You are previewing Network Administration with FreeBSD 7.
O'Reilly logo
Network Administration with FreeBSD 7

Book Description

Building, securing, and maintaining networks with the FreeBSD operating system

  • Set up and manage networking on FreeBSD

  • Virtualization with FreeBSD Jails, IPFW and PF

  • Configure interfaces, protocols, and routing

  • In Detail

    This book is a guide to FreeBSD for network administrators; therefore it does not cover basic installation and configuration of FreeBSD, but is about using FreeBSD to build, secure, and maintain networks.

    After introducing the basic tools for monitoring the performance and security of the system the book moves on to cover using jails—FreeBSD virtual environments—to virtually run multiple instances of FreeBSD on the same hardware. Then it shows how to overcome the different bottlenecks that you may meet depending on the services you are running by tweaking different parameters to maintain a high performance from your FreeBSD server. Next it covers using the ifconfig utility to configure interfaces with different layer protocols and about connectivity testing and debugging tools. After covering using User PPP or Kernel PPP for Point-to-Point Protocol network configuration it explains basic IP forwarding in FreeBSD and the use of the built-in routing daemons, routed and route6d, which support RIPv1, RIPv2, RIPng, and RDISC. Next it covers the OpenOSPFD and OpenBGPD daemons that you can install to run OSPF and BGP on your host. Then it covers setup and configuration of IPFW and PF, and finally looks at some important internet services and how to set them up on your FreeBSD server.

    Table of Contents

    1. Network Administration with FreeBSD 7
    2. Credits
    3. About the Author
    4. About the Reviewer
    5. Preface
      1. What This Book Covers
      2. What You Need for This Book
      3. Who is This Book for
      4. Conventions
      5. Reader Feedback
      6. Customer Support
        1. Errata
        2. Questions
    6. 1. System Configuration—Disks
      1. Partition Layout and Sizes
      2. Swap
        1. Adding More Swap Space
        2. Swap Encryption
      3. Softupdates
      4. Snapshots
      5. Quotas
        1. Assigning Quotas
      6. File System Backup
        1. Dump and Restore
        2. The tar, cpio, and pax Utilities
        3. Snapshots
      7. RAID-GEOM Framework
        1. RAID0—Striping
        2. RAID1—Mirroring
        3. Disk Concatenation
      8. Summary
    7. 2. System Configuration—Keeping it Updated
      1. CVSup—Synchronizing the Source Code
        1. Tracking —STABLE
        2. Tracking —CURRENT
      2. Ports Collection
        1. Tracking Ports
        2. Portsnap
      3. Security Advisories
        1. VuXML—Vulnerability Database
        2. CVS Branch Tag
      4. Customizing and Rebuilding Kernel
      5. Rebuilding World
      6. Binary Update
      7. Recovering from a Dead Kernel
      8. Summary
    8. 3. System Configuration—Software Package Management
      1. Ports and Packages
        1. The Legacy Method
        2. Software Directories
        3. Packages
        4. Ports
      2. Package Management Tools
        1. Portupgrade
          1. portinstall
          2. pkg_deinstall
          3. portupgrade
          4. portversion
          5. pkg_which
          6. portsclean
        2. Portmaster
      3. Summary
    9. 4. System Configuration—System Management
      1. Process Management and Control
        1. Processes and Daemons
          1. Getting Information about Running Processes—ps, top, and pgrep
          2. Sending Signals to Running Processes—kill, killall, and pkill
          3. Prioritizing Running Processes—nice and renice
        2. Resource Management and Control
          1. System Resource Monitoring Tools—vmstat, iostat, pstat, and systat
        3. Process Accounting
      2. Summary
    10. 5. System Configuration—Jails
      1. Concept
      2. Introduction
      3. Setting Up a Jail
      4. Configuring the Host System
      5. Starting the Jail
      6. Automatic Startup
      7. Shutting Down Jails
      8. Managing Jails
      9. Jail Security
      10. Jail Limitations
      11. Summary
    11. 6. System Configuration—Tuning Performance
      1. Tweaking Kernel Variables using SYSCTL
      2. Kernel
        1. SMP
      3. Disk
        1. File limits
        2. I/O Performance
        3. RAID
      4. Network
        1. TCP Delayed ACK
        2. RFC 1323 Extensions
        3. TCP Listen Queue Size
        4. TCP Buffer Space
        5. Network Interface Polling
      5. The /etc/make.conf file
        1. CPUTYPE
        2. CFLAGS and COPTFLAGS
      6. The /boot/loader.conf file
      7. Summary
    12. 7. Network Configuration—Basics
      1. Ifconfig Utility
        1. Configuring IP Address
        2. Configuring Layer2 Address
        3. Configuring IPX
        4. Configuring AppleTalk
        5. Configuring Secondary (alias) IP Addresses
        6. Configuring Media Options
        7. Configuring VLANs
        8. Advanced ifconfig Options
          1. Hardware Offloading
          2. Promiscuous Mode
          3. MTU
          4. ARP
          5. Static ARP
          6. Monitor Mode
        9. Configuring Fast EtherChannel
      2. Default Routing
      3. Name Resolution
      4. Network Testing Tools
        1. Ping
        2. Traceroute
        3. Sockstat
        4. netstat
        5. ARP
        6. Tcpdump
      5. Summary
    13. 8. Network Configuration—Tunneling
      1. Generic Routing Encapsulation (GRE) protocol
      2. IPSEC
        1. Operating Modes
          1. Tunnel Mode
      3. Summary
    14. 9. Network Configuration—PPP
      1. Setting up PPP Client
      2. Setting up PPP Server
      3. Setting up PPPoE Client
      4. Setting up PPPoE Server
      5. Summary
    15. 10. Network Configuration—Routing and Bridging
      1. Basic Routing—IP Forwarding
      2. Static Routing
      3. routed and route6d
      4. Running OSPF—OpenOSPFD
      5. Running BGP—OpenBGPD
      6. Bridging
        1. Filtering Bridges
      7. Proxy ARP
      8. Summary
    16. 11. Network Configuration—IPv6
      1. IPv6 Facts
        1. Fact One—Addressing
        2. Fact Two—Address Types
        3. Fact Three—ARP
        4. Fact Four—Interface Configuration
      2. Using IPv6
        1. Configuring Interfaces
      3. Routing IPv6
      4. RIP6
      5. Multicast Routing
      6. Tunneling
        1. GIF Tunneling
      7. Summary
    17. 12. Network Configuration—Firewalls
      1. Packet Filtering with IPFW
        1. Basic Configuration
        2. Ruleset Templates
        3. Customized Rulesets
        4. Logging
        5. Network Address Translation (NAT)
        6. Traffic Shaping
      2. Packet Filtering with PF
        1. PF Configuration Syntax
            1. Macros
            2. Tables
            3. Options
            4. Scrub
            5. Queuing
            6. Translation
            7. Filter Rules
        2. Controlling PF
      3. Network Address Translation using PF and IPFW
      4. Summary
    18. 13. Network Services—Internet Servers
      1. inetd Daemon
        1. tcpd
      2. SSH
        1. Running a Command Remotely
        2. SSH Keys
          1. SSH Authentication Agent
          2. SSH Tunneling or Port Forwarding
      3. NTP
        1. Syncing
        2. NTP Server
      4. DNS
        1. BIND software
        2. Operating Modes
          1. Forwarding/Caching DNS Server
          2. Authoritative
          3. Monitoring
          4. Optimizations
      5. FTP
        1. Anonymous FTP Server
      6. Mail
        1. Sendmail
        2. Postfix
      7. Web
        1. Apache
          1. Virtual Hosts
        2. Alternative HTTP Servers
      8. Proxy
      9. Summary
    19. 14. Network Services—Local Network Services
      1. Dynamic Host Configuration Protocol (DHCP)
        1. dhclient
        2. ISC DHCPD
          1. DHCPD Configuration
      2. Trivial File Transfer Protocol (TFTP)
      3. Network File System (NFS)
        1. Server
        2. Client
        3. NFS Locking
      4. Server Message Block (SMB) or CIFS
        1. SMB Client
        2. SMB Server
          1. Authentication
          2. Samba Web Administration Tool (SWAT)
      5. Simple Network Management Protocol (SNMP)
        1. bsnmpd
        2. NET-SNMP
          1. Client Tools
      6. Printing
        1. lpd—Print Spooler Daemon
        2. Common UNIX Printing System (CUPS)
      7. Network Information System (NIS)
        1. NIS Server
          1. Initializing NIS Server
      8. Summary