuaa0,
then put in the following line:cuaa0:dv=/dev/cuaa0:br#19200:pa=noneUse the highest bps rate your modem supports in the br capability.
Then, type tip cuaa0 and you will be connected to
your modem.If there is no /dev/cuaa0 on your system, do
this:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV cuaa0Or use cu as root with the
following command:&prompt.root; cu -lline -sspeedline is the serial port
(e.g./dev/cuaa0) and
speed is the speed
(e.g.57600). When you are done entering the AT
commands hit ~. to exit.The @ Sign for the pn Capability Does Not
Work!The @ sign in the phone number capability tells
tip to look in /etc/phones for a phone number.
But the @ sign is also a special character in
capability files like /etc/remote. Escape it
with a backslash:pn=\@How Can I Dial a Phone Number on the Command Line?Put what is called a generic entry in your
/etc/remote file. For example:tip115200|Dial any phone number at 115200 bps:\
:dv=/dev/cuaa0:br#115200:at=hayes:pa=none:du:
tip57600|Dial any phone number at 57600 bps:\
:dv=/dev/cuaa0:br#57600:at=hayes:pa=none:du:Then you can do things like:&prompt.root; tip -115200 5551234If you prefer cu over tip,
use a generic cu entry:cu115200|Use cu to dial any number at 115200bps:\
:dv=/dev/cuaa1:br#57600:at=hayes:pa=none:du:and type:&prompt.root; cu 5551234 -s 115200Do I Have to Type in the bps Rate Every Time I Do That?Put in an entry for tip1200 or
cu1200, but go ahead and use whatever bps rate is
appropriate with the br capability. tip thinks a
good default is 1200 bps which is why it looks for a
tip1200 entry. You do not have to use 1200 bps,
though.I Access a Number of Hosts Through a Terminal ServerRather than waiting until you are connected and typing
CONNECT <host> each time, use tip's
cm capability. For example, these entries in
/etc/remote:pain|pain.deep13.com|Forrester's machine:\
:cm=CONNECT pain\n:tc=deep13:
muffin|muffin.deep13.com|Frank's machine:\
:cm=CONNECT muffin\n:tc=deep13:
deep13:Gizmonics Institute terminal server:\
:dv=/dev/cuaa2:br#38400:at=hayes:du:pa=none:pn=5551234:will let you type tip pain or tip
muffin to connect to the hosts pain or muffin, and
tip deep13 to get to the terminal server.Can Tip Try More Than One Line for Each Site?This is often a problem where a university has several modem lines
and several thousand students trying to use them.Make an entry for your university in
/etc/remote and use @ for the
pn capability:big-university:\
:pn=\@:tc=dialout
dialout:\
:dv=/dev/cuaa3:br#9600:at=courier:du:pa=none:Then, list the phone numbers for the university in
/etc/phones:big-university 5551111
big-university 5551112
big-university 5551113
big-university 5551114tip will try each one in the listed order, then
give up. If you want to keep retrying, run tip in
a while loop.Why Do I Have to Hit
CtrlP
Twice to Send
CtrlP
Once?CtrlP is the default force character, used to tell
tip that the next character is literal data. You
can set the force character to any other character with the
~s escape, which means set a
variable.Type
~sforce=single-char
followed by a newline. single-char is any
single character. If you leave out
single-char, then the force character is
the nul character, which you can get by typing
Ctrl2
or
CtrlSpace.
A pretty good value for single-char is
ShiftCtrl6, which is only used on some terminal
servers.You can have the force character be whatever you want by
specifying the following in your $HOME/.tiprc
file:force=<single-char>Suddenly Everything I Type Is in Upper Case??You must have pressed
CtrlA, tip's
raise character, specially designed for people with
broken caps-lock keys. Use ~s as above and set the
variable raisechar to something reasonable. In
fact, you can set it to the same as the force character, if you never
expect to use either of these features.Here is a sample .tiprc file perfect for
Emacs users who need to type
Ctrl2
and
CtrlA
a lot:force=^^
raisechar=^^The ^^ is
ShiftCtrl6.How Can I Do File Transfers with tip?
- If you are talking to another Unix system, you can send and
+ If you are talking to another &unix; system, you can send and
receive files with ~p (put) and
~t (take). These commands run
cat and echo on the remote
system to accept and send files. The syntax is:~plocal-fileremote-file~tremote-filelocal-fileThere is no error checking, so you probably should use another
protocol, like zmodem.How Can I Run zmodem with tip?To receive files, start the sending program on the remote end.
Then, type ~C rz to begin receiving them
locally.To send files, start the receiving program on the remote end.
Then, type ~C sz files
to send them to the remote system.KazutakaYOKOTAContributed by BillPaulBased on a document by Setting Up the Serial Consoleserial consoleIntroductionFreeBSD has the ability to boot on a system with only
a dumb terminal on a serial port as a console. Such a configuration
should be useful for two classes of people: system administrators who
wish to install FreeBSD on machines that have no keyboard or monitor
attached, and developers who want to debug the kernel or device
drivers.As described in , FreeBSD employs a three stage
bootstrap. The first two stages are in the boot block code which is
stored at the beginning of the FreeBSD slice on the boot disk. The
boot block will then load and run the boot loader
(/boot/loader) as the third stage code.In order to set up the serial console you must configure the boot
block code, the boot loader code and the kernel.Serial Console ConfigurationPrepare a serial cable.null-modem cableYou will need either a null-modem cable or a standard serial
cable and a null-modem adapter. See for
a discussion on serial cables.Unplug your keyboard.Most PC systems probe for the keyboard during the Power-On
Self-Test (POST) and will generate an error if the keyboard is not
detected. Some machines complain loudly about the lack of a
keyboard and will not continue to boot until it is plugged
in.If your computer complains about the error, but boots anyway,
then you do not have to do anything special. (Some machines with
Phoenix BIOS installed merely say Keyboard
failed and continue to boot normally.)If your computer refuses to boot without a keyboard attached
then you will have to configure the BIOS so that it ignores this
error (if it can). Consult your motherboard's manual for details
on how to do this.Setting the keyboard to Not installed in the
BIOS setup does not mean that you will not
be able to use your keyboard. All this does is tell the BIOS
not to probe for a keyboard at power-on, so it will not
complain if the keyboard is not plugged in. You can leave the
keyboard plugged in even with this flag set to Not
installed and the keyboard will still work.
- If your system has a PS/2 mouse, chances are very good that
+ If your system has a &ps2; mouse, chances are very good that
you may have to unplug your mouse as well as your keyboard.
- This is because PS/2 mice share some hardware with the keyboard
+ This is because &ps2; mice share some hardware with the keyboard
and leaving the mouse plugged in can fool the keyboard probe
into thinking the keyboard is still there. It is said that a
Gateway 2000 Pentium 90 MHz system with an AMI BIOS that behaves
this way. In general, this is not a problem since the mouse is
not much good without the keyboard anyway.Plug a dumb terminal into COM1
(sio0).If you do not have a dumb terminal, you can use an old PC/XT
- with a modem program, or the serial port on another Unix box. If
+ with a modem program, or the serial port on another &unix; box. If
you do not have a COM1
(sio0), get one. At this time, there is
no way to select a port other than COM1
for the boot blocks without recompiling the boot blocks. If you
are already using COM1 for another
device, you will have to temporarily remove that device and
install a new boot block and kernel once you get FreeBSD up and
running. (It is assumed that COM1 will
be available on a file/compute/terminal server anyway; if you
really need COM1 for something else
(and you cannot switch that something else to
COM2 (sio1)),
then you probably should not even be bothering with all this in
the first place.)Make sure the configuration file of your kernel has
appropriate flags set for COM1
(sio0).Relevant flags are:0x10Enables console support for this unit. The other
console flags are ignored unless this is set. Currently, at
most one unit can have console support; the first one (in
config file order) with this flag set is preferred. This
option alone will not make the serial port the console. Set
the following flag or use the option
described below, together with this flag.0x20Forces this unit to be the console (unless there is
another higher priority console), regardless of the
option discussed below. This flag
replaces the COMCONSOLE option in FreeBSD
versions 2.X. The flag 0x20 must be used
together with the flag.0x40Reserves this unit (in conjunction with
0x10) and makes the unit
unavailable for normal access. You should not set
this flag to the serial port unit which you want to
use as the serial console. The only use of this
flag is to designate the unit for kernel remote
debugging. See The
Developer's Handbook for more information on
remote debugging.In FreeBSD 4.0 or later the semantics of the
flag 0x40 are slightly different and
there is another flag to specify a serial port for remote
debugging.Example:device sio0 at isa? port IO_COM1 flags 0x10 irq 4See the &man.sio.4; manual page for more details.If the flags were not set, you need to run UserConfig (on a
different console) or recompile the kernel.Create boot.config in the root directory
of the a partition on the boot drive.This file will instruct the boot block code how you would like
to boot the system. In order to activate the serial console, you
need one or more of the following options—if you want
multiple options, include them all on the same line:Toggles internal and serial consoles. You can use this
to switch console devices. For instance, if you boot from
the internal (video) console, you can use
to direct the boot loader and the kernel
to use the serial port as its console device. Alternatively,
if you boot from the serial port, you can use the
to tell the boot loader and the kernel
to use the video display as the console instead.Toggles single and dual console configurations. In the
single configuration the console will be either the internal
console (video display) or the serial port, depending on the
state of the option above. In the dual
console configuration, both the video display and the
serial port will become the console at the same time,
regardless of the state of the option.
However, note that the dual console configuration takes effect
only during the boot block is running. Once the boot loader
gets control, the console specified by the
option becomes the only console.Makes the boot block probe the keyboard. If no keyboard
is found, the and
options are automatically set.Due to space constraints in the current version of the
boot blocks, the option is capable of
detecting extended keyboards only. Keyboards with less
than 101 keys (and without F11 and F12 keys) may not be
detected. Keyboards on some laptop computers may not be
properly found because of this limitation. If this is
the case with your system, you have to abandon using
the option. Unfortunately there is no
workaround for this problem.Use either the option to select the
console automatically, or the option to
activate the serial console.You may include other options described in &man.boot.8; as
well.The options, except for , will be passed to
the boot loader (/boot/loader). The boot
loader will determine which of the internal video or the serial
port should become the console by examining the state of the
option alone. This means that if you specify
the option but not the
option in /boot.config, you can use the
serial port as the console only during the boot block; the boot
loader will use the internal video display as the console.Boot the machine.When you start your FreeBSD box, the boot blocks will echo the
contents of /boot.config to the console. For
example:/boot.config: -P
Keyboard: noThe second line appears only if you put in
/boot.config and indicates presence/absence
of the keyboard. These messages go to either serial or internal
console, or both, depending on the option in
/boot.config.OptionsMessage goes tononeinternal consoleserial consoleserial and internal consolesserial and internal consoles, keyboard presentinternal console, keyboard absentserial consoleAfter the above messages, there will be a small pause before
the boot blocks continue loading the boot loader and before any
further messages printed to the console. Under normal
circumstances, you do not need to interrupt the boot blocks, but
you may want to do so in order to make sure things are set up
correctly.Hit any key, other than Enter, at the console to
interrupt the boot process. The boot blocks will then prompt you
for further action. You should now see something like:>> FreeBSD/i386 BOOT
Default: 0:wd(0,a)/boot/loader
boot:Verify the above message appears on either the serial or
internal console or both, according to the options you put in
/boot.config. If the message appears in the
correct console, hit Enter to continue the boot
process.If you want the serial console but you do not see the prompt
on the serial terminal, something is wrong with your settings. In
the meantime, you enter and hit Enter/Return
(if possible) to tell the boot block (and then the boot loader and
the kernel) to choose the serial port for the console. Once the
system is up, go back and check what went wrong.After the boot loader is loaded and you are in the third stage of
the boot process you can still switch between the internal console and
the serial console by setting appropriate environment variables in the
boot loader. See .SummaryHere is the summary of various settings discussed in this section
and the console eventually selected.Case 1: You Set the Flags to 0x10 for
sio0device sio0 at isa? port IO_COM1 flags 0x10 irq 4Options in /boot.configConsole during boot blocksConsole during boot loaderConsole in kernelnothinginternalinternalinternalserialserialserialserial and internalinternalinternalserial and internalserialserial, keyboard presentinternalinternalinternal, keyboard absentserial and internalserialserialCase 2: You Set the Flags to 0x30 for sio0device sio0 at isa? port IO_COM1 flags 0x30 irq 4Options in /boot.configConsole during boot blocksConsole during boot loaderConsole in kernelnothinginternalinternalserialserialserialserialserial and internalinternalserialserial and internalserialserial, keyboard presentinternalinternalserial, keyboard absentserial and internalserialserialTips for the Serial ConsoleSetting a Faster Serial Port SpeedBy default, the serial port settings are: 9600 baud, 8
bits, no parity, and 1 stop bit. If you wish to change the speed, you
need to recompile at least the boot blocks. Add the following line
to /etc/make.conf and compile new boot
blocks:BOOT_COMCONSOLE_SPEED=19200If the serial console is configured in some other way than by
booting with , or if the serial console used by
the kernel is different from the one used by the boot blocks, then
you must also add the following option to the kernel configuration
file and compile a new kernel:options CONSPEED=19200Using Serial Port Other Than sio0 for
the ConsoleUsing a port other than sio0 as the
console requires some recompiling. If you want to use another
serial port for whatever reasons, recompile the boot blocks, the
boot loader and the kernel as follows.Get the kernel source. (See )Edit /etc/make.conf and set
BOOT_COMCONSOLE_PORT to the address of the
port you want to use (0x3F8, 0x2F8, 0x3E8 or 0x2E8). Only
sio0 through
sio3 (COM1
through COM4) can be used; multiport
serial cards will not work. No interrupt setting is
needed.Create a custom kernel configuration file and add
appropriate flags for the serial port you want to use. For
example, if you want to make sio1
(COM2) the console:device sio1 at isa? port IO_COM2 flags 0x10 irq 3ordevice sio1 at isa? port IO_COM2 flags 0x30 irq 3The console flags for the other serial ports should not be
set.Recompile and install the boot blocks and the boot loader:&prompt.root; cd /sys/boot
&prompt.root; make
&prompt.root; make installRebuild and install the kernel.Write the boot blocks to the boot disk with
&man.disklabel.8; and boot from the new kernel.Entering the DDB Debugger from the Serial LineIf you wish to drop into the kernel debugger from the serial
console (useful for remote diagnostics, but also dangerous if you
generate a spurious BREAK on the serial port!) then you should
compile your kernel with the following options:options BREAK_TO_DEBUGGER
options DDBGetting a Login Prompt on the Serial ConsoleWhile this is not required, you may wish to get a
login prompt over the serial line, now that you
can see boot messages and can enter the kernel debugging session
through the serial console. Here is how to do it.Open the file /etc/ttys with an editor
and locate the lines:ttyd0 "/usr/libexec/getty std.9600" unknown off secure
ttyd1 "/usr/libexec/getty std.9600" unknown off secure
ttyd2 "/usr/libexec/getty std.9600" unknown off secure
ttyd3 "/usr/libexec/getty std.9600" unknown off securettyd0 through ttyd3
corresponds to COM1 through
COM4. Change off to
on for the desired port. If you have changed the
speed of the serial port, you need to change
std.9600 to match the current setting, e.g.
std.19200.You may also want to change the terminal type from
unknown to the actual type of your serial
terminal.After editing the file, you must kill -HUP 1
to make this change take effect.Changing Console from the Boot LoaderPrevious sections described how to set up the serial console by
tweaking the boot block. This section shows that you can specify the
console by entering some commands and environment variables in the
boot loader. As the boot loader is invoked at the third stage of the
boot process, after the boot block, the settings in the boot loader
will override the settings in the boot block.Setting Up the Serial ConsoleYou can easily specify the boot loader and the kernel to use the
serial console by writing just one line in
/boot/loader.rc:set console=comconsoleThis will take effect regardless of the settings in the boot
block discussed in the previous section.You had better put the above line as the first line of
/boot/loader.rc so as to see boot messages on
the serial console as early as possible.Likewise, you can specify the internal console as:set console=vidconsoleIf you do not set the boot loader environment variable
console, the boot loader, and subsequently the
kernel, will use whichever console indicated by the
option in the boot block.In versions 3.2 or later, you may specify the console in
/boot/loader.conf.local or
/boot/loader.conf, rather than in
/boot/loader.rc. In this method your
/boot/loader.rc should look like:include /boot/loader.4th
startThen, create /boot/loader.conf.local and
put the following line there.console=comconsoleorconsole=vidconsoleSee &man.loader.conf.5; for more information.At the moment, the boot loader has no option equivalent to the
option in the boot block, and there is no
provision to automatically select the internal console and the
serial console based on the presence of the keyboard.Using a Serial Port Other Than sio0 for
the ConsoleYou need to recompile the boot loader to use a serial port other
than sio0 for the serial console. Follow the
procedure described in .CaveatsThe idea here is to allow people to set up dedicated servers that
require no graphics hardware or attached keyboards. Unfortunately,
while most systems will let you boot without a keyboard, there
are quite a few that will not let you boot without a graphics adapter.
Machines with AMI BIOSes can be configured to boot with no graphics
adapter installed simply by changing the graphics adapter setting in
the CMOS configuration to Not installed.However, many machines do not support this option and will refuse
to boot if you have no display hardware in the system. With these
machines, you will have to leave some kind of graphics card plugged in,
(even if it is just a junky mono board) although you will not have to
attach a monitor. You might also try installing an AMI
BIOS.
diff --git a/share/sgml/trademarks.ent b/share/sgml/trademarks.ent
index af8b4c7ea9..f296b7f02a 100644
--- a/share/sgml/trademarks.ent
+++ b/share/sgml/trademarks.ent
@@ -1,244 +1,295 @@
3Com and HomeConnect are registered
trademarks of 3Com Corporation.">
-3Com">
+3Com">
3ware and Escalade are registered
trademarks of 3ware Inc.">
3ware">
Escalade">
Adobe, Acrobat, Acrobat Reader, and
PostScript are either registered trademarks or trademarks of Adobe
Systems Incorporated in the United States and/or other
countries.">
Acrobat">
Acrobat Reader">
PostScript">
Adaptec is registered trademark of
Adaptec, Inc.">
Adaptec">
+
+AMD, Am486, Am5X86, AMD Athlon, AMD
+ Duron, AMD Opteron AMD, AMD-K6, Élan, and PCnet are
+ trademarks of Advanced Micro Devices, Inc.">
+Am486">
+Am5x86">
+Élan">
+AMD-K6">
+AMD Athlon">
+AMD Duron">
+AMD Operon">
+
Apple, FireWire, Mac, Macintosh, Mac OS,
Quicktime, and TrueType are trademarks of Apple Computer, Inc.,
registered in the United States and other countries.">
FireWire">
Mac">
Macintosh">
Mac OS">
TrueType">
+Quicktime">
+
+
+The Bluetooth word mark is owned
+ by the Bluetooth SIG, Inc.">
+Bluetooth">
Check Point, Firewall-1, and
VPN-1 are trademarks of Check Point Software Technologies
Ltd..">
Corel and WordPerfect are trademarks
or registered trademarks of Corel Corporation and/or its
subsidiaries in Canada, the United States and/or other
countries.">
Sound Blaster is a trademark of
Creative Technology Ltd. in the United States and/or other
countries.">
SoundBlaster">
Dell, Dell Precision, Latitude,
Optiplex, PowerEdge are trademarks or registered trademarks of Dell
Computer Corporation">
FreeBSD is a registered trademark of
Wind River Systems, Inc. This is expected to change soon.">
-IBM, AIX, OS/2, PowerPC, and S/390 are
+IBM, AIX, OS/2, PowerPC, PS/2, and S/390 are
trademarks of International Business Machines Corporation in the
United States, other countries, or both.">
AIX">
OS/2">
PowerPC">
+PS/2">
S/390">
IEEE, POSIX, and 802 are registered
trademarks of Institute of Electrical and Electronics Engineers,
Inc. in the United States.">
POSIX">
Intel, Celeron, EtherExpress, i386,
i486, Itanium, Pentium, and Xeon are trademarks or registered
trademarks of Intel Corporation or its subsidiaries in the United
States and other countries.">
Celeron">
EtherExpress">
i386">
i486">
Intel">
Itanium">
Pentium">
Xeon">
Intuit and Quicken are registered
trademarks and/or registered service marks of Intuit Inc., or one of
its subsidiaries, in the United States and other countries.">
Iomega, Zip, and Jaz are either
registered trademarks or trademarks of Iomega Corporation in the
United States and/or other countries.">
Zip">
Jaz">
Linux is a registered trademarks of
Linus Torvalds in the United States.">
LSI Logic, AcceleRAID, eXtremeRAID,
MegaRAID and Mylex are trademarks or registered trademarks of LSI
Logic Corp.">
MegaRAID">
Mylex">
-Macromedia and Flash are
+Macromedia, Flash, and Shockwave are
trademarks or registered trademarks of Macromedia, Inc. in the
United States and/or other countries.">
+Flash">
+Macromedia">
+Shockwave">
Microsoft, FrontPage, MS-DOS,
Outlook, Windows, Windows Media, and Windows NT are either
registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.">
Microsoft">
MS-DOS">
Outlook">
Windows">
+Windows Media">
Windows NT">
MIPS and R4000 are registered
trademarks of MIPS Technologies, Inc. in the United States and other
countries.">
MIPS">
M-Systems and, DiskOnChip are
trademarks or registered trademarks of M-Systems Flash Disk
Pioneers, Ltd.">
DiskOnChip">
Netscape and the Netscape Navigator
are registered trademarks of Netscape Communications Corporation in
the U.S. and other countries.">
Netscape">
Netscape Navigator">
NetWare, NetWare Loadable Module, and
NLM are either registered trademarks or trademarks of Novell,
Inc. in the United States and other countries.">
+
+Ogg Vorbis and Xiph.Org are trademarks
+ (tm) of Xiph.Org.">
+
Motif, OSF/1, and UNIX are
registered trademarks and IT DialTone and The Open Group are
trademarks of The Open Group in the United States and other
countries.">
UNIX">
Motif">
Oracle is a registered trademark is a
of Oracle Corporation.">
Oracle">
PowerQuest and PartitionMagic are
registered trademarks of PowerQuest Corporation in the United States
and/or other countries.">
PartitionMagic">
RealNetworks, RealPlayer, and
RealAudio are the registered trademarks of RealNetworks,
Inc.">
Red Hat, RPM, are trademarks or
registered trademarks of Red Hat, Inc. in the United States and
other countries.">
SAP, R/3, and mySAP are trademarks or
registered trademarks of SAP AG in Germany and in several other
countries all over the world.">
SAP
R/3">
Silicon Graphics, SGI, and OpenGL are
registered trademarks of Silicon Graphics, Inc., in the United
States and/or other countries worldwide.">
OpenGL">
Sparc, Sparc64, SPARCEngine, and
UltraSPARC are trademarks of SPARC International, Inc in the United
States and other countries. Products bearing SPARC trademarks are
based upon architecture developed by Sun Microsystems, Inc.">
Sparc">
Sparc64">
UltraSPARC">
+SPARCEngine">
-Sun, Sun Microsystems, StarOffice,
- SunOS, Solaris, and Java are trademarks or registered trademarks of
+Sun, Sun Microsystems, Netra, StarOffice,
+ Sun Blade, Sun Enterprise, Sun Fire, SunOS, Solaris, Ultra, and Java are trademarks or registered trademarks of
Sun Microsystems, Inc. in the United States and other
countries.">
Java">
Java Virtual Machine">
JDK">
JVM">
+Netra">
StarOffice">
Solaris">
+Sun Blade">
+Sun Enterprise">
+Sun Fire">
+Ultra">
SunOS">
Symantec and Ghost are registered
trademarks of Symantec Corporation in the United States and other
countries.">
MATLAB is a registered trademark
of The MathWorks, Inc.">
MATLAB">
+SpeedTouch is a trademark of
+ Thomson">
+SpeedTouch">
+
+
+Transmeta and Crusoe are either
+ trademarks or registered trademarks of Transmeta Corporation in the
+ United States and/or other countries.">
+Crusoe">
+Transmeta">
+
+
+
+U.S. Robotics and Sportster are
+ registered trademarks of U.S. Robotics Corporation.">
+Sportster">
+U.S. Robotics">
+
QUALCOMM and Eudora are registered
trademarks of QUALCOMM Incorporated.">
Eudora">
Waterloo Maple and Maple are
trademarks or registered trademarks of Waterloo Maple Inc.">
Mathematica is a registered
trademark of Wolfram Research, Inc.">
Many of the designations used by
manufacturers and sellers to distinguish their products are claimed
as trademarks. Where those designations appear in this document,
and the FreeBSD Project was aware of the trademark claim, the
designations have been followed by the ™ or the
® symbol.">