Опубликован: 06.08.2012 | Доступ: свободный | Студентов: 1338 / 49 | Оценка: 5.00 / 5.00 | Длительность: 53:41:00
Лекция 30:

FreeBSD configuration File

These are flags for NFS. Some of them have changed from previous releases of FreeBSD. In particular, single_mountd_enable is now called mountd_enable, and portmap has been replaced by rpcbind, so portmap_enable is now called rpcbind_enable, portmap_program is now called rpcbind_program and portmap_flag is now called rpcbind_flags. See page 441. We set the following values in /etc/rc.conf for gw:

nfs_client_enable="YES"  # This host is an NFS client (or NO).
nfs_server_enable="YES"  # This host is an NFS server (or NO).

For andante, we enable only the client (the first line). Next, we see:

keyserv_enable="NO"  # Run the SecureRPC keyserver (or NO).
keyserv_flags=" "    # Flags to keyserv (if enabled).

These entries refer to the Secure RPC key server, which we don't discuss in this book. See the man pages keyserv(8) for more details.

### Network Time Services options: ###
timed_enable="NO"              # Run the time daemon (or NO).
timed_flags=" "                # Flags to timed (if enabled).
ntpdate_enable="NO"            # Run ntpdate to sync time on boot (or NO).
ntpdate_program="/usr/sbin/ntpdate"  # path to ntpdate, if you want a different one.
ntpdate_flags="-b"             # Flags to ntpdate (if enabled).
ntpd_enable="NO"               # Run ntpd Network Time Protocol (or NO).
ntpd_program="/usr/sbin/ntpd"  # path to ntpd, if you want a different one.
ntpd_flags="-p /var/run/ntpd.pid"    #Flags to ntpd (if enabled).

timed, ntpdate and ntpd are three different ways of synchronizing your machine with the current date and time. As we saw on page 155, we'll use ntpd. We add the following line to /etc/rc.conf for each system:

ntpd_enable="YES"  # Run ntpd Network Time Protocol (or NO).

Continuing with /etc/defaults/rc.conf,

#Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
nis_client_enable="NO"     # We're an NIS client (or NO).
nis_client_flags=" "       # Flags to ypbind (if enabled).
nis_ypset_enable="NO"      # Run ypset at boot time (or NO).
nis_ypset_flags=" "        # Flags to ypset (if enabled).
nis_server_enable="NO"     # We're an NIS server (or NO).
nis_server_flags=" "       # Flags to ypserv (if enabled).
nis_ypxfrd_enable="NO"     # Run rpcypxfrd at boot time (or NO).
nis_ypxfrd_flags=" "       # Flags to rpcypxfrd (if enabled).
nis_yppasswdd_enable="NO"  # Run rpcyppasswdd at boot time (or NO).
nis_yppasswdd_flags=" "    # Flags to rpcyppasswdd (if enabled).

More parameters for confi guring NIS. As mentioned above, this book does not deal with NIS.

### Network routing options: ###
defaultrouter="NO"   # Set to default gateway (or NO).
static_routes=" "    # Set to static route list (or leave empty).
gateway_enable="NO"  # Set to YES if this host will be a gateway.

See page 309 for more information on routing. On gw we add the following line to /etc/rc.conf:

defaultrouter="139.130.136.133"  # Set to default gateway (or NO).
gateway_enable="YES"             # Set to YES if this host will be a gateway.

andante gets its routing information from DHCP, so we don't need to do anything here.

router_enable="NO"   # Set to YES to enable a routing daemon.
router="/sbin/routed"          # Name of routing daemon to use if enabled.
router_flags="-q"    # Flags for routing daemon.
mrouted_enable="NO"  # Do multicast routing (see /etc/mrouted.conf).
mrouted_flags=" "    # Flags for multicast routing daemon

These parameters relate to the routing daemons routed and mrouted. In the configurations we considered, you don't need them.

ipxgateway_enable="NO"  # Set to YES to enable IPX routing.
ipxrouted_enable="NO"   # Set to YES to run the IPX routing daemon.
ipxrouted_flags=" "     # Flags for IPX routing daemon.

IPX is a Novell proprietary networking protocol designed to be similar to IP. FreeBSD supplies the daemon IPXrouted (note the capitalization) which handles IPX routing tables. See the man page IPXrouted(8) for further details.

arpproxy_all="NO"         # replaces obsolete kernel option ARP_PROXYALL.
forward_sourceroute="NO"  # do source routing
accept_sourceroute="NO"   # accept source routed packets to us
### ATM interface options: ###
atm_enable="NO"           # Configure ATM interfaces (or NO).
#atm_netif_hea0="atm 1"   # Network interfaces for physical interface.
#atm_sigmgr_hea0="uni31"  # Signalling manager for physical interface.
#atm_prefix_hea0="ILMI"   # NSAP prefix (UNI interfaces only) (or ILMI).
#atm_macaddr_hea0="NO"    # Override physical MAC address (or NO).
#atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00"
#atm_scsparp_atm0="NO"    # Run SCSP/ATMARP on network interface (or NO).
atm_pvcs=" "              # Set to PVC list (or leave empty).
atm_arps=" "              # Set to permanent ARP list (or leave empty).
### ISDN interface options: (see also: /usr/share/examples/isdn) ###
isdn_enable="NO"          # Enable the ISDN subsystem (or NO).
isdn_fsdev="NO"           # Output device for fullscreen mode
isdn_flags="-dn -d0x1f9"  # Flags for isdnd
isdn_ttype="cons25"       # terminal type for fullscreen mode
isdn_screenflags="NO"     # screenflags for ${isdn_fsdev}
isdn_trace="NO"           # Enable the ISDN trace subsystem (or NO).
isdn_traceflags="-f /var/tmp/isdntrace0" #Flags for isdntrac

A few miscellaneous IP options and parameters for ATM and ISDN. This book doesn't discuss any of them.

### Miscellaneous network options: ###
icmp_bmcastecho="NO"  # respond to broadcast ping packets

This parameter relates to the so-called smurf "denial of service" attack: according to the RFCs, a machine should respond to a ping to its broadcast address. But what happens if somebody pings a remote network's broadcast address across the Internet, as fast as he can? Each system on the remote network will reply, completely overloading the outgoing Internet interface. Yes, this is silly, but there are silly people out there. If you leave this parameter as it is, your system will not be vulnerable. See http://www.cert.org/advi-sories/CA-98.01.smurf.html for more details.

Next come a large number of options for IPv6, the new internet protocol standard. This book doesn't deal with IPv6, and they're liable to change, so they're not printed here. Next, we find:

##############################################################
### System console options ###################################
##############################################################
keymap="NO"      # keymap in /usr/share/syscons/keymaps/*
keyrate="NO"     # keyboard rate to: slow, normal, fast
keybell="NO"     # bell to duration.pitch or normal or visual
keychange="NO"   # function keys default values
cursor="NO"      # cursor type {normal|blink|destructive}
scrnmap="NO"     # screen map in /usr/share/syscons/scrnmaps/*
font8x16="NO"    # font 8x16 from /usr/share/syscons/fonts/*
font8x14="NO"    # font 8x14 from /usr/share/syscons/fonts/*
font8x8="NO"     # font 8x8 from /usr/share/syscons/fonts/*
blanktime="300"  # blank time (in seconds) or "NO" to turn it off.
saver="NO"       # screen saver: Uses /boot/kernel/${saver}_saver.ko