The PPP Primer, with a mechanical conversion to DocBook;

nsgmls -c /usr/local/share/sgml/linuxdoc/catalog ppp.sgml | \ instant -t /usr/local/share/sgml/transpec/linuxdoc-docbook.ts > \ ../../books/ppp-primer/book.sgml
author: Nik Clayton <nik@FreeBSD.org> 1999-09-17 23:39:47 +0000
committer: Nik Clayton <nik@FreeBSD.org> 1999-09-17 23:39:47 +0000
commit: b128378902fe80ffce68ba98cb2c36a0db9aeb30 (patch)
tree: 6ff5c0cf312dc026ed9a0641b6984f6ad757bae3 /en_US.ISO_8859-1/books
parent: def191833e2d7b5d170c7d0437052f01093fff7d (diff)
download: doc-b128378902fe80ffce68ba98cb2c36a0db9aeb30.tar.gz
doc-b128378902fe80ffce68ba98cb2c36a0db9aeb30.zip
1 files changed, 2340 insertions, 0 deletions
diff --git a/en_US.ISO_8859-1/books/ppp-primer/book.sgml b/en_US.ISO_8859-1/books/ppp-primer/book.sgml
new file mode 100644
index 0000000000..f824059981
--- /dev/null
+++ b/en_US.ISO_8859-1/books/ppp-primer/book.sgml
@@ -0,0 +1,2340 @@
+<!DOCTYPE BOOK PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
+<book>
+
+<bookinfo>
+<bookbiblio>
+<title>PPP - Pedantic PPP Primer</title>
+
+<authorgroup>
+<author>
+<surname>Maintainer: Steve Sims <emphasis remap=tt><ulink URL="mailto:SimsS@IBM.NET">&lt;SimsS@IBM.NET&gt;</ulink></emphasis></surname>
+</author>
+</authorgroup>
+
+<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/tutorials/ppp/ppp.sgml,v 1.8 1999/09/06 07:22:25 peter Exp $</pubdate>
+
+<abstract><para>This is a step-by-step guide for configuring FreeBSD systems to act as
+a dial-up router/gateway in a Local Area Environment.  All entries may
+be assumed to be relevant to FreeBSD 2.2+, unless otherwise noted.</para></abstract>
+
+</bookbiblio>
+</bookinfo>
+
+<chapter>
+<title>Overview:</title>
+
+<para>The User-Mode PPP dialer in FreeBSD Version 2.2 (also known as:
+<emphasis remap=it>"IIJ-PPP"</emphasis> ) now supports Packet Aliasing for dial up
+connections to the Internet.  This feature, also known as
+"<emphasis remap=it>Masquerading</emphasis>", "<emphasis remap=it>IP Aliasing</emphasis>", or "<emphasis remap=it>Network Address
+Translation</emphasis>", allows a FreeBSD system to act as a dial- on-demand
+router between an Ethernet-based Local Area Network and an Internet
+Service Provider.  Systems on the LAN can use the FreeBSD system to
+forward information between the Internet by means of a single
+dial-connection.</para>
+  
+
+<sect1>
+<title>Purpose of this Guide.</title>
+
+<para>This guide explains how to:
+<itemizedlist>
+
+<listitem>
+<para>Configure the FreeBSD system to support dial-out connections,</para>
+</listitem>
+
+<listitem>
+<para>Share a dial-out connection with other systems in a network,</para>
+</listitem>
+
+<listitem>
+<para>Configure Windows platforms to use the FreeBSD system as a gateway to the Internet.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>While the focus of this guide is to assist in configuring IP Aliasing,
+it also includes specific examples of the configuration steps necessary
+to configure and install each individual component; each section stands
+alone and may be used to assist in the configuration of various aspects
+of FreeBSD internetworking.</para>
+  
+</sect1>
+</chapter>
+
+<chapter>
+<title>Building the Local Area Network</title>
+
+<para> While the ppp program can, and usually is, be configured to provide
+services to <emphasis>only</emphasis> the local FreeBSD box it can also be used to serve as a
+"Gateway" (or "router") between other LAN-connected resources and the Internet or
+other Dial-Up service.</para>
+  
+
+<sect1>
+<title>Typical Network Topology</title>
+
+<para>This guide assumes a typical Local Area Network lashed together as
+follows:
+<literallayout> 
++---------+       ----&gt; Dial-Up Internet Connection
+| FreeBSD |       \       (i.e.: NetCom, AOL, AT&amp;T, EarthLink,
+etc)
+|         |--------
+| "Curly" |
+|         |
++----+----+
+     |
+|----+-------------+-------------+----|  &lt;-- Ethernet Network
+     |             |             |
+     |             |             |
++----+----+   +----+----+   +----+----+
+|         |   |         |   |         |
+|  Win95  |   |   WFW   |   |  WinNT  |
+| "Larry" |   |  "Moe"  |   | "Shemp" |
+|         |   |         |   |         |
++---------+   +---------+   +---------+</literallayout>
+</para>
+  
+</sect1>
+
+<sect1>
+<title>Assumptions about the Local Area Network</title>
+
+<para>Some specific assumptions about this sample network are:</para>
+  
+<para>Three workstations and a Server are connected with Ethernet
+cabling:
+<itemizedlist>
+
+<listitem>
+<para>a FreeBSD Server ("Curly") with an NE-2000 adapter configured as
+'ed0'</para>
+</listitem>
+
+<listitem>
+<para>a Windows-95 workstation ("Larry") with Microsoft's "native"
+32-bit TCP/IP drivers</para>
+</listitem>
+
+<listitem>
+<para>a Windows for Workgroups workstation ("Moe") with Microsoft's
+16-bit TCP/IP extensions</para>
+</listitem>
+
+<listitem>
+<para>a Windows NT workstation ("Shemp") with Microsoft's "native"
+32-bit TCP/IP drivers</para>
+</listitem>
+
+</itemizedlist>
+ </para>
+  
+<para>The IP Addresses on the Ethernet side of this sample LAN have been</para>
+  
+<para>taken from the pool of "reserved" addresses proposed in RFC-1597. 
+IP addresses are assigned as follows:
+<literallayout>Name		IP Address
+"Curly"		192.168.1.1	# The FreeBSD box
+"Larry"		192.168.1.2	# The Win'95 box
+"Moe"		192.168.1.3	# The WfW box
+"Shemp"		192.168.1.4	# The Windows NT box</literallayout>
+</para>
+  
+<para>This guide assumes that the modem on the FreeBSD box is connected 
+to the first serial port ('<filename>/dev/cuaa0</filename>' or '<emphasis remap=tt>COM1:</emphasis>' in
+DOS-terms).</para>
+  
+<para>Finally, we'll also assume that your Internet Service Provider (ISP)
+automatically provides the IP addresses of both your PPP/FreeBSD side
+as well as the ISP's side.  (i.e.: Dynamic IP Addresses on both ends 
+of the link.)  Specific details for configuring the Dial-Out side of 
+PPP will be addressed in Section 2, "Configuring the FreeBSD System".</para>
+  
+</sect1>
+</chapter>
+
+<chapter>
+<title>FreeBSD System Configuration</title>
+
+<para>There are three basic pieces of information that must be known to
+the FreeBSD box before you can proceed with integrating the sample
+Local Area Network:</para>
+  
+<para>
+<itemizedlist>
+
+<listitem>
+<para>The Host Name of the FreeBSD system; in our example it's "Curly",</para>
+</listitem>
+
+<listitem>
+<para>The Network configuration,</para>
+</listitem>
+
+<listitem>
+<para>The <filename>/etc/hosts</filename> file (which lists the names and IP addresses of
+the other systems in your network)</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>If you performed the installation of FreeBSD over a network
+connection some of this information may already be configured into
+your FreeBSD system.</para>
+  
+<para>Even if you believe that the FreeBSD system was properly configured
+when it was installed you should at least verify each of these bits of
+information to prevent trouble in subsequent steps.</para>
+  
+
+<sect1>
+<title>Verifying the FreeBSD Host Name</title>
+
+<para>It's possible that the FreeBSD host name was specified and saved
+when the system was initially installed.  To verify that it was, enter
+the following command at a prompt:</para>
+  
+<para>
+<informalexample>
+<screen># hostname</screen>
+</informalexample>
+</para>
+  
+<para>The name of the host FreeBSD system will be displayed on a single
+line.  If the name looks correct (this is very subjective :-) skip
+ahead to Section 3.2, "Verifying the Ethernet Interface
+Configuration".</para>
+  
+<para>For example, in our sample network, we would see 'curly.my.domain'
+as a result of the `hostname` command if the name had been set
+correctly during, or after, installation.  (At this point, don't worry
+too much about the ".my.domain" part, we'll sort this out later.  The
+important part is the name up to the first dot.)</para>
+  
+<para>If a host name wasn't specified when FreeBSD was installed you'll
+probably see 'myname.my.domain` as a response.  You'll need to edit
+<filename>/etc/rc.conf</filename> to set the name of the machine.</para>
+  
+
+<sect2>
+<title>Configuring the FreeBSD Host Name</title>
+
+<para><emphasis><emphasis remap=bf>Reminder: You must be logged in as 'root' to edit the
+system configuration files!</emphasis></emphasis></para>
+  
+<para><emphasis><emphasis remap=bf>CAUTION: If you mangle the system configuration files,
+chances are your system WILL NOT BOOT correctly!  Be careful!</emphasis></emphasis></para>
+  
+<para>The configuration file that specifies the FreeBSD system's host
+name when the system boots is in <filename>/etc/rc.conf</filename>.  Use the
+default text editor ('<emphasis remap=tt>ee</emphasis>') to edit this file.</para>
+  
+<para>Logged in as user 'root' load <filename>/etc/rc.conf</filename> into the
+editor with the following command:
+<informalexample>
+<screen># ee /etc/rc.conf</screen>
+</informalexample>
+</para>
+  
+<para>Using the arrow keys, scroll down until you find the line that 
+specifies the host name of the FreeBSD system.  By default, this 
+section says:
+<informalexample>
+<screen>---
+### Basic network options: ###
+hostname="myname.my.domain"	# Set this!
+---</screen>
+</informalexample>
+
+Change this section to say (in our example):
+<informalexample>
+<screen>---
+### Basic network options: ###
+hostname="curly.my.domain"	# Set this!
+---</screen>
+</informalexample>
+</para>
+  
+<para>Once the change to the host name has been made, press the 'Esc' key to
+access the command menu.  Select "leave editor" and make sure to
+specify "save changes" when prompted.</para>
+  
+</sect2>
+</sect1>
+
+<sect1>
+<title>Verifying the Ethernet Interface Configuration</title>
+
+<para>To reiterate our basic assumption, this guide assumes that the
+Ethernet Interface in the FreeBSD system is named '<emphasis remap=tt>ed0</emphasis>'.  This is
+the default for NE-1000, NE-2000, WD/SMC models 8003, 8013 and Elite
+Ultra (8216) network adapters.</para>
+  
+<para>Other models of network adapters may have different device names in
+FreeBSD.  Check the FAQ for specifics about your network adapter.  If
+you're not sure of the device name of your adapter, check the FreeBSD
+FAQ to determine the device name for the card you have and substitute
+that name (i.e.: '<emphasis remap=tt>de0</emphasis>', '<emphasis remap=tt>zp0</emphasis>', or similar) in the following
+steps.</para>
+  
+<para>As was the case with the host name, the configuration for the
+FreeBSD system's Ethernet Interface may have been specified when the
+system was installed.</para>
+  
+<para>To display the configuration for the interfaces in your 
+FreeBSD system (Ethernet and others), enter the following command:
+<informalexample>
+<screen># ifconfig -a</screen>
+</informalexample>
+
+(In layman's terms:  "Show me the <emphasis remap=bf>I</emphasis>nter<emphasis remap=bf>F</emphasis>ace <acronym>CONFIG</acronym>uration
+for my network devices.") </para>
+  
+<para>An example:
+<informalexample>
+<screen># ifconfig -a
+ ed0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu
+1500
+      inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
+      ether 01:02:03:04:05:06
+ lp0: flags=8810&lt;POINTOPOINT,SIMPLEX,MULTICAST&gt; mtu 1500
+ tun0: flags=8050&lt;POINTOPOINT,RUNNING, MULTICAST&gt; mtu 1500
+ sl0: flags=c010&lt;POINTOPOINT,LINK2,MULTICAST&gt; mtu 552
+ ppp0: flags=8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500
+ lo0: flags=8049&lt;UP,LOOPBACK,RUNNING,MULTICAST&gt; mtu 16384
+      inet 127.0.0.1 netmask 0xff000000
+# _</screen>
+</informalexample>
+</para>
+  
+<para>In this example, the following devices were displayed:</para>
+  
+<para><emphasis remap=tt>ed0:</emphasis>  The Ethernet Interface</para>
+  
+<para><emphasis remap=tt>lp0:</emphasis>  The Parallel Port Interface (ignored in this guide)</para>
+  
+<para><emphasis remap=tt>tun0:</emphasis> The "tunnel" device; <emphasis>This is the one user-mode ppp uses!</emphasis></para>
+  
+<para><emphasis remap=tt>sl0:</emphasis>  The SL/IP device (ignored in this guide)</para>
+  
+<para><emphasis remap=tt>ppp0:</emphasis> Another PPP device (for kernel ppp; ignored in this guide)</para>
+  
+<para><emphasis remap=tt>lo0:</emphasis>  The "Loopback" device (ignored in this guide)</para>
+  
+<para>In this example, the 'ed0' device is up and running.  The key 
+indicators are:
+<orderedlist>
+
+<listitem>
+<para>Its status is "<acronym>UP</acronym>",</para>
+</listitem>
+
+<listitem>
+<para>It has an Internet ("<emphasis remap=tt>inet</emphasis>") address, (in this case, 192.168.1.1)</para>
+</listitem>
+
+<listitem>
+<para>It has a valid Subnet Mask ("netmask"; 0xffffff00 is the same as
+255.255.255.0), and</para>
+</listitem>
+
+<listitem>
+<para>It has a valid broadcast address (in this case, 192.168.1.255).</para>
+</listitem>
+
+</orderedlist>
+</para>
+  
+<para>If the line for the Ethernet card had shown something similar to:
+<informalexample>
+<screen>ed0: flags=8802&lt;BROADCAST,SIMPLEX,MULTICAST&gt; mtu 1500
+        ether 01:02:03:04:05:06</screen>
+</informalexample>
+
+then the Ethernet card hasn't been configured yet.</para>
+  
+<para>If the configuration for the Ethernet interface is correct you can
+skip forward to Section 3.4, "Creating the list of other LAN hosts".  
+Otherwise, proceed with the next section.</para>
+  
+
+<sect2>
+<title>Configuring your Ethernet Interface</title>
+
+<para><emphasis><emphasis remap=bf>Reminder:  You must be logged in as 'root' to edit the
+system configuration files!</emphasis></emphasis></para>
+  
+<para><emphasis><emphasis remap=bf>CAUTION:  If you mangle the system configuration files, 
+chances are your system WILL NOT BOOT correctly!  Be careful!</emphasis></emphasis></para>
+  
+<para>The configuration file that specifies settings for the network
+interfaces when the system boots is in <filename>/etc/rc.conf</filename>.  Use
+the default text editor ('ee') to edit this file.</para>
+  
+<para>Logged in as user 'root' load <filename>/etc/rc.conf</filename> into the
+editor with the following command:</para>
+  
+<para><command>  # ee /etc/rc.conf</command></para>
+  
+<para>About 20 lines from the top of <filename>/etc/rc.conf</filename> is the section
+that describes which network interfaces should be activated when the
+system boots.  In the default configuration file the specific line
+that controls this is:</para>
+  
+<para>
+<informalexample>
+<screen>network_interfaces="lo0"       # List of network interfaces (lo0 is loopback).</screen>
+</informalexample>
+</para>
+  
+<para>You'll need to amend this line to tell FreeBSD that you want to add
+another device, namely the '<emphasis remap=tt>ed0</emphasis>' device.  Change this line to
+read:</para>
+  
+<para>
+<informalexample>
+<screen>network_interfaces="lo0 ed0"   # List of network interfaces (lo0 is loopback).</screen>
+</informalexample>
+</para>
+  
+<para>(Note the space between the definition for the loopback device
+("<emphasis remap=tt>lo0</emphasis>") 
+and the Ethernet device ("<emphasis remap=tt>ed0</emphasis>")! </para>
+  
+<para><emphasis><emphasis remap=bf> Reminder: If your Ethernet card isn't named '<emphasis remap=tt>ed0</emphasis>', specify
+the correct device name here instead.</emphasis></emphasis></para>
+  
+<para>If you performed the installation of FreeBSD over a network
+connection then the '<literal>network_interfaces=</literal>' line may already
+include a reference to your Ethernet adapter.  If it is, verify that
+it is the correct device name.</para>
+  
+<para>Specify the Interface Settings for the Ethernet device
+('<emphasis remap=tt>ed0</emphasis>'):</para>
+  
+<para>Beneath the line that specifies which interfaces should be
+activated are the lines that specify the actual settings for each
+interface.  In the default <filename>/etc/rc.conf</filename> file is a single
+line that says:</para>
+  
+<para>
+<informalexample>
+<screen>ifconfig_lo0="inet 127.0.0.1"   # default loopback device configuration.</screen>
+</informalexample>
+</para>
+  
+<para>You'll need to add another line after that to specify the settings
+for your '<emphasis remap=tt>ed0</emphasis>' device.</para>
+  
+<para>If you performed the installation of FreeBSD over a network
+connection then there may already be an '<literal>ifconfig_ed0=</literal>' line
+after the loopback definition. If so, verify that it has the correct
+values.</para>
+  
+<para>For our sample configuration we'll insert a line immediately after
+the loopback device definition that says:</para>
+  
+<para>
+<informalexample>
+<screen>ifconfig_ed0="inet 192.168.1.1 netmask 255.255.255.0"</screen>
+</informalexample>
+</para>
+  
+<para>When you've finished editing <filename>/etc/rc.conf</filename> to specify and
+configure the network interfaces the section should look really close
+to:</para>
+  
+<para>
+<informalexample>
+<screen>---
+network_interfaces="ed1 lo0"    # List of network interfaces (lo0 is loopback).
+ifconfig_lo0="inet 127.0.0.1"   # default loopback device configuration.
+ifconfig_ed1="inet 192.168.1.1  netmask 255.255.255.0"
+---</screen>
+</informalexample>
+</para>
+  
+<para>Once all of the necessary changes to <filename>/etc/rc.conf</filename> have
+been made, press the 'Esc' key to invoke the control menu.  Select
+"leave editor" and be sure to select "save changes" when prompted.</para>
+  
+</sect2>
+</sect1>
+
+<sect1>
+<title>Enabling Packet Forwarding</title>
+
+<para>By default the FreeBSD system will not forward IP packets between
+various network interfaces.  In other words, routing functions (also
+known as gateway functions) are disabled.</para>
+  
+<para>If your intent is to use a FreeBSD system as stand-alone Internet 
+workstation and not as a gateway between LAN nodes and your ISP you 
+should skip forward to Section 3.4, "Creating the List of Other 
+LAN Hosts".</para>
+  
+<para>If you intend for the PPP program to service the local FreeBSD box
+as well as LAN workstations (as a router) you'll need to enable IP 
+forwarding.</para>
+  
+<para>To enable IP Packet forwarding you'll need to edit the
+<filename>/etc/rc.conf</filename> file.
+Load this file into your editor with the following command:
+<informalexample>
+<screen># ee /etc/rc.conf</screen>
+</informalexample>
+</para>
+  
+<para>About 85 lines down from the top of the file will be the
+configuration 
+section which controls IP forwarding, which will look like:
+<informalexample>
+<screen>=====
+gateway_enable="NO"             # Set to YES if this host will be a gateway.
+=====</screen>
+</informalexample>
+</para>
+  
+<para>Change this line to read:
+<informalexample>
+<screen>=====
+gateway_enable="YES"            # Set to YES if this host will be a gateway.
+=====</screen>
+</informalexample>
+</para>
+  
+<para>and exit the editor (saving the changes!).</para>
+  
+<para><emphasis><emphasis remap=bf>NOTE: This line may already be set to
+'<literal>gateway_enable="YES"</literal>' if IP forwarding was enabled when the
+FreeBSD system was installed.</emphasis></emphasis></para>
+  
+</sect1>
+
+<sect1>
+<title>Creating the List of other LAN Hosts(<filename>/etc/hosts</filename>)</title>
+
+<para>The final step in configuring the LAN side of the FreeBSD system is
+to create a list of the names and TCP/IP addresses of the various
+systems that are connected to the Local Area Network.  This list is
+stored in the '<filename>/etc/hosts</filename>' file.</para>
+  
+<para>The default version of this file has only a single host name
+listing in it: the name and address of the loopback device ('lo0').
+By networking convention, this device is always named "localhost" and
+always has an IP address of 127.0.0.1.  (See the interface
+configuration example in Section 3.2.)</para>
+  
+<para>To edit the <filename>/etc/hosts</filename> file enter the following command:
+<informalexample>
+<screen> # ee /etc/hosts </screen>
+</informalexample>
+</para>
+  
+<para>Scroll all the way to the bottom of the file (paying attention to
+the comments along the way; there's some good information there!)  and
+enter (assuming our sample network) the following IP addresses and
+host names:
+<informalexample>
+<screen>192.168.1.1    curly  curly.my.domain  # FreeBSD System
+192.168.1.2    larry  larry.my.domain  # Windows '95 System
+192.168.1.3    moe    moe.my.domain    # Windows for Workgroups
+System
+192.168.1.4    shemp  shemp.my.domain  # Windows NT System</screen>
+</informalexample>
+</para>
+  
+<para>(No changes are needed to the line for the '<emphasis remap=tt>127.0.0.1
+localhost</emphasis>' entry.)</para>
+  
+<para>Once you've entered these lines, press the 'Esc' key to invoke the
+control menu.  Select "leave editor" and be sure to select "save
+changes" when prompted.</para>
+  
+</sect1>
+
+<sect1>
+<title>Testing the FreeBSD system</title>
+
+<para>Congratulations!  Once you've made it to this point, the FreeBSD
+system is configured as a network-connected UNIX system!  If you made
+any changes to the <filename>/etc/rc.conf</filename> file you should probably
+re-boot your FreeBSD system.  This will accomplish two important
+objectives:
+<itemizedlist>
+
+<listitem>
+<para>Allow the changes to the interface configurations to be applied, and</para>
+</listitem>
+
+<listitem>
+<para>Verify that the system restarts without any glaring configuration errors.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>Once the system has been rebooted you should test the network
+interfaces.</para>
+  
+
+<sect2>
+<title>Verifying the operation of the loopback device</title>
+
+<para>To verify that the loopback device is configured correctly, log in as
+'root' and enter:
+<informalexample>
+<screen># ping localhost</screen>
+</informalexample>
+</para>
+  
+<para>You should see:
+<informalexample>
+<screen># ping localhost
+PING localhost.my.domain. (127.0.0.1): 56 data bytes
+64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.219 ms
+64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.287 ms
+64 bytes from 127.0.0.1: icmp_seq=2 ttl=255 time=0.214 m
+[...]</screen>
+</informalexample>
+
+messages scroll by until you hit Ctrl-C to stop the madness.</para>
+  
+</sect2>
+
+<sect2>
+<title>Verifying the operation of the Ethernet Device</title>
+
+<para>To verify that the Ethernet device is configured correctly, enter:</para>
+  
+<para>
+<informalexample>
+<screen># ping curly</screen>
+</informalexample>
+</para>
+  
+<para>You should see:
+<informalexample>
+<screen># ping curly
+PING curly.my.domain. (192.168.1.1): 56 data bytes
+64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.219 ms
+64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.200 ms
+64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.187 ms
+[...]</screen>
+</informalexample>
+
+messages.</para>
+  
+<para>One important thing to look at in these two examples is that the
+names (loopback and curly) correctly correlate to their IP addresses
+(127.0.0.1 and 192.168.1.1).  This verifies that the
+<filename>/etc/hosts</filename> files is correct.</para>
+  
+<para>If the IP address for "curly" isn't 192.168.1.1 or the address for
+"localhost" isn't 127.0.0.1, return to Section 3.4 and review your
+entries in '<filename>/etc/hosts</filename>'.</para>
+  
+<para>If the names and addresses are indicated correctly in the result of
+the ping command but there are errors displayed then something is
+amiss with the interface configuration(s).  Return to Section 3.1 and
+verify everything again.</para>
+  
+<para>If everything here checks out, proceed with the next section.</para>
+  
+</sect2>
+</sect1>
+</chapter>
+
+<chapter>
+<title>Configuring the PPP Dial-Out Connection</title>
+
+<para>There are two basic modes of operation of the ppp driver:
+"Interactive" and "Automatic".</para>
+  
+<para>In Interactive mode you:</para>
+  
+<para>
+<itemizedlist>
+
+<listitem>
+<para>Manually establish a connection to your ISP,</para>
+</listitem>
+
+<listitem>
+<para>Browse, surf, transfer files and mail, etc...,</para>
+</listitem>
+
+<listitem>
+<para>Manually disconnect from your ISP.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>In Automatic mode, the PPP program silently watches what goes on
+inside the FreeBSD system and automagically connects and disconnects
+with your ISP as required to make the Internet a seamless element of
+your network.</para>
+  
+<para>In this section we'll address the configuration(s) for both modes
+with emphasis on configuring your `ppp` environment to operate in
+"Automatic" mode.</para>
+  
+
+<sect1>
+<title>Backing up the original PPP configuration files</title>
+
+<para>Before making any changes to the files which are used by PPP you
+should make a copy of the default files that were created when the
+FreeBSD system was installed.</para>
+  
+<para>Log in as the 'root' user and perform the following steps:</para>
+  
+<para>Change to the '<filename>/etc</filename> directory:</para>
+  
+<para><emphasis remap=tt># cd /etc</emphasis></para>
+  
+<para>Make a backup copy the original files in the 'ppp' directory:</para>
+  
+<para><emphasis remap=tt># cp -R ppp ppp.ORIGINAL</emphasis></para>
+  
+<para>You should now be able to see both a '<emphasis remap=tt>ppp</emphasis>' and a
+'<filename>ppp.ORIGINAL</filename>' subdirectory
+in the '<filename>/etc</filename>' directory.</para>
+  
+</sect1>
+
+<sect1>
+<title>Create your own PPP configuration files</title>
+
+<para>By default, the FreeBSD installation process creates a number of
+sample configuration files in the /etc/ppp directory.  Please take
+some time to review these files; they were derived from working
+systems and represent the features and capabilities of the PPP
+program.</para>
+  
+<para>I <emphasis>strongly</emphasis> encourage you to learn from these sample files and
+apply them to your own configuration as necessary.</para>
+  
+<para>For detailed information about the `ppp` program, read the ppp
+manpage:
+<informalexample>
+<screen># man ppp</screen>
+</informalexample>
+</para>
+  
+<para>For detailed information about the `chat` scripting language used by
+the PPP dialer, read the chat manpage:
+<informalexample>
+<screen># man chat</screen>
+</informalexample>
+</para>
+  
+<para>The remainder of this section describes the recommended contents of
+the PPP configuration files.</para>
+  
+
+<sect2>
+<title>The '<filename>/etc/ppp/ppp.conf</filename>' file</title>
+
+<para>The '<filename>/etc/ppp/ppp.conf</filename>' file contains the information and
+settings required to set up a dial-out PPP connection.  More than one
+configuration may be contained in this file.  The FreeBSD handbook
+(XXX URL? XXX) describes the contents and syntax of this file in
+detail.</para>
+  
+<para>This section will describe only the minimal configuration to get a
+dial-out connection working.</para>
+  
+<para>Below is the /etc/ppp/ppp.conf file that we'll be using to provide a
+dial-out Internet gateway for our example LAN:
+<informalexample>
+<screen>################################################################
+# PPP Configuration File ('/etc/ppp/ppp.conf')
+#
+# Default settings; These are always executed always when PPP
+# is invoked and apply to all system configurations.
+################################################################
+default:
+set device /dev/cuaa0
+set speed 57600
+disable pred1
+deny pred1
+disable lqr
+deny lqr
+set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0
+OK-AT-OK\\dATDT\\T TIMEOUT 40 CONNECT"
+set redial 3 10
+#
+#
+################################################################
+#
+# For interactive mode use this configuration:
+#
+# Invoke with `ppp -alias interactive`
+#
+################################################################
+interactive:
+set authname Your_User_ID_On_Remote_System
+set authkey Your_Password_On_Remote_System
+set phone 1-800-123-4567
+set timeout 300
+set openmode active
+accept chap
+#
+################################################################
+#
+# For demand-dial (automatic) mode we'll use this configuration:
+#
+# Invoke with: 'ppp -auto -alias demand'
+#
+################################################################
+demand:
+set authname Your_User_ID_On_Remote_System
+set authkey Your_Password_On_Remote_System
+set phone 1-800-123-4567
+set timeout 300
+set openmode active
+accept chap
+set ifaddr 127.1.1.1/0 127.2.2.2/0 255.255.255.0
+add 0 0 127.2.2.2
+################################################################
+# End of /etc/ppp/ppp.conf</screen>
+</informalexample>
+
+This file, taken verbatim from a working system, has three relevant 
+configuration sections:</para>
+  
+
+<sect3>
+<title>The "<emphasis remap=tt>default</emphasis>" Section</title>
+
+<para>The '<emphasis remap=tt>default:</emphasis>' section contains the values and settings
+used by every other section in the file.  Essentially, this section is
+implicitly added to the configuration lines to each other section.</para>
+  
+<para>This is a good place to put "global defaults" applicable to all
+dial-up sessions; especially modem settings and dialing prefixes which
+typically don't change based on which destination system you're
+connecting to.</para>
+  
+<para>Following are the descriptions of each line in the "default" section
+of the sample '<filename>/etc/ppp/ppp.conf</filename>' file:
+<informalexample>
+<screen>set device /dev/cuaa0</screen>
+</informalexample>
+
+This statement informs the PPP program that it should use the first
+serial port.
+Under FreeBSD the '<filename>/dev/cuaa0</filename>' device is the same port that's
+known as "<emphasis remap=tt>COM1:</emphasis>" under DOS, Windows, Windows 95, etc....</para>
+  
+<para>If your modem is on <emphasis remap=tt>COM2:</emphasis> you should specify
+'<filename>/dev/cua01</filename>; <emphasis remap=tt>COM3:</emphasis> would be '<filename>/dev/cua02</filename>'.</para>
+  
+<para>
+<informalexample>
+<screen>set speed 57600 </screen>
+</informalexample>
+</para>
+  
+<para>This line sets the transmit and receive speed for the connection
+between the serial port and the modem. While the modem used for this
+configuration is only a 28.8 device, setting this value to 57600 lets
+the serial link run at a higher rate to accommodate higher throughput
+as a result of the data compression built into late-model modems.</para>
+  
+<para>If you have trouble communicating with your modem, try setting this
+value to 38400 or even as low as 19200.</para>
+  
+<para>
+<informalexample>
+<screen>disable pred1
+deny pred1</screen>
+</informalexample>
+</para>
+  
+<para>These two lines disable the "CCP/Predictor type 1" compression
+features of the PPP program.  The current version of `ppp` supports
+data compression in accordance with draft Internet standards.
+Unfortunately many ISPs use equipment that does not support this
+capability.  Since most modems try to perform on-the-fly compression
+anyway you're probably not losing much performance by disabling this
+feature on the FreeBSD side and denying the remote side from forcing
+it on you.</para>
+  
+<para>
+<informalexample>
+<screen>disable lqr
+deny lqr</screen>
+</informalexample>
+</para>
+  
+<para>These two lines control the "Line Quality Reporting" functions which
+are part of the complete Point-to-Point (PPP) protocol specification.
+(See RFC-1989 for details.)</para>
+  
+<para>The first line, "disable lqr", instructs the PPP program to not
+attempt to report line quality status to the device on the remote end.</para>
+  
+<para>The second line, "deny lqr", instructs the PPP program to deny any
+attempts by the remote end to reports line quality.</para>
+  
+<para>As most modern dial-up modems have automatic error correction and
+detection and LQR reporting is not fully implemented in many vendor's
+products it's generally a safe bet to include these two lines in the
+default configuration.</para>
+  
+<para>
+<informalexample>
+<screen>set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0
+OK-AT-OK\\dATDT\\T TIMEOUT 40 CONNECT"</screen>
+</informalexample>
+</para>
+  
+<para><emphasis>NOTE: (This statement should appear on a single line; ignore any
+line wrapping that may appear in this document.)</emphasis></para>
+  
+<para>This line instructs the PPP program how to dial the modem and
+specifies some rudimentary guidelines for doing so:
+<itemizedlist>
+
+<listitem>
+<para>Attempts to dial should fail if the modem returns a "BUSY" result code,</para>
+</listitem>
+
+<listitem>
+<para>Attempts to dial should also fail if the modem returns a "NO CARRIER" result code,</para>
+</listitem>
+
+<listitem>
+<para>The PPP program should expect each of the following events to complete within a
+5-second timeout period:
+<itemizedlist>
+
+<listitem>
+<para>The PPP program will initially expect nothing (specified above
+by the \"\" portion of the statement) from the modem </para>
+</listitem>
+
+<listitem>
+<para>The program
+will send the modem initialization string "ATE1Q0M0" to the modem and
+await a response of "OK".  If a response is not received, the program
+should send an attention command to the modem ("AT") and look again
+for a response of "OK", </para>
+</listitem>
+
+<listitem>
+<para>The program should delay for one second
+(specified by the "\\d" part of the statement, and send the dialing
+string to the modem.  The "ATDT" portion of the statement is the
+standard modem prefix to dial using tone-dialing; if you do not have
+touch-tone service on your local phone line, replace the "ATDT" with
+"ATDP".  The "\\T" string is a placeholder for the actual phone number
+(which will be automatically inserted as specified by the "set dial
+123-4567").</para>
+</listitem>
+
+</itemizedlist>
+</para>
+</listitem>
+
+<listitem>
+<para>Finally, before a (maximum) timeout of 40 seconds, the PPP
+program should expect to see a "CONNECT" result code returned from the
+modem.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>A failure at any point in this dialog will be interpreted as a dialing
+failure and the PPP program will fail to connect.</para>
+  
+<para>(For a detailed description of the mini-scripting language used by the
+PPP dialer, refer to the "chat" manpage.)</para>
+  
+<para>
+<informalexample>
+<screen>set redial 3 10</screen>
+</informalexample>
+
+This line specifies that if a dial connection cannot immediately be made
+the PPP program should retry (up to 3 times if necessary) with a delay of 10 seconds
+between redialing attempts.</para>
+  
+</sect3>
+
+<sect3>
+<title>The "<emphasis remap=tt>interactive</emphasis>" Section</title>
+
+<para>The '<emphasis remap=tt>interactive:</emphasis>' section contains the values and
+settings used to set up an "interactive" PPP session with a specific
+remote system.  Settings in this section will have the lines included
+in the "default" section included automatically.</para>
+  
+<para>The example cited in this section of the guide presumes that you'll
+be connecting to a remote system that understands how to authenticate
+a user without any fancy scripting language.  That is, this sample
+uses the CHAP protocol to set up the connection.</para>
+  
+<para>A good rule of thumb is that if the Windows '95 dialer can set up a
+connection by just clicking the "Connect" button this sample
+configuration should work OK.</para>
+  
+<para>If, on the other hand, when you connect to your ISP using Microsoft
+Windows '95 Dial-Up Networking you need to resort to using the "Dial
+Up Scripting Tool" from the Microsoft Plus! pack or you have to select
+"Bring up a terminal windows after dialing" in the Windows '95
+connection options then you'll need to look at the sample PPP
+configuration files and the ppp manpage for examples of "expect /
+response" scripting to make your ISP connection.  The "set login"
+command is used for this purpose.</para>
+  
+<para>Or even better, find an ISP who knows how to provide PAP or CHAP
+authentication!</para>
+  
+<para>The configuration examples shown here have been successfully used to
+connect to:
+<itemizedlist>
+
+<listitem>
+<para>Various Shiva LanRovers</para>
+</listitem>
+
+<listitem>
+<para>The IBM Network (<ulink URL="http://www.ibm.net">http://www.ibm.net</ulink>)</para>
+</listitem>
+
+<listitem>
+<para>AT&amp;T WorldNet (<ulink URL="http://att.com/worldnet">http://att.com/worldnet</ulink>)</para>
+</listitem>
+
+<listitem>
+<para>Erol's (<ulink URL="http://www.erols.com">http://www.erols.com</ulink>)</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>Following are descriptions for each line in the "interactive" section
+of the sample '<filename>/etc/ppp/ppp.conf</filename>' file:</para>
+  
+<para>
+<informalexample>
+<screen>set authname Your_User_ID_On_Remote_System</screen>
+</informalexample>
+
+This line specifies the name you would use to log in to the remote
+system.  </para>
+  
+<para>
+<informalexample>
+<screen>set authkey Your_Password_On_Remote_System</screen>
+</informalexample>
+
+This is the password you'd use to log in to the remote system.</para>
+  
+<para>
+<informalexample>
+<screen>set phone 1-800-123-4567</screen>
+</informalexample>
+
+This is the phone number of the remote system.  If you're inside a PBX
+you can 
+prepend '<emphasis remap=tt>9, </emphasis>' to the number here.</para>
+  
+<para>
+<informalexample>
+<screen>set timeout 300</screen>
+</informalexample>
+
+This tells the PPP program that it should automatically hang up the
+phone if no data has 
+be exchanged for 300 seconds (5 minutes).  You may wish to tailor this
+number to your 
+specific requirements.</para>
+  
+<para>
+<informalexample>
+<screen>set openmode active</screen>
+</informalexample>
+
+This tells the PPP program that once the modems are connected it
+should immediately attempt to negotiate the connection.  Some remote
+sites do this automatically, some don't.  This instructs your side of
+the link to take the initiative and try to set up the connection.</para>
+  
+<para>
+<informalexample>
+<screen>accept chap</screen>
+</informalexample>
+
+This tells the PPP program to use the "Challenge-Handshake
+Authentication Protocol" to authenticate you.  The values exchanged
+between the local and remote side for UserID and password are taken
+from the 'authname' and 'authkey' entries above.</para>
+  
+</sect3>
+
+<sect3>
+<title>The "<emphasis remap=tt>demand</emphasis>" Section</title>
+
+<para>The "<emphasis remap=tt>demand</emphasis>" section contains the values and settings used
+to set up a "Dial-on-demand" PPP session with a specific remote
+system.  Settings in this section will also have the lines included in
+the "default" section included automatically.</para>
+  
+<para>Except for the last two lines in this section it is identical to
+the configuration section which defines the "interactive"
+configuration.</para>
+  
+<para>As noted in Paragraph ???, the examples cited in this section of
+the guide presume that you'll be connecting to a remote system that
+understands how to use the CHAP protocol to set up the connection.</para>
+  
+<para>Following are descriptions for each line in the "demand" section of
+the sample '<filename>/etc/ppp/ppp.conf</filename>' file:</para>
+  
+<para>
+<informalexample>
+<screen>set authname Your_User_ID_On_Remote_System</screen>
+</informalexample>
+
+This line specifies the name you would use to log in to the remote
+system.  </para>
+  
+<para>
+<informalexample>
+<screen>set authkey Your_Password_On_Remote_System</screen>
+</informalexample>
+
+This is the password you'd use to log in to the remote system.</para>
+  
+<para>
+<informalexample>
+<screen>set phone 1-800-123-4567</screen>
+</informalexample>
+
+This is the phone number of the remote system.</para>
+  
+<para>
+<informalexample>
+<screen>set timeout 300</screen>
+</informalexample>
+</para>
+  
+<para>This tells the PPP program that it should automatically hang up the
+phone if no data has be exchanged for 300 seconds (5 minutes).  You
+may wish to tailor this number to your specific requirements.</para>
+  
+<para>
+<informalexample>
+<screen>set openmode active</screen>
+</informalexample>
+</para>
+  
+<para>This tells the PPP program that once the modems are connected it
+should immediately attempt to negotiate the connection.  Some remote
+sites do this automatically, some don't.  This instructs your side of
+the link to take the initiative and try to set up the connection.</para>
+  
+<para>
+<informalexample>
+<screen>accept chap</screen>
+</informalexample>
+</para>
+  
+<para>This tells the PPP program to use the "Challenge-Handshake
+Authentication Protocol" to authenticate you.  The values exchanged
+between the local and remote side for UserID and password are taken
+from the 'authname' and 'authkey' entries above.</para>
+  
+<para>
+<informalexample>
+<screen>set ifaddr 127.1.1.1/0 127.2.2.2/0 255.255.255.0</screen>
+</informalexample>
+</para>
+  
+<para>This command sets up a pair of "fake" IP addresses for the local and
+remote sides of the PPP link.  It instructs the PPP program to create
+an IP address of 127.1.1.1 for the local side of the '<emphasis remap=tt>tun0</emphasis>'
+(tunnel) device (refer back to section ?? for a description of this
+device) and 127.2.2.2 for the remote side.  Appending '<filename>/0</filename>' to
+each address tells the PPP program that zero of the bits that make up
+these addresses are significant and can (in fact, must!) be negotiated
+between the local and remote systems when the link is established.
+The 255.255.255.0 string tells the PPP program what Subnet mask to
+apply to these pseudo-interfaces.</para>
+  
+<para>Remember, we've assumed that your ISP provides the IP addresses for
+both ends of the link!  If your ISP assigned you a specific IP address
+that you should use on your side when configuring your system, enter
+that IP address here <emphasis>instead</emphasis> of <emphasis remap=tt>127.1.1.1</emphasis>.</para>
+  
+<para>Conversly, if your ISP gave you a specific IP address that he uses on
+his end you should enter that IP address here <emphasis>instead</emphasis> of
+<emphasis remap=tt>127.2.2.2</emphasis>.</para>
+  
+<para>In both cases, it's probably a good idea to leave the '<filename>/0</filename>' on
+the end of each address.  This gives the PPP program the opportunity
+to change the address(es) of the link if it <emphasis>has</emphasis> to.</para>
+  
+<para>
+<informalexample>
+<screen>add 0 0 127.2.2.2</screen>
+</informalexample>
+</para>
+  
+<para>This last line tells the PPP program that it should add a default
+route for IP traffic that points to the (fake) IP address of the ISP's
+system.</para>
+  
+<para><emphasis><emphasis remap=bf>Note: If you used an ISP-specified address instead of
+<emphasis remap=tt>127.2.2.2</emphasis> on the preceeding line, use the same number here
+instead of <emphasis remap=tt>127.2.2.2</emphasis></emphasis></emphasis>.</para>
+  
+<para>By adding this "fake" route for IP traffic, the PPP program can,
+while idle:
+<itemizedlist>
+
+<listitem>
+<para>Accept packets that FreeBSD doesn't already know how to forward,</para>
+</listitem>
+
+<listitem>
+<para>Establish a connection to the ISP "<emphasis>on-the-fly</emphasis>",</para>
+</listitem>
+
+<listitem>
+<para>Reconfigure the IP addresses of the local and remote side of the link,</para>
+</listitem>
+
+<listitem>
+<para>Forward packets between your workstation and the ISP.</para>
+</listitem>
+
+</itemizedlist>
+
+automatically!</para>
+  
+<para>Once the number of seconds specified by the timeout value in the
+"default" section have elapsed without any TCP/IP traffic the PPP
+program will automatically close the dial-up connection and the
+process will begin again.</para>
+  
+</sect3>
+</sect2>
+
+<sect2>
+<title>The '<filename>/etc/ppp/ppp.linkup</filename>' file</title>
+
+<para>The other file needed to complete the PPP configuration is found in
+'<filename>/etc/ppp/ppp.linkup</filename>'.  This file contains instructions for
+the PPP program on what actions to take after a dial-up link is
+established.</para>
+  
+<para>In the case of dial-on-demand configurations the PPP program will need
+to delete the default route that was created to the fake IP address of
+the remote side (127.2.2.2 in our example in the previous section) and
+install a new default route that points the actual IP address of the
+remote end (discovered during the dial-up connection setup).</para>
+  
+<para>A representative '<filename>/etc/ppp/ppp.linkup</filename>' file:
+<informalexample>
+<screen>#########################################################################=
+
+# PPP Link Up File ('/etc/ppp/ppp.linkup')
+#
+#  This file is checked after PPP establishes a network connection.
+# 
+#  This file is searched in the following order.
+#
+#  1) First, the IP address assigned to us is searched and
+#     the associated command(s) are executed.
+#
+#  2) If the IP Address is not found, then the label name specified at
+
+#     PPP startup time is searched and the associated command(s) 
+#     are executed.
+#
+#  3) If neither of the above are found then commands under the label
+#     'MYADDR:' are executed.
+#
+#########################################################################=
+
+#
+# This section is used for the "demand" configuration in
+#   /etc/ppp/ppp.conf:
+demand:
+ delete ALL
+ add 0 0 HISADDR
+#
+# All other configurations in /etc/ppp/ppp.conf use this:
+#
+MYADDR:
+ add 0 0 HISADDR
+########################################################################
+# End of /etc/ppp/ppp.linkup</screen>
+</informalexample>
+
+Notice that there is a section in this file named "demand:", identical
+to the configuration name used in the '<filename>/etc/ppp/ppp.conf</filename>'
+file.  This section instructs the PPP program that once a link is
+established using this configuration, it must:
+<orderedlist>
+
+<listitem>
+<para>Remove any IP routing information that the PPP program has created</para>
+</listitem>
+
+<listitem>
+<para>Add a default route the remote end's actual address.</para>
+</listitem>
+
+</orderedlist>
+</para>
+  
+<para>It's critical that those configurations in
+'<filename>/etc/ppp/ppp.conf</filename>' which include the '<emphasis remap=tt>set ifaddr</emphasis>' and
+'<emphasis remap=tt>add 0 0</emphasis>' statements (i.e.: those configurations used for
+Dial-on-Demand configurations) execute the "delete ALL" and "add 0 0
+HISADDR" commands in <filename>/etc/ppp/ppp.linkup</filename>.</para>
+  
+<para><emphasis><emphasis remap=bf>This is the mechanism that controls the actual on-demand
+configuration of the link.</emphasis></emphasis></para>
+  
+<para>All configurations not explicitly named in
+<filename>/etc/ppp/ppp.linkup</filename> will use whatever commands are in the
+"MYADDR:" section of the file.  This is where non-Demand-Dial
+configurations (such as our "interactive:" sample) will fall through
+to.  This section simply adds a default route to the ISP's IP address
+(at the remote end).</para>
+  
+</sect2>
+</sect1>
+
+<sect1>
+<title>IP Aliasing</title>
+
+<para>All of the configuration steps described thus far are relevant to
+any FreeBSD system which will be used to connect to an ISP via dial-up
+connection.</para>
+  
+<para>If your sole objective in reading this guide is to connect your
+FreeBSD box to the Internet using dial-out ppp you can proceed to
+Section 6, "Testing the Network".</para>
+  
+<para>One very attractive feature of the PPP program in on-demand mode is
+its ability to route IP traffic between other systems on the Local
+Area Network automatically.  This feature is known by various names,
+"<emphasis>IP Aliasing</emphasis>", "<emphasis>Network Address Translation</emphasis>", "<emphasis>Address
+Masquerading</emphasis>" or "<emphasis>Transparent Proxying</emphasis>".</para>
+  
+<para>Regardless of the terminology used, this mode is not, however,
+automatic.  If the PPP program is started normally then the program
+will not forward packets between LAN interface(s) and the dial-out
+connection. In effect, only the FreeBSD system is connected to the
+ISP; other workstations cannot "share" the same connection.</para>
+  
+<para>For example, if the program is started with either of the following
+command lines:</para>
+  
+<para><emphasis remap=tt># ppp interactive   (Interactive mode)</emphasis></para>
+  
+<para> or</para>
+  
+<para><emphasis remap=tt># ppp -auto demand  (Dial-on-Demand mode)</emphasis></para>
+  
+<para>then the system will function as an Internet-connected workstation
+<emphasis>only</emphasis> for the 
+FreeBSD box.</para>
+  
+<para>To start the PPP program as a gateway between LAN resources and the
+Internet, one of the following command lines would be used instead:</para>
+  
+<para><emphasis remap=tt># ppp -alias interactive   (Interactive mode)</emphasis></para>
+  
+<para> or</para>
+  
+<para><emphasis remap=tt># ppp -auto -alias demand  (Dial-on-Demand mode)</emphasis></para>
+  
+<para>You can alternatively use the command <emphasis remap=tt>``alias enable yes''</emphasis>
+in your ppp configuration file (refer to the man page for details).</para>
+  
+<para>Keep this in mind if you intend to proceed with Section 5,
+"Configuring Windows Systems".</para>
+  
+</sect1>
+</chapter>
+
+<chapter>
+<title>Configuring Windows Systems</title>
+
+<para>As indicated in Section 1, our example network consists of a
+FreeBSD system ("Curly") which acts as a gateway (or router) between a
+Local Area Network consisting of two different flavors of Windows
+Workstations.  In order for the LAN nodes to use Curly as a router
+they need to be properly configured.  Note that this section does not
+explain how to configure the Windows workstations for Dial-Up
+networking.  If you need a good explanation of that procedure, I
+recommend <ulink URL="http://www.aladdin.co.uk/techweb">http://www.aladdin.co.uk/techweb</ulink>.</para>
+  
+
+<sect1>
+<title> Configuring Windows 95</title>
+
+<para>Configuring Windows 95 to act as an attached resource on your LAN
+is relatively simple.  The Windows 95 network configuration must be
+slightly modified to use the FreeBSD system as the default gateway to
+the ISP.  Perform the following steps:</para>
+  
+<para><emphasis remap=bf>Create the Windows 95 "hosts" file:</emphasis></para>
+  
+<para>In order to connect to the other TCP/IP systems on the LAN you'll
+need to create an identical copy of the "hosts" file that you
+installed on the FreeBSD system in Section 3.4.
+<itemizedlist>
+
+<listitem>
+<para>Click the "Start" button; select "Run..."; enter "notepad
+\WINDOWS\HOSTS" (without the quotes) and click "OK"</para>
+</listitem>
+
+<listitem>
+<para>In the editor, enter the addresses and system names from the hosts
+file shown in Section 3.4.</para>
+</listitem>
+
+<listitem>
+<para>When finished editing, close the notepad application (making sure
+that you save the file!).</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the Windows 95 TCP/IP Network Configuation
+settings</emphasis>:
+<itemizedlist>
+
+<listitem>
+<para>Click the "Start" button on the taskbar; select "Settings" and
+"Control Panel". </para>
+</listitem>
+
+<listitem>
+<para>Double-click the "Network" icon to open it.</para>
+
+<para> 
+The settings for all Network Elements are displayed.</para>
+</listitem>
+
+<listitem>
+<para>With the "Configuration" tab selected, scroll down the list of
+installed components and highlight the "TCP/IP-&gt;<emphasis>YourInterfaceType</emphasis>" line
+(where "<emphasis>YourInterfaceType</emphasis>" is the name or type of Ethernet adapter in your system).
+</para>
+
+<para>If TCP/IP is not listed in the list of installed network
+components, click the "Add" button and install it before proceeding.</para>
+
+<para>(Hint:  "Add | Protocol | Microsoft | TCP/IP | OK")</para>
+</listitem>
+
+<listitem>
+<para>Click on the "Properties" button to display a list of the
+settings associated with the TCP component.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the IP Address Information:</emphasis>
+<itemizedlist>
+
+<listitem>
+<para>Click the "IP Address" tab</para>
+</listitem>
+
+<listitem>
+<para>Click the "Specify an IP address" radio button. 
+</para>
+
+<para>(In our example LAN the Windows 95 system is the one we've called "Larry".)</para>
+</listitem>
+
+<listitem>
+<para>In the "IP Address" field enter "192.168.1.2".</para>
+</listitem>
+
+<listitem>
+<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the Gateway information:</emphasis>
+<itemizedlist>
+
+<listitem>
+<para>Click on the "Gateway" tab
+</para>
+
+<para>For our example network the FreeBSD box will be acting as our
+gateway to the Internet (routing packets between the Ethernet LAN and
+the PPP dial-up connection.  Enter the IP address of the FreeBSD
+Ethernet interface, 192.168.1.1, in the "New gateway" field and click
+the "Add" button.  If any other gateways are defined in the "Installed
+gateways" list you may wish to consider removing them.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the DNS Information:</emphasis></para>
+  
+<para>This guide assumes that your Internet Service Provider has given
+you a list of Domain Name Servers (or "DNS Servers") that you should
+use.  If you wish to run a DNS server on your local FreeBSD system,
+refer to Section 6, "Exercise for the Interested Student" for tips on
+setting up DNS on your FreeBSD system.</para>
+  
+<para>
+<itemizedlist>
+
+<listitem>
+<para>Click the "DNS Configuration" tab</para>
+</listitem>
+
+<listitem>
+<para>Make sure that the "Enable DNS" radio button is selected.
+</para>
+
+<para>(If this button is not selected only the entries that 
+we put in the host file(s) will be available and your Net-Surfing 
+will not work as you expect!)</para>
+</listitem>
+
+<listitem>
+<para>In the "Host" field enter the name of the Windows 95 box, in this
+case: "Larry".</para>
+</listitem>
+
+<listitem>
+<para>In the "Domain" field enter the name of our local network, in this
+case: "my.domain"</para>
+</listitem>
+
+<listitem>
+<para>In the "DNS Server Search Order" section, enter the IP address
+of the DNS server(s) that your ISP provided, clicking the "Add" button
+after every address is entered.  Repeat this step as many times as
+necessary to add all of the addresses that your ISP provided.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Other Windows 95 TCP/IP options:</emphasis></para>
+  
+<para>For our purposes the settings under the "Advanced", "WINS
+Configuration" and "Bindings" tabs are not necessary.</para>
+  
+<para>If you wish to use the Windows Internet Naming Service ("WINS")
+your attention is invited to <ulink URL="http://www.localnet.org">http://www.localnet.org</ulink> for
+more information about WINS settings, specifically regarding sharing
+files transparently across the Internet.</para>
+  
+<para><emphasis remap=bf>Mopping up:</emphasis>
+<itemizedlist>
+
+<listitem>
+<para>Click on the "OK" button to close the TCP/IP Properties window.</para>
+</listitem>
+
+<listitem>
+<para>Click on the "OK" button to close the Network Control Panel. </para>
+</listitem>
+
+<listitem>
+<para>Reboot your computer if prompted to do so. </para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para> That's it!</para>
+  
+</sect1>
+
+<sect1>
+<title>Configuring Windows NT</title>
+
+<para>Configuring Windows NT to act as a LAN resource is also relatively
+straightforward.  The procedures for configuring Windows NT are
+similar to Windows 95 with minor exceptions in the user interface.</para>
+  
+<para>The steps shown here are appropriate for a Windows NT 4.0
+Workstation, but the principles are the same for NT 3.5x.  You may
+wish to refer to the "Configuring Windows for Workgroups" section if
+you're configuring Windows NT 3.5<emphasis remap=it>x</emphasis>, since the user interface is
+the same for NT 3.5 and WfW.</para>
+  
+<para>Perform the following steps: </para>
+  
+<para><emphasis remap=bf>Create the Windows NT "hosts" file:</emphasis></para>
+  
+<para>In order to connect to the other TCP/IP systems on the LAN you'll
+need to create an identical copy of the "hosts" file that you
+installed on the FreeBSD system in Section 3.4
+<itemizedlist>
+
+<listitem>
+<para>Click the "Start" button; select "Run..."; enter "notepad
+\WINDOWS\SYSTEM\DRIVERS\ETC\HOSTS" (without the quotes) and click
+"OK"</para>
+</listitem>
+
+<listitem>
+<para>In the editor, enter the addresses and system names from Section
+3.4.</para>
+</listitem>
+
+<listitem>
+<para>When finished editing, close the notepad application (making sure
+that you save the file!).</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the Windows NT TCP/IP Network Configuation
+settings</emphasis>:
+<itemizedlist>
+
+<listitem>
+<para>Click the "Start" button on the taskbar; select "Settings" and
+"Control Panel". </para>
+</listitem>
+
+<listitem>
+<para>Double-click the "Network" icon to open it. </para>
+</listitem>
+
+<listitem>
+<para>With the "Identification" tab selected, verify the "Computer Name"
+and "Workgroup" fields.  In this example we'll use "Shemp" for the name
+and "Stooges" for the workgroup.  Click the "Change" button and amend
+these entries as necessary.</para>
+</listitem>
+
+<listitem>
+<para>Select the "Protocols" tab. 
+
+</para>
+
+<para>The installed Network Protocols will be displayed.  There may be a
+number of protocols listed but the one of interest to this guide is
+the "TCP/IP Protocol".  If "TCP/IP Protocol" is not listed, click the
+"Add" button to load it.</para>
+
+<para>(Hint: "Add | TCP/IP Protocol | OK") </para>
+</listitem>
+
+<listitem>
+<para>Highlight "TCP/IP
+Protocol" and click the "Properties" button.
+</para>
+
+<para>Tabs for specifying various settings for TCP/IP will be displayed.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configuring the IP Address:</emphasis></para>
+  
+<para>Make sure that the Ethernet Interface is shown in the "Adapter"
+box; if not, scroll through the list of adapters until the correct
+interface is shown.
+<itemizedlist>
+
+<listitem>
+<para>Click the "Specify an IP address" radio button to enable the three
+text boxes.
+</para>
+
+<para>In our example LAN the Windows NT system is the one we've called
+"Shemp"</para>
+</listitem>
+
+<listitem>
+<para>In the "IP Address" field enter "192.168.1.4".</para>
+</listitem>
+
+<listitem>
+<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the Gateway information:</emphasis></para>
+  
+<para>For our example network the FreeBSD box will be acting as our gateway
+to the Internet (routing packets between the Ethernet LAN and the PPP dial-up
+connection.
+<itemizedlist>
+
+<listitem>
+<para>Enter the IP address of the FreeBSD Ethernet interface,
+192.168.1.1, in the "New gateway" field and click the "Add" button.  
+</para>
+
+<para>If any other gateways are defined in the "Installed gateways" list
+you may wish to consider removing them.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configuring DNS:</emphasis></para>
+  
+<para>Again, this guide assumes that your Internet Service Provider has
+given you a list of Domain Name Servers (or "DNS Servers") that you
+should use.</para>
+  
+<para>If you wish to run a DNS server on your local FreeBSD system, refer to
+Section 6, "Exercise for the Interested Student" for tips on setting
+up DNS on your FreeBSD system.
+<itemizedlist>
+
+<listitem>
+<para>Click the "DNS" tab</para>
+</listitem>
+
+<listitem>
+<para>In the "Host Name" field enter the name of the Windows NT box, in
+this case: "Shemp".</para>
+</listitem>
+
+<listitem>
+<para>In the "Domain" field enter the name of our local network, in this
+case: "my.domain"</para>
+</listitem>
+
+<listitem>
+<para>In the "DNS Server Search Order" section, enter the IP address of
+the DNS server that your ISP provided, clicking the "Add" button after
+every address is entered.  Repeat this step as many times as necessary
+to add all of the addresses that your ISP provided.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Other Windows NT TCP/IP options:</emphasis></para>
+  
+<para>For our purposes the settings under the "WINS Address" and
+"Routing" tabs are not used.</para>
+  
+<para>If you wish to use the Windows Internet Naming Service ("WINS")
+your attention is invited to <ulink URL="http://www.localnet.org">http://www.localnet.org</ulink> for
+more information about WINS settings, specifically regarding sharing
+files transparently across the Internet.</para>
+  
+<para><emphasis remap=bf>Mopping up:</emphasis>
+<itemizedlist>
+
+<listitem>
+<para>Click on the "OK" button to close the TCP/IP Properties section.
+</para>
+</listitem>
+
+<listitem>
+<para>Click on the "Close" button to close the Network Control Panel.
+</para>
+</listitem>
+
+<listitem>
+<para>Restart your computer if prompted to do so.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>That's it!</para>
+  
+</sect1>
+
+<sect1>
+<title>Configuring Windows for Workgroups</title>
+
+<para>Configuring Windows for Workgroups to act as a network client
+requires that the Microsoft TCP/IP-32 driver diskette has been
+installed on the workstation.  The TCP/IP drivers are not included
+with the WfW CD or diskettes; if you need a copy they're available at
+<ulink URL="ftp://ftp.microsoft.com:/peropsys/windows/public/tcpip">ftp://ftp.microsoft.com:/peropsys/windows/public/tcpip</ulink>.</para>
+  
+<para>Once the TCP/IP drivers have been loaded, perform the following
+steps:</para>
+  
+<para><emphasis remap=bf>Create the Windows for Workgroups "hosts" file:</emphasis></para>
+  
+<para>In order to connect to the other TCP/IP systems on the LAN you'll
+need to create an identical copy of the "hosts" file that you
+installed on the FreeBSD system in Section 3.4.
+<itemizedlist>
+
+<listitem>
+<para>In Program Manager, click the "File" button; select "Run"; and
+enter: "notepad \WINDOWS\HOSTS" (without the quotes) and click "OK"</para>
+</listitem>
+
+<listitem>
+<para>In the editor, enter the addresses and system names from the hosts
+file shown in Section 3.4.</para>
+</listitem>
+
+<listitem>
+<para>When finished editing, close the notepad application (making sure
+that you save the file!).</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the Windows 95 TCP/IP Network Configuation
+settings</emphasis>
+<itemizedlist>
+
+<listitem>
+<para>In the main window of Program Manager, open the "Network" group by
+double-clicking the icon. </para>
+</listitem>
+
+<listitem>
+<para>Double click on the "Network Setup" icon. </para>
+</listitem>
+
+<listitem>
+<para>In the "Network Drivers Box" double-click the "Microsoft
+TCP/IP-32" entry. </para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the Windows for Workgroups IP Address:</emphasis> </para>
+  
+<para>Ensure
+the correct Ethernet Interface is selected in the "Adapter" list.  If
+not, scroll down until it is displayed and select it by clicking on
+it.
+<itemizedlist>
+
+<listitem>
+<para>Ensure that the "Enable Automatic DHCP Configuration" check box is
+blank.  If it is checked, click it to remove the "X".</para>
+</listitem>
+
+<listitem>
+<para>In our example LAN the Windows for Workgroups system is the one
+we've called "Moe"; in the "IP Address" field enter "192.168.1.3".</para>
+</listitem>
+
+<listitem>
+<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configure the Gateway information:</emphasis></para>
+  
+<para>For our example network the FreeBSD box will be acting as our
+gateway to the Internet (routing packets between the Ethernet LAN and
+the PPP dial-up connection).
+<itemizedlist>
+
+<listitem>
+<para>Enter the IP address of the FreeBSD system, 192.168.1.1, in the
+"Default Gateway" field.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Configuring DNS:</emphasis></para>
+  
+<para>Again, this guide assumes that your Internet Service Provider has
+given you a list of Domain Name Servers (or "DNS Servers") that you
+should use.  If you wish to run a DNS server on your local FreeBSD
+system, refer to Section 6, "Exercise for the Interested Student" for
+tips on setting up DNS on your FreeBSD system.
+<itemizedlist>
+
+<listitem>
+<para>Click the "DNS" button.</para>
+</listitem>
+
+<listitem>
+<para>In the "Host Name" field enter the name of the Windows for
+Workgroups box, in this case: "Moe".</para>
+</listitem>
+
+<listitem>
+<para>In the "Domain" field enter the name of our local network, in this
+case: "my.domain"</para>
+</listitem>
+
+<listitem>
+<para>In the "Domain Name Service (DNS) Search Order" section, enter the
+IP address of the DNS server that your ISP provided, clicking the "Add"
+button after each address is entered.  Repeat this step as many times as
+necessary to add all of the addresses that your ISP provided.</para>
+</listitem>
+
+<listitem>
+<para>Click on the "OK" button to close the DNS Configuration window.
+</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para><emphasis remap=bf>Mopping up:</emphasis>
+<itemizedlist>
+
+<listitem>
+<para>Click on the "OK" button to close the TCP/IP Configuration window.
+</para>
+</listitem>
+
+<listitem>
+<para>Click on the "OK" button to close the Network Setup window.</para>
+</listitem>
+
+<listitem>
+<para>Reboot your computer if prompted. </para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>That's it!</para>
+  
+</sect1>
+</chapter>
+
+<chapter>
+<title>Testing the Network</title>
+
+<para> Once you've completed that appropriate tasks above you should have
+a functioning PPP gateway to the Internet.</para>
+  
+
+<sect1>
+<title>Testing the Dial-Up link:</title>
+
+<para> The first thing to test is that the connection is being made
+between your modem and the ISP.</para>
+  
+</sect1>
+
+<sect1>
+<title>Testing the Ethernet LAN</title>
+
+<para> *** TBD ***</para>
+  
+</sect1>
+</chapter>
+
+<chapter>
+<title>Exercises for the Interested Student</title>
+
+
+<sect1>
+<title>Creating a mini-DNS system</title>
+
+<para>While managing a Domain Name Service (DNS) hierarchy can be a black
+art, it is possible to set up a Mini-DNS server on the FreeBSD system
+that also acts as your gateway to your ISP.</para>
+  
+<para>Building on the files in <filename>/etc/namedb</filename> when the FreeBSD
+system was installed it's possible to create a name server that is
+both authoritative for the example network shown here as well as a
+front-door to the Internet DNS architecture.</para>
+  
+<para>In this minimal DNS configuration, only three files are necessary:
+<informalexample>
+<screen>/etc/namedb/named.boot
+/etc/namedb/named.root
+/etc/namedb/mydomain.db</screen>
+</informalexample>
+</para>
+  
+<para>The <filename>/etc/namedb/named.root</filename> file is automatically installed
+as part of the FreeBSD base installation; the other two files must be
+created manually.</para>
+  
+
+<sect2>
+<title>The <filename>/etc/namedb/named.boot</filename> file</title>
+
+<para>The <filename>/etc/namedb/named.boot</filename> file controls the startup
+settings of the DNS server.
+Esentially, it tells the Name Server:
+<orderedlist>
+
+<listitem>
+<para>Where to find configuration files,</para>
+</listitem>
+
+<listitem>
+<para>What "domain names" it's responsible for, and</para>
+</listitem>
+
+<listitem>
+<para>Where to find other DNS servers.</para>
+</listitem>
+
+</orderedlist>
+</para>
+  
+<para>Using the '<emphasis remap=tt>ee</emphasis>' editor, create a
+<filename>/etc/namedb/named.boot</filename> with the following contents:
+<informalexample>
+<screen>; boot file for mini-name server
+
+directory	/etc/namedb
+
+; type    domain		source host/file		backup file
+
+cache     .			named.root
+primary   my.domain.		mydomain.db</screen>
+</informalexample>
+</para>
+  
+<para>Lines that begin with a semi-colon are comments.  The significant
+lines in this file are:
+<itemizedlist>
+
+<listitem>
+<para><command>directory /etc/namedb</command>
+</para>
+
+<para>Tells the Name Server where to find the configuration files
+referenced in the remaining sections of the
+'<filename>/etc/namedb/named.boot</filename>' file.</para>
+</listitem>
+
+<listitem>
+<para><emphasis remap=tt>cache . named.root</emphasis>
+</para>
+
+<para>Tells the Name Server that the list of "Top-Level" DNS servers for
+the Internet can be found in a file called '<filename>named.root</filename>'.
+(This file is included in the base installation and its 
+contents are not described in this document.)</para>
+</listitem>
+
+<listitem>
+<para><emphasis remap=tt>primary my.domain. mydomain.db</emphasis>
+</para>
+
+<para>Tells the Name Server that it will be "authoritative" for a DNS
+domain called "my.domain" and that a list of names and IP addresses
+for the systems in "my.domain" (the local network)
+can be found in a file named '<filename>mydomain.db</filename>'.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>Once the <filename>/etc/namedb/named.boot</filename> file has been created and
+saved, proceed to the next section to create the
+<filename>/etc/namedb/mydomain.db</filename> file.</para>
+  
+</sect2>
+
+<sect2>
+<title>The <filename>/etc/namedb/mydomain.db</filename> file</title>
+
+<para>The <filename>/etc/namedb/mydomain.db</filename> file lists the names and IP
+addresses of <emphasis>every</emphasis> system in the Local Area Network.</para>
+  
+<para><emphasis>For a detailed description of the statements used in this file,
+refer to the <emphasis remap=tt>named</emphasis> manpage.</emphasis></para>
+  
+<para>The <filename>/etc/namedb/mydomain.db</filename> file for our minimal DNS
+server has the following contents:
+<informalexample>
+<screen>@	IN SOA	my.domain. root.my.domain.  (
+				961230	; Serial
+				3600	; Refresh
+				300	; Retry
+				3600000	; Expire
+				3600 )	; Minimum
+	IN NS	curly.my.domain.
+
+curly.my.domain.	IN A	192.168.1.1	# The FreeBSD box
+larry.my.domain.	IN A	192.168.1.2	# The Win'95 box
+moe.my.domain.		IN A	192.168.1.3	# The WfW box
+shemp.my.domain.	IN A	192.168.1.4	# The Windows NT box
+
+$ORIGIN 1.168.192.IN-ADDR.ARPA
+		IN NS	curly.my.domain.
+1		IN PTR	curly.my.domain.
+2		IN PTR	larry.my.domain.
+3		IN PTR	moe.my.domain.
+4		IN PTR	shemp.my.domain.
+
+$ORIGIN 0.0.127.IN-ADDR.ARPA
+		IN NS	curly.my.domain.
+1		IN PTR	localhost.my.domain.</screen>
+</informalexample>
+</para>
+  
+<para>In simple terms, this file declares that the local DNS server is:
+<itemizedlist>
+
+<listitem>
+<para>The Start of Authority for ("SOA") for a domain called
+'my.domain',</para>
+</listitem>
+
+<listitem>
+<para>The Name Server ("NS") for 'my.domain',</para>
+</listitem>
+
+<listitem>
+<para>Responsible for the reverse-mapping for all IP addresses that
+start with '192.168.1.' and 
+'127.0.0.' ("$ORIGIN ...")</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>To add workstation entries to this file you'll need to add two
+lines for each system; one in the top section where the name(s) are
+mapped into Internet Addresses ("IN A"), and another line that maps
+the addresses back into names in the <filename>$ORIGIN
+1.168.192.IN-ADDR.ARPA</filename> section.</para>
+  
+</sect2>
+
+<sect2>
+<title>Starting the DNS Server</title>
+
+<para>By default the DNS server ('<filename>/usr/sbin/named</filename>') is not
+started when the system boots.  You can modify this behavior by
+changing a single line in '<filename>/etc/rc.conf</filename>' as follows:</para>
+  
+<para> Using the '<emphasis remap=tt>ee</emphasis>' editor, load <filename>/etc/rc.conf</filename>.  Scroll
+down approximately 40 lines until you come to the section that says:
+<informalexample>
+<screen>---
+named_enable="NO"                       # Run named, the DNS server (or NO).
+named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled).
+---</screen>
+</informalexample>
+
+Change this section to read:
+<informalexample>
+<screen>---
+named_enable="YES"                      # Run named, the DNS server (or NO).
+named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled).
+---</screen>
+</informalexample>
+
+Save the file and reboot.</para>
+  
+<para>Alternatively, start the Name Server daemon by entering the following
+command:
+<informalexample>
+<screen># named -b /etc/namedb/named.boot</screen>
+</informalexample>
+</para>
+  
+<para>Whenever you modify any of the files in <filename>/etc/namedb</filename> you'll
+need to kick-start the Name Server process to make it pick up the
+modifications.  This is performed with the following system command:
+<informalexample>
+<screen># kill -HUP `cat /var/run/named.pid`</screen>
+</informalexample>
+</para>
+  
+</sect2>
+</sect1>
+
+<sect1>
+<title>Playing with PPP filters</title>
+
+<para>The PPP program has the ability to apply selected filtering rules
+to the traffic it routes.  While this is not nearly as secure as a
+formal firewall it does provide some access control as to how the link
+is used.</para>
+  
+<para>('<emphasis remap=tt>man ipfw</emphasis>' for information on setting up a more secure
+FreeBSD system.)</para>
+  
+<para>The complete documentation for the various filters and rules under
+PPP are availabe in the PPP manpage.</para>
+  
+<para>There are four distinct classes of rules which may be applied to
+the PPP program:
+<itemizedlist>
+
+<listitem>
+<para><emphasis remap=tt>afilter</emphasis> - Access Counter (or "Keep Alive") filters
+</para>
+
+<para>These control which events are ignored by the <literal>set timeout=</literal>
+statement in the configuration file.</para>
+</listitem>
+
+<listitem>
+<para><emphasis remap=tt>dfilter</emphasis> - Dialing filters
+</para>
+
+<para>These filtering rules control which events are ignored by the
+demand-dial mode of PPP.</para>
+</listitem>
+
+<listitem>
+<para><emphasis remap=tt>ifilter</emphasis> - Input filters
+</para>
+
+<para>Control whether incoming packets should be discarded or passed into
+the system.</para>
+</listitem>
+
+<listitem>
+<para><emphasis remap=tt>ofilter</emphasis> - Output filters
+</para>
+
+<para>Control whether outgoing packets should be discarded or passed into
+the system.</para>
+</listitem>
+
+</itemizedlist>
+</para>
+  
+<para>What follows is a snippet from an operating system which provides a
+good foundation for "normal" Internet operations while preventing PPP
+from pumping <emphasis>all</emphasis> data over the dial-up connection.  Comments
+briefly describe the logic of each rule set:
+<informalexample>
+<screen>#
+# KeepAlive filters
+# Don't keep Alive with ICMP,DNS and RIP packet
+#
+ set afilter 0 deny icmp
+ set afilter 1 deny udp src eq 53
+ set afilter 2 deny udp dst eq 53
+ set afilter 3 deny udp src eq 520
+ set afilter 4 deny udp dst eq 520
+ set afilter 5 permit 0/0 0/0
+#
+# Dial Filters:
+#  Note:  ICMP will trigger a dial-out in this configuration!
+#
+ set dfilter 0 permit 0/0 0/0
+#
+# Allow ident packet pass through
+#
+ set ifilter 0 permit tcp dst eq 113
+ set ofilter 0 permit tcp src eq 113
+#
+# Allow telnet connection to the Internet
+#
+ set ifilter 1 permit tcp src eq 23 estab
+ set ofilter 1 permit tcp dst eq 23
+#
+# Allow ftp access to the Internet
+#
+ set ifilter 2 permit tcp src eq 21 estab
+ set ofilter 2 permit tcp dst eq 21
+ set ifilter 3 permit tcp src eq 20 dst gt 1023
+ set ofilter 3 permit tcp dst eq 20
+#
+# Allow access to DNS lookups
+#
+ set ifilter 4 permit udp src eq 53
+ set ofilter 4 permit udp dst eq 53
+#
+# Allow DNS Zone Transfers
+#
+ set ifilter 5 permit tcp src eq 53
+ set ofilter 5 permit tcp dst eq 53
+#
+# Allow access from/to local network
+#
+ set ifilter 6 permit 0/0 192.168.1.0/24
+ set ofilter 6 permit 192.168.1.0/24 0/0
+#
+# Allow ping and traceroute response
+#
+ set ifilter 7 permit icmp
+ set ofilter 7 permit icmp
+ set ifilter 8 permit udp dst gt 33433
+ set ofilter 9 permit udp dst gt 33433
+#
+# Allow cvsup
+#
+ set ifilter 9 permit tcp src eq 5998
+ set ofilter 9 permit tcp dst eq 5998
+ set ifilter 10 permit tcp src eq 5999
+ set ofilter 10 permit tcp dst eq 5999
+#
+# Allow NTP for Time Synchronization
+#
+ set ifilter 11 permit tcp src eq 123 dst eq 123
+ set ofilter 11 permit tcp src eq 123 dst eq 123
+ set ifilter 12 permit udp src eq 123 dst eq 123
+ set ofilter 12 permit udp src eq 123 dst eq 123
+#
+# SMTP'd be a good idea!
+#
+ set ifilter 13 permit tcp src eq 25
+ set ofilter 13 permit tcp dst eq 25
+#
+#
+# We use a lot of `whois`, let's pass that
+#
+ set ifilter 14 permit tcp src eq 43
+ set ofilter 14 permit tcp dst eq 43
+ set ifilter 15 permit udp src eq 43
+ set ofilter 15 permit udp dst eq 43
+#
+# If none of above rules matches, then packet is blocked.
+#-------</screen>
+</informalexample>
+</para>
+  
+<para>Up to 20 distinct filtering rules can be applied to each class of
+filter.  Rules in each class are number sequentially from 0 to 20
+<emphasis>but none of the rules for a particular filter class take affect
+until ruleset '0' is defined!</emphasis></para>
+  
+<para>If you choose <emphasis>not</emphasis> to use Filtering Rules in the PPP
+configuration then <acronym>ALL</acronym> traffic will be permitted both into and
+out of your system while it's connected to your ISP.</para>
+  
+<para>If you decide that you want to implement filtering rules, add the
+above lines to your <filename>/etc/ppp/ppp.conf</filename> file in either the
+"default:", "demand:", or "interactive:" section (or all of them - the
+choice is yours).</para>
+  
+</sect1>
+</chapter>
+</book>
author	Nik Clayton <nik@FreeBSD.org>	1999-09-17 23:39:47 +0000
committer	Nik Clayton <nik@FreeBSD.org>	1999-09-17 23:39:47 +0000
commit	b128378902fe80ffce68ba98cb2c36a0db9aeb30 (patch)
tree	6ff5c0cf312dc026ed9a0641b6984f6ad757bae3 /en_US.ISO_8859-1/books
parent	def191833e2d7b5d170c7d0437052f01093fff7d (diff)
download	doc-b128378902fe80ffce68ba98cb2c36a0db9aeb30.tar.gz doc-b128378902fe80ffce68ba98cb2c36a0db9aeb30.zip