diff options
| author | Warren Block <wblock@FreeBSD.org> | 2016-08-09 03:14:22 +0000 |
|---|---|---|
| committer | Warren Block <wblock@FreeBSD.org> | 2016-08-09 03:14:22 +0000 |
| commit | 7da9bf5a6a2fd8fe079a74078524568f4e88e7bb (patch) | |
| tree | 5aaec92bca10e9b9c8ab40e8ac41238693fe4652 /zh_TW.UTF-8/books/handbook | |
| parent | dcade404610c7d42b5c4a7eee88da00f88220311 (diff) | |
| download | doc-7da9bf5a6a2fd8fe079a74078524568f4e88e7bb.tar.gz doc-7da9bf5a6a2fd8fe079a74078524568f4e88e7bb.zip | |
Update the zh_TW translation of the Handbook using the PO translation
tools.
Submitted by: Chien Wei Lin <cwlin0416@gmail.com>
Differential Revision: https://reviews.freebsd.org/D7009
Notes
Notes:
svn path=/head/; revision=49235
Diffstat (limited to 'zh_TW.UTF-8/books/handbook')
89 files changed, 80594 insertions, 91497 deletions
diff --git a/zh_TW.UTF-8/books/handbook/advanced-networking/Makefile b/zh_TW.UTF-8/books/handbook/advanced-networking/Makefile deleted file mode 100644 index 6bce63bf94..0000000000 --- a/zh_TW.UTF-8/books/handbook/advanced-networking/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# -# Build the Handbook with just the content from this chapter. -# -# $FreeBSD$ -# Original revision: 1.2 -# - -CHAPTERS= advanced-networking/chapter.xml - -VPATH= .. - -MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX} - -DOC_PREFIX?= ${.CURDIR}/../../../.. - -.include "../Makefile" diff --git a/zh_TW.UTF-8/books/handbook/advanced-networking/chapter.xml b/zh_TW.UTF-8/books/handbook/advanced-networking/chapter.xml deleted file mode 100644 index 4773be660f..0000000000 --- a/zh_TW.UTF-8/books/handbook/advanced-networking/chapter.xml +++ /dev/null @@ -1,5438 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - The FreeBSD Documentation Project - - $FreeBSD$ - Original revision: 1.402 ---> -<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="advanced-networking"> - <title>網路進階練功房</title> - - <sect1 xml:id="advanced-networking-synopsis"> - <title>概述</title> - - <para>本章將介紹一些進階的網路設定主題。</para> - - <para>讀完這章,您將了解:</para> - - <itemizedlist> - <listitem> - <para>gateway(閘道)及 route(路由)的概念。</para> - </listitem> - - <listitem> - <para>如何設定 IEEE 802.11 以及藍芽(&bluetooth;)設備。</para> - </listitem> - - <listitem> - <para>如何以 FreeBSD 作為 bridge(橋接)。</para> - </listitem> - - <listitem> - <para>如何為無碟系統設定網路開機。</para> - </listitem> - - <listitem> - <para>如何設定 NAT(Network Address Translation)。</para> - </listitem> - - <listitem> - <para>如何透過 PLIP 方式來連接兩台電腦。</para> - </listitem> - - <listitem> - <para>如何在 FreeBSD 內設定 IPv6。</para> - </listitem> - - <listitem> - <para>如何設定 ATM。</para> - </listitem> - - <listitem> - <para>如何去善用 &os; 的 CARP(Common Access Redundancy Protocol)功能 - 。</para> - </listitem> - </itemizedlist> - - <para>在開始閱讀這章之前,您需要︰</para> - - <itemizedlist> - <listitem> - <para>瞭解 <filename>/etc/rc</filename> 相關 script 的概念。</para> - </listitem> - - <listitem> - <para>熟悉基本常用的網路術語。</para> - </listitem> - - <listitem> - <para>知道如何設定、安裝新的 FreeBSD kernel (<xref linkend="kernelconfig"/>)。</para> - </listitem> - - <listitem> - <para>知道如何透過 port/package 安裝軟體 (<xref linkend="ports"/>) - 。</para> - </listitem> - - </itemizedlist> - </sect1> - - <sect1 xml:id="network-routing"> - <info><title>Gateways and Routes</title> - <authorgroup> - <author><personname><firstname>Coranth</firstname><surname>Gryphon</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - - - <indexterm><primary>routing</primary></indexterm> - <indexterm><primary>gateway</primary></indexterm> - <indexterm><primary>subnet</primary></indexterm> - <para>為了讓一部電腦能找到另一部電腦,因此必需要有一種機制, - 讓這部電腦知道該怎麼做,這個機制就是路由選擇 - (<firstterm>routing</firstterm>)。 - 一條路由(<quote>route</quote>)是由一對位址所定義的:一個是 - <quote>目的地(destination)</quote>以及另一個則是閘道 - (<quote>gateway</quote>)。 - 這對位址表示要送到<emphasis>目的地</emphasis>的封包, - 必須經過<emphasis>閘道</emphasis>。 - 目的地分為三種類型:主機、子網路(subnet)、預設路由( - <quote>default route</quote>。 若都沒有其它的路由可以使用, - 這時就會使用預設路由,稍後我們會對預設路由作進一步的說明。 此外, - 閘道也可分為三種類型:主機、傳輸介面(interface,也稱為 - <quote>links</quote>)、乙太網路硬體位址(MAC addresses)。</para> - - <sect2> - <title>範例</title> - - <para>為了方便說明不同類型的路由選擇(routing),以下使用 - <command>netstat</command> 指令的結果作為介紹範例:</para> - - <screen>&prompt.user; <userinput>netstat -r</userinput> -Routing tables - -Destination Gateway Flags Refs Use Netif Expire - -default outside-gw UGSc 37 418 ppp0 -localhost localhost UH 0 181 lo0 -test0 0:e0:b5:36:cf:4f UHLW 5 63288 ed0 77 -10.20.30.255 link#1 UHLW 1 2421 -example.com link#1 UC 0 0 -host1 0:e0:a8:37:8:1e UHLW 3 4601 lo0 -host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 => -host2.example.com link#1 UC 0 0 -224 link#1 UC 0 0</screen> - - <indexterm><primary>default route</primary></indexterm> - <para>The first two lines specify the default route (which we - will cover in the <link linkend="network-routing-default">next - section</link>) and the <systemitem>localhost</systemitem> route.</para> - - <indexterm><primary>loopback device</primary></indexterm> - <para>The interface (<literal>Netif</literal> column) that this - routing table specifies to use for - <literal>localhost</literal> is <filename>lo0</filename>, - also known as the loopback device. This says to keep all - traffic for this destination internal, rather than sending it - out over the LAN, since it will only end up back where it - started.</para> - - <indexterm> - <primary>Ethernet</primary> - <secondary>MAC address</secondary> - </indexterm> - <para>The next thing that stands out are the addresses beginning - with <systemitem class="etheraddress">0:e0:</systemitem>. These are Ethernet - hardware addresses, which are also known as MAC addresses. - FreeBSD will automatically identify any hosts - (<systemitem>test0</systemitem> in the example) on the local Ethernet - and add a route for that host, directly to it over the - Ethernet interface, <filename>ed0</filename>. There is - also a timeout (<literal>Expire</literal> column) associated - with this type of route, which is used if we fail to hear from - the host in a specific amount of time. When this happens, the - route to this host will be automatically deleted. These hosts - are identified using a mechanism known as RIP (Routing - Information Protocol), which figures out routes to local hosts - based upon a shortest path determination.</para> - - <indexterm><primary>subnet</primary></indexterm> - <para>FreeBSD will also add subnet routes for the local subnet (<systemitem class="ipaddress">10.20.30.255</systemitem> is the broadcast address for the - subnet <systemitem class="ipaddress">10.20.30</systemitem>, and <systemitem class="fqdomainname">example.com</systemitem> is the domain name associated - with that subnet). The designation <literal>link#1</literal> refers - to the first Ethernet card in the machine. You will notice no - additional interface is specified for those.</para> - - <para>Both of these groups (local network hosts and local subnets) have - their routes automatically configured by a daemon called - <application>routed</application>. If this is not run, then only - routes which are statically defined (i.e. entered explicitly) will - exist.</para> - - <para>The <literal>host1</literal> line refers to our host, which it - knows by Ethernet address. Since we are the sending host, FreeBSD - knows to use the loopback interface (<filename>lo0</filename>) - rather than sending it out over the Ethernet interface.</para> - - <para>The two <literal>host2</literal> lines are an example of - what happens when we use an &man.ifconfig.8; alias (see the - section on Ethernet for reasons why we would do this). The - <literal>=></literal> symbol after the - <filename>lo0</filename> interface says that not only are - we using the loopback (since this address also refers to the - local host), but specifically it is an alias. Such routes - only show up on the host that supports the alias; all other - hosts on the local network will simply have a - <literal>link#1</literal> line for such routes.</para> - - <para>The final line (destination subnet <systemitem class="ipaddress">224</systemitem>) deals - with multicasting, which will be covered in another section.</para> - - <para>Finally, various attributes of each route can be seen in - the <literal>Flags</literal> column. Below is a short table - of some of these flags and their meanings:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="4*"/> - - <tbody> - <row> - <entry>U</entry> - <entry>Up: The route is active.</entry> - </row> - - <row> - <entry>H</entry> - <entry>Host: The route destination is a single host.</entry> - </row> - - <row> - <entry>G</entry> - <entry>Gateway: Send anything for this destination on to this - remote system, which will figure out from there where to send - it.</entry> - </row> - - <row> - <entry>S</entry> - <entry>Static: This route was configured manually, not - automatically generated by the system.</entry> - </row> - - <row> - <entry>C</entry> - <entry>Clone: Generates a new route based upon this route for - machines we connect to. This type of route is normally used - for local networks.</entry> - </row> - - <row> - <entry>W</entry> - <entry>WasCloned: Indicated a route that was auto-configured - based upon a local area network (Clone) route.</entry> - </row> - - <row> - <entry>L</entry> - <entry>Link: Route involves references to Ethernet - hardware.</entry> - </row> - </tbody> - </tgroup> - </informaltable> - </sect2> - - <sect2 xml:id="network-routing-default"> - <title>Default Routes</title> - - <indexterm><primary>default route</primary></indexterm> - <para>When the local system needs to make a connection to a remote host, - it checks the routing table to determine if a known path exists. If - the remote host falls into a subnet that we know how to reach (Cloned - routes), then the system checks to see if it can connect along that - interface.</para> - - <para>If all known paths fail, the system has one last option: the - <quote>default</quote> route. This route is a special type of gateway - route (usually the only one present in the system), and is always - marked with a <literal>c</literal> in the flags field. For hosts on a - local area network, this gateway is set to whatever machine has a - direct connection to the outside world (whether via PPP link, - DSL, cable modem, T1, or another network interface).</para> - - <para>If you are configuring the default route for a machine which - itself is functioning as the gateway to the outside world, then the - default route will be the gateway machine at your Internet Service - Provider's (ISP) site.</para> - - <para>Let us look at an example of default routes. This is a common - configuration:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="advanced-networking/net-routing"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> -[Local2] <--ether--> [Local1] <--PPP--> [ISP-Serv] <--ether--> [T1-GW] - </literallayout> - </textobject> - </mediaobject> - - <para>The hosts <systemitem>Local1</systemitem> and - <systemitem>Local2</systemitem> are at your site. - <systemitem>Local1</systemitem> is connected to an ISP via a dial up - PPP connection. This PPP server computer is connected through - a local area network to another gateway computer through an - external interface to the ISPs Internet feed.</para> - - <para>The default routes for each of your machines will be:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="3"> - <thead> - <row> - <entry>Host</entry> - <entry>Default Gateway</entry> - <entry>Interface</entry> - </row> - </thead> - - <tbody> - <row> - <entry>Local2</entry> - <entry>Local1</entry> - <entry>Ethernet</entry> - </row> - - <row> - <entry>Local1</entry> - <entry>T1-GW</entry> - <entry>PPP</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>A common question is <quote>Why (or how) would we set - the <systemitem>T1-GW</systemitem> to be the default gateway for - <systemitem>Local1</systemitem>, rather than the ISP server it is - connected to?</quote>.</para> - - <para>Remember, since the PPP interface is using an address on the ISP's - local network for your side of the connection, routes for any other - machines on the ISP's local network will be automatically generated. - Hence, you will already know how to reach the <systemitem>T1-GW</systemitem> - machine, so there is no need for the intermediate step - of sending traffic to the ISP server.</para> - - <para>It is common to use the address <systemitem class="ipaddress">X.X.X.1</systemitem> as the gateway address for your local - network. So (using the same example), if your local class-C address - space was <systemitem class="ipaddress">10.20.30</systemitem> and your ISP was - using <systemitem class="ipaddress">10.9.9</systemitem> then the default routes - would be:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <thead> - <row> - <entry>Host</entry> - <entry>Default Route</entry> - </row> - </thead> - <tbody> - <row> - <entry>Local2 (10.20.30.2)</entry> - <entry>Local1 (10.20.30.1)</entry> - </row> - <row> - <entry>Local1 (10.20.30.1, 10.9.9.30)</entry> - <entry>T1-GW (10.9.9.1)</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>You can easily define the default route via the - <filename>/etc/rc.conf</filename> file. In our example, on the - <systemitem>Local2</systemitem> machine, we added the following line - in <filename>/etc/rc.conf</filename>:</para> - - <programlisting>defaultrouter="10.20.30.1"</programlisting> - - <para>It is also possible to do it directly from the command - line with the &man.route.8; command:</para> - - <screen>&prompt.root; <userinput>route add default 10.20.30.1</userinput></screen> - - <para>For more information on manual manipulation of network - routing tables, consult &man.route.8; manual page.</para> - </sect2> - - <sect2> - <title>Dual Homed Hosts</title> - <indexterm><primary>dual homed hosts</primary></indexterm> - <para>There is one other type of configuration that we should cover, and - that is a host that sits on two different networks. Technically, any - machine functioning as a gateway (in the example above, using a PPP - connection) counts as a dual-homed host. But the term is really only - used to refer to a machine that sits on two local-area - networks.</para> - - <para>In one case, the machine has two Ethernet cards, each - having an address on the separate subnets. Alternately, the - machine may only have one Ethernet card, and be using - &man.ifconfig.8; aliasing. The former is used if two - physically separate Ethernet networks are in use, the latter - if there is one physical network segment, but two logically - separate subnets.</para> - - <para>Either way, routing tables are set up so that each subnet knows - that this machine is the defined gateway (inbound route) to the other - subnet. This configuration, with the machine acting as a router - between the two subnets, is often used when we need to implement - packet filtering or firewall security in either or both - directions.</para> - - <para>If you want this machine to actually forward packets - between the two interfaces, you need to tell FreeBSD to enable - this ability. See the next section for more details on how - to do this.</para> - </sect2> - - <sect2 xml:id="network-dedicated-router"> - <title>Building a Router</title> - - <indexterm><primary>router</primary></indexterm> - - <para>A network router is simply a system that forwards packets - from one interface to another. Internet standards and good - engineering practice prevent the FreeBSD Project from enabling - this by default in FreeBSD. You can enable this feature by - changing the following variable to <literal>YES</literal> in - &man.rc.conf.5;:</para> - - <programlisting>gateway_enable=YES # Set to YES if this host will be a gateway</programlisting> - - <para>This option will set the &man.sysctl.8; variable - <varname>net.inet.ip.forwarding</varname> to - <literal>1</literal>. If you should need to stop routing - temporarily, you can reset this to <literal>0</literal> temporarily.</para> - - <para>Your new router will need routes to know where to send the - traffic. If your network is simple enough you can use static - routes. FreeBSD also comes with the standard BSD routing - daemon &man.routed.8;, which speaks RIP (both version 1 and - version 2) and IRDP. Support for BGP v4, OSPF v2, and other - sophisticated routing protocols is available with the - <package>net/zebra</package> package. - Commercial products such as <application>&gated;</application> are also available for more - complex network routing solutions.</para> - -<indexterm><primary>BGP</primary></indexterm> -<indexterm><primary>RIP</primary></indexterm> -<indexterm><primary>OSPF</primary></indexterm> - </sect2> - - <sect2> - <info><title>Setting Up Static Routes</title> - <authorgroup> - <author><personname><firstname>Al</firstname><surname>Hoang</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - <!-- Feb 2004 --> - - - <sect3> - <title>Manual Configuration</title> - - <para>Let us assume we have a network as follows:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="advanced-networking/static-routes"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> - INTERNET - | (10.0.0.1/24) Default Router to Internet - | - |Interface xl0 - |10.0.0.10/24 - +------+ - | | RouterA - | | (FreeBSD gateway) - +------+ - | Interface xl1 - | 192.168.1.1/24 - | - +--------------------------------+ - Internal Net 1 | 192.168.1.2/24 - | - +------+ - | | RouterB - | | - +------+ - | 192.168.2.1/24 - | - Internal Net 2 - </literallayout> - </textobject> - </mediaobject> - - <para>In this scenario, <systemitem>RouterA</systemitem> is our &os; - machine that is acting as a router to the rest of the - Internet. It has a default route set to <systemitem class="ipaddress">10.0.0.1</systemitem> which allows it to connect - with the outside world. We will assume that - <systemitem>RouterB</systemitem> is already configured properly and - knows how to get wherever it needs to go. (This is simple - in this picture. Just add a default route on - <systemitem>RouterB</systemitem> using <systemitem class="ipaddress">192.168.1.1</systemitem> as the gateway.)</para> - - <para>If we look at the routing table for - <systemitem>RouterA</systemitem> we would see something like the - following:</para> - - <screen>&prompt.user; <userinput>netstat -nr</userinput> -Routing tables - -Internet: -Destination Gateway Flags Refs Use Netif Expire -default 10.0.0.1 UGS 0 49378 xl0 -127.0.0.1 127.0.0.1 UH 0 6 lo0 -10.0.0/24 link#1 UC 0 0 xl0 -192.168.1/24 link#2 UC 0 0 xl1</screen> - - <para>With the current routing table <systemitem>RouterA</systemitem> - will not be able to reach our Internal Net 2. It does not - have a route for <systemitem class="ipaddress">192.168.2.0/24</systemitem>. One way to alleviate - this is to manually add the route. The following command - would add the Internal Net 2 network to - <systemitem>RouterA</systemitem>'s routing table using <systemitem class="ipaddress">192.168.1.2</systemitem> as the next hop:</para> - - <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen> - - <para>Now <systemitem>RouterA</systemitem> can reach any hosts on the - <systemitem class="ipaddress">192.168.2.0/24</systemitem> - network.</para> - </sect3> - - <sect3> - <title>Persistent Configuration</title> - - <para>The above example is perfect for configuring a static - route on a running system. However, one problem is that the - routing information will not persist if you reboot your &os; - machine. The way to handle the addition of a static route - is to put it in your <filename>/etc/rc.conf</filename> - file:</para> - - <programlisting># Add Internal Net 2 as a static route -static_routes="internalnet2" -route_internalnet2="-net 192.168.2.0/24 192.168.1.2"</programlisting> - - <para>The <literal>static_routes</literal> configuration - variable is a list of strings separated by a space. Each - string references to a route name. In our above example we - only have one string in <literal>static_routes</literal>. - This string is <replaceable>internalnet2</replaceable>. We - then add a configuration variable called - <literal>route_internalnet2</literal> - where we put all of the configuration parameters we would - give to the &man.route.8; command. For our example above we - would have used the command:</para> - - <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen> - - <para>so we need <literal>"-net 192.168.2.0/24 192.168.1.2"</literal>.</para> - - <para>As said above, we can have more than one string in - <literal>static_routes</literal>. This allows us to - create multiple static routes. The following lines shows - an example of adding static routes for the <systemitem class="ipaddress">192.168.0.0/24</systemitem> and <systemitem class="ipaddress">192.168.1.0/24</systemitem> networks on an imaginary - router:</para> - - <programlisting>static_routes="net1 net2" -route_net1="-net 192.168.0.0/24 192.168.0.1" -route_net2="-net 192.168.1.0/24 192.168.1.1"</programlisting> - </sect3> - </sect2> - - <sect2> - <title>Routing Propagation</title> - <indexterm><primary>routing propagation</primary></indexterm> - <para>We have already talked about how we define our routes to the - outside world, but not about how the outside world finds us.</para> - - <para>We already know that routing tables can be set up so that all - traffic for a particular address space (in our examples, a class-C - subnet) can be sent to a particular host on that network, which will - forward the packets inbound.</para> - - <para>When you get an address space assigned to your site, your service - provider will set up their routing tables so that all traffic for your - subnet will be sent down your PPP link to your site. But how do sites - across the country know to send to your ISP?</para> - - <para>There is a system (much like the distributed DNS information) that - keeps track of all assigned address-spaces, and defines their point of - connection to the Internet Backbone. The <quote>Backbone</quote> are - the main trunk lines that carry Internet traffic across the country, - and around the world. Each backbone machine has a copy of a master - set of tables, which direct traffic for a particular network to a - specific backbone carrier, and from there down the chain of service - providers until it reaches your network.</para> - - <para>It is the task of your service provider to advertise to the - backbone sites that they are the point of connection (and thus the - path inward) for your site. This is known as route - propagation.</para> - </sect2> - - <sect2> - <title>Troubleshooting</title> - <indexterm> - <primary><command>traceroute</command></primary> - </indexterm> - <para>Sometimes, there is a problem with routing propagation, and some - sites are unable to connect to you. Perhaps the most useful command - for trying to figure out where routing is breaking down is the - &man.traceroute.8; command. It is equally useful if you cannot seem - to make a connection to a remote machine (i.e. &man.ping.8; - fails).</para> - - <para>The &man.traceroute.8; command is run with the name of the remote - host you are trying to connect to. It will show the gateway hosts - along the path of the attempt, eventually either reaching the target - host, or terminating because of a lack of connection.</para> - - <para>For more information, see the manual page for - &man.traceroute.8;.</para> - </sect2> - - <sect2> - <title>Multicast Routing</title> - <indexterm> - <primary>multicast routing</primary> - </indexterm> - <indexterm> - <primary>kernel options</primary> - <secondary>MROUTING</secondary> - </indexterm> - <para>FreeBSD supports both multicast applications and multicast - routing natively. Multicast applications do not require any - special configuration of FreeBSD; applications will generally - run out of the box. Multicast routing - requires that support be compiled into the kernel:</para> - - <programlisting>options MROUTING</programlisting> - - <para>In addition, the multicast routing daemon, &man.mrouted.8; - must be configured to set up tunnels and <acronym>DVMRP</acronym> via - <filename>/etc/mrouted.conf</filename>. More details on - multicast configuration may be found in the manual page for - &man.mrouted.8;.</para> - </sect2> - </sect1> - - <sect1 xml:id="network-wireless"> - <info><title>Wireless Networking</title> - <authorgroup> - <author><personname><othername>Loader</othername></personname></author> - - <author><personname><firstname>Marc</firstname><surname>Fonvieille</surname></personname></author> - - <author><personname><firstname>Murray</firstname><surname>Stokely</surname></personname></author> - </authorgroup> - </info> - - - <indexterm><primary>wireless networking</primary></indexterm> - <indexterm> - <primary>802.11</primary> - <see>wireless networking</see> - </indexterm> - - <sect2> - <title>Wireless Networking Basics</title> - - <para>Most wireless networks are based on the IEEE 802.11 - standards. A basic wireless network consists of multiple - stations communicating with radios that broadcast in either - the 2.4GHz or 5GHz band (though this varies according to the - locale and is also changing to enable communication in the - 2.3GHz and 4.9GHz ranges).</para> - - <para>802.11 networks are organized in two ways: in - <emphasis>infrastructure mode</emphasis> one station acts as a - master with all the other stations associating to it; the - network is known as a BSS and the master station is termed an - access point (AP). In a BSS all communication passes through - the AP; even when one station wants to communicate with - another wireless station messages must go through the AP. In - the second form of network there is no master and stations - communicate directly. This form of network is termed an IBSS - and is commonly known as an <emphasis>ad-hoc - network</emphasis>.</para> - - <para>802.11 networks were first deployed in the 2.4GHz band - using protocols defined by the IEEE 802.11 and 802.11b - standard. These specifications include the operating - frequencies, MAC layer characteristics including framing and - transmission rates (communication can be done at various - rates). Later the 802.11a standard defined operation in the - 5GHz band, including different signalling mechanisms and - higher transmission rates. Still later the 802.11g standard - was defined to enable use of 802.11a signalling and - transmission mechanisms in the 2.4GHz band in such a way as to - be backwards compatible with 802.11b networks.</para> - - <para>Separate from the underlying transmission techniques - 802.11 networks have a variety of security mechanisms. The - original 802.11 specifications defined a simple security - protocol called WEP. This protocol uses a fixed pre-shared key - and the RC4 cryptographic cipher to encode data transmitted on - a network. Stations must all agree on the fixed key in order - to communicate. This scheme was shown to be easily broken and - is now rarely used except to discourage transient users from - joining networks. Current security practice is given by the - IEEE 802.11i specification that defines new cryptographic - ciphers and an additional protocol to authenticate stations to - an access point and exchange keys for doing data - communication. Further, cryptographic keys are periodically - refreshed and there are mechanisms for detecting intrusion - attempts (and for countering intrusion attempts). Another - security protocol specification commonly used in wireless - networks is termed WPA. This was a precursor to 802.11i - defined by an industry group as an interim measure while - waiting for 802.11i to be ratified. WPA specifies a subset of - the requirements found in 802.11i and is designed for - implementation on legacy hardware. Specifically WPA requires - only the TKIP cipher that is derived from the original WEP - cipher. 802.11i permits use of TKIP but also requires support - for a stronger cipher, AES-CCM, for encrypting data. (The AES - cipher was not required in WPA because it was deemed too - computationally costly to be implemented on legacy - hardware.)</para> - - <para>Other than the above protocol standards the other - important standard to be aware of is 802.11e. This defines - protocols for deploying multi-media applications such as - streaming video and voice over IP (VoIP) in an 802.11 network. - Like 802.11i, 802.11e also has a precursor specification - termed WME (later renamed WMM) that has been defined by an - industry group as a subset of 802.11e that can be deployed now - to enable multi-media applications while waiting for the final - ratification of 802.11e. The most important thing to know - about 802.11e and WME/WMM is that it enables prioritized - traffic use of a wireless network through Quality of Service - (QoS) protocols and enhanced media access protocols. Proper - implementation of these protocols enable high speed bursting - of data and prioritized traffic flow.</para> - - <para>Since the 6.0 version, &os; supports networks that operate - using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i - security protocols are likewise supported (in conjunction with - any of 11a, 11b, and 11g) and QoS and traffic prioritization - required by the WME/WMM protocols are supported for a limited - set of wireless devices.</para> - </sect2> - - <sect2 xml:id="network-wireless-basic"> - <title>Basic Setup</title> - - <sect3> - <title>Kernel Configuration</title> - - <para>To use wireless networking you need a wireless - networking card and to configure the kernel with the - appropriate wireless networking support. The latter is - separated into multiple modules so that you only need to - configure the software you are actually going to use.</para> - - <para>The first thing you need is a wireless device. The most - commonly used devices are those that use parts made by - Atheros. These devices are supported by the &man.ath.4; - driver and require the following line to be added to the - <filename>/boot/loader.conf</filename> file:</para> - - <programlisting>if_ath_load="YES"</programlisting> - - <para>The Atheros driver is split up into three separate - pieces: the driver proper (&man.ath.4;), the hardware - support layer that handles chip-specific functions - (&man.ath.hal.4;), and an algorithm for selecting which of - several possible rates for transmitting frames - (ath_rate_sample here). When you load this support as - modules these dependencies are automatically handled for - you. If instead of an Atheros device you had another device - you would select the module for that device; e.g.:</para> - - <programlisting>if_wi_load="YES"</programlisting> - - <para>for devices based on the Intersil Prism parts - (&man.wi.4; driver).</para> - - <note> - <para>In the rest of this document, we will use an - &man.ath.4; device, the device name in the examples must - be changed according to your configuration. A list of - available wireless drivers can be found at the beginning - of the &man.wlan.4; manual page. If a native &os; driver - for your wireless device does not exist, it may be - possible to directly use the &windows; driver with the - help of the <link linkend="config-network-ndis">NDIS</link> driver - wrapper.</para> - </note> - - <para>With a device driver configured you need to also bring - in the 802.11 networking support required by the driver. - For the &man.ath.4; driver this is at least the &man.wlan.4; - module; this module is automatically loaded with the - wireless device driver. With that you will need the modules - that implement cryptographic support for the security - protocols you intend to use. These are intended to be - dynamically loaded on demand by the &man.wlan.4; module but - for now they must be manually configured. The following - modules are available: &man.wlan.wep.4;, &man.wlan.ccmp.4; - and &man.wlan.tkip.4;. Both &man.wlan.ccmp.4; and - &man.wlan.tkip.4; drivers are only needed if you intend to - use the WPA and/or 802.11i security protocols. If your - network is to run totally open (i.e., with no encryption) - then you do not even need the &man.wlan.wep.4; support. To - load these modules at boot time, add the following lines to - <filename>/boot/loader.conf</filename>:</para> - - <programlisting>wlan_wep_load="YES" -wlan_ccmp_load="YES" -wlan_tkip_load="YES"</programlisting> - - <para>With this information in the system bootstrap - configuration file (i.e., - <filename>/boot/loader.conf</filename>), you have to reboot - your &os; box. If you do not want to reboot your machine - for the moment, you can just load the modules by hand using - &man.kldload.8;.</para> - - <note> - <para>If you do not want to use modules, it is possible to - compile these drivers into the kernel by adding the - following lines to your kernel configuration file:</para> - - <programlisting>device ath # Atheros IEEE 802.11 wireless network driver -device ath_hal # Atheros Hardware Access Layer -device ath_rate_sample # John Bicket's SampleRate control algorithm. -device wlan # 802.11 support (Required) -device wlan_wep # WEP crypto support for 802.11 devices -device wlan_ccmp # AES-CCMP crypto support for 802.11 devices -device wlan_tkip # TKIP and Michael crypto support for 802.11 devices</programlisting> - - <para>With this information in the kernel configuration - file, recompile the kernel and reboot your &os; - machine.</para> - </note> - - <para>When the system is up, we could find some information - about the wireless device in the boot messages, like - this:</para> - - <screen>ath0: <Atheros 5212> mem 0xff9f0000-0xff9fffff irq 17 at device 2.0 on pci2 -ath0: Ethernet address: 00:11:95:d5:43:62 -ath0: mac 7.9 phy 4.5 radio 5.6</screen> - </sect3> - </sect2> - - <sect2> - <title>Infrastructure Mode</title> - - <para>The infrastructure mode or BSS mode is the mode that is - typically used. In this mode, a number of wireless access - points are connected to a wired network. Each wireless - network has its own name, this name is called the SSID of the - network. Wireless clients connect to the wireless access - points.</para> - - <sect3> - <title>&os; Clients</title> - - <sect4> - <title>How to Find Access Points</title> - - <para>To scan for networks, use the - <command>ifconfig</command> command. This request may - take a few moments to complete as it requires that the - system switches to each available wireless frequency and - probes for available access points. Only the super-user - can initiate such a scan:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 up scan</userinput> -SSID BSSID CHAN RATE S:N INT CAPS -dlinkap 00:13:46:49:41:76 6 54M 29:0 100 EPS WPA WME -freebsdap 00:11:95:c3:0d:ac 1 54M 22:0 100 EPS WPA</screen> - - <note> - <para>You must mark the interface <option>up</option> - before you can scan. Subsequent scan requests do not - require you to mark the interface up again.</para> - </note> - - <para>The output of a scan request lists each BSS/IBSS - network found. Beside the name of the network, - <literal>SSID</literal>, we find the - <literal>BSSID</literal> which is the MAC address of the - access point. The <literal>CAPS</literal> field - identifies the type of each network and the capabilities - of the stations operating there:</para> - - <variablelist> - <varlistentry> - <term><literal>E</literal></term> - - <listitem> - <para>Extended Service Set (ESS). Indicates that the - station is part of an infrastructure network (in - contrast to an IBSS/ad-hoc network).</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>I</literal></term> - - <listitem> - <para>IBSS/ad-hoc network. Indicates that the station - is part of an ad-hoc network (in contrast to an ESS - network).</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>P</literal></term> - - <listitem> - <para>Privacy. Data confidentiality is required for - all data frames exchanged within the BSS. This means - that this BSS requires the station to use - cryptographic means such as WEP, TKIP or AES-CCMP to - encrypt/decrypt data frames being exchanged with - others.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>S</literal></term> - - <listitem> - <para>Short Preamble. Indicates that the network is - using short preambles (defined in 802.11b High - Rate/DSSS PHY, short preamble utilizes a 56 bit sync - field in contrast to a 128 bit field used in long - preamble mode).</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>s</literal></term> - - <listitem> - <para>Short slot time. Indicates that the 802.11g - network is using a short slot time because there are - no legacy (802.11b) stations present.</para> - </listitem> - </varlistentry> - </variablelist> - - <para>One can also display the current list of known - networks with:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 list scan</userinput></screen> - - <para>This information may be updated automatically by the - adapter or manually with a <option>scan</option> request. - Old data is automatically removed from the cache, so over - time this list may shrink unless more scans are - done.</para> - </sect4> - - <sect4> - <title>Basic Settings</title> - - <para>This section provides a simple example of how to make - the wireless network adapter work in &os; without - encryption. After you are familiar with these concepts, - we strongly recommend using <link linkend="network-wireless-wpa">WPA</link> to set up your - wireless network.</para> - - <para>There are three basic steps to configure a wireless - network: selecting an access point, authenticating your - station, and configuring an IP address. The following - sections discuss each step.</para> - - <sect5> - <title>Selecting an Access Point</title> - - <para>Most of time it is sufficient to let the system - choose an access point using the builtin heuristics. - This is the default behaviour when you mark an interface - up or otherwise configure an interface by listing it in - <filename>/etc/rc.conf</filename>, e.g.:</para> - - <programlisting>ifconfig_ath0="DHCP"</programlisting> - - <para>If there are multiple access points and you want to - select a specific one, you can select it by its - SSID:</para> - - <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting> - - <para>In an environment where there are multiple access - points with the same SSID (often done to simplify - roaming) it may be necessary to associate to one - specific device. In this case you can also specify the - BSSID of the access point (you can also leave off the - SSID):</para> - - <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> bssid <replaceable>xx:xx:xx:xx:xx:xx</replaceable> DHCP"</programlisting> - - <para>There are other ways to constrain the choice of an - access point such as limiting the set of frequencies the - system will scan on. This may be useful if you have a - multi-band wireless card as scanning all the possible - channels can be time-consuming. To limit operation to a - specific band you can use the <option>mode</option> - parameter; e.g.:</para> - - <programlisting>ifconfig_ath0="mode <replaceable>11g</replaceable> ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting> - - <para>will force the card to operate in 802.11g which is - defined only for 2.4GHz frequencies so any 5GHz channels - will not be considered. Other ways to do this are the - <option>channel</option> parameter, to lock operation to - one specific frequency, and the - <option>chanlist</option> parameter, to specify a list - of channels for scanning. More information about these - parameters can be found in the &man.ifconfig.8; manual - page.</para> - </sect5> - - <sect5> - <title>Authentication</title> - - <para>Once you have selected an access point your station - needs to authenticate before it can pass data. - Authentication can happen in several ways. The most - common scheme used is termed open authentication and - allows any station to join the network and communicate. - This is the authentication you should use for test - purpose the first time you set up a wireless network. - Other schemes require cryptographic handshakes be - completed before data traffic can flow; either using - pre-shared keys or secrets, or more complex schemes that - involve backend services such as RADIUS. Most users - will use open authentication which is the default - setting. Next most common setup is WPA-PSK, also known - as WPA Personal, which is described <link linkend="network-wireless-wpa-wpa-psk">below</link>.</para> - - <note> - <para>If you have an &apple; &airport; Extreme base - station for an access point you may need to configure - shared-key authentication together with a WEP key. - This can be done in the - <filename>/etc/rc.conf</filename> file or using the - &man.wpa.supplicant.8; program. If you have a single - &airport; base station you can setup access with - something like:</para> - - <programlisting>ifconfig_ath0="authmode shared wepmode on weptxkey <replaceable>1</replaceable> wepkey <replaceable>01234567</replaceable> DHCP"</programlisting> - - <para>In general shared key authentication is to be - avoided because it uses the WEP key material in a - highly-constrained manner making it even easier to - crack the key. If WEP must be used (e.g., for - compatibility with legacy devices) it is better to use - WEP with <literal>open</literal> authentication. More - information regarding WEP can be found in the <xref linkend="network-wireless-wep"/>.</para> - </note> - </sect5> - - <sect5> - <title>Getting an IP Address with DHCP</title> - - <para>Once you have selected an access point and set the - authentication parameters, you will have to get an IP - address to communicate. Most of time you will obtain - your wireless IP address via DHCP. To achieve that, - simply edit <filename>/etc/rc.conf</filename> and add - <literal>DHCP</literal> to the configuration for your - device as shown in various examples above:</para> - - <programlisting>ifconfig_ath0="DHCP"</programlisting> - - <para>At this point, you are ready to bring up the - wireless interface:</para> - - <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput></screen> - - <para>Once the interface is running, use - <command>ifconfig</command> to see the status of the - interface <filename>ath0</filename>:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0</userinput> -ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) - status: associated - ssid dlinkap channel 6 bssid 00:13:46:49:41:76 - authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen> - - <para>The <literal>status: associated</literal> means you - are connected to the wireless network (to the - <literal>dlinkap</literal> network in our case). The - <literal>bssid 00:13:46:49:41:76</literal> part is the - MAC address of your access point; the - <literal>authmode</literal> line informs you that the - communication is not encrypted - (<literal>OPEN</literal>).</para> - </sect5> - - <sect5> - <title>Static IP Address</title> - - <para>In the case you cannot obtain an IP address from a - DHCP server, you can set a fixed IP address. Replace - the <literal>DHCP</literal> keyword shown above with the - address information. Be sure to retain any other - parameters you have set up for selecting an access - point:</para> - - <programlisting>ifconfig_ath0="inet <replaceable>192.168.1.100</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>your_ssid_here</replaceable>"</programlisting> - </sect5> - </sect4> - - <sect4 xml:id="network-wireless-wpa"> - <title>WPA</title> - - <para>WPA (Wi-Fi Protected Access) is a security protocol - used together with 802.11 networks to address the lack of - proper authentication and the weakness of <link linkend="network-wireless-wep">WEP</link>. WPA leverages - the 802.1X authentication protocol and uses one of several - ciphers instead of WEP for data integrity. The only - cipher required by WPA is TKIP (Temporary Key Integrity - Protocol) which is a cipher that extends the basic RC4 - cipher used by WEP by adding integrity checking, tamper - detection, and measures for responding to any detected - intrusions. TKIP is designed to work on legacy hardware - with only software modification; it represents a - compromise that improves security but is still not - entirely immune to attack. WPA also specifies the - AES-CCMP cipher as an alternative to TKIP and that is - preferred when possible; for this specification the term - WPA2 (or RSN) is commonly used.</para> - - <para>WPA defines authentication and encryption protocols. - Authentication is most commonly done using one of two - techniques: by 802.1X and a backend authentication service - such as RADIUS, or by a minimal handshake between the - station and the access point using a pre-shared secret. - The former is commonly termed WPA Enterprise with the - latter known as WPA Personal. Since most people will not - set up a RADIUS backend server for wireless network, - WPA-PSK is by far the most commonly encountered - configuration for WPA.</para> - - <para>The control of the wireless connection and the - authentication (key negotiation or authentication with a - server) is done with the &man.wpa.supplicant.8; utility. - This program requires a configuration file, - <filename>/etc/wpa_supplicant.conf</filename>, to run. - More information regarding this file can be found in the - &man.wpa.supplicant.conf.5; manual page.</para> - - <sect5 xml:id="network-wireless-wpa-wpa-psk"> - <title>WPA-PSK</title> - - <para>WPA-PSK also known as WPA-Personal is based on a - pre-shared key (PSK) generated from a given password and - that will be used as the master key in the wireless - network. This means every wireless user will share the - same key. WPA-PSK is intended for small networks where - the use of an authentication server is not possible or - desired.</para> - - <warning> - <para>Always use strong passwords that are - sufficiently long and made from a rich alphabet so - they will not be guessed and/or attacked.</para> - </warning> - - <para>The first step is the configuration of the - <filename>/etc/wpa_supplicant.conf</filename> file with - the SSID and the pre-shared key of your network:</para> - - <programlisting>network={ - ssid="freebsdap" - psk="freebsdmall" -}</programlisting> - - <para>Then, in <filename>/etc/rc.conf</filename>, we - indicate that the wireless device configuration will be - done with WPA and the IP address will be obtained with - DHCP:</para> - - <programlisting>ifconfig_ath0="WPA DHCP"</programlisting> - - <para>Then, we can bring up the interface:</para> - - <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput> -Starting wpa_supplicant. -DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 5 -DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 6 -DHCPOFFER from 192.168.0.1 -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPACK from 192.168.0.1 -bound to 192.168.0.254 -- renewal in 300 seconds. -ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/36Mbps) - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36 - protmode CTS roaming MANUAL bintval 100</screen> - - <para>Or you can try to configure it manually using the - same <filename>/etc/wpa_supplicant.conf</filename> <link linkend="network-wireless-wpa-wpa-psk">above</link>, and - run:</para> - - <screen>&prompt.root; <userinput>wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf</userinput> -Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz) -Associated with 00:11:95:c3:0d:ac -WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=TKIP GTK=TKIP]</screen> - - <para>The next operation is the launch of the - <command>dhclient</command> command to get the IP - address from the DHCP server:</para> - - <screen>&prompt.root; <userinput>dhclient ath0</userinput> -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPACK from 192.168.0.1 -bound to 192.168.0.254 -- renewal in 300 seconds. -&prompt.root; <userinput>ifconfig ath0</userinput> -ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/48Mbps) - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36 - protmode CTS roaming MANUAL bintval 100</screen> - - <note> - <para>If the <filename>/etc/rc.conf</filename> is set up - with the line <literal>ifconfig_ath0="DHCP"</literal> - then it is no need to run the - <command>dhclient</command> command manually, - <command>dhclient</command> will be launched after - <command>wpa_supplicant</command> plumbs the - keys.</para> - </note> - - <para>In the case where the use of DHCP is not possible, - you can set a static IP address after - <command>wpa_supplicant</command> has authenticated the - station:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 inet 192.168.0.100 netmask 255.255.255.0</userinput> -&prompt.root; <userinput>ifconfig ath0</userinput> -ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/36Mbps) - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36 - protmode CTS roaming MANUAL bintval 100</screen> - - <para>When DHCP is not used, you also have to manually set - up the default gateway and the nameserver:</para> - - <screen>&prompt.root; <userinput>route add default your_default_router</userinput> -&prompt.root; <userinput>echo "nameserver your_DNS_server" >> /etc/resolv.conf</userinput></screen> - </sect5> - - <sect5 xml:id="network-wireless-wpa-eap-tls"> - <title>WPA with EAP-TLS</title> - - <para>The second way to use WPA is with an 802.1X backend - authentication server, in this case WPA is called - WPA-Enterprise to make difference with the less secure - WPA-Personal with its pre-shared key. The - authentication in WPA-Enterprise is based on EAP - (Extensible Authentication Protocol).</para> - - <para>EAP does not come with an encryption method, it was - decided to embed EAP inside an encrypted tunnel. Many - types of EAP authentication methods have been designed, - the most common methods are EAP-TLS, EAP-TTLS and - EAP-PEAP.</para> - - <para>EAP-TLS (EAP with Transport Layer Security) is a - very well-supported authentication protocol in the - wireless world since it was the first EAP method to be - certified by the <link xlink:href="http://www.wi-fi.org/">Wi-Fi alliance</link>. - EAP-TLS will require three certificates to run: the CA - certificate (installed on all machines), the server - certificate for your authentication server, and one - client certificate for each wireless client. In this - EAP method, both authentication server and wireless - client authenticate each other in presenting their - respective certificates, and they verify that these - certificates were signed by your organization's - certificate authority (CA).</para> - - <para>As previously, the configuration is done via - <filename>/etc/wpa_supplicant.conf</filename>:</para> - - <programlisting>network={ - ssid="freebsdap" <co xml:id="co-tls-ssid"/> - proto=RSN <co xml:id="co-tls-proto"/> - key_mgmt=WPA-EAP <co xml:id="co-tls-kmgmt"/> - eap=TLS <co xml:id="co-tls-eap"/> - identity="loader" <co xml:id="co-tls-id"/> - ca_cert="/etc/certs/cacert.pem" <co xml:id="co-tls-cacert"/> - client_cert="/etc/certs/clientcert.pem" <co xml:id="co-tls-clientcert"/> - private_key="/etc/certs/clientkey.pem" <co xml:id="co-tls-pkey"/> - private_key_passwd="freebsdmallclient" <co xml:id="co-tls-pwd"/> -}</programlisting> - - <calloutlist> - <callout arearefs="co-tls-ssid"> - <para>This field indicates the network name - (SSID).</para> - </callout> - - <callout arearefs="co-tls-proto"> - <para>Here, we use RSN (IEEE 802.11i) protocol, i.e., - WPA2.</para> - </callout> - - <callout arearefs="co-tls-kmgmt"> - <para>The <literal>key_mgmt</literal> line refers to - the key management protocol we use. In our case it - is WPA using EAP authentication: - <literal>WPA-EAP</literal>.</para> - </callout> - - <callout arearefs="co-tls-eap"> - <para>In this field, we mention the EAP method for our - connection.</para> - </callout> - - <callout arearefs="co-tls-id"> - <para>The <literal>identity</literal> field contains - the identity string for EAP.</para> - </callout> - - <callout arearefs="co-tls-cacert"> - <para>The <literal>ca_cert</literal> field indicates - the pathname of the CA certificate file. This file - is needed to verify the server certificat.</para> - </callout> - - <callout arearefs="co-tls-clientcert"> - <para>The <literal>client_cert</literal> line gives - the pathname to the client certificate file. This - certificate is unique to each wireless client of the - network.</para> - </callout> - - <callout arearefs="co-tls-pkey"> - <para>The <literal>private_key</literal> field is the - pathname to the client certificate private key - file.</para> - </callout> - - <callout arearefs="co-tls-pwd"> - <para>The <literal>private_key_passwd</literal> field - contains the passphrase for the private key.</para> - </callout> - </calloutlist> - - <para>Then add the following line to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>ifconfig_ath0="WPA DHCP"</programlisting> - - <para>The next step is to bring up the interface with the - help of the <filename>rc.d</filename> facility:</para> - - <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput> -Starting wpa_supplicant. -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPACK from 192.168.0.20 -bound to 192.168.0.254 -- renewal in 300 seconds. -ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit - txpowmax 36 protmode CTS roaming MANUAL bintval 100</screen> - - <para>As previously shown, it is also possible to bring up - the interface manually with both - <command>wpa_supplicant</command> and - <command>ifconfig</command> commands.</para> - </sect5> - - <sect5 xml:id="network-wireless-wpa-eap-ttls"> - <title>WPA with EAP-TTLS</title> - - <para>With EAP-TLS both the authentication server and the - client need a certificate, with EAP-TTLS (EAP-Tunneled - Transport Layer Security) a client certificate is - optional. This method is close to what some secure web - sites do , where the web server can create a secure SSL - tunnel even if the visitors do not have client-side - certificates. EAP-TTLS will use the encrypted TLS - tunnel for safe transport of the authentication - data.</para> - - <para>The configuration is done via the - <filename>/etc/wpa_supplicant.conf</filename> - file:</para> - - <programlisting>network={ - ssid="freebsdap" - proto=RSN - key_mgmt=WPA-EAP - eap=TTLS <co xml:id="co-ttls-eap"/> - identity="test" <co xml:id="co-ttls-id"/> - password="test" <co xml:id="co-ttls-passwd"/> - ca_cert="/etc/certs/cacert.pem" <co xml:id="co-ttls-cacert"/> - phase2="auth=MD5" <co xml:id="co-ttls-pha2"/> -}</programlisting> - - <calloutlist> - <callout arearefs="co-ttls-eap"> - <para>In this field, we mention the EAP method for our - connection.</para> - </callout> - - <callout arearefs="co-ttls-id"> - <para>The <literal>identity</literal> field contains - the identity string for EAP authentication inside - the encrypted TLS tunnel.</para> - </callout> - - <callout arearefs="co-ttls-passwd"> - <para>The <literal>password</literal> field contains - the passphrase for the EAP authentication.</para> - </callout> - - <callout arearefs="co-ttls-cacert"> - <para>The <literal>ca_cert</literal> field indicates - the pathname of the CA certificate file. This file - is needed to verify the server certificat.</para> - </callout> - - <callout arearefs="co-ttls-pha2"> - <para>In this field, we mention the authentication - method used in the encrypted TLS tunnel. In our - case, EAP with MD5-Challenge has been used. The - <quote>inner authentication</quote> phase is often - called <quote>phase2</quote>.</para> - </callout> - </calloutlist> - - <para>You also have to add the following line to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>ifconfig_ath0="WPA DHCP"</programlisting> - - <para>The next step is to bring up the interface:</para> - - <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput> -Starting wpa_supplicant. -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPACK from 192.168.0.20 -bound to 192.168.0.254 -- renewal in 300 seconds. -ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit - txpowmax 36 protmode CTS roaming MANUAL bintval 100</screen> - </sect5> - - <sect5 xml:id="network-wireless-wpa-eap-peap"> - <title>WPA with EAP-PEAP</title> - - <para>PEAP (Protected EAP) has been designed as an - alternative to EAP-TTLS. There are two types of PEAP - methods, the most common one is PEAPv0/EAP-MSCHAPv2. In - the rest of this document, we will use the PEAP term to - refer to that EAP method. PEAP is the most used EAP - standard after EAP-TLS, in other words if you have a - network with mixed OSes, PEAP should be the most - supported standard after EAP-TLS.</para> - - <para>PEAP is similar to EAP-TTLS: it uses a server-side - certificate to authenticate clients by creating an - encrypted TLS tunnel between the client and the - authentication server, which protects the ensuing - exchange of authentication information. In term of - security the difference between EAP-TTLS and PEAP is - that PEAP authentication broadcasts the username in - clear, only the password is sent in the encrypted TLS - tunnel. EAP-TTLS will use the TLS tunnel for both - username and password.</para> - - <para>We have to edit the - <filename>/etc/wpa_supplicant.conf</filename> file and - add the EAP-PEAP related settings:</para> - - <programlisting>network={ - ssid="freebsdap" - proto=RSN - key_mgmt=WPA-EAP - eap=PEAP <co xml:id="co-peap-eap"/> - identity="test" <co xml:id="co-peap-id"/> - password="test" <co xml:id="co-peap-passwd"/> - ca_cert="/etc/certs/cacert.pem" <co xml:id="co-peap-cacert"/> - phase1="peaplabel=0" <co xml:id="co-peap-pha1"/> - phase2="auth=MSCHAPV2" <co xml:id="co-peap-pha2"/> -}</programlisting> - - <calloutlist> - <callout arearefs="co-peap-eap"> - <para>In this field, we mention the EAP method for our - connection.</para> - </callout> - - <callout arearefs="co-peap-id"> - <para>The <literal>identity</literal> field contains - the identity string for EAP authentication inside - the encrypted TLS tunnel.</para> - </callout> - - <callout arearefs="co-peap-passwd"> - <para>The <literal>password</literal> field contains - the passphrase for the EAP authentication.</para> - </callout> - - <callout arearefs="co-peap-cacert"> - <para>The <literal>ca_cert</literal> field indicates - the pathname of the CA certificate file. This file - is needed to verify the server certificat.</para> - </callout> - - <callout arearefs="co-peap-pha1"> - <para>This field contains the parameters for the - first phase of the authentication (the TLS - tunnel). According to the authentication server - used, you will have to specify a specific label - for the authentication. Most of time, the label - will be <quote>client EAP encryption</quote> which - is set by using <literal>peaplabel=0</literal>. - More information can be found in the - &man.wpa.supplicant.conf.5; manual page.</para> - </callout> - - <callout arearefs="co-peap-pha2"> - <para>In this field, we mention the authentication - protocol used in the encrypted TLS tunnel. In the - case of PEAP, it is - <literal>auth=MSCHAPV2</literal>.</para> - </callout> - </calloutlist> - - <para>The following must be added to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>ifconfig_ath0="WPA DHCP"</programlisting> - - <para>Then, we can bring up the interface:</para> - - <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput> -Starting wpa_supplicant. -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPREQUEST on ath0 to 255.255.255.255 port 67 -DHCPACK from 192.168.0.20 -bound to 192.168.0.254 -- renewal in 300 seconds. -ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit - txpowmax 36 protmode CTS roaming MANUAL bintval 100</screen> - </sect5> - </sect4> - - <sect4 xml:id="network-wireless-wep"> - <title>WEP</title> - - <para>WEP (Wired Equivalent Privacy) is part of the original - 802.11 standard. There is no authentication mechanism, - only a weak form of access control, and it is easily to be - cracked.</para> - - <para>WEP can be set up with - <command>ifconfig</command>:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 inet 192.168.1.100 netmask 255.255.255.0 ssid my_net \ - wepmode on weptxkey 3 wepkey 3:0x3456789012</userinput></screen> - - <itemizedlist> - <listitem> - <para>The <literal>weptxkey</literal> means which WEP - key will be used in the transmission. Here we used the - third key. This must match the setting in the access - point.</para> - </listitem> - - <listitem> - <para>The <literal>wepkey</literal> means setting the - selected WEP key. It should in the format - <replaceable>index:key</replaceable>, if the index is - not given, key <literal>1</literal> is set. That is - to say we need to set the index if we use keys other - than the first key.</para> - - <note> - <para>You must replace - the <literal>0x3456789012</literal> with the key - configured for use on the access point.</para> - </note> - </listitem> - </itemizedlist> - - <para>You are encouraged to read &man.ifconfig.8; manual - page for further information.</para> - - <para>The <command>wpa_supplicant</command> facility also - can be used to configure your wireless interface with WEP. - The example above can be set up by adding the following - lines to - <filename>/etc/wpa_supplicant.conf</filename>:</para> - - <programlisting>network={ - ssid="my_net" - key_mgmt=NONE - wep_key3=3456789012 - wep_tx_keyidx=3 -}</programlisting> - - <para>Then:</para> - - <screen>&prompt.root; <userinput>wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf</userinput> -Trying to associate with 00:13:46:49:41:76 (SSID='dlinkap' freq=2437 MHz) -Associated with 00:13:46:49:41:76</screen> - </sect4> - </sect3> - </sect2> - - <sect2> - <title>Ad-hoc Mode</title> - - <para>IBSS mode, also called ad-hoc mode, is designed for point - to point connections. For example, to establish an ad-hoc - network between the machine <systemitem>A</systemitem> and the machine - <systemitem>B</systemitem> we will just need to choose two IP adresses - and a SSID.</para> - - <para>On the box <systemitem>A</systemitem>:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 inet 192.168.0.1 netmask 255.255.255.0 ssid freebsdap mediaopt adhoc</userinput> -&prompt.root; <userinput>ifconfig ath0</userinput> - ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 - inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 - ether 00:11:95:c3:0d:ac - media: IEEE 802.11 Wireless Ethernet autoselect <adhoc> (autoselect <adhoc>) - status: associated - ssid freebsdap channel 2 bssid 02:11:95:c3:0d:ac - authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen> - - <para>The <literal>adhoc</literal> parameter indicates the - interface is running in the IBSS mode.</para> - - <para>On <systemitem>B</systemitem>, we should be able to detect - <systemitem>A</systemitem>:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 up scan</userinput> - SSID BSSID CHAN RATE S:N INT CAPS - freebsdap 02:11:95:c3:0d:ac 2 54M 19:0 100 IS</screen> - - <para>The <literal>I</literal> in the output confirms the - machine <systemitem>A</systemitem> is in ad-hoc mode. We just have to - configure <systemitem>B</systemitem> with a different IP - address:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 inet 192.168.0.2 netmask 255.255.255.0 ssid freebsdap mediaopt adhoc</userinput> -&prompt.root; <userinput>ifconfig ath0</userinput> - ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect <adhoc> (autoselect <adhoc>) - status: associated - ssid freebsdap channel 2 bssid 02:11:95:c3:0d:ac - authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen> - - <para>Both <systemitem>A</systemitem> and <systemitem>B</systemitem> are now - ready to exchange informations.</para> - </sect2> - - <sect2 xml:id="network-wireless-ap"> - <title>&os; Host Access Points</title> - - <para>&os; can act as an Access Point (AP) which eliminates the - need to buy a hardware AP or run an ad-hoc network. This can be - particularly useful when your &os; machine is acting as a - gateway to another network (e.g., the Internet).</para> - - <sect3 xml:id="network-wireless-ap-basic"> - <title>Basic Settings</title> - - <para>Before configuring your &os; machine as an AP, the - kernel must be configured with the appropriate wireless - networking support for your wireless card. You also have to - add the support for the security protocols you intend to - use. For more details, see <xref linkend="network-wireless-basic"/>.</para> - - <note> - <para>The use of the NDIS driver wrapper and the &windows; - drivers do not allow currently the AP operation. Only - native &os; wireless drivers support AP mode.</para> - </note> - - <para>Once the wireless networking support is loaded, you can - check if your wireless device supports the host-based access - point mode (also know as hostap mode):</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 list caps</userinput> -ath0=783ed0f<WEP,TKIP,AES,AES_CCM,IBSS,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,TKIPMIC,WPA1,WPA2,BURST,WME></screen> - - <para>This output displays the card capabilities; the - <literal>HOSTAP</literal> word confirms this wireless card - can act as an Access Point. Various supported ciphers are - also mentioned: WEP, TKIP, WPA2, etc., these informations - are important to know what security protocols could be set - on the Access Point.</para> - - <para>The wireless device can now be put into hostap mode and - configured with the correct SSID and IP address:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 ssid freebsdap mode 11g mediaopt hostap</userinput> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></screen> - - <para>Use again <command>ifconfig</command> to see the status - of the <filename>ath0</filename> interface:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0</userinput> - ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 - inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 - ether 00:11:95:c3:0d:ac - media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode OPEN privacy OFF txpowmax 38 bmiss 7 protmode CTS burst dtimperiod 1 bintval 100</screen> - - <para>The <literal>hostap</literal> parameter indicates the - interface is running in the host-based access point - mode.</para> - - <para>The interface configuration can be done automatically at - boot time by adding the following line to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>ifconfig_ath0="ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable>"</programlisting> - </sect3> - - <sect3> - <title>Host-based Access Point without Authentication or - Encryption</title> - - <para>Although it is not recommended to run an AP without any - authentication or encryption, this is a simple way to check - if your AP is working. This configuration is also important - for debugging client issues.</para> - - <para>Once the AP configured as previously shown, it is - possible from another wireless machine to initiate a scan to - find the AP:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 up scan</userinput> -SSID BSSID CHAN RATE S:N INT CAPS -freebsdap 00:11:95:c3:0d:ac 1 54M 22:1 100 ES</screen> - - <para>The client machine found the Access Point and can be - associated with it:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 ssid freebsdap inet 192.168.0.2 netmask 255.255.255.0</userinput> -&prompt.root; <userinput>ifconfig ath0</userinput> - ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 - inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 - ether 00:11:95:d5:43:62 - media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen> - </sect3> - - <sect3> - <title>WPA Host-based Access Point</title> - - <para>This section will focus on setting up &os; Access Point - using the WPA security protocol. More details regarding WPA - and the configuration of WPA-based wireless clients can be - found in the <xref linkend="network-wireless-wpa"/>.</para> - - <para>The <application>hostapd</application> daemon is used to - deal with client authentication and keys management on the - WPA enabled Access Point.</para> - - <para>In the following, all the configuration operations will - be performed on the &os; machine acting as AP. Once the - AP is correctly working, <application>hostapd</application> - should be automatically enabled at boot with the following - line in <filename>/etc/rc.conf</filename>:</para> - - <programlisting>hostapd_enable="YES"</programlisting> - - <para>Before trying to configure - <application>hostapd</application>, be sure you have done - the basic settings introduced in the <xref linkend="network-wireless-ap-basic"/>.</para> - - <sect4> - <title>WPA-PSK</title> - - <para>WPA-PSK is intended for small networks where the use - of an backend authentication server is not possible or - desired.</para> - - <para>The configuration is done in the - <filename>/etc/hostapd.conf</filename> file:</para> - - <programlisting>interface=ath0 <co xml:id="co-ap-wpapsk-iface"/> -debug=1 <co xml:id="co-ap-wpapsk-dbug"/> -ctrl_interface=/var/run/hostapd <co xml:id="co-ap-wpapsk-ciface"/> -ctrl_interface_group=wheel <co xml:id="co-ap-wpapsk-cifacegrp"/> -ssid=freebsdap <co xml:id="co-ap-wpapsk-ssid"/> -wpa=1 <co xml:id="co-ap-wpapsk-wpa"/> -wpa_passphrase=freebsdmall <co xml:id="co-ap-wpapsk-pass"/> -wpa_key_mgmt=WPA-PSK <co xml:id="co-ap-wpapsk-kmgmt"/> -wpa_pairwise=CCMP TKIP <co xml:id="co-ap-wpapsk-pwise"/></programlisting> - - <calloutlist> - <callout arearefs="co-ap-wpapsk-iface"> - <para>This field indicates the wireless interface used - for the Access Point.</para> - </callout> - - <callout arearefs="co-ap-wpapsk-dbug"> - <para>This field sets the level of verbosity during the - execution of <application>hostapd</application>. A - value of <literal>1</literal> represents the minimal - level.</para> - </callout> - - <callout arearefs="co-ap-wpapsk-ciface"> - <para>The <literal>ctrl_interface</literal> field gives - the pathname of the directory used by - <application>hostapd</application> to stores its - domain socket files for the communication with - external programs such as &man.hostapd.cli.8;. The - default value is used here.</para> - </callout> - - <callout arearefs="co-ap-wpapsk-cifacegrp"> - <para>The <literal>ctrl_interface_group</literal> line - sets the group (here, it is the - <systemitem class="groupname">wheel</systemitem> group) allowed to access - to the control interface files.</para> - </callout> - - <callout arearefs="co-ap-wpapsk-ssid"> - <para>This field sets the network name.</para> - </callout> - - <callout arearefs="co-ap-wpapsk-wpa"> - <para>The <literal>wpa</literal> field enables WPA and - specifies which WPA authentication protocol will be - required. A value of <literal>1</literal> configures the - AP for WPA-PSK.</para> - </callout> - - <callout arearefs="co-ap-wpapsk-pass"> - <para>The <literal>wpa_passphrase</literal> field - contains the ASCII passphrase for the WPA - authentication.</para> - - <warning> - <para>Always use strong passwords that are - sufficiently long and made from a rich alphabet so - they will not be guessed and/or attacked.</para> - </warning> - </callout> - - <callout arearefs="co-ap-wpapsk-kmgmt"> - <para>The <literal>wpa_key_mgmt</literal> line refers to - the key management protocol we use. In our case it is - WPA-PSK.</para> - </callout> - - <callout arearefs="co-ap-wpapsk-pwise"> - <para>The <literal>wpa_pairwise</literal> field - indicates the set of accepted encryption algorithms by - the Access Point. Here both TKIP (WPA) and CCMP - (WPA2) ciphers are accepted. CCMP cipher is an - alternative to TKIP and that is strongly preferred - when possible; TKIP should be used solely for stations - incapable of doing CCMP.</para> - </callout> - </calloutlist> - - <para>The next step is to start - <application>hostapd</application>:</para> - - <screen>&prompt.root; <userinput>/etc/rc.d/hostapd forcestart</userinput></screen> - - <screen>&prompt.root; <userinput>ifconfig ath0</userinput> - ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290 - inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 - inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 - ether 00:11:95:c3:0d:ac - media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen> - - <para>The Access Point is running, the clients can now be - associated with it, see <xref linkend="network-wireless-wpa"/> for more details. It is - possible to see the stations associated with the AP using - the <command>ifconfig ath0 list - sta</command> command.</para> - </sect4> - </sect3> - - <sect3> - <title>WEP Host-based Access Point</title> - - <para>It is not recommended to use WEP for setting up an - Access Point since there is no authentication mechanism and - it is easily to be cracked. Some legacy wireless cards only - support WEP as security protocol, these cards will only - allow to set up AP without authentication or encryption or - using the WEP protocol.</para> - - <para>The wireless device can now be put into hostap mode and - configured with the correct SSID and IP address:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 ssid freebsdap wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap \ - inet 192.168.0.1 netmask 255.255.255.0</userinput></screen> - - <itemizedlist> - <listitem> - <para>The <literal>weptxkey</literal> means which WEP - key will be used in the transmission. Here we used the - third key (note that the key numbering starts with - <literal>1</literal>). This parameter must be specified - to really encrypt the data.</para> - </listitem> - - <listitem> - <para>The <literal>wepkey</literal> means setting the - selected WEP key. It should in the format - <replaceable>index:key</replaceable>, if the index is - not given, key <literal>1</literal> is set. That is - to say we need to set the index if we use keys other - than the first key.</para> - </listitem> - </itemizedlist> - - <para>Use again <command>ifconfig</command> to see the status - of the <filename>ath0</filename> interface:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0</userinput> - ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 - inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 - ether 00:11:95:c3:0d:ac - media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen> - - <para>From another wireless machine, it is possible to initiate - a scan to find the AP:</para> - - <screen>&prompt.root; <userinput>ifconfig ath0 up scan</userinput> -SSID BSSID CHAN RATE S:N INT CAPS -freebsdap 00:11:95:c3:0d:ac 1 54M 22:1 100 EPS</screen> - - <para>The client machine found the Access Point and can be - associated with it using the correct parameters (key, etc.), - see <xref linkend="network-wireless-wep"/> for more - details.</para> - </sect3> - </sect2> - - <sect2> - <title>Troubleshooting</title> - - <para>If you are having trouble with wireless networking, there - are a number of steps you can take to help troubleshoot the - problem.</para> - - <itemizedlist> - <listitem> - <para>If you do not see the access point listed when - scanning be sure you have not configured your wireless - device to a limited set of channels.</para> - </listitem> - - <listitem> - <para>If you cannot associate to an access point verify the - configuration of your station matches the one of the - access point. This includes the authentication scheme and - any security protocols. Simplify your configuration as - much as possible. If you are using a security protocol - such as WPA or WEP configure the access point for open - authentication and no security to see if you can get - traffic to pass.</para> - </listitem> - - <listitem> - <para>Once you can associate to the access point diagnose - any security configuration using simple tools like - &man.ping.8;.</para> - - <para>The <command>wpa_supplicant</command> has much - debugging support; try running it manually with the - <option>-dd</option> option and look at the system - logs.</para> - </listitem> - - <listitem> - <para>There are also many lower-level debugging tools. You - can enable debugging messages in the 802.11 protocol - support layer using the <command>wlandebug</command> - program found in - <filename>/usr/src/tools/tools/net80211</filename>. For - example:</para> - - <screen>&prompt.root; <userinput>wlandebug -i ath0 +scan+auth+debug+assoc</userinput> - net.wlan.0.debug: 0 => 0xc80000<assoc,auth,scan></screen> - - <para>can be used to enable console messages related to - scanning for access points and doing the 802.11 protocol - handshakes required to arrange communication.</para> - - <para>There are also many useful statistics maintained by - the 802.11 layer; the <command>wlanstats</command> tool - will dump these informations. These statistics should - identify all errors identified by the 802.11 layer. - Beware however that some errors are identified in the - device drivers that lie below the 802.11 layer so they may - not show up. To diagnose device-specific problems you - need to refer to the drivers' documentation.</para> - </listitem> - </itemizedlist> - - <para>If the above information does not help to clarify the - problem, please submit a problem report and include output - from the above tools.</para> - </sect2> - </sect1> - - <sect1 xml:id="network-bluetooth"> - <info><title>Bluetooth</title> - <authorgroup> - <author><personname><firstname>Pav</firstname><surname>Lucistnik</surname></personname><contrib>Written by </contrib><affiliation> - <address><email>pav@FreeBSD.org</email></address> - </affiliation></author> - </authorgroup> - </info> - - - <indexterm><primary>Bluetooth</primary></indexterm> - <sect2> - <title>Introduction</title> - <para>Bluetooth is a wireless technology for creating personal networks - operating in the 2.4 GHz unlicensed band, with a range of 10 meters. - Networks are usually formed ad-hoc from portable devices such as - cellular phones, handhelds and laptops. Unlike the other popular - wireless technology, Wi-Fi, Bluetooth offers higher level service - profiles, e.g. FTP-like file servers, file pushing, voice transport, - serial line emulation, and more.</para> - - <para>The Bluetooth stack in &os; is implemented using the Netgraph - framework (see &man.netgraph.4;). A broad variety of Bluetooth USB - dongles is supported by the &man.ng.ubt.4; driver. The Broadcom BCM2033 - chip based Bluetooth devices are supported via the &man.ubtbcmfw.4; and - &man.ng.ubt.4; drivers. The 3Com Bluetooth PC Card 3CRWB60-A is - supported by the &man.ng.bt3c.4; driver. Serial and UART based - Bluetooth devices are supported via &man.sio.4;, &man.ng.h4.4; - and &man.hcseriald.8;. This section describes the use of the USB - Bluetooth dongle.</para> - </sect2> - - <sect2> - <title>Plugging in the Device</title> - <para>By default Bluetooth device drivers are available as kernel modules. - Before attaching a device, you will need to load the driver into the - kernel:</para> - - <screen>&prompt.root; <userinput>kldload ng_ubt</userinput></screen> - - <para>If the Bluetooth device is present in the system during system - startup, load the module from - <filename>/boot/loader.conf</filename>:</para> - - <programlisting>ng_ubt_load="YES"</programlisting> - - <para>Plug in your USB dongle. The output similar to the following will - appear on the console (or in syslog):</para> - - <screen>ubt0: vendor 0x0a12 product 0x0001, rev 1.10/5.25, addr 2 -ubt0: Interface 0 endpoints: interrupt=0x81, bulk-in=0x82, bulk-out=0x2 -ubt0: Interface 1 (alt.config 5) endpoints: isoc-in=0x83, isoc-out=0x3, - wMaxPacketSize=49, nframes=6, buffer size=294</screen> - - <note> - <para>The Bluetooth stack has to be started manually on &os; 6.0, and - on &os; 5.X before 5.5. It is done automatically from &man.devd.8; - on &os; 5.5, 6.1 and newer.</para> - - <para>Copy - <filename>/usr/share/examples/netgraph/bluetooth/rc.bluetooth</filename> - into some convenient place, like <filename>/etc/rc.bluetooth</filename>. - This script is used to start and stop the Bluetooth stack. It is a good - idea to stop the stack before unplugging the device, but it is not - (usually) fatal. When starting the stack, you will receive output similar - to the following:</para> - - <screen>&prompt.root; <userinput>/etc/rc.bluetooth start ubt0</userinput> -BD_ADDR: 00:02:72:00:d4:1a -Features: 0xff 0xff 0xf 00 00 00 00 00 -<3-Slot> <5-Slot> <Encryption> <Slot offset> -<Timing accuracy> <Switch> <Hold mode> <Sniff mode> -<Park mode> <RSSI> <Channel quality> <SCO link> -<HV2 packets> <HV3 packets> <u-law log> <A-law log> <CVSD> -<Paging scheme> <Power control> <Transparent SCO data> -Max. ACL packet size: 192 bytes -Number of ACL packets: 8 -Max. SCO packet size: 64 bytes -Number of SCO packets: 8</screen> - </note> - - </sect2> - - <sect2> - <title>Host Controller Interface (HCI)</title> - - <indexterm><primary>HCI</primary></indexterm> - - <para>Host Controller Interface (HCI) provides a command interface to the - baseband controller and link manager, and access to hardware status and - control registers. This interface provides a uniform method of accessing - the Bluetooth baseband capabilities. HCI layer on the Host exchanges - data and commands with the HCI firmware on the Bluetooth hardware. - The Host Controller Transport Layer (i.e. physical bus) driver provides - both HCI layers with the ability to exchange information with each - other.</para> - - <para>A single Netgraph node of type <emphasis>hci</emphasis> is - created for a single Bluetooth device. The HCI node is normally - connected to the Bluetooth device driver node (downstream) and - the L2CAP node (upstream). All HCI operations must be performed - on the HCI node and not on the device driver node. Default name - for the HCI node is <quote>devicehci</quote>. - For more details refer to the &man.ng.hci.4; manual page.</para> - - <para>One of the most common tasks is discovery of Bluetooth devices in - RF proximity. This operation is called <emphasis>inquiry</emphasis>. - Inquiry and other HCI related operations are done with the - &man.hccontrol.8; utility. The example below shows how to find out - which Bluetooth devices are in range. You should receive the list of - devices in a few seconds. Note that a remote device will only answer - the inquiry if it put into <emphasis>discoverable</emphasis> - mode.</para> - - <screen>&prompt.user; <userinput>hccontrol -n ubt0hci inquiry</userinput> -Inquiry result, num_responses=1 -Inquiry result #0 - BD_ADDR: 00:80:37:29:19:a4 - Page Scan Rep. Mode: 0x1 - Page Scan Period Mode: 00 - Page Scan Mode: 00 - Class: 52:02:04 - Clock offset: 0x78ef -Inquiry complete. Status: No error [00]</screen> - - <para><literal>BD_ADDR</literal> is unique address of a Bluetooth - device, similar to MAC addresses of a network card. This address - is needed for further communication with a device. It is possible - to assign human readable name to a BD_ADDR. - The <filename>/etc/bluetooth/hosts</filename> file contains information - regarding the known Bluetooth hosts. The following example shows how - to obtain human readable name that was assigned to the remote - device:</para> - - <screen>&prompt.user; <userinput>hccontrol -n ubt0hci remote_name_request 00:80:37:29:19:a4</userinput> -BD_ADDR: 00:80:37:29:19:a4 -Name: Pav's T39</screen> - - <para>If you perform an inquiry on a remote Bluetooth device, it will - find your computer as <quote>your.host.name (ubt0)</quote>. The name - assigned to the local device can be changed at any time.</para> - - <para>The Bluetooth system provides a point-to-point connection (only two - Bluetooth units involved), or a point-to-multipoint connection. In the - point-to-multipoint connection the connection is shared among several - Bluetooth devices. The following example shows how to obtain the list - of active baseband connections for the local device:</para> - - <screen>&prompt.user; <userinput>hccontrol -n ubt0hci read_connection_list</userinput> -Remote BD_ADDR Handle Type Mode Role Encrypt Pending Queue State -00:80:37:29:19:a4 41 ACL 0 MAST NONE 0 0 OPEN</screen> - - <para>A <emphasis>connection handle</emphasis> is useful when termination - of the baseband connection is required. Note, that it is normally not - required to do it by hand. The stack will automatically terminate - inactive baseband connections.</para> - - <screen>&prompt.root; <userinput>hccontrol -n ubt0hci disconnect 41</userinput> -Connection handle: 41 -Reason: Connection terminated by local host [0x16]</screen> - - <para>Refer to <command>hccontrol help</command> for a complete listing - of available HCI commands. Most of the HCI commands do not require - superuser privileges.</para> - - </sect2> - - <sect2> - <title>Logical Link Control and Adaptation Protocol (L2CAP)</title> - - <indexterm><primary>L2CAP</primary></indexterm> - - <para>Logical Link Control and Adaptation Protocol (L2CAP) provides - connection-oriented and connectionless data services to upper layer - protocols with protocol multiplexing capability and segmentation and - reassembly operation. L2CAP permits higher level protocols and - applications to transmit and receive L2CAP data packets up to 64 - kilobytes in length.</para> - - <para>L2CAP is based around the concept of <emphasis>channels</emphasis>. - Channel is a logical connection on top of baseband connection. Each - channel is bound to a single protocol in a many-to-one fashion. Multiple - channels can be bound to the same protocol, but a channel cannot be - bound to multiple protocols. Each L2CAP packet received on a channel is - directed to the appropriate higher level protocol. Multiple channels - can share the same baseband connection.</para> - - <para>A single Netgraph node of type <emphasis>l2cap</emphasis> is - created for a single Bluetooth device. The L2CAP node is normally - connected to the Bluetooth HCI node (downstream) and Bluetooth sockets - nodes (upstream). Default name for the L2CAP node is - <quote>devicel2cap</quote>. For more details refer to the - &man.ng.l2cap.4; manual page.</para> - - <para>A useful command is &man.l2ping.8;, which can be used to ping - other devices. Some Bluetooth implementations might not return all of - the data sent to them, so <literal>0 bytes</literal> in the following - example is normal.</para> - - <screen>&prompt.root; <userinput>l2ping -a 00:80:37:29:19:a4</userinput> -0 bytes from 0:80:37:29:19:a4 seq_no=0 time=48.633 ms result=0 -0 bytes from 0:80:37:29:19:a4 seq_no=1 time=37.551 ms result=0 -0 bytes from 0:80:37:29:19:a4 seq_no=2 time=28.324 ms result=0 -0 bytes from 0:80:37:29:19:a4 seq_no=3 time=46.150 ms result=0</screen> - - <para>The &man.l2control.8; utility is used to perform various operations - on L2CAP nodes. This example shows how to obtain the list of logical - connections (channels) and the list of baseband connections for the - local device:</para> - - <screen>&prompt.user; <userinput>l2control -a 00:02:72:00:d4:1a read_channel_list</userinput> -L2CAP channels: -Remote BD_ADDR SCID/ DCID PSM IMTU/ OMTU State -00:07:e0:00:0b:ca 66/ 64 3 132/ 672 OPEN -&prompt.user; <userinput>l2control -a 00:02:72:00:d4:1a read_connection_list</userinput> -L2CAP connections: -Remote BD_ADDR Handle Flags Pending State -00:07:e0:00:0b:ca 41 O 0 OPEN</screen> - - <para>Another diagnostic tool is &man.btsockstat.1;. It does a job - similar to as &man.netstat.1; does, but for Bluetooth network-related - data structures. The example below shows the same logical connection as - &man.l2control.8; above.</para> - - <screen>&prompt.user; <userinput>btsockstat</userinput> -Active L2CAP sockets -PCB Recv-Q Send-Q Local address/PSM Foreign address CID State -c2afe900 0 0 00:02:72:00:d4:1a/3 00:07:e0:00:0b:ca 66 OPEN -Active RFCOMM sessions -L2PCB PCB Flag MTU Out-Q DLCs State -c2afe900 c2b53380 1 127 0 Yes OPEN -Active RFCOMM sockets -PCB Recv-Q Send-Q Local address Foreign address Chan DLCI State -c2e8bc80 0 250 00:02:72:00:d4:1a 00:07:e0:00:0b:ca 3 6 OPEN</screen> - - </sect2> - - <sect2> - <title>RFCOMM Protocol</title> - - <indexterm><primary>RFCOMM</primary></indexterm> - - <para>The RFCOMM protocol provides emulation of serial ports over the - L2CAP protocol. The protocol is based on the ETSI standard TS 07.10. - RFCOMM is a simple transport protocol, with additional provisions for - emulating the 9 circuits of RS-232 (EIATIA-232-E) serial ports. The - RFCOMM protocol supports up to 60 simultaneous connections (RFCOMM - channels) between two Bluetooth devices.</para> - - <para>For the purposes of RFCOMM, a complete communication path involves - two applications running on different devices (the communication - endpoints) with a communication segment between them. RFCOMM is intended - to cover applications that make use of the serial ports of the devices - in which they reside. The communication segment is a Bluetooth link from - one device to another (direct connect).</para> - - <para>RFCOMM is only concerned with the connection between the devices in - the direct connect case, or between the device and a modem in the - network case. RFCOMM can support other configurations, such as modules - that communicate via Bluetooth wireless technology on one side and - provide a wired interface on the other side.</para> - - <para>In &os; the RFCOMM protocol is implemented at the Bluetooth sockets - layer.</para> - </sect2> - - <sect2> - <title>Pairing of Devices</title> - - <indexterm><primary>pairing</primary></indexterm> - - <para>By default, Bluetooth communication is not authenticated, and any - device can talk to any other device. A Bluetooth device (for example, - cellular phone) may choose to require authentication to provide a - particular service (for example, Dial-Up service). Bluetooth - authentication is normally done with <emphasis>PIN codes</emphasis>. - A PIN code is an ASCII string up to 16 characters in length. User is - required to enter the same PIN code on both devices. Once user has - entered the PIN code, both devices will generate a - <emphasis>link key</emphasis>. After that the link key can be stored - either in the devices themselves or in a persistent storage. Next time - both devices will use previously generated link key. The described - above procedure is called <emphasis>pairing</emphasis>. Note that if - the link key is lost by any device then pairing must be repeated.</para> - - <para>The &man.hcsecd.8; daemon is responsible for handling of all - Bluetooth authentication requests. The default configuration file is - <filename>/etc/bluetooth/hcsecd.conf</filename>. An example section for - a cellular phone with the PIN code arbitrarily set to - <quote>1234</quote> is shown below:</para> - - <programlisting>device { - bdaddr 00:80:37:29:19:a4; - name "Pav's T39"; - key nokey; - pin "1234"; - }</programlisting> - - <para>There is no limitation on PIN codes (except length). Some devices - (for example Bluetooth headsets) may have a fixed PIN code built in. - The <option>-d</option> switch forces the &man.hcsecd.8; daemon to stay - in the foreground, so it is easy to see what is happening. Set the - remote device to receive pairing and initiate the Bluetooth connection - to the remote device. The remote device should say that pairing was - accepted, and request the PIN code. Enter the same PIN code as you - have in <filename>hcsecd.conf</filename>. Now your PC and the remote - device are paired. Alternatively, you can initiate pairing on the remote - device.</para> - - <para>On &os; 5.5, 6.1 and newer, the following line can be added to the - <filename>/etc/rc.conf</filename> file to have - <application>hcsecd</application> started automatically on system - start:</para> - - <programlisting>hcsecd_enable="YES"</programlisting> - - <para>The following is a sample of the - <application>hcsecd</application> daemon output:</para> - -<programlisting>hcsecd[16484]: Got Link_Key_Request event from 'ubt0hci', remote bdaddr 0:80:37:29:19:a4 -hcsecd[16484]: Found matching entry, remote bdaddr 0:80:37:29:19:a4, name 'Pav's T39', link key doesn't exist -hcsecd[16484]: Sending Link_Key_Negative_Reply to 'ubt0hci' for remote bdaddr 0:80:37:29:19:a4 -hcsecd[16484]: Got PIN_Code_Request event from 'ubt0hci', remote bdaddr 0:80:37:29:19:a4 -hcsecd[16484]: Found matching entry, remote bdaddr 0:80:37:29:19:a4, name 'Pav's T39', PIN code exists -hcsecd[16484]: Sending PIN_Code_Reply to 'ubt0hci' for remote bdaddr 0:80:37:29:19:a4</programlisting> - - </sect2> - - <sect2> - <title>Service Discovery Protocol (SDP)</title> - - <indexterm><primary>SDP</primary></indexterm> - - <para>The Service Discovery Protocol (SDP) provides the means for client - applications to discover the existence of services provided by server - applications as well as the attributes of those services. The attributes - of a service include the type or class of service offered and the - mechanism or protocol information needed to utilize the service.</para> - - <para>SDP involves communication between a SDP server and a SDP client. - The server maintains a list of service records that describe the - characteristics of services associated with the server. Each service - record contains information about a single service. A client may - retrieve information from a service record maintained by the SDP server - by issuing a SDP request. If the client, or an application associated - with the client, decides to use a service, it must open a separate - connection to the service provider in order to utilize the service. - SDP provides a mechanism for discovering services and their attributes, - but it does not provide a mechanism for utilizing those services.</para> - - <para>Normally, a SDP client searches for services based on some desired - characteristics of the services. However, there are times when it is - desirable to discover which types of services are described by an SDP - server's service records without any a priori information about the - services. This process of looking for any offered services is called - <emphasis>browsing</emphasis>.</para> - - <para>The Bluetooth SDP server &man.sdpd.8; and command line client - &man.sdpcontrol.8; are included in the standard &os; installation. - The following example shows how to perform a SDP browse query.</para> - - <screen>&prompt.user; <userinput>sdpcontrol -a 00:01:03:fc:6e:ec browse</userinput> -Record Handle: 00000000 -Service Class ID List: - Service Discovery Server (0x1000) -Protocol Descriptor List: - L2CAP (0x0100) - Protocol specific parameter #1: u/int/uuid16 1 - Protocol specific parameter #2: u/int/uuid16 1 - -Record Handle: 0x00000001 -Service Class ID List: - Browse Group Descriptor (0x1001) - -Record Handle: 0x00000002 -Service Class ID List: - LAN Access Using PPP (0x1102) -Protocol Descriptor List: - L2CAP (0x0100) - RFCOMM (0x0003) - Protocol specific parameter #1: u/int8/bool 1 -Bluetooth Profile Descriptor List: - LAN Access Using PPP (0x1102) ver. 1.0 -</screen> - - <para>... and so on. Note that each service has a list of attributes - (RFCOMM channel for example). Depending on the service you might need to - make a note of some of the attributes. Some Bluetooth implementations do - not support service browsing and may return an empty list. In this case - it is possible to search for the specific service. The example below - shows how to search for the OBEX Object Push (OPUSH) service:</para> - - <screen>&prompt.user; <userinput>sdpcontrol -a 00:01:03:fc:6e:ec search OPUSH</userinput></screen> - - <para>Offering services on &os; to Bluetooth clients is done with the - &man.sdpd.8; server. On &os; 5.5, 6.1 and newer, the following line can - be added to the <filename>/etc/rc.conf</filename> file:</para> - - <programlisting>sdpd_enable="YES"</programlisting> - - <para>Then the <application>sdpd</application> daemon can be started with:</para> - - <screen>&prompt.root; <userinput>/etc/rc.d/sdpd start</userinput></screen> - - <para>On &os; 6.0, and on &os; 5.X before 5.5, - <application>sdpd</application> is not integrated into the system - startup scripts. It has to be started manually with:</para> - - <screen>&prompt.root; <userinput>sdpd</userinput></screen> - - <para>The local server application that wants to provide Bluetooth - service to the remote clients will register service with the local - SDP daemon. The example of such application is &man.rfcomm.pppd.8;. - Once started it will register Bluetooth LAN service with the local - SDP daemon.</para> - - <para>The list of services registered with the local SDP server can be - obtained by issuing SDP browse query via local control channel:</para> - - <screen>&prompt.root; <userinput>sdpcontrol -l browse</userinput></screen> - - </sect2> - - <sect2> - <title>Dial-Up Networking (DUN) and Network Access with PPP (LAN) - Profiles</title> - - <para>The Dial-Up Networking (DUN) profile is mostly used with modems - and cellular phones. The scenarios covered by this profile are the - following:</para> - - <itemizedlist> - <listitem><para>use of a cellular phone or modem by a computer as - a wireless modem for connecting to a dial-up Internet access server, - or using other dial-up services;</para></listitem> - - <listitem><para>use of a cellular phone or modem by a computer to - receive data calls.</para></listitem> - </itemizedlist> - - <para>Network Access with PPP (LAN) profile can be used in the following - situations:</para> - - <itemizedlist> - <listitem><para>LAN access for a single Bluetooth device; - </para></listitem> - - <listitem><para>LAN access for multiple Bluetooth devices; - </para></listitem> - - <listitem><para>PC to PC (using PPP networking over serial cable - emulation).</para></listitem> - </itemizedlist> - - <para>In &os; both profiles are implemented with &man.ppp.8; and - &man.rfcomm.pppd.8; - a wrapper that converts RFCOMM Bluetooth - connection into something PPP can operate with. Before any profile - can be used, a new PPP label in the <filename>/etc/ppp/ppp.conf</filename> - must be created. Consult &man.rfcomm.pppd.8; manual page for examples. - </para> - - <para>In the following example &man.rfcomm.pppd.8; will be used to open - RFCOMM connection to remote device with BD_ADDR 00:80:37:29:19:a4 on - DUN RFCOMM channel. The actual RFCOMM channel number will be obtained - from the remote device via SDP. It is possible to specify RFCOMM channel - by hand, and in this case &man.rfcomm.pppd.8; will not perform SDP - query. Use &man.sdpcontrol.8; to find out RFCOMM - channel on the remote device.</para> - - <screen>&prompt.root; <userinput>rfcomm_pppd -a 00:80:37:29:19:a4 -c -C dun -l rfcomm-dialup</userinput></screen> - - <para>In order to provide Network Access with PPP (LAN) service the - &man.sdpd.8; server must be running. A new entry for LAN clients must - be created in the <filename>/etc/ppp/ppp.conf</filename> file. Consult - &man.rfcomm.pppd.8; manual page for examples. Finally, start RFCOMM PPP - server on valid RFCOMM channel number. The RFCOMM PPP server will - automatically register Bluetooth LAN service with the local SDP daemon. - The example below shows how to start RFCOMM PPP server.</para> - - <screen>&prompt.root; <userinput>rfcomm_pppd -s -C 7 -l rfcomm-server</userinput></screen> - - </sect2> - - <sect2> - <title>OBEX Object Push (OPUSH) Profile</title> - - <indexterm><primary>OBEX</primary></indexterm> - - <para>OBEX is a widely used protocol for simple file transfers between - mobile devices. Its main use is in infrared communication, where it is - used for generic file transfers between notebooks or PDAs, - and for sending business cards or calendar entries between cellular - phones and other devices with PIM applications.</para> - - <para>The OBEX server and client are implemented as a third-party package - <application>obexapp</application>, which is available as - <package>comms/obexapp</package> port.</para> - - <para>OBEX client is used to push and/or pull objects from the OBEX server. - An object can, for example, be a business card or an appointment. - The OBEX client can obtain RFCOMM channel number from the remote device - via SDP. This can be done by specifying service name instead of RFCOMM - channel number. Supported service names are: IrMC, FTRN and OPUSH. - It is possible to specify RFCOMM channel as a number. Below is an - example of an OBEX session, where device information object is pulled - from the cellular phone, and a new object (business card) is pushed - into the phone's directory.</para> - - <screen>&prompt.user; <userinput>obexapp -a 00:80:37:29:19:a4 -C IrMC</userinput> -obex> get telecom/devinfo.txt devinfo-t39.txt -Success, response: OK, Success (0x20) -obex> put new.vcf -Success, response: OK, Success (0x20) -obex> di -Success, response: OK, Success (0x20)</screen> - - <para>In order to provide OBEX Object Push service, - &man.sdpd.8; server must be running. A root folder, where all incoming - objects will be stored, must be created. The default path to the root - folder is <filename>/var/spool/obex</filename>. Finally, start OBEX - server on valid RFCOMM channel number. The OBEX server will - automatically register OBEX Object Push service with the local SDP - daemon. The example below shows how to start OBEX server.</para> - - <screen>&prompt.root; <userinput>obexapp -s -C 10</userinput></screen> - </sect2> - - <sect2> - <title>Serial Port Profile (SPP)</title> - <para>The Serial Port Profile (SPP) allows Bluetooth devices to perform - RS232 (or similar) serial cable emulation. The scenario covered by this - profile deals with legacy applications using Bluetooth as a cable - replacement, through a virtual serial port abstraction.</para> - - <para>The &man.rfcomm.sppd.1; utility implements the Serial Port profile. - A pseudo tty is used as a virtual serial port abstraction. The example - below shows how to connect to a remote device Serial Port service. - Note that you do not have to specify a RFCOMM channel - - &man.rfcomm.sppd.1; can obtain it from the remote device via SDP. - If you would like to override this, specify a RFCOMM channel on the - command line.</para> - - <screen>&prompt.root; <userinput>rfcomm_sppd -a 00:07:E0:00:0B:CA -t /dev/ttyp6</userinput> -rfcomm_sppd[94692]: Starting on /dev/ttyp6...</screen> - - <para>Once connected, the pseudo tty can be used as serial port:</para> - - <screen>&prompt.root; <userinput>cu -l ttyp6</userinput></screen> - - </sect2> - - <sect2> - <title>Troubleshooting</title> - - <sect3> - <title>A remote device cannot connect</title> - <para>Some older Bluetooth devices do not support role switching. - By default, when &os; is accepting a new connection, it tries to - perform a role switch and become master. Devices, which do not - support this will not be able to connect. Note that role switching is - performed when a new connection is being established, so it is not - possible to ask the remote device if it does support role switching. - There is a HCI option to disable role switching on the local - side:</para> - - <screen>&prompt.root; <userinput>hccontrol -n ubt0hci write_node_role_switch 0</userinput></screen> - - </sect3> - - <sect3> - <title>Something is going wrong, can I see what exactly is happening?</title> - <para>Yes, you can. Use the third-party package - <application>hcidump</application>, which is available as - <package>comms/hcidump</package> port. - The <application>hcidump</application> utility is similar to - &man.tcpdump.1;. It can be used to display the content of the Bluetooth - packets on the terminal and to dump the Bluetooth packets to a - file.</para> - </sect3> - - </sect2> - - </sect1> - - <sect1 xml:id="network-bridging"> - <info><title>Bridging</title> - <authorgroup> - <author><personname><firstname>Andrew</firstname><surname>Thompson</surname></personname><contrib>Written by </contrib></author> - </authorgroup> - </info> - - - <sect2> - <title>Introduction</title> - <indexterm><primary>IP subnet</primary></indexterm> - <indexterm><primary>bridge</primary></indexterm> - <para>It is sometimes useful to divide one physical network - (such as an Ethernet segment) into two separate network - segments without having to create IP subnets and use a router - to connect the segments together. A device that connects two - networks together in this fashion is called a - <quote>bridge</quote>. A FreeBSD system with two network - interface cards can act as a bridge.</para> - - <para>The bridge works by learning the MAC layer addresses - (Ethernet addresses) of the devices on each of its network interfaces. - It forwards traffic between two networks only when its source and - destination are on different networks.</para> - - <para>In many respects, a bridge is like an Ethernet switch with very - few ports.</para> - </sect2> - - <sect2> - <title>Situations Where Bridging Is Appropriate</title> - - <para>There are many common situations in which a bridge is used - today.</para> - - <sect3> - <title>Connecting Networks</title> - - <para>The basic operation of a bridge is to join two or more - network segments together. There are many reasons to use a - host based bridge over plain networking equipment such as - cabling constraints, firewalling or connecting pseudo - networks such as a Virtual Machine interface. A bridge can - also connect a wireless interface running in hostap mode to - a wired network and act as an access point.</para> - </sect3> - - <sect3> - <title>Filtering/Traffic Shaping Firewall</title> - <indexterm><primary>firewall</primary></indexterm> - <indexterm><primary>NAT</primary></indexterm> - - <para>A common situation is where firewall functionality is - needed without routing or network address translation (NAT).</para> - - <para>An example is a small company that is connected via DSL - or ISDN to their ISP. They have a 13 globally-accessible IP - addresses from their ISP and have 10 PCs on their network. - In this situation, using a router-based firewall is - difficult because of subnetting issues.</para> - - <indexterm><primary>router</primary></indexterm> - <indexterm><primary>DSL</primary></indexterm> - <indexterm><primary>ISDN</primary></indexterm> - <para>A bridge-based firewall can be configured and dropped into the - path just downstream of their DSL/ISDN router without any IP - numbering issues.</para> - </sect3> - - <sect3> - <title>Network Tap</title> - - <para>A bridge can join two network segments and be used to - inspect all Ethernet frames that pass between them. This can - either be from using &man.bpf.4;/&man.tcpdump.1; on the - bridge interface or by sending a copy of all frames out an - additional interface (span port).</para> - </sect3> - - <sect3> - <title>Layer 2 VPN</title> - - <para>Two Ethernet networks can be joined across an IP link by - bridging the networks to an EtherIP tunnel or a &man.tap.4; - based solution such as OpenVPN.</para> - </sect3> - - <sect3> - <title>Layer 2 Redundancy</title> - - <para>A network can be connected together with multiple links - and use the Spanning Tree Protocol to block redundant paths. - For an Ethernet network to function properly only one active - path can exist between two devices, Spanning Tree will - detect loops and put the redundant links into a blocked - state. Should one of the active links fail then the - protocol will calculate a different tree and reenable one of - the blocked paths to restore connectivity to all points in - the network.</para> - </sect3> - </sect2> - - <sect2> - <title>Kernel Configuration</title> - - <para>This section covers &man.if.bridge.4; bridge - implementation, a netgraph bridging driver is also available, - for more information see &man.ng.bridge.4; manual page.</para> - - <para>The bridge driver is a kernel module and will be - automatically loaded by &man.ifconfig.8; when creating a - bridge interface. It is possible to compile the bridge in to - the kernel by adding <literal>device if_bridge</literal> to - your kernel configuration file.</para> - - <para>Packet filtering can be used with any firewall package - that hooks in via the &man.pfil.9; framework. The firewall - can be loaded as a module or compiled into the kernel.</para> - - <para>The bridge can be used as a traffic shaper with - &man.altq.4; or &man.dummynet.4;.</para> - </sect2> - - <sect2> - <title>Enabling the Bridge</title> - - <para>The bridge is created using interface cloning. To create - a bridge use &man.ifconfig.8;, if the bridge driver is not - present in the kernel then it will be loaded - automatically.</para> - - <screen>&prompt.root; <userinput>ifconfig bridge create</userinput> -bridge0 -&prompt.root; <userinput>ifconfig bridge0</userinput> -bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 - ether 96:3d:4b:f1:79:7a - id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 - maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 - root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0</screen> - - <para>A bridge interface is created and is automatically - assigned a randomly generated Ethernet address. The - <literal>maxaddr</literal> and <literal>timeout</literal> - parameters control how many MAC addresses the bridge will keep - in its forwarding table and how many seconds before each entry - is removed after it is last seen. The other parameters - control how Spanning Tree operates.</para> - - <para>Add the member network interfaces to the bridge. For the - bridge to forward packets all member interfaces and the bridge - need to be up:</para> - - <screen>&prompt.root; <userinput>ifconfig bridge0 addm fxp0 addm fxp1 up</userinput> -&prompt.root; <userinput>ifconfig fxp0 up</userinput> -&prompt.root; <userinput>ifconfig fxp1 up</userinput></screen> - - <para>The bridge is now forwarding Ethernet frames between - <filename>fxp0</filename> and - <filename>fxp1</filename>. The equivalent configuration - in <filename>/etc/rc.conf</filename> so the bridge is created - at startup is:</para> - - <programlisting>cloned_interfaces="bridge0" -ifconfig_bridge0="addm fxp0 addm fxp1 up" -ifconfig_fxp0="up" -ifconfig_fxp1="up"</programlisting> - - <para>If the bridge host needs an IP address then the correct - place to set this is on the bridge interface itself rather - than one of the member interfaces. This can be set statically - or via DHCP:</para> - - <screen>&prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen> - - <para>It is also possible to assign an IPv6 address to a bridge - interface.</para> - </sect2> - - <sect2> - <title>Firewalling</title> - <indexterm><primary>firewall</primary></indexterm> - - <para>When packet filtering is enabled, bridged packets will - pass through the filter inbound on the originating interface, - on the bridge interface and outbound on the appropriate - interfaces. Either stage can be disabled. When direction of - the packet flow is important it is best to firewall on the - member interfaces rather than the bridge itself.</para> - - <para>The bridge has several configurable settings for passing - non-IP and ARP packets, and layer2 firewalling with IPFW. See - &man.if.bridge.4; for more information.</para> - </sect2> - - <sect2> - <title>Spanning Tree</title> - - <para>The bridge driver implements the Rapid Spanning Tree - Protocol (RSTP or 802.1w) with backwards compatibility with - the legacy Spanning Tree Protocol (STP). Spanning Tree is - used to detect and remove loops in a network topology. RSTP - provides faster Spanning Tree convergence than legacy STP, the - protocol will exchange information with neighbouring switches - to quickly transition to forwarding without creating - loops.</para> - - <para>The following table shows the supported operating - modes:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="3"> - <thead> - <row> - <entry>OS Version</entry> - <entry>STP Modes</entry> - <entry>Default Mode</entry> - </row> - </thead> - - <tbody> - <row> - <entry>&os; 5.4—&os; 6.2</entry> - <entry>STP</entry> - <entry>STP</entry> - </row> - - <row> - <entry>&os; 6.3+</entry> - <entry>RSTP or STP</entry> - <entry>STP</entry> - </row> - - <row> - <entry>&os; 7.0+</entry> - <entry>RSTP or STP</entry> - <entry>RSTP</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Spanning Tree can be enabled on member interfaces using - the <literal>stp</literal> command. For a bridge with - <filename>fxp0</filename> and - <filename>fxp1</filename> as the current interfaces, - enable STP with the following:</para> - - <screen>&prompt.root; <userinput>ifconfig bridge0 stp fxp0 stp fxp1</userinput> -bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 - ether d6:cf:d5:a0:94:6d - id 00:01:02:4b:d4:50 priority 32768 hellotime 2 fwddelay 15 - maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 - root id 00:01:02:4b:d4:50 priority 32768 ifcost 0 port 0 - member: fxp0 flags=1c7<LEARNING,DISCOVER,STP,AUTOEDGE,PTP,AUTOPTP> - port 3 priority 128 path cost 200000 proto rstp - role designated state forwarding - member: fxp1 flags=1c7<LEARNING,DISCOVER,STP,AUTOEDGE,PTP,AUTOPTP> - port 4 priority 128 path cost 200000 proto rstp - role designated state forwarding</screen> - - <para>This bridge has a spanning tree ID of - <literal>00:01:02:4b:d4:50</literal> and a priority of - <literal>32768</literal>. As the <literal>root id</literal> - is the same it indicates that this is the root bridge for the - tree.</para> - - <para>Another bridge on the network also has spanning tree - enabled:</para> - - <screen>bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 - ether 96:3d:4b:f1:79:7a - id 00:13:d4:9a:06:7a priority 32768 hellotime 2 fwddelay 15 - maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 - root id 00:01:02:4b:d4:50 priority 32768 ifcost 400000 port 4 - member: fxp0 flags=1c7<LEARNING,DISCOVER,STP,AUTOEDGE,PTP,AUTOPTP> - port 4 priority 128 path cost 200000 proto rstp - role root state forwarding - member: fxp1 flags=1c7<LEARNING,DISCOVER,STP,AUTOEDGE,PTP,AUTOPTP> - port 5 priority 128 path cost 200000 proto rstp - role designated state forwarding</screen> - - <para>The line <literal>root id 00:01:02:4b:d4:50 priority 32768 - ifcost 400000 port 4</literal> shows that the root bridge is - <literal>00:01:02:4b:d4:50</literal> as above and has a path - cost of <literal>400000</literal> from this bridge, the path - to the root bridge is via <literal>port 4</literal> which is - <filename>fxp0</filename>.</para> - </sect2> - - <sect2> - <title>Advanced Bridging</title> - - <sect3> - <title>Reconstruct Traffic Flows</title> - - <para>The bridge supports monitor mode, where the packets are - discarded after &man.bpf.4; processing, and are not - processed or forwarded further. This can be used to - multiplex the input of two or more interfaces into a single - &man.bpf.4; stream. This is useful for reconstructing the - traffic for network taps that transmit the RX/TX signals out - through two separate interfaces.</para> - - <para>To read the input from four network interfaces as one - stream:</para> - - <screen>&prompt.root; <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput> -&prompt.root; <userinput>tcpdump -i bridge0</userinput></screen> - </sect3> - - <sect3> - <title>Span Ports</title> - - <para>A copy of every Ethernet frame received by the bridge - will be transmitted out a designated span port. The number - of span ports configured on a bridge is unlimited, if an - interface is designated as a span port then it may not also - be used as a regular bridge port. This is most useful for - snooping a bridged network passively on another host - connected to one of the span ports of the bridge.</para> - - <para>To send a copy of all frames out the interface named - <filename>fxp4</filename>:</para> - - <screen>&prompt.root; <userinput>ifconfig bridge0 span fxp4</userinput></screen> - </sect3> - - <sect3> - <title>Private Interfaces</title> - - <para>A private interface does not forward any traffic to any - other port that is also a private interface. The traffic is - blocked unconditionally so no Ethernet frames will be - forwarded, including ARP. If traffic needs to be - selectively blocked then a firewall should be used - instead.</para> - </sect3> - - <sect3> - <title>Sticky Interfaces</title> - - <para>If a bridge member interface is marked as sticky then - dynamically learned address entries are treated at static once - entered into the forwarding cache. Sticky entries are never - aged out of the cache or replaced, even if the address is seen - on a different interface. This gives the benefit of static - address entries without the need to pre-populate the - forwarding table, clients learnt on a particular segment of - the bridge can not roam to another segment.</para> - - <para>Another example of using sticky addresses would be to - combine the bridge with VLANs to create a router where - customer networks are isolated without wasting IP address - space. Consider that <systemitem class="fqdomainname">CustomerA</systemitem> is on - <literal>vlan100</literal> and <systemitem class="fqdomainname">CustomerB</systemitem> is on - <literal>vlan101</literal>. The bridge has the address - <systemitem class="ipaddress">192.168.0.1</systemitem> and is also an - internet router.</para> - - <screen>&prompt.root; <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput> -&prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen> - - <para>Both clients see <systemitem class="ipaddress">192.168.0.1</systemitem> as their default gateway - and since the bridge cache is sticky they can not spoof the - MAC address of the other customer to intercept their - traffic.</para> - - <para>Any communication between the VLANs can be blocked using - private interfaces (or a firewall):</para> - - <screen>&prompt.root; <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput></screen> - - <para>The customers are completely isolated from each other, - the full <systemitem class="netmask">/24</systemitem> address range - can be allocated without subnetting.</para> - </sect3> - - <sect3> - <title>SNMP Monitoring</title> - - <para>The bridge interface and STP parameters can be monitored - via the SNMP daemon which is included in the &os; base - system. The exported bridge MIBs conform to the IETF - standards so any SNMP client or monitoring package can be - used to retrieve the data.</para> - - <para>On the bridge machine uncomment the - <literal>begemotSnmpdModulePath."bridge" = - "/usr/lib/snmp_bridge.so"</literal> line from - <filename>/etc/snmp.config</filename> and start the - <application>bsnmpd</application> daemon. Other - configuration such as community names and access lists may - need to be modified. See &man.bsnmpd.1; and - &man.snmp.bridge.3; for more information.</para> - - <para>The following examples use the - <application>Net-SNMP</application> software (<package>net-mgmt/net-snmp</package>) to query a - bridge, the <package>net-mgmt/bsnmptools</package> port can also - be used. From the SNMP client host add to - <filename>$HOME/.snmp/snmp.conf</filename> the following - lines to import the bridge MIB definitions in to - <application>Net-SNMP</application>:</para> - - <programlisting>mibdirs +/usr/share/snmp/mibs -mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB</programlisting> - - <para>To monitor a single bridge via the IETF BRIDGE-MIB - (RFC4188) do</para> - - <screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge</userinput> -BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44 -BRIDGE-MIB::dot1dBaseNumPorts.0 = INTEGER: 1 ports -BRIDGE-MIB::dot1dStpTimeSinceTopologyChange.0 = Timeticks: (189959) 0:31:39.59 centi-seconds -BRIDGE-MIB::dot1dStpTopChanges.0 = Counter32: 2 -BRIDGE-MIB::dot1dStpDesignatedRoot.0 = Hex-STRING: 80 00 00 01 02 4B D4 50 -... -BRIDGE-MIB::dot1dStpPortState.3 = INTEGER: forwarding(5) -BRIDGE-MIB::dot1dStpPortEnable.3 = INTEGER: enabled(1) -BRIDGE-MIB::dot1dStpPortPathCost.3 = INTEGER: 200000 -BRIDGE-MIB::dot1dStpPortDesignatedRoot.3 = Hex-STRING: 80 00 00 01 02 4B D4 50 -BRIDGE-MIB::dot1dStpPortDesignatedCost.3 = INTEGER: 0 -BRIDGE-MIB::dot1dStpPortDesignatedBridge.3 = Hex-STRING: 80 00 00 01 02 4B D4 50 -BRIDGE-MIB::dot1dStpPortDesignatedPort.3 = Hex-STRING: 03 80 -BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1 -RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2)</screen> - - <para>The <literal>dot1dStpTopChanges.0</literal> value is two - which means that the STP bridge topology has changed twice, - a topology change means that one or more links in the - network have changed or failed and a new tree has been - calculated. The - <literal>dot1dStpTimeSinceTopologyChange.0</literal> value - will show when this happened.</para> - - <para>To monitor multiple bridge interfaces one may use the - private BEGEMOT-BRIDGE-MIB:</para> - - <screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com</userinput> -enterprises.fokus.begemot.begemotBridge -BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge0" = STRING: bridge0 -BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge2" = STRING: bridge2 -BEGEMOT-BRIDGE-MIB::begemotBridgeBaseAddress."bridge0" = STRING: e:ce:3b:5a:9e:13 -BEGEMOT-BRIDGE-MIB::begemotBridgeBaseAddress."bridge2" = STRING: 12:5e:4d:74:d:fc -BEGEMOT-BRIDGE-MIB::begemotBridgeBaseNumPorts."bridge0" = INTEGER: 1 -BEGEMOT-BRIDGE-MIB::begemotBridgeBaseNumPorts."bridge2" = INTEGER: 1 -... -BEGEMOT-BRIDGE-MIB::begemotBridgeStpTimeSinceTopologyChange."bridge0" = Timeticks: (116927) 0:19:29.27 centi-seconds -BEGEMOT-BRIDGE-MIB::begemotBridgeStpTimeSinceTopologyChange."bridge2" = Timeticks: (82773) 0:13:47.73 centi-seconds -BEGEMOT-BRIDGE-MIB::begemotBridgeStpTopChanges."bridge0" = Counter32: 1 -BEGEMOT-BRIDGE-MIB::begemotBridgeStpTopChanges."bridge2" = Counter32: 1 -BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge0" = Hex-STRING: 80 00 00 40 95 30 5E 31 -BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge2" = Hex-STRING: 80 00 00 50 8B B8 C6 A9</screen> - - <para>To change the bridge interface being monitored via the - <literal>mib-2.dot1dBridge</literal> subtree do:</para> - - <screen>&prompt.user; <userinput>snmpset -v 2c -c private bridge1.example.com</userinput> -BEGEMOT-BRIDGE-MIB::begemotBridgeDefaultBridgeIf.0 s bridge2</screen> - </sect3> - </sect2> - </sect1> - - <sect1 xml:id="network-aggregation"> - <info><title>Link Aggregation and Failover</title> - <authorgroup> - <author><personname><firstname>Andrew</firstname><surname>Thompson</surname></personname><contrib>Written by </contrib></author> - </authorgroup> - </info> - - - <indexterm><primary>lagg</primary></indexterm> - <indexterm><primary>failover</primary></indexterm> - <indexterm><primary>fec</primary></indexterm> - <indexterm><primary>lacp</primary></indexterm> - <indexterm><primary>loadbalance</primary></indexterm> - <indexterm><primary>roundrobin</primary></indexterm> - - <sect2> - <title>Introduction</title> - <para>The &man.lagg.4; interface allows aggregation of multiple network - interfaces as one virtual interface for the purpose of providing - fault-tolerance and high-speed links.</para> - </sect2> - - <sect2> - <title>Operating Modes</title> - - <variablelist> - - <varlistentry><term>failover</term> - - <listitem> - <para>Sends and receives traffic only through the master port. If the - master port becomes unavailable, the next active port is used. The - first interface added is the master port; any interfaces added after - that are used as failover devices.</para> - </listitem> - </varlistentry> - - <varlistentry><term>fec</term> - - <listitem> - <para>Supports Cisco EtherChannel. This is a static setup and does not - negotiate aggregation with the peer or exchange frames to monitor the - link, if the switch supports LACP then that should be used - instead.</para> - - <para>Balances outgoing traffic across the active ports based on hashed - protocol header information and accepts incoming traffic from any - active port. The hash includes the Ethernet source and destination - address, and, if available, the VLAN tag, and the IPv4/IPv6 source - and destination address.</para> - </listitem> - </varlistentry> - - <varlistentry><term>lacp</term> - - <listitem> - <para>Supports the IEEE 802.3ad Link Aggregation Control Protocol - (LACP) and the Marker Protocol. LACP will negotiate a set of - aggregable links with the peer in to one or more Link Aggregated - Groups. Each LAG is composed of ports of the same speed, set to - full-duplex operation. The traffic will be balanced across the ports - in the LAG with the greatest total speed, in most cases there will - only be one LAG which contains all ports. In the event of changes in - physical connectivity, Link Aggregation will quickly converge to a - new configuration.</para> - - <para>Balances outgoing traffic across the active ports based on hashed - protocol header information and accepts incoming traffic from any - active port. The hash includes the Ethernet source and destination - address, and, if available, the VLAN tag, and the IPv4/IPv6 source - and destination address.</para> - </listitem> - </varlistentry> - - <varlistentry><term>loadbalance</term> - - <listitem> - <para>This is an alias of <emphasis>fec</emphasis> mode.</para> - </listitem> - </varlistentry> - - <varlistentry><term>roundrobin</term> - - <listitem> - <para>Distributes outgoing traffic using a round-robin scheduler - through all active ports and accepts incoming traffic from any active - port. This mode will violate Ethernet frame ordering and should be - used with caution.</para> - </listitem> - </varlistentry> - </variablelist> - </sect2> - - <sect2> - <title>Examples</title> - - <example xml:id="networking-lacp-aggregation-cisco"> - <title>LACP aggregation with a Cisco switch</title> - - <para>This example connects two interfaces on a &os; machine to the - switch as a single load balanced and fault tolerant link. More interfaces - can be added to increase throughput and fault tolerance. Since frame - ordering is mandatory on Ethernet links then any traffic between two - stations always flows over the same physical link limiting the maximum - speed to that of one interface. The transmit algorithm attempts to use as - much information as it can to distinguish different traffic flows and - balance across the available interfaces.</para> - - <para>On the Cisco switch add the interfaces to the channel group.</para> - - <screen>interface FastEthernet0/1 - channel-group 1 mode active - channel-protocol lacp -! -interface FastEthernet0/2 - channel-group 1 mode active - channel-protocol lacp -!</screen> - - <para>On the &os; machine create the lagg interface.</para> - - <screen>&prompt.root; <userinput>ifconfig lagg0 create</userinput> -&prompt.root; <userinput>ifconfig lagg0 up laggproto lacp laggport fxp0 laggport fxp1</userinput></screen> - - <para>View the interface status from ifconfig; ports marked as - <emphasis>ACTIVE</emphasis> are part of the active aggregation group - that has been negotiated with the remote switch and traffic will be - transmitted and received. Use the verbose output of &man.ifconfig.8; - to view the LAG identifiers.</para> - - <screen>lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 - options=8<VLAN_MTU> - ether 00:05:5d:71:8d:b8 - media: Ethernet autoselect - status: active - laggproto lacp - laggport: fxp1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING> - laggport: fxp0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING></screen> - - <para>The switch will show which ports are active. For more detail use - <userinput>show lacp neighbor detail</userinput>.</para> - - <screen>switch# show lacp neighbor -Flags: S - Device is requesting Slow LACPDUs - F - Device is requesting Fast LACPDUs - A - Device is in Active mode P - Device is in Passive mode - -Channel group 1 neighbors - -Partner's information: - - LACP port Oper Port Port -Port Flags Priority Dev ID Age Key Number State -Fa0/1 SA 32768 0005.5d71.8db8 29s 0x146 0x3 0x3D -Fa0/2 SA 32768 0005.5d71.8db8 29s 0x146 0x4 0x3D</screen> - - </example> - <example xml:id="networking-lagg-failover"> - <title>Failover mode</title> - - <para>Failover mode can be used to switch over to another interface if - the link is lost on the master.</para> - - <screen>&prompt.root; <userinput>ifconfig lagg0 create</userinput> -&prompt.root; <userinput>ifconfig lagg0 up laggproto failover laggport fxp0 laggport fxp1</userinput></screen> - - <screen>lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 - options=8<VLAN_MTU> - ether 00:05:5d:71:8d:b8 - media: Ethernet autoselect - status: active - laggproto failover - laggport: fxp1 flags=0<> - laggport: fxp0 flags=5<MASTER,ACTIVE></screen> - - <para>Traffic will be transmitted and received on - <filename>fxp0</filename>. If the link is lost on - <filename>fxp0</filename> then <filename>fxp1</filename> will - become the active link. If the link is restored on the master - interface then it will once again become the active link.</para> - </example> - </sect2> - </sect1> - - <sect1 xml:id="network-diskless"> - <info><title>Diskless Operation</title> - <authorgroup> - <author><personname><firstname>Jean-François</firstname><surname>Dockès</surname></personname><contrib>Updated by </contrib></author> - </authorgroup> - <authorgroup> - <author><personname><firstname>Alex</firstname><surname>Dupre</surname></personname><contrib>Reorganized and enhanced by </contrib></author> - </authorgroup> - </info> - - - <indexterm><primary>diskless workstation</primary></indexterm> - <indexterm><primary>diskless operation</primary></indexterm> - - <para>A FreeBSD machine can boot over the network and operate without a - local disk, using file systems mounted from an <acronym>NFS</acronym> server. No system - modification is necessary, beyond standard configuration files. - Such a system is relatively easy to set up because all the necessary elements - are readily available:</para> - <itemizedlist> - <listitem> - <para>There are at least two possible methods to load the kernel over - the network:</para> - <itemizedlist> - <listitem> - <para><acronym>PXE</acronym>: The &intel; Preboot eXecution - Environment system is a form of smart boot ROM built into some - networking cards or motherboards. See &man.pxeboot.8; for more - details.</para> - </listitem> - <listitem> - <para>The <application>Etherboot</application> - port (<package>net/etherboot</package>) produces - ROM-able code to boot kernels over the network. The - code can be either burnt into a boot PROM on a network - card, or loaded from a local floppy (or hard) disk - drive, or from a running &ms-dos; system. Many network - cards are supported.</para> - </listitem> - </itemizedlist> - </listitem> - - <listitem> - <para>A sample script - (<filename>/usr/share/examples/diskless/clone_root</filename>) eases - the creation and maintenance of the workstation's root file system - on the server. The script will probably require a little - customization but it will get you started very quickly.</para> - </listitem> - - <listitem> - <para>Standard system startup files exist in <filename>/etc</filename> - to detect and support a diskless system startup.</para> - </listitem> - - <listitem> - <para>Swapping, if needed, can be done either to an <acronym>NFS</acronym> file or to - a local disk.</para> - </listitem> - </itemizedlist> - - <para>There are many ways to set up diskless workstations. Many - elements are involved, and most can be customized to suit local - taste. The following will describe variations on the setup of a complete system, - emphasizing simplicity and compatibility with the - standard FreeBSD startup scripts. The system described has the - following characteristics:</para> - - <itemizedlist> - <listitem> - <para>The diskless workstations use a shared - read-only <filename>/</filename> file system, and a shared - read-only <filename>/usr</filename>.</para> - <para>The root file system is a copy of a - standard FreeBSD root (typically the server's), with some - configuration files overridden by ones specific to diskless - operation or, possibly, to the workstation they belong to.</para> - <para>The parts of the root which have to be - writable are overlaid with &man.md.4; file systems. Any changes - will be lost when the system reboots.</para> - </listitem> - <listitem> - <para>The kernel is transferred and loaded either with - <application>Etherboot</application> or <acronym>PXE</acronym> - as some situations may mandate the use of either method.</para> - </listitem> - </itemizedlist> - - <caution><para>As described, this system is insecure. It should - live in a protected area of a network, and be untrusted by - other hosts.</para> - </caution> - - <para>All the information in this section has been tested - using &os; 5.2.1-RELEASE.</para> - - <sect2> - <title>Background Information</title> - - <para>Setting up diskless workstations is both relatively - straightforward and prone to errors. These are sometimes - difficult to diagnose for a number of reasons. For example:</para> - - <itemizedlist> - <listitem> - <para>Compile time options may determine different behaviors at - runtime.</para> - </listitem> - - <listitem> - <para>Error messages are often cryptic or totally absent.</para> - </listitem> - </itemizedlist> - - <para>In this context, having some knowledge of the background - mechanisms involved is very useful to solve the problems that - may arise.</para> - - <para>Several operations need to be performed for a successful - bootstrap:</para> - - <itemizedlist> - <listitem> - <para>The machine needs to obtain initial parameters such as its IP - address, executable filename, server name, root path. This is - done using the <acronym>DHCP</acronym> or BOOTP protocols. - <acronym>DHCP</acronym> is a compatible extension of BOOTP, and - uses the same port numbers and basic packet format.</para> - - <para>It is possible to configure a system to use only BOOTP. - The &man.bootpd.8; server program is included in the base &os; - system.</para> - - <para>However, <acronym>DHCP</acronym> has a number of advantages - over BOOTP (nicer configuration files, possibility of using - <acronym>PXE</acronym>, plus many others not directly related to - diskless operation), and we will describe mainly a - <acronym>DHCP</acronym> configuration, with equivalent examples - using &man.bootpd.8; when possible. The sample configuration will - use the <application>ISC DHCP</application> software package - (release 3.0.1.r12 was installed on the test server).</para> - </listitem> - - <listitem> - <para>The machine needs to transfer one or several programs to local - memory. Either <acronym>TFTP</acronym> or <acronym>NFS</acronym> - are used. The choice between <acronym>TFTP</acronym> and - <acronym>NFS</acronym> is a compile time option in several places. - A common source of error is to specify filenames for the wrong - protocol: <acronym>TFTP</acronym> typically transfers all files from - a single directory on the server, and would expect filenames - relative to this directory. <acronym>NFS</acronym> needs absolute - file paths.</para> - </listitem> - - <listitem> - <para>The possible intermediate bootstrap programs and the kernel - need to be initialized and executed. There are several important - variations in this area:</para> - - <itemizedlist> - <listitem> - <para><acronym>PXE</acronym> will load &man.pxeboot.8;, which is - a modified version of the &os; third stage loader. The - &man.loader.8; will obtain most parameters necessary to system - startup, and leave them in the kernel environment before - transferring control. It is possible to use a - <filename>GENERIC</filename> kernel in this case.</para> - </listitem> - - <listitem> - <para><application>Etherboot</application>, will directly - load the kernel, with less preparation. You will need to - build a kernel with specific options.</para> - </listitem> - </itemizedlist> - - <para><acronym>PXE</acronym> and <application>Etherboot</application> - work equally well; however, because kernels - normally let the &man.loader.8; do more work for them, - <acronym>PXE</acronym> is the preferred method.</para> - - <para>If your <acronym>BIOS</acronym> and network cards support - <acronym>PXE</acronym>, you should probably use it.</para> - </listitem> - - <listitem> - <para>Finally, the machine needs to access its file systems. - <acronym>NFS</acronym> is used in all cases.</para> - </listitem> - </itemizedlist> - - <para>See also &man.diskless.8; manual page.</para> - </sect2> - - <sect2> - <title>Setup Instructions</title> - - <sect3> - <title>Configuration Using <application>ISC DHCP</application></title> - <indexterm> - <primary>DHCP</primary> - <secondary>diskless operation</secondary> - </indexterm> - - <para>The <application>ISC DHCP</application> server can answer - both BOOTP and <acronym>DHCP</acronym> requests.</para> - - <para><application>ISC DHCP - 3.0</application> is not part of the base - system. You will first need to install the - <package>net/isc-dhcp3-server</package> port or the - corresponding package.</para> - - <para>Once <application>ISC DHCP</application> is installed, it - needs a configuration file to run (normally named - <filename>/usr/local/etc/dhcpd.conf</filename>). Here follows - a commented example, where host <systemitem>margaux</systemitem> - uses <application>Etherboot</application> and host - <systemitem>corbieres</systemitem> uses <acronym>PXE</acronym>:</para> - - <programlisting> -default-lease-time 600; -max-lease-time 7200; -authoritative; - -option domain-name "example.com"; -option domain-name-servers 192.168.4.1; -option routers 192.168.4.1; - -subnet 192.168.4.0 netmask 255.255.255.0 { - use-host-decl-names on; <co xml:id="co-dhcp-host-name"/> - option subnet-mask 255.255.255.0; - option broadcast-address 192.168.4.255; - - host margaux { - hardware ethernet 01:23:45:67:89:ab; - fixed-address margaux.example.com; - next-server 192.168.4.4; <co xml:id="co-dhcp-next-server"/> - filename "/data/misc/kernel.diskless"; <co xml:id="co-dhcp-filename"/> - option root-path "192.168.4.4:/data/misc/diskless"; <co xml:id="co-dhcp-root-path"/> - } - host corbieres { - hardware ethernet 00:02:b3:27:62:df; - fixed-address corbieres.example.com; - next-server 192.168.4.4; - filename "pxeboot"; - option root-path "192.168.4.4:/data/misc/diskless"; - } -} - </programlisting> - - <calloutlist> - <callout arearefs="co-dhcp-host-name"><para>This option tells - <application>dhcpd</application> to send the value in the - <literal>host</literal> declarations as the hostname for the - diskless host. An alternate way would be to add an - <literal>option host-name - margaux</literal> inside the - <literal>host</literal> declarations.</para> - </callout> - - <callout arearefs="co-dhcp-next-server"><para>The - <literal>next-server</literal> directive designates - the <acronym>TFTP</acronym> or <acronym>NFS</acronym> server to - use for loading loader or kernel file (the default is to use - the same host as the - <acronym>DHCP</acronym> server).</para> - </callout> - - <callout arearefs="co-dhcp-filename"><para>The - <literal>filename</literal> directive defines the file that - <application>Etherboot</application> or <acronym>PXE</acronym> - will load for the next execution step. It must be specified - according to the transfer method used. - <application>Etherboot</application> can be compiled to use - <acronym>NFS</acronym> or <acronym>TFTP</acronym>. The &os; - port configures <acronym>NFS</acronym> by default. - <acronym>PXE</acronym> uses <acronym>TFTP</acronym>, which is - why a relative filename is used here (this may depend on the - <acronym>TFTP</acronym> server configuration, but would be - fairly typical). Also, <acronym>PXE</acronym> loads - <filename>pxeboot</filename>, not the kernel. There are other - interesting possibilities, like loading - <filename>pxeboot</filename> from a &os; CD-ROM - <filename>/boot</filename> directory (as - &man.pxeboot.8; can load a <filename>GENERIC</filename> kernel, - this makes it possible to use <acronym>PXE</acronym> to boot - from a remote CD-ROM).</para> - </callout> - - <callout arearefs="co-dhcp-root-path"><para>The - <literal>root-path</literal> option defines the path to - the root file system, in usual <acronym>NFS</acronym> notation. - When using <acronym>PXE</acronym>, it is possible to leave off - the host's IP as long as you do not enable the kernel option - BOOTP. The <acronym>NFS</acronym> server will then be - the same as the <acronym>TFTP</acronym> one.</para> - </callout> - </calloutlist> - - </sect3> - <sect3> - <title>Configuration Using BOOTP</title> - <indexterm> - <primary>BOOTP</primary> - <secondary>diskless operation</secondary> - </indexterm> - - <para>Here follows an equivalent <application>bootpd</application> - configuration (reduced to one client). This would be found in - <filename>/etc/bootptab</filename>.</para> - - <para>Please note that <application>Etherboot</application> - must be compiled with the non-default option - <literal>NO_DHCP_SUPPORT</literal> in order to use BOOTP, - and that <acronym>PXE</acronym> <emphasis>needs</emphasis> <acronym>DHCP</acronym>. The only - obvious advantage of <application>bootpd</application> is - that it exists in the base system.</para> - - <programlisting> -.def100:\ - :hn:ht=1:sa=192.168.4.4:vm=rfc1048:\ - :sm=255.255.255.0:\ - :ds=192.168.4.1:\ - :gw=192.168.4.1:\ - :hd="/tftpboot":\ - :bf="/kernel.diskless":\ - :rp="192.168.4.4:/data/misc/diskless": - -margaux:ha=0123456789ab:tc=.def100 - </programlisting> - </sect3> - - <sect3> - <title>Preparing a Boot Program with - <application>Etherboot</application></title> - - <indexterm> - <primary>Etherboot</primary> - </indexterm> - - <para><link xlink:href="http://etherboot.sourceforge.net">Etherboot's Web - site</link> contains - <link xlink:href="http://etherboot.sourceforge.net/doc/html/userman/t1.html"> - extensive documentation</link> mainly intended for Linux - systems, but nonetheless containing useful information. The - following will just outline how you would use - <application>Etherboot</application> on a FreeBSD - system.</para> - - <para>You must first install the <package>net/etherboot</package> package or port.</para> - - <para>You can change the <application>Etherboot</application> - configuration (i.e. to use <acronym>TFTP</acronym> instead of - <acronym>NFS</acronym>) by editing the <filename>Config</filename> - file in the <application>Etherboot</application> source - directory.</para> - - <para>For our setup, we shall use a boot floppy. For other methods - (PROM, or &ms-dos; program), please refer to the - <application>Etherboot</application> documentation.</para> - - <para>To make a boot floppy, insert a floppy in the drive on the - machine where you installed <application>Etherboot</application>, - then change your current directory to the <filename>src</filename> - directory in the <application>Etherboot</application> tree and - type:</para> - - <screen> -&prompt.root; <userinput>gmake bin32/devicetype.fd0</userinput> - </screen> - - <para><replaceable>devicetype</replaceable> depends on the type of - the Ethernet card in the diskless workstation. Refer to the - <filename>NIC</filename> file in the same directory to determine the - right <replaceable>devicetype</replaceable>.</para> - - </sect3> - - <sect3> - <title>Booting with <acronym>PXE</acronym></title> - - <para>By default, the &man.pxeboot.8; loader loads the kernel via - <acronym>NFS</acronym>. It can be compiled to use - <acronym>TFTP</acronym> instead by specifying the - <literal>LOADER_TFTP_SUPPORT</literal> option in - <filename>/etc/make.conf</filename>. See the comments in - <filename>/usr/share/examples/etc/make.conf</filename> - for instructions.</para> - - <para>There are two other <filename>make.conf</filename> - options which may be useful for setting up a serial console diskless - machine: <literal>BOOT_PXELDR_PROBE_KEYBOARD</literal>, and - <literal>BOOT_PXELDR_ALWAYS_SERIAL</literal>.</para> - - <para>To use <acronym>PXE</acronym> when the machine starts, you will - usually need to select the <literal>Boot from network</literal> - option in your <acronym>BIOS</acronym> setup, or type a function key - during the PC initialization.</para> - </sect3> - - <sect3> - <title>Configuring the <acronym>TFTP</acronym> and <acronym>NFS</acronym> Servers</title> - - <indexterm> - <primary>TFTP</primary> - <secondary>diskless operation</secondary> - </indexterm> - <indexterm> - <primary>NFS</primary> - <secondary>diskless operation</secondary> - </indexterm> - - <para>If you are using <acronym>PXE</acronym> or - <application>Etherboot</application> configured to use - <acronym>TFTP</acronym>, you need to enable - <application>tftpd</application> on the file server:</para> - <procedure> - <step> - <para>Create a directory from which <application>tftpd</application> - will serve the files, e.g. <filename>/tftpboot</filename>.</para> - </step> - - <step> - <para>Add this line to your - <filename>/etc/inetd.conf</filename>:</para> - - <programlisting>tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot</programlisting> - - <note><para>It appears that at least some <acronym>PXE</acronym> versions want - the <acronym>TCP</acronym> version of <acronym>TFTP</acronym>. In this case, add a second line, - replacing <literal>dgram udp</literal> with <literal>stream - tcp</literal>.</para> - </note> - </step> - <step> - <para>Tell <application>inetd</application> to reread its configuration - file. The <option>inetd_enable="YES"</option> must be in - the <filename>/etc/rc.conf</filename> file for this - command to execute correctly:</para> - <screen>&prompt.root; <userinput>/etc/rc.d/inetd restart</userinput></screen> - </step> - </procedure> - - <para>You can place the <filename>tftpboot</filename> - directory anywhere on the server. Make sure that the - location is set in both <filename>inetd.conf</filename> and - <filename>dhcpd.conf</filename>.</para> - - <para>In all cases, you also need to enable <acronym>NFS</acronym> and export the - appropriate file system on the <acronym>NFS</acronym> server.</para> - - <procedure> - <step> - <para>Add this to <filename>/etc/rc.conf</filename>:</para> - <programlisting>nfs_server_enable="YES"</programlisting> - </step> - - <step> - <para>Export the file system where the diskless root directory - is located by adding the following to - <filename>/etc/exports</filename> (adjust the volume mount - point and replace <replaceable>margaux corbieres</replaceable> - with the names of the diskless workstations):</para> - - <programlisting><replaceable>/data/misc</replaceable> -alldirs -ro <replaceable>margaux corbieres</replaceable></programlisting> - </step> - <step> - <para>Tell <application>mountd</application> to reread its configuration - file. If you actually needed to enable <acronym>NFS</acronym> in - <filename>/etc/rc.conf</filename> - at the first step, you probably want to reboot instead.</para> - <screen>&prompt.root; <userinput>/etc/rc.d/mountd restart</userinput></screen> - </step> - </procedure> - - </sect3> - - <sect3> - <title>Building a Diskless Kernel</title> - - <indexterm> - <primary>diskless operation</primary> - <secondary>kernel configuration</secondary> - </indexterm> - - <para>If using <application>Etherboot</application>, you need to - create a kernel configuration file for the diskless client - with the following options (in addition to the usual ones):</para> - - <programlisting> -options BOOTP # Use BOOTP to obtain IP address/hostname -options BOOTP_NFSROOT # NFS mount root file system using BOOTP info - </programlisting> - - <para>You may also want to use <literal>BOOTP_NFSV3</literal>, - <literal>BOOT_COMPAT</literal> and <literal>BOOTP_WIRED_TO</literal> - (refer to <filename>NOTES</filename>).</para> - - <para>These option names are historical and slightly misleading as - they actually enable indifferent use of <acronym>DHCP</acronym> and - BOOTP inside the kernel (it is also possible to force strict BOOTP - or <acronym>DHCP</acronym> use).</para> - - <para>Build the kernel (see <xref linkend="kernelconfig"/>), - and copy it to the place specified - in <filename>dhcpd.conf</filename>.</para> - - <note> - <para>When using <acronym>PXE</acronym>, building a kernel with the - above options is not strictly necessary (though suggested). - Enabling them will cause more <acronym>DHCP</acronym> requests to be - issued during kernel startup, with a small risk of inconsistency - between the new values and those retrieved by &man.pxeboot.8; in some - special cases. The advantage of using them is that the host name - will be set as a side effect. Otherwise you will need to set the - host name by another method, for example in a client-specific - <filename>rc.conf</filename> file.</para> - </note> - - <note> - <para>In order to be loadable with - <application>Etherboot</application>, a kernel needs to have - the device hints compiled in. You would typically set the - following option in the configuration file (see the - <filename>NOTES</filename> configuration comments file):</para> - - <programlisting>hints "GENERIC.hints"</programlisting> - </note> - - </sect3> - - <sect3> - <title>Preparing the Root Filesystem</title> - - <indexterm> - <primary>root file system</primary> - <secondary>diskless operation</secondary> - </indexterm> - - <para>You need to create a root file system for the diskless - workstations, in the location listed as - <literal>root-path</literal> in - <filename>dhcpd.conf</filename>.</para> - - <sect4> - <title>Using <command>make world</command> to populate root</title> - - <para>This method is quick and - will install a complete virgin system (not only the root file system) - into <envar>DESTDIR</envar>. - All you have to do is simply execute the following script:</para> - - <programlisting>#!/bin/sh -export DESTDIR=/data/misc/diskless -mkdir -p ${DESTDIR} -cd /usr/src; make buildworld && make buildkernel -cd /usr/src/etc; make distribution</programlisting> - - <para>Once done, you may need to customize your - <filename>/etc/rc.conf</filename> and - <filename>/etc/fstab</filename> placed into - <envar>DESTDIR</envar> according to your needs.</para> - </sect4> - </sect3> - - <sect3> - <title>Configuring Swap</title> - - <para>If needed, a swap file located on the server can be - accessed via <acronym>NFS</acronym>.</para> - - <sect4> - <title><acronym>NFS</acronym> Swap</title> - - <para>The kernel does not support enabling <acronym>NFS</acronym> - swap at boot time. Swap must be enabled by the startup scripts, - by mounting a writable file system and creating and enabling a - swap file. To create a swap file of appropriate size, you can do - like this:</para> - - <screen>&prompt.root; <userinput>dd if=/dev/zero of=/path/to/swapfile bs=1k count=1 oseek=100000</userinput></screen> - - <para>To enable it you have to add the following line to your - <filename>rc.conf</filename>:</para> - - <programlisting>swapfile=<replaceable>/path/to/swapfile</replaceable></programlisting> - </sect4> - </sect3> - - <sect3> - <title>Miscellaneous Issues</title> - - - <sect4> - <title>Running with a Read-only <filename>/usr</filename></title> - - <indexterm> - <primary>diskless operation</primary> - <secondary>/usr read-only</secondary> - </indexterm> - - <para>If the diskless workstation is configured to run X, you - will have to adjust the <application>XDM</application> configuration file, which puts - the error log on <filename>/usr</filename> by default.</para> - </sect4> - <sect4> - <title>Using a Non-FreeBSD Server</title> - - <para>When the server for the root file system is not running FreeBSD, - you will have to create the root file system on a - FreeBSD machine, then copy it to its destination, using - <command>tar</command> or <command>cpio</command>.</para> - <para>In this situation, there are sometimes - problems with the special files in <filename>/dev</filename>, - due to differing major/minor integer sizes. A solution to this - problem is to export a directory from the non-FreeBSD server, - mount this directory onto a FreeBSD machine, and - use &man.devfs.5; to allocate device nodes transparently for - the user.</para> - - </sect4> - - </sect3> - - </sect2> - </sect1> - - <sect1 xml:id="network-isdn"> - <title>ISDN</title> - - <indexterm> - <primary>ISDN</primary> - </indexterm> - - <para>A good resource for information on ISDN technology and hardware is - <link xlink:href="http://www.alumni.caltech.edu/~dank/isdn/">Dan Kegel's ISDN - Page</link>.</para> - - <para>A quick simple road map to ISDN follows:</para> - - <itemizedlist> - <listitem> - <para>If you live in Europe you might want to investigate the ISDN card - section.</para> - </listitem> - - <listitem> - <para>If you are planning to use ISDN primarily to connect to the - Internet with an Internet Provider on a dial-up non-dedicated basis, - you might look into Terminal Adapters. This will give you the - most flexibility, with the fewest problems, if you change - providers.</para> - </listitem> - - <listitem> - <para>If you are connecting two LANs together, or connecting to the - Internet with a dedicated ISDN connection, you might consider - the stand alone router/bridge option.</para> - </listitem> - </itemizedlist> - - <para>Cost is a significant factor in determining what solution you will - choose. The following options are listed from least expensive to most - expensive.</para> - - <sect2 xml:id="network-isdn-cards"> - <info><title>ISDN Cards</title> - <authorgroup> - <author><personname><firstname>Hellmuth</firstname><surname>Michaelis</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - - - <indexterm> - <primary>ISDN</primary> - <secondary>cards</secondary> - </indexterm> - - <para>FreeBSD's ISDN implementation supports only the DSS1/Q.931 - (or Euro-ISDN) standard using passive cards. Some active cards - are supported where the firmware - also supports other signaling protocols; this also includes the - first supported Primary Rate (PRI) ISDN card.</para> - - <para>The <application>isdn4bsd</application> software allows you to connect - to other ISDN routers using either IP over raw HDLC or by using - synchronous PPP: either by using kernel PPP with <literal>isppp</literal>, a - modified &man.sppp.4; driver, or by using userland &man.ppp.8;. By using - userland &man.ppp.8;, channel bonding of two or more ISDN - B-channels is possible. A telephone answering machine - application is also available as well as many utilities such as - a software 300 Baud modem.</para> - - <para>Some growing number of PC ISDN cards are supported under - FreeBSD and the reports show that it is successfully used all - over Europe and in many other parts of the world.</para> - - <para>The passive ISDN cards supported are mostly the ones with - the Infineon (formerly Siemens) ISAC/HSCX/IPAC ISDN chipsets, - but also ISDN cards with chips from Cologne Chip (ISA bus only), - PCI cards with Winbond W6692 chips, some cards with the - Tiger300/320/ISAC chipset combinations and some vendor specific - chipset based cards such as the AVM Fritz!Card PCI V.1.0 and the - AVM Fritz!Card PnP.</para> - - <para>Currently the active supported ISDN cards are the AVM B1 - (ISA and PCI) BRI cards and the AVM T1 PCI PRI cards.</para> - - <para>For documentation on <application>isdn4bsd</application>, - have a look at <filename>/usr/share/examples/isdn/</filename> - directory on your FreeBSD system or at the <link xlink:href="http://www.freebsd-support.de/i4b/">homepage of - isdn4bsd</link> which also has pointers to hints, erratas and - much more documentation such as the <link xlink:href="http://people.FreeBSD.org/~hm/">isdn4bsd - handbook</link>.</para> - - <para>In case you are interested in adding support for a - different ISDN protocol, a currently unsupported ISDN PC card or - otherwise enhancing <application>isdn4bsd</application>, please - get in touch with &a.hm;.</para> - - <para>For questions regarding the installation, configuration - and troubleshooting <application>isdn4bsd</application>, a - &a.isdn.name; mailing list is available.</para> - </sect2> - - <sect2> - <title>ISDN Terminal Adapters</title> - - <para>Terminal adapters (TA), are to ISDN what modems are to regular - phone lines.</para> - <indexterm><primary>modem</primary></indexterm> - <para>Most TA's use the standard Hayes modem AT command set, and can be - used as a drop in replacement for a modem.</para> - - <para>A TA will operate basically the same as a modem except connection - and throughput speeds will be much faster than your old modem. You - will need to configure <link linkend="ppp">PPP</link> exactly the same - as for a modem setup. Make sure you set your serial speed as high as - possible.</para> - <indexterm><primary>PPP</primary></indexterm> - <para>The main advantage of using a TA to connect to an Internet - Provider is that you can do Dynamic PPP. As IP address space becomes - more and more scarce, most providers are not willing to provide you - with a static IP anymore. Most stand-alone routers are not able to - accommodate dynamic IP allocation.</para> - - <para>TA's completely rely on the PPP daemon that you are running for - their features and stability of connection. This allows you to - upgrade easily from using a modem to ISDN on a FreeBSD machine, if you - already have PPP set up. However, at the same time any problems you - experienced with the PPP program and are going to persist.</para> - - <para>If you want maximum stability, use the kernel <link linkend="ppp">PPP</link> option, not the <link linkend="userppp">userland PPP</link>.</para> - - <para>The following TA's are known to work with FreeBSD:</para> - - <itemizedlist> - <listitem> - <para>Motorola BitSurfer and Bitsurfer Pro</para> - </listitem> - - <listitem> - <para>Adtran</para> - </listitem> - </itemizedlist> - - <para>Most other TA's will probably work as well, TA vendors try to make - sure their product can accept most of the standard modem AT command - set.</para> - - <para>The real problem with external TA's is that, like modems, - you need a good serial card in your computer.</para> - - <para>You should read the <link xlink:href="&url.articles.serial-uart;/index.html">FreeBSD Serial - Hardware</link> tutorial for a detailed understanding of - serial devices, and the differences between asynchronous and - synchronous serial ports.</para> - - <para>A TA running off a standard PC serial port (asynchronous) limits - you to 115.2 Kbs, even though you have a 128 Kbs connection. - To fully utilize the 128 Kbs that ISDN is capable of, - you must move the TA to a synchronous serial card.</para> - - <para>Do not be fooled into buying an internal TA and thinking you have - avoided the synchronous/asynchronous issue. Internal TA's simply have - a standard PC serial port chip built into them. All this will do is - save you having to buy another serial cable and find another empty - electrical socket.</para> - - <para>A synchronous card with a TA is at least as fast as a stand-alone - router, and with a simple 386 FreeBSD box driving it, probably more - flexible.</para> - - <para>The choice of synchronous card/TA v.s. stand-alone router is largely a - religious issue. There has been some discussion of this in - the mailing lists. We suggest you search the <link xlink:href="&url.base;/search/index.html">archives</link> for - the complete discussion.</para> - </sect2> - - <sect2> - <title>Stand-alone ISDN Bridges/Routers</title> - <indexterm> - <primary>ISDN</primary> - <secondary>stand-alone bridges/routers</secondary> - </indexterm> - <para>ISDN bridges or routers are not at all specific to FreeBSD - or any other operating system. For a more complete - description of routing and bridging technology, please refer - to a networking reference book.</para> - - <para>In the context of this section, the terms router and bridge will - be used interchangeably.</para> - - <para>As the cost of low end ISDN routers/bridges comes down, it - will likely become a more and more popular choice. An ISDN - router is a small box that plugs directly into your local - Ethernet network, and manages its own connection to the other - bridge/router. It has built in software to communicate via - PPP and other popular protocols.</para> - - <para>A router will allow you much faster throughput than a - standard TA, since it will be using a full synchronous ISDN - connection.</para> - - <para>The main problem with ISDN routers and bridges is that - interoperability between manufacturers can still be a problem. - If you are planning to connect to an Internet provider, you - should discuss your needs with them.</para> - - <para>If you are planning to connect two LAN segments together, - such as your home LAN to the office LAN, this is the simplest - lowest - maintenance solution. Since you are buying the equipment for - both sides of the connection you can be assured that the link - will work.</para> - - <para>For example to connect a home computer or branch office - network to a head office network the following setup could be - used:</para> - - <example> - <title>Branch Office or Home Network</title> - - <indexterm><primary>10 base 2</primary></indexterm> - <para>Network uses a bus based topology with 10 base 2 - Ethernet (<quote>thinnet</quote>). Connect router to network cable with - AUI/10BT transceiver, if necessary.</para> - - <mediaobject> - <imageobject> - <imagedata fileref="advanced-networking/isdn-bus"/> - </imageobject> - - <textobject> - <literallayout class="monospaced">---Sun workstation -| ----FreeBSD box -| ----Windows 95 -| -Stand-alone router - | -ISDN BRI line</literallayout> - </textobject> - - <textobject> - <phrase>10 Base 2 Ethernet</phrase> - </textobject> - </mediaobject> - - <para>If your home/branch office is only one computer you can use a - twisted pair crossover cable to connect to the stand-alone router - directly.</para> - </example> - - <example> - <title>Head Office or Other LAN</title> - - <indexterm><primary>10 base T</primary></indexterm> - <para>Network uses a star topology with 10 base T Ethernet - (<quote>Twisted Pair</quote>).</para> - - <mediaobject> - <imageobject> - <imagedata fileref="advanced-networking/isdn-twisted-pair"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> -------Novell Server - | H | - | ---Sun - | | - | U ---FreeBSD - | | - | ---Windows 95 - | B | - |___---Stand-alone router - | - ISDN BRI line</literallayout> - </textobject> - - <textobject> - <phrase>ISDN Network Diagram</phrase> - </textobject> - </mediaobject> - </example> - - <para>One large advantage of most routers/bridges is that they allow you - to have 2 <emphasis>separate independent</emphasis> PPP connections to - 2 separate sites at the <emphasis>same</emphasis> time. This is not - supported on most TA's, except for specific (usually expensive) models - that - have two serial ports. Do not confuse this with channel bonding, MPP, - etc.</para> - - <para>This can be a very useful feature if, for example, you - have an dedicated ISDN connection at your office and would - like to tap into it, but do not want to get another ISDN line - at work. A router at the office location can manage a - dedicated B channel connection (64 Kbps) to the Internet - and use the other B channel for a separate data connection. - The second B channel can be used for dial-in, dial-out or - dynamically bonding (MPP, etc.) with the first B channel for - more bandwidth.</para> - - <indexterm><primary>IPX/SPX</primary></indexterm> - <para>An Ethernet bridge will also allow you to transmit more than just - IP traffic. You can also send IPX/SPX or whatever other protocols you - use.</para> - </sect2> - </sect1> - - <sect1 xml:id="network-natd"> - <info><title>Network Address Translation</title> - <authorgroup> - <author><personname><firstname>Chern</firstname><surname>Lee</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - - - <sect2 xml:id="network-natoverview"> - <title>Overview</title> - <indexterm> - <primary><application>natd</application></primary> - </indexterm> - <para>FreeBSD's Network Address Translation daemon, commonly known as - &man.natd.8; is a daemon that accepts incoming raw IP packets, - changes the source to the local machine and re-injects these packets - back into the outgoing IP packet stream. &man.natd.8; does this by changing - the source IP address and port such that when data is received back, - it is able to determine the original location of the data and forward - it back to its original requester.</para> - <indexterm><primary>Internet connection sharing</primary></indexterm> - <indexterm><primary>NAT</primary></indexterm> - <para>The most common use of NAT is to perform what is commonly known as - Internet Connection Sharing.</para> - </sect2> - - <sect2 xml:id="network-natsetup"> - <title>Setup</title> - <para>Due to the diminishing IP space in IPv4, and the increased number - of users on high-speed consumer lines such as cable or DSL, people are - increasingly in need of an Internet Connection Sharing solution. The - ability to connect several computers online through one connection and - IP address makes &man.natd.8; a reasonable choice.</para> - - <para>Most commonly, a user has a machine connected to a cable or DSL - line with one IP address and wishes to use this one connected computer to - provide Internet access to several more over a LAN.</para> - - <para>To do this, the FreeBSD machine on the Internet must act as a - gateway. This gateway machine must have two NICs—one for connecting - to the Internet router, the other connecting to a LAN. All the - machines on the LAN are connected through a hub or switch.</para> - - <note> - <para>There are many ways to get a LAN connected to the Internet - through a &os; gateway. This example will only cover a - gateway with at least two NICs.</para> - </note> - - <mediaobject> - <imageobject> - <imagedata fileref="advanced-networking/natd"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> _______ __________ ________ - | | | | | | - | Hub |-----| Client B |-----| Router |----- Internet - |_______| |__________| |________| - | - ____|_____ -| | -| Client A | -|__________|</literallayout> - </textobject> - - <textobject> - <phrase>Network Layout</phrase> - </textobject> - </mediaobject> - - <para>A setup like this is commonly used to share an Internet - connection. One of the <acronym>LAN</acronym> machines is - connected to the Internet. The rest of the machines access - the Internet through that <quote>gateway</quote> - machine.</para> - </sect2> - - <sect2 xml:id="network-natdkernconfiguration"> - <title>Configuration</title> - - <indexterm> - <primary>kernel</primary> - <secondary>configuration</secondary> - </indexterm> - - <para>The following options must be in the kernel configuration - file:</para> - <programlisting>options IPFIREWALL -options IPDIVERT</programlisting> - - <para>Additionally, at choice, the following may also be suitable:</para> - <programlisting>options IPFIREWALL_DEFAULT_TO_ACCEPT -options IPFIREWALL_VERBOSE</programlisting> - - <para>The following must be in <filename>/etc/rc.conf</filename>:</para> - - <programlisting>gateway_enable="YES" <co xml:id="co-natd-gateway-enable"/> -firewall_enable="YES" <co xml:id="co-natd-firewall-enable"/> -firewall_type="OPEN" <co xml:id="co-natd-firewall-type"/> -natd_enable="YES" -natd_interface="<replaceable>fxp0</replaceable>" <co xml:id="co-natd-natd-interface"/> -natd_flags="" <co xml:id="co-natd-natd-flags"/></programlisting> - - <calloutlist> - <callout arearefs="co-natd-gateway-enable"> - <para>Sets up the machine to act as a gateway. Running - <command>sysctl net.inet.ip.forwarding=1</command> would - have the same effect.</para> - </callout> - - <callout arearefs="co-natd-firewall-enable"> - <para>Enables the firewall rules in - <filename>/etc/rc.firewall</filename> at boot.</para> - </callout> - - <callout arearefs="co-natd-firewall-type"> - <para>This specifies a predefined firewall ruleset that - allows anything in. See - <filename>/etc/rc.firewall</filename> for additional - types.</para> - </callout> - - <callout arearefs="co-natd-natd-interface"> - <para>Indicates which interface to forward packets through - (the interface connected to the Internet).</para> - </callout> - - <callout arearefs="co-natd-natd-flags"> - <para>Any additional configuration options passed to - &man.natd.8; on boot.</para> - </callout> - </calloutlist> - - <para>Having the previous options defined in - <filename>/etc/rc.conf</filename> would run - <command>natd -interface fxp0</command> at boot. This can also - be run manually.</para> - - <note> - <para>It is also possible to use a configuration file for - &man.natd.8; when there are too many options to pass. In this - case, the configuration file must be defined by adding the - following line to <filename>/etc/rc.conf</filename>:</para> - - <programlisting>natd_flags="-f /etc/natd.conf"</programlisting> - - <para>The <filename>/etc/natd.conf</filename> file will - contain a list of configuration options, one per line. For - example the next section case would use the following - file:</para> - - <programlisting>redirect_port tcp 192.168.0.2:6667 6667 -redirect_port tcp 192.168.0.3:80 80</programlisting> - - <para>For more information about the configuration file, - consult the &man.natd.8; manual page about the - <option>-f</option> option.</para> - </note> - - <para>Each machine and interface behind the LAN should be - assigned IP address numbers in the private network space as - defined by <link xlink:href="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC 1918</link> - and have a default gateway of the <application>natd</application> machine's internal IP - address.</para> - - <para>For example, client <systemitem>A</systemitem> and - <systemitem>B</systemitem> behind the LAN have IP addresses of <systemitem class="ipaddress">192.168.0.2</systemitem> and <systemitem class="ipaddress">192.168.0.3</systemitem>, while the natd machine's - LAN interface has an IP address of <systemitem class="ipaddress">192.168.0.1</systemitem>. Client <systemitem>A</systemitem> - and <systemitem>B</systemitem>'s default gateway must be set to that - of the <application>natd</application> machine, <systemitem class="ipaddress">192.168.0.1</systemitem>. The <application>natd</application> machine's - external, or Internet interface does not require any special - modification for &man.natd.8; to work.</para> - </sect2> - - <sect2 xml:id="network-natdport-redirection"> - <title>Port Redirection</title> - - <para>The drawback with &man.natd.8; is that the LAN clients are not accessible - from the Internet. Clients on the LAN can make outgoing connections to - the world but cannot receive incoming ones. This presents a problem - if trying to run Internet services on one of the LAN client machines. - A simple way around this is to redirect selected Internet ports on the - <application>natd</application> machine to a LAN client. - </para> - - <para>For example, an IRC server runs on client <systemitem>A</systemitem>, and a web server runs - on client <systemitem>B</systemitem>. For this to work properly, connections received on ports - 6667 (IRC) and 80 (web) must be redirected to the respective machines. - </para> - - <para>The <option>-redirect_port</option> must be passed to - &man.natd.8; with the proper options. The syntax is as follows:</para> - <programlisting> -redirect_port proto targetIP:targetPORT[-targetPORT] - [aliasIP:]aliasPORT[-aliasPORT] - [remoteIP[:remotePORT[-remotePORT]]]</programlisting> - - <para>In the above example, the argument should be:</para> - - <programlisting> -redirect_port tcp 192.168.0.2:6667 6667 - -redirect_port tcp 192.168.0.3:80 80</programlisting> - - <para> - This will redirect the proper <emphasis>tcp</emphasis> ports to the - LAN client machines. - </para> - - <para>The <option>-redirect_port</option> argument can be used to indicate port - ranges over individual ports. For example, <replaceable>tcp - 192.168.0.2:2000-3000 2000-3000</replaceable> would redirect - all connections received on ports 2000 to 3000 to ports 2000 - to 3000 on client <systemitem>A</systemitem>.</para> - - <para>These options can be used when directly running - &man.natd.8;, placed within the - <literal>natd_flags=""</literal> option in - <filename>/etc/rc.conf</filename>, - or passed via a configuration file.</para> - - <para>For further configuration options, consult &man.natd.8;</para> - </sect2> - - <sect2 xml:id="network-natdaddress-redirection"> - <title>Address Redirection</title> - <indexterm><primary>address redirection</primary></indexterm> - <para>Address redirection is useful if several IP addresses are - available, yet they must be on one machine. With this, - &man.natd.8; can assign each LAN client its own external IP address. - &man.natd.8; then rewrites outgoing packets from the LAN clients - with the proper external IP address and redirects - all traffic incoming on that particular IP address back to - the specific LAN client. This is also known as static NAT. - For example, the IP addresses <systemitem class="ipaddress">128.1.1.1</systemitem>, - <systemitem class="ipaddress">128.1.1.2</systemitem>, and - <systemitem class="ipaddress">128.1.1.3</systemitem> belong to the <application>natd</application> gateway - machine. <systemitem class="ipaddress">128.1.1.1</systemitem> can be used - as the <application>natd</application> gateway machine's external IP address, while - <systemitem class="ipaddress">128.1.1.2</systemitem> and - <systemitem class="ipaddress">128.1.1.3</systemitem> are forwarded back to LAN - clients <systemitem>A</systemitem> and <systemitem>B</systemitem>.</para> - - <para>The <option>-redirect_address</option> syntax is as follows:</para> - - <programlisting>-redirect_address localIP publicIP</programlisting> - - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <tbody> - <row> - <entry>localIP</entry> - <entry>The internal IP address of the LAN client.</entry> - </row> - <row> - <entry>publicIP</entry> - <entry>The external IP address corresponding to the LAN client.</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>In the example, this argument would read:</para> - - <programlisting>-redirect_address 192.168.0.2 128.1.1.2 --redirect_address 192.168.0.3 128.1.1.3</programlisting> - - <para>Like <option>-redirect_port</option>, these arguments are also placed within - the <literal>natd_flags=""</literal> option of <filename>/etc/rc.conf</filename>, or passed via a configuration file. With address - redirection, there is no need for port redirection since all data - received on a particular IP address is redirected.</para> - - <para>The external IP addresses on the <application>natd</application> machine must be active and aliased - to the external interface. Look at &man.rc.conf.5; to do so.</para> - - </sect2> - </sect1> - - <sect1 xml:id="network-plip"> - <title>Parallel Line IP (PLIP)</title> - - <indexterm><primary>PLIP</primary></indexterm> - <indexterm> - <primary>Parallel Line IP</primary> - <see>PLIP</see> - </indexterm> - - <para>PLIP lets us run TCP/IP between parallel ports. It is - useful on machines without network cards, or to install on - laptops. In this section, we will discuss:</para> - - <itemizedlist> - <listitem> - <para>Creating a parallel (laplink) cable.</para> - </listitem> - - <listitem> - <para>Connecting two computers with PLIP.</para> - </listitem> - </itemizedlist> - - <sect2 xml:id="network-create-parallel-cable"> - <title>Creating a Parallel Cable</title> - - <para>You can purchase a parallel cable at most computer supply - stores. If you cannot do that, or you just want to know how - it is done, the following table shows how to make one out of a normal parallel - printer cable.</para> - - <table frame="none"> - <title>Wiring a Parallel Cable for Networking</title> - - <tgroup cols="5"> - <thead> - <row> - <entry>A-name</entry> - - <entry>A-End</entry> - - <entry>B-End</entry> - - <entry>Descr.</entry> - - <entry>Post/Bit</entry> - </row> - </thead> - - <tbody> - <row> - <entry><literallayout>DATA0 --ERROR</literallayout></entry> - - <entry><literallayout>2 -15</literallayout></entry> - - <entry><literallayout>15 -2</literallayout></entry> - - <entry>Data</entry> - - <entry><literallayout>0/0x01 -1/0x08</literallayout></entry> - </row> - - <row> - <entry><literallayout>DATA1 -+SLCT</literallayout></entry> - - <entry><literallayout>3 -13</literallayout></entry> - - <entry><literallayout>13 -3</literallayout></entry> - - <entry>Data</entry> - - <entry><literallayout>0/0x02 -1/0x10</literallayout></entry> - </row> - - <row> - <entry><literallayout>DATA2 -+PE</literallayout></entry> - - <entry><literallayout>4 -12</literallayout></entry> - - <entry><literallayout>12 -4</literallayout></entry> - - <entry>Data</entry> - - <entry><literallayout>0/0x04 -1/0x20</literallayout></entry> - </row> - - <row> - <entry><literallayout>DATA3 --ACK</literallayout></entry> - - <entry><literallayout>5 -10</literallayout></entry> - - <entry><literallayout>10 -5</literallayout></entry> - - <entry>Strobe</entry> - - <entry><literallayout>0/0x08 -1/0x40</literallayout></entry> - </row> - - <row> - <entry><literallayout>DATA4 -BUSY</literallayout></entry> - - <entry><literallayout>6 -11</literallayout></entry> - - <entry><literallayout>11 -6</literallayout></entry> - - <entry>Data</entry> - - <entry><literallayout>0/0x10 -1/0x80</literallayout></entry> - </row> - - <row> - <entry>GND</entry> - - <entry>18-25</entry> - - <entry>18-25</entry> - - <entry>GND</entry> - - <entry>-</entry> - </row> - </tbody> - </tgroup> - </table> - </sect2> - - <sect2 xml:id="network-plip-setup"> - <title>Setting Up PLIP</title> - - <para>First, you have to get a laplink cable. - Then, confirm that both computers have a kernel with &man.lpt.4; driver - support:</para> - - <screen>&prompt.root; <userinput>grep lp /var/run/dmesg.boot</userinput> -lpt0: <Printer> on ppbus0 -lpt0: Interrupt-driven port</screen> - - <para>The parallel port must be an interrupt driven port, - you should have lines similar to the - following in your in the - <filename>/boot/device.hints</filename> file:</para> - - <programlisting>hint.ppc.0.at="isa" -hint.ppc.0.irq="7"</programlisting> - - <para>Then check if the kernel configuration file has a - <literal>device plip</literal> line or if the - <filename>plip.ko</filename> kernel module is loaded. In both - cases the parallel networking interface should appear when you - use the &man.ifconfig.8; command to display it:</para> - - <screen>&prompt.root; <userinput>ifconfig plip0</userinput> -plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500</screen> - - <para>Plug the laplink cable into the parallel interface on - both computers.</para> - - <para>Configure the network interface parameters on both - sites as <systemitem class="username">root</systemitem>. For example, if you want to connect - the host <systemitem>host1</systemitem> with another machine <systemitem>host2</systemitem>:</para> - - <programlisting> host1 <-----> host2 -IP Address 10.0.0.1 10.0.0.2</programlisting> - - <para>Configure the interface on <systemitem>host1</systemitem> by doing:</para> - - <screen>&prompt.root; <userinput>ifconfig plip0 10.0.0.1 10.0.0.2</userinput></screen> - - <para>Configure the interface on <systemitem>host2</systemitem> by doing:</para> - - <screen>&prompt.root; <userinput>ifconfig plip0 10.0.0.2 10.0.0.1</userinput></screen> - - - <para>You now should have a working connection. Please read the - manual pages &man.lp.4; and &man.lpt.4; for more details.</para> - - <para>You should also add both hosts to - <filename>/etc/hosts</filename>:</para> - - <programlisting>127.0.0.1 localhost.my.domain localhost -10.0.0.1 host1.my.domain host1 -10.0.0.2 host2.my.domain</programlisting> - - <para>To confirm the connection works, go to each host and ping - the other. For example, on <systemitem>host1</systemitem>:</para> - - <screen>&prompt.root; <userinput>ifconfig plip0</userinput> -plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500 - inet 10.0.0.1 --> 10.0.0.2 netmask 0xff000000 -&prompt.root; <userinput>netstat -r</userinput> -Routing tables - -Internet: -Destination Gateway Flags Refs Use Netif Expire -host2 host1 UH 0 0 plip0 -&prompt.root; <userinput>ping -c 4 host2</userinput> -PING host2 (10.0.0.2): 56 data bytes -64 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=2.774 ms -64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=2.530 ms -64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=2.556 ms -64 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=2.714 ms - ---- host2 ping statistics --- -4 packets transmitted, 4 packets received, 0% packet loss -round-trip min/avg/max/stddev = 2.530/2.643/2.774/0.103 ms</screen> - - </sect2> - </sect1> - - <sect1 xml:id="network-ipv6"> - <info><title>IPv6</title> - <authorgroup> - <author><personname><firstname>Aaron</firstname><surname>Kaplan</surname></personname><contrib>Originally Written by </contrib></author> - </authorgroup> - <authorgroup> - <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Restructured and Added by </contrib></author> - </authorgroup> - <authorgroup> - <author><personname><firstname>Brad</firstname><surname>Davis</surname></personname><contrib>Extended by </contrib></author> - </authorgroup> - - </info> - - - <para>IPv6 (also known as IPng <quote>IP next generation</quote>) is - the new version of the well known IP protocol (also known as - <acronym>IPv4</acronym>). Like the other current *BSD systems, - FreeBSD includes the KAME IPv6 reference implementation. - So your FreeBSD system comes with all you will need to experiment with IPv6. - This section focuses on getting IPv6 configured and running.</para> - - <para>In the early 1990s, people became aware of the rapidly - diminishing address space of IPv4. Given the expansion rate of the - Internet there were two major concerns:</para> - - <itemizedlist> - <listitem> - <para>Running out of addresses. Today this is not so much of a concern - anymore since RFC1918 private address space - (<systemitem class="ipaddress">10.0.0.0/8</systemitem>, - <systemitem class="ipaddress">172.16.0.0/12</systemitem>, and - <systemitem class="ipaddress">192.168.0.0/16</systemitem>) - and Network Address Translation (<acronym>NAT</acronym>) are - being employed.</para> - </listitem> - - <listitem> - <para>Router table entries were getting too large. This is - still a concern today.</para> - </listitem> - </itemizedlist> - - <para>IPv6 deals with these and many other issues:</para> - - <itemizedlist> - <listitem> - <para>128 bit address space. In other words theoretically there are - 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses - available. This means there are approximately - 6.67 * 10^27 IPv6 addresses per square meter on our planet.</para> - </listitem> - - <listitem> - <para>Routers will only store network aggregation addresses in their routing - tables thus reducing the average space of a routing table to 8192 - entries.</para> - </listitem> - </itemizedlist> - - <para>There are also lots of other useful features of IPv6 such as:</para> - - <itemizedlist> - <listitem> - <para>Address autoconfiguration (<link xlink:href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</link>)</para> - </listitem> - - <listitem> - <para>Anycast addresses (<quote>one-out-of many</quote>)</para> - </listitem> - - <listitem> - <para>Mandatory multicast addresses</para> - </listitem> - - <listitem> - <para>IPsec (IP security)</para> - </listitem> - - <listitem> - <para>Simplified header structure</para> - </listitem> - - <listitem> - <para>Mobile <acronym>IP</acronym></para> - </listitem> - - <listitem> - <para>IPv6-to-IPv4 transition mechanisms</para> - </listitem> - </itemizedlist> - - - <para>For more information see:</para> - - <itemizedlist> - <listitem> - <para>IPv6 overview at <link xlink:href="http://playground.sun.com/pub/ipng/html/ipng-main.html">playground.sun.com</link></para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.kame.net">KAME.net</link></para> - </listitem> - </itemizedlist> - - <sect2> - <title>Background on IPv6 Addresses</title> - <para>There are different types of IPv6 addresses: Unicast, Anycast and - Multicast.</para> - - <para>Unicast addresses are the well known addresses. A packet sent - to a unicast address arrives exactly at the interface belonging to - the address.</para> - - <para>Anycast addresses are syntactically indistinguishable from unicast - addresses but they address a group of interfaces. The packet destined for - an anycast address will arrive at the nearest (in router metric) - interface. Anycast addresses may only be used by routers.</para> - - <para>Multicast addresses identify a group of interfaces. A packet destined - for a multicast address will arrive at all interfaces belonging to the - multicast group.</para> - - <note><para>The IPv4 broadcast address (usually <systemitem class="ipaddress">xxx.xxx.xxx.255</systemitem>) is expressed - by multicast addresses in IPv6.</para></note> - - <table frame="none"> - <title>Reserved IPv6 addresses</title> - - <tgroup cols="4"> - <thead> - <row> - <entry>IPv6 address</entry> - <entry>Prefixlength (Bits)</entry> - <entry>Description</entry> - <entry>Notes</entry> - </row> - </thead> - - <tbody> - <row> - <entry><systemitem>::</systemitem></entry> - <entry>128 bits</entry> - <entry>unspecified</entry> - <entry>cf. <systemitem class="ipaddress">0.0.0.0</systemitem> in - IPv4</entry> - </row> - - <row> - <entry><systemitem>::1</systemitem></entry> - <entry>128 bits</entry> - <entry>loopback address</entry> - <entry>cf. <systemitem class="ipaddress">127.0.0.1</systemitem> in - IPv4</entry> - </row> - - <row> - <entry><systemitem>::00:xx:xx:xx:xx</systemitem></entry> - <entry>96 bits</entry> - <entry>embedded IPv4</entry> - <entry>The lower 32 bits are the IPv4 address. Also - called <quote>IPv4 compatible IPv6 - address</quote></entry> - </row> - - <row> - <entry><systemitem>::ff:xx:xx:xx:xx</systemitem></entry> - <entry>96 bits</entry> - <entry>IPv4 mapped IPv6 address</entry> - <entry>The lower 32 bits are the IPv4 address. - For hosts which do not support IPv6.</entry> - </row> - - <row> - <entry><systemitem>fe80::</systemitem> - <systemitem>feb::</systemitem></entry> - <entry>10 bits</entry> - <entry>link-local</entry> - <entry>cf. loopback address in IPv4</entry> - </row> - - <row> - <entry><systemitem>fec0::</systemitem> - <systemitem>fef::</systemitem></entry> - <entry>10 bits</entry> - <entry>site-local</entry> - <entry> </entry> - </row> - - <row> - <entry><systemitem>ff::</systemitem></entry> - <entry>8 bits</entry> - <entry>multicast</entry> - <entry> </entry> - </row> - - <row> - <entry><systemitem>001</systemitem> (base - 2)</entry> - <entry>3 bits</entry> - <entry>global unicast</entry> - <entry>All global unicast addresses are assigned from - this pool. The first 3 bits are - <quote>001</quote>.</entry> - </row> - </tbody> - </tgroup> - </table> - </sect2> - - <sect2> - <title>Reading IPv6 Addresses</title> - <para>The canonical form is represented as: <systemitem>x:x:x:x:x:x:x:x</systemitem>, each - <quote>x</quote> being a 16 Bit hex value. For example - <systemitem>FEBC:A574:382B:23C1:AA49:4592:4EFE:9982</systemitem></para> - - <para>Often an address will have long substrings of all zeros - therefore one such substring per address can be abbreviated by <quote>::</quote>. - Also up to three leading <quote>0</quote>s per hexquad can be omitted. - For example <systemitem>fe80::1</systemitem> - corresponds to the canonical form - <systemitem>fe80:0000:0000:0000:0000:0000:0000:0001</systemitem>.</para> - - <para>A third form is to write the last 32 Bit part in the - well known (decimal) IPv4 style with dots <quote>.</quote> - as separators. For example - <systemitem>2002::10.0.0.1</systemitem> - corresponds to the (hexadecimal) canonical representation - <systemitem>2002:0000:0000:0000:0000:0000:0a00:0001</systemitem> - which in turn is equivalent to - writing <systemitem>2002::a00:1</systemitem>.</para> - - <para>By now the reader should be able to understand the following:</para> - - <screen>&prompt.root; <userinput>ifconfig</userinput></screen> - - <programlisting>rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 - inet 10.0.0.10 netmask 0xffffff00 broadcast 10.0.0.255 - inet6 fe80::200:21ff:fe03:8e1%rl0 prefixlen 64 scopeid 0x1 - ether 00:00:21:03:08:e1 - media: Ethernet autoselect (100baseTX ) - status: active</programlisting> - - <para><systemitem>fe80::200:21ff:fe03:8e1%rl0</systemitem> - is an auto configured link-local address. It is generated from the MAC - address as part of the auto configuration.</para> - - <para>For further information on the structure of IPv6 addresses - see <link xlink:href="http://www.ietf.org/rfc/rfc3513.txt">RFC3513</link>.</para> - </sect2> - - <sect2> - <title>Getting Connected</title> - - <para>Currently there are four ways to connect to other IPv6 hosts and networks:</para> - - <itemizedlist> - <listitem> - <para>Getting an IPv6 network from your upstream provider. Talk to your - Internet provider for instructions.</para> - </listitem> - - <listitem> - <para>Tunnel via 6-to-4 (<link xlink:href="http://www.ietf.org/rfc/rfc3068.txt">RFC3068</link>)</para> - </listitem> - - <listitem> - <para>Use the <package>net/freenet6</package> port if you are on a dial-up connection.</para> - </listitem> - </itemizedlist> - </sect2> - - <sect2> - <title>DNS in the IPv6 World</title> - - <para>There used to be two types of DNS records for IPv6. The IETF - has declared A6 records obsolete. AAAA records are the standard - now.</para> - - <para>Using AAAA records is straightforward. Assign your hostname to the new - IPv6 address you just received by adding:</para> - - <programlisting>MYHOSTNAME AAAA MYIPv6ADDR</programlisting> - - <para>To your primary zone DNS file. In case you do not serve your own - <acronym>DNS</acronym> zones ask your <acronym>DNS</acronym> provider. - Current versions of <application>bind</application> (version 8.3 and 9) - and <package>dns/djbdns</package> (with the IPv6 patch) - support AAAA records.</para> - </sect2> - - <sect2> - <title>Applying the needed changes to <filename>/etc/rc.conf</filename></title> - - <sect3> - <title>IPv6 Client Settings</title> - - <para>These settings will help you configure a machine that will be on - your LAN and act as a client, not a router. To have &man.rtsol.8; - autoconfigure your interface on boot all you need to add is:</para> - - <programlisting>ipv6_enable="YES"</programlisting> - - <para>To statically assign an IP address such as <systemitem> - 2001:471:1f11:251:290:27ff:fee0:2093</systemitem>, to your - <filename>fxp0</filename> interface, add:</para> - - <programlisting>ipv6_ifconfig_fxp0="2001:471:1f11:251:290:27ff:fee0:2093"</programlisting> - - <para>To assign a default router of - <systemitem>2001:471:1f11:251::1</systemitem> - add the following to <filename>/etc/rc.conf</filename>:</para> - - <programlisting>ipv6_defaultrouter="2001:471:1f11:251::1"</programlisting> - - </sect3> - - <sect3> - <title>IPv6 Router/Gateway Settings</title> - - <para>This will help you take the directions that your tunnel provider has - given you and convert it into settings that will persist through reboots. - To restore your tunnel on startup use something like the following in - <filename>/etc/rc.conf</filename>:</para> - - <para>List the Generic Tunneling interfaces that will be configured, for - example <filename>gif0</filename>:</para> - - <programlisting>gif_interfaces="gif0"</programlisting> - - <para>To configure the interface with a local endpoint of - <replaceable>MY_IPv4_ADDR</replaceable> to a remote endpoint of - <replaceable>REMOTE_IPv4_ADDR</replaceable>:</para> - - <programlisting>gifconfig_gif0="<replaceable>MY_IPv4_ADDR REMOTE_IPv4_ADDR</replaceable>"</programlisting> - - <para>To apply the IPv6 address you have been assigned for use as your - IPv6 tunnel endpoint, add:</para> - - <programlisting>ipv6_ifconfig_gif0="<replaceable>MY_ASSIGNED_IPv6_TUNNEL_ENDPOINT_ADDR</replaceable>"</programlisting> - - <para>Then all you have to do is set the default route for IPv6. This is - the other side of the IPv6 tunnel:</para> - - <programlisting>ipv6_defaultrouter="<replaceable>MY_IPv6_REMOTE_TUNNEL_ENDPOINT_ADDR</replaceable>"</programlisting> - - </sect3> - - <sect3> - <title>IPv6 Tunnel Settings</title> - - <para>If the server is to route IPv6 between the rest of your network - and the world, the following <filename>/etc/rc.conf</filename> - setting will also be needed:</para> - - <programlisting>ipv6_gateway_enable="YES"</programlisting> - - </sect3> - </sect2> - - <sect2> - <title>Router Advertisement and Host Auto Configuration</title> - - <para>This section will help you setup &man.rtadvd.8; to advertise the - IPv6 default route.</para> - - <para>To enable &man.rtadvd.8; you will need the following in your - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>rtadvd_enable="YES"</programlisting> - - <para>It is important that you specify the interface on which to do - IPv6 router solicitation. For example to tell &man.rtadvd.8; to use - <filename>fxp0</filename>:</para> - - <programlisting>rtadvd_interfaces="fxp0"</programlisting> - - <para>Now we must create the configuration file, - <filename>/etc/rtadvd.conf</filename>. Here is an example:</para> - - <programlisting>fxp0:\ - :addrs#1:addr="2001:471:1f11:246::":prefixlen#64:tc=ether:</programlisting> - - <para>Replace <filename>fxp0</filename> with the interface you - are going to be using.</para> - - <para>Next, replace <systemitem>2001:471:1f11:246::</systemitem> - with the prefix of your allocation.</para> - - <para>If you are dedicated a <systemitem class="netmask">/64</systemitem> subnet - you will not need to change anything else. Otherwise, you will need to - change the <literal>prefixlen#</literal> to the correct value.</para> - - </sect2> - </sect1> - - <sect1 xml:id="network-atm"> - <info><title>Asynchronous Transfer Mode (ATM)</title> - <authorgroup> - <author><personname><firstname>Harti</firstname><surname>Brandt</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - - - - <sect2> - <title>Configuring classical IP over ATM (PVCs)</title> - - <para>Classical IP over ATM (<acronym>CLIP</acronym>) is the - simplest method to use Asynchronous Transfer Mode (ATM) - with IP. It can be used with - switched connections (SVCs) and with permanent connections - (PVCs). This section describes how to set up a network based - on PVCs.</para> - - <sect3> - <title>Fully meshed configurations</title> - - <para>The first method to set up a <acronym>CLIP</acronym> with - PVCs is to connect each machine to each other machine in the - network via a dedicated PVC. While this is simple to - configure it tends to become impractical for a larger number - of machines. The example supposes that we have four - machines in the network, each connected to the <acronym role="Asynchronous Transfer Mode">ATM</acronym> network - with an <acronym role="Asynchronous Transfer Mode">ATM</acronym> adapter card. The first step is the planning of - the IP addresses and the <acronym role="Asynchronous Transfer Mode">ATM</acronym> connections between the - machines. We use the following:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="1*"/> - <thead> - <row> - <entry>Host</entry> - <entry>IP Address</entry> - </row> - </thead> - - <tbody> - <row> - <entry><systemitem>hostA</systemitem></entry> - <entry><systemitem class="ipaddress">192.168.173.1</systemitem></entry> - </row> - - <row> - <entry><systemitem>hostB</systemitem></entry> - <entry><systemitem class="ipaddress">192.168.173.2</systemitem></entry> - </row> - - <row> - <entry><systemitem>hostC</systemitem></entry> - <entry><systemitem class="ipaddress">192.168.173.3</systemitem></entry> - </row> - - <row> - <entry><systemitem>hostD</systemitem></entry> - <entry><systemitem class="ipaddress">192.168.173.4</systemitem></entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>To build a fully meshed net we need one ATM connection - between each pair of machines:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="1*"/> - <thead> - <row> - <entry>Machines</entry> - <entry>VPI.VCI couple</entry> - </row> - </thead> - - <tbody> - <row> - <entry><systemitem>hostA</systemitem> - <systemitem>hostB</systemitem></entry> - <entry>0.100</entry> - </row> - - <row> - <entry><systemitem>hostA</systemitem> - <systemitem>hostC</systemitem></entry> - <entry>0.101</entry> - </row> - - <row> - <entry><systemitem>hostA</systemitem> - <systemitem>hostD</systemitem></entry> - <entry>0.102</entry> - </row> - - <row> - <entry><systemitem>hostB</systemitem> - <systemitem>hostC</systemitem></entry> - <entry>0.103</entry> - </row> - - <row> - <entry><systemitem>hostB</systemitem> - <systemitem>hostD</systemitem></entry> - <entry>0.104</entry> - </row> - - <row> - <entry><systemitem>hostC</systemitem> - <systemitem>hostD</systemitem></entry> - <entry>0.105</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>The VPI and VCI values at each end of the connection may - of course differ, but for simplicity we assume that they are - the same. Next we need to configure the ATM interfaces on - each host:</para> - - <screen>hostA&prompt.root; <userinput>ifconfig hatm0 192.168.173.1 up</userinput> -hostB&prompt.root; <userinput>ifconfig hatm0 192.168.173.2 up</userinput> -hostC&prompt.root; <userinput>ifconfig hatm0 192.168.173.3 up</userinput> -hostD&prompt.root; <userinput>ifconfig hatm0 192.168.173.4 up</userinput></screen> - - <para>assuming that the ATM interface is - <filename>hatm0</filename> on all hosts. Now the PVCs - need to be configured on <systemitem>hostA</systemitem> (we assume that - they are already configured on the ATM switches, you need to - consult the manual for the switch on how to do this).</para> - - <screen>hostA&prompt.root; <userinput>atmconfig natm add 192.168.173.2 hatm0 0 100 llc/snap ubr</userinput> -hostA&prompt.root; <userinput>atmconfig natm add 192.168.173.3 hatm0 0 101 llc/snap ubr</userinput> -hostA&prompt.root; <userinput>atmconfig natm add 192.168.173.4 hatm0 0 102 llc/snap ubr</userinput> - -hostB&prompt.root; <userinput>atmconfig natm add 192.168.173.1 hatm0 0 100 llc/snap ubr</userinput> -hostB&prompt.root; <userinput>atmconfig natm add 192.168.173.3 hatm0 0 103 llc/snap ubr</userinput> -hostB&prompt.root; <userinput>atmconfig natm add 192.168.173.4 hatm0 0 104 llc/snap ubr</userinput> - -hostC&prompt.root; <userinput>atmconfig natm add 192.168.173.1 hatm0 0 101 llc/snap ubr</userinput> -hostC&prompt.root; <userinput>atmconfig natm add 192.168.173.2 hatm0 0 103 llc/snap ubr</userinput> -hostC&prompt.root; <userinput>atmconfig natm add 192.168.173.4 hatm0 0 105 llc/snap ubr</userinput> - -hostD&prompt.root; <userinput>atmconfig natm add 192.168.173.1 hatm0 0 102 llc/snap ubr</userinput> -hostD&prompt.root; <userinput>atmconfig natm add 192.168.173.2 hatm0 0 104 llc/snap ubr</userinput> -hostD&prompt.root; <userinput>atmconfig natm add 192.168.173.3 hatm0 0 105 llc/snap ubr</userinput></screen> - - <para>Of course other traffic contracts than UBR can be used - given the ATM adapter supports those. In this case the name - of the traffic contract is followed by the parameters of the - traffic. Help for the &man.atmconfig.8; tool can be - obtained with:</para> - - <screen>&prompt.root; <userinput>atmconfig help natm add</userinput></screen> - - <para>or in the &man.atmconfig.8; manual page.</para> - - <para>The same configuration can also be done via - <filename>/etc/rc.conf</filename>. - For <systemitem>hostA</systemitem> this would look like:</para> - -<programlisting>network_interfaces="lo0 hatm0" -ifconfig_hatm0="inet 192.168.173.1 up" -natm_static_routes="hostB hostC hostD" -route_hostB="192.168.173.2 hatm0 0 100 llc/snap ubr" -route_hostC="192.168.173.3 hatm0 0 101 llc/snap ubr" -route_hostD="192.168.173.4 hatm0 0 102 llc/snap ubr"</programlisting> - - <para>The current state of all <acronym>CLIP</acronym> routes - can be obtained with:</para> - - <screen>hostA&prompt.root; <userinput>atmconfig natm show</userinput></screen> - </sect3> - </sect2> - </sect1> - - <sect1 xml:id="carp"> - <info><title>Common Access Redundancy Protocol (CARP)</title> - <authorgroup> - <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - - - <indexterm><primary>CARP</primary></indexterm> - <indexterm><primary>Common Access Redundancy Protocol</primary></indexterm> - - <para>The Common Access Redundancy Protocol, or - <acronym>CARP</acronym> allows multiple hosts to share the same - <acronym>IP</acronym> address. In some configurations, this may - be used for availability or load balancing. Hosts may use separate - <acronym>IP</acronym> addresses as well, as in the example provided - here.</para> - - <para>To enable support for <acronym>CARP</acronym>, the &os; - kernel must be rebuilt with the following option:</para> - - <programlisting>device carp</programlisting> - - <para><acronym>CARP</acronym> functionality should now be available - and may be tuned via several <command>sysctl</command> - <acronym>OID</acronym>s. Devices themselves may be loaded via - the <command>ifconfig</command> command:</para> - - <screen>&prompt.root; <userinput>ifconfig carp0 create</userinput></screen> - - <para>In a real environment, these interfaces will need unique - identification numbers known as a <acronym>VHID</acronym>. This - <acronym>VHID</acronym> or Virtual Host Identification will be - used to distinguish the host on the network.</para> - - <sect2> - <title>Using CARP For Server Availability (CARP)</title> - - <para>One use of <acronym>CARP</acronym>, as noted above, is for - server availability. This example will provide failover support - for three hosts, all with unique <acronym>IP</acronym> - addresses and providing the same web content. These machines will - act in conjunction with a Round Robin <acronym>DNS</acronym> - configuration. The failover machine will have two additional - <acronym>CARP</acronym> interfaces, one for each of the content - server's <acronym>IP</acronym>s. When a failure occurs, the - failover server should pick up the failed machine's - <acronym>IP</acronym> address. This means the failure should - go completely unnoticed to the user. The failover server - requires identical content and services as the other content - servers it is expected to pick up load for.</para> - - <para>The two machines should be configured identically other - than their issued hostnames and <acronym>VHID</acronym>s. - This example calls these machines - <systemitem>hosta.example.org</systemitem> and - <systemitem>hostb.example.org</systemitem> respectively. First, the - required lines for a <acronym>CARP</acronym> configuration have - to be added to <filename>rc.conf</filename>. For - <systemitem>hosta.example.org</systemitem>, the - <filename>rc.conf</filename> file should contain the following - lines:</para> - - <programlisting>hostname="hosta.example.org" -ifconfig_fxp0="inet 192.168.1.3 netmask 255.255.255.0" -cloned_interfaces="carp0" -ifconfig_carp0="vhid 1 pass testpast 192.168.1.50/24"</programlisting> - - <para>On <systemitem>hostb.example.org</systemitem> the following lines - should be in <filename>rc.conf</filename>:</para> - - <programlisting>hostname="hostb.example.org" -ifconfig_fxp0="inet 192.168.1.4 netmask 255.255.255.0" -cloned_interfaces="carp0" -ifconfig_carp0="vhid 2 pass testpass 192.168.1.51/24"</programlisting> - - <note> - <para>It is very important that the passwords, specified by the - <option>pass</option> option to <command>ifconfig</command>, - are identical. The <filename>carp</filename> devices will - only listen to and accept advertisements from machines with the - correct password. The <acronym>VHID</acronym> must also be - different for each machine.</para> - </note> - - <para>The third machine, - <systemitem>provider.example.org</systemitem>, should be prepared so that - it may handle failover from either host. This machine will require - two <filename>carp</filename> devices, one to handle each - host. The appropriate <filename>rc.conf</filename> - configuration lines will be similar to the following:</para> - - <programlisting>hostname="provider.example.org" -ifconfig_fxp0="inet 192.168.1.5 netmask 255.255.255.0" -cloned_interfaces="carp0 carp1" -ifconfig_carp0="vhid 1 advskew 100 pass testpass 192.168.1.50/24" -ifconfig_carp1="vhid 2 advskew 100 pass testpass 192.168.1.51/24"</programlisting> - - <para>Having the two <filename>carp</filename> devices will - allow <systemitem>provider.example.org</systemitem> to notice and pick - up the <acronym>IP</acronym> address of either machine should - it stop responding.</para> - - <note> - <para>The default &os; kernel <emphasis>may</emphasis> have - preemption enabled. If so, - <systemitem>provider.example.org</systemitem> may not relinquish the - <acronym>IP</acronym> address back to the original content - server. In this case, an administrator may - <quote>nudge</quote> the interface. The following command - should be issued on - <systemitem>provider.example.org</systemitem>:</para> - - <screen>&prompt.root; <userinput>ifconfig carp0 down && ifconfig carp0 up</userinput></screen> - - <para>This should be done on the <filename>carp</filename> - interface which corresponds to the correct host.</para> - </note> - - <para>At this point, <acronym>CARP</acronym> should be completely - enabled and available for testing. For testing, either networking has - to be restarted or the machines need to be rebooted.</para> - - <para>More information is always available in the &man.carp.4; - manual page.</para> - </sect2> - </sect1> -</chapter> diff --git a/zh_TW.UTF-8/books/handbook/audit/Makefile b/zh_TW.UTF-8/books/handbook/audit/Makefile deleted file mode 100644 index 2d71ed91f5..0000000000 --- a/zh_TW.UTF-8/books/handbook/audit/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# -# Build the Handbook with just the content from this chapter. -# -# $FreeBSD$ -# Original revision: 1.1 -# - -CHAPTERS= audit/chapter.xml - -VPATH= .. - -MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX} - -DOC_PREFIX?= ${.CURDIR}/../../../.. - -.include "../Makefile" diff --git a/zh_TW.UTF-8/books/handbook/audit/chapter.xml b/zh_TW.UTF-8/books/handbook/audit/chapter.xml deleted file mode 100644 index 5e899c5b88..0000000000 --- a/zh_TW.UTF-8/books/handbook/audit/chapter.xml +++ /dev/null @@ -1,567 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - The FreeBSD Documentation Project - $FreeBSD$ - Original revision: 1.13 ---> -<!-- Need more documentation on praudit, auditreduce, etc. Plus more info -on the triggers from the kernel (log rotation, out of space, etc). -And the /dev/audit special file if we choose to support that. Could use -some coverage of integrating MAC with Event auditing and perhaps discussion -on how some companies or organizations handle auditing and auditing -requirements. --> -<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="audit"> - <info><title>Security Event Auditing</title> - <authorgroup> - <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Written by </contrib></author> - </authorgroup> - </info> - - - - <sect1 xml:id="audit-synopsis"> - <title>Synopsis</title> - - <indexterm><primary>AUDIT</primary></indexterm> - <indexterm> - <primary>Security Event Auditing</primary> - <see>MAC</see> - </indexterm> - - <para>The &os; 7-CURRENT development branch includes - support for Event Auditing based on the &posix;.1e draft and - Sun's published <acronym>BSM</acronym> API and file format. - Event auditing permits the selective logging of security-relevant - system events for the purposes of post-mortem analysis, system - monitoring, and intrusion detection. After some settling time in - &os; 7-CURRENT, this support will be merged to &os; 6-STABLE - and appear in subsequent releases.</para> - - <warning> - <para>The audit facility in FreeBSD is considered experimental, and - production deployment should occur only after careful consideration - of the risks of deploying experimental software.</para> - </warning> - - <para>This chapter will focus mainly on the installation and - configuration of Event Auditing. Explanation of audit policies, - and an example configuration will be provided for the - convenience of the reader.</para> - - <para>After reading this chapter, you will know:</para> - - <itemizedlist> - <listitem> - <para>What Event Auditing is and how it works.</para> - </listitem> - - <listitem> - <para>How to configure Event Auditing on &os; for users - and processes.</para> - </listitem> - </itemizedlist> - - <para>Before reading this chapter, you should:</para> - - <itemizedlist> - <listitem> - <para>Understand &unix; and &os; basics - (<xref linkend="basics"/>).</para> - </listitem> - - <listitem> - <para>Be familiar with the basics of kernel - configuration/compilation - (<xref linkend="kernelconfig"/>).</para> - </listitem> - - <listitem> - <para>Have some familiarity with security and how it - pertains to &os; (<xref linkend="security"/>).</para> - </listitem> - </itemizedlist> - - <warning> - <para>Event auditing can generate a great deal of log file - data, exceeding gigabytes a week in some configurations. An - administrator should read this chapter in its entirety to avoid - possible self-inflicted <acronym>DoS</acronym> attacks due to - improper configuration.</para> - </warning> - - <para>The implementation of Event Auditing in &os; is similar to - that of the &sun; Basic Security Module, or <acronym>BSM</acronym> - library. Thus, the configuration is almost completely - interchangeable with &solaris; and Mac OS X/Darwin operating - systems.</para> - </sect1> - - <sect1 xml:id="audit-inline-glossary"> - <title>Key Terms - Words to Know</title> - - <para>Before reading this chapter, a few key terms must be - explained. This is intended to clear up any confusion that - may occur and to avoid the abrupt introduction of new terms - and information.</para> - - <itemizedlist> - <listitem> - <para><emphasis>event</emphasis>: An auditable event is - an event that can be logged using the audit subsystem. The - administrator can configure which events will be audited. - Examples of security-relevant events include the creation of - a file, the building of a network connection, or the logging - in of a user. Events are either <quote>attributable</quote>, - meaning that they can be traced back to a user - authentication, or <quote>non-attributable</quote>. Examples - of non-attributable events are any events that occur before - authentication has succeeded in the login process, such as - failed authentication attempts.</para> - </listitem> - - <listitem> - <para><emphasis>class</emphasis>: Events may be assigned to - one or more classes, usually based on the general category - of the events, such as <quote>file creation</quote>, - <quote>file access</quote>, or <quote>network</quote>. Login - and logout events are assigned to the <literal>lo</literal> - class. The use of classes allows the administrator to - specify high level auditing rules without having to specify - whether each individual auditable operation will be logged.</para> - </listitem> - - <listitem> - <para><emphasis>record</emphasis>: A record is a log entry - describing a security event. Records typically have a - record event type, information on the subject (user) associated - with the event, time information, information on any objects, - such as files, and information on whether the event corresponded - to a successful operation.</para> - </listitem> - - <listitem> - <para><emphasis>trail</emphasis>: An audit trail, or log file, - consists of a series of audit records describing security - events. Typically, trails are in roughly chronological - order with respect to the time events completed. Only - authorized processes are allowed to commit records to the - audit trail.</para> - </listitem> - - <listitem> - <para><emphasis>prefix</emphasis>: A prefix is considered to - be the configuration element used to toggle auditing for - success and failed events.</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="audit-install"> - <title>Installing Audit Support</title> - - <para>Support for Event Auditing is installed with - the normal <buildtarget>installworld</buildtarget> process. An - administrator may confirm this by viewing the contents - of <filename>/etc/security</filename>. Files - beginning with the word <emphasis>audit</emphasis> should be present. - For example, <filename>audit_event</filename>.</para> - - <para>In-kernel support for the framework must also exist. This - may be done by adding the following lines to the local kernel - configuration file:</para> - - <programlisting>options AUDIT</programlisting> - - <para>Rebuild and reinstall - the kernel via the normal process explained in - <xref linkend="kernelconfig"/>.</para> - - <para>Once completed, enable the audit daemon by adding the - following line to &man.rc.conf.5;:</para> - - <programlisting>auditd_enable="YES"</programlisting> - - <para>Functionality not provided by the default may be added - here with the <option>auditd_flags</option> option.</para> - </sect1> - - <sect1 xml:id="audit-config"> - <title>Audit Configuration</title> - - <para>All configuration files for security audit are found in - <filename>/etc/security</filename>. The following - files must be present before the audit daemon is started:</para> - - <itemizedlist> - <listitem> - <para><filename>audit_class</filename> - Contains the - definitions of the audit classes.</para> - </listitem> - - <listitem> - <para><filename>audit_control</filename> - Controls aspects - of the audit subsystem, such as default audit classes, - minimum disk space to leave on the audit log volume, - etc.</para> - </listitem> - - <listitem> - <para><filename>audit_event</filename> - Defines the kernel - audit events. These map, mostly, to system calls.</para> - </listitem> - - <listitem> - <para><filename>audit_user</filename> - The events to audit - for individual users. Users not appearing here will be - subject to the default configuration in the control - configuration file.</para> - </listitem> - - <listitem> - <para><filename>audit_warn</filename> - A shell script - used by auditd to generate warning messages in - exceptional situations, such as when space for audit - records is running low.</para> - </listitem> - </itemizedlist> - - <sect2> - <title>Audit File Syntax</title> - - <para>The configuration file syntax is rather arcane, albeit easy - to work with. One thing an administrator must be leery about - is overriding system defaults. This could create potential - openings for audit data to not be collected properly.</para> - - <para>The audit subsystem will accept both the short name and - long name with regards to configuration syntax. A syntax - map has been included below.</para> - - <para>The following list contains all supported audit - classes:</para> - - <itemizedlist> - <listitem> - <para><option>all</option> - <literal>all</literal> - All - audit flags set.</para> - </listitem> - - <listitem> - <para><option>ad</option> - <literal>administrative</literal> - - Administrative actions performed on the system as a - whole.</para> - </listitem> - - <listitem> - <para><option>ap</option> - <literal>application</literal> - - Application defined action.</para> - </listitem> - - <listitem> - <para><option>cl</option> - <literal>file_close</literal> - - Audit calls to the <function>close</function> system - call.</para> - </listitem> - - <listitem> - <para><option>ex</option> - <literal>exec</literal> - Audit - program or utility execution.</para> - </listitem> - - <listitem> - <para><option>fa</option> - <literal>file_attr_acc</literal> - - Audit the access of object attributes such as - &man.stat.1;, &man.pathconf.2; and similar events.</para> - </listitem> - - <listitem> - <para><option>fc</option> - <literal>file_creation</literal> - - Audit events where a file is created as a result.</para> - </listitem> - - <listitem> - <para><option>fd</option> - <literal>file_deletion</literal> - - Audit events where file deletion occurs.</para> - </listitem> - - <listitem> - <para><option>fm</option> - <literal>file_attr_mod</literal> - - Audit events where file attribute modification occurs, - such as &man.chown.8;, &man.chflags.1;, &man.flock.2;, - etc.</para> - </listitem> - - <listitem> - <para><option>fr</option> - <literal>file_read</literal> - - Audit events in which data is read, files are opened for - reading, etc.</para> - </listitem> - - <listitem> - <para><option>fw</option> - <literal>file_write</literal> - - Audit events in which data is written, files are written - or modified, etc.</para> - </listitem> - - <listitem> - <para><option>io</option> - <literal>ioctl</literal> - Audit - use of the &man.ioctl.2; system call.</para> - </listitem> - - <listitem> - <para><option>ip</option> - <literal>ipc</literal> - Audit - various forms of Inter-Process Communication, including POSIX - pipes and System V <acronym>IPC</acronym> operations.</para> - </listitem> - - <listitem> - <para><option>lo</option> - <literal>login_logout</literal> - - Audit &man.login.1; and &man.logout.1; events occurring - on the system.</para> - </listitem> - - <listitem> - <para><option>na</option> - <literal>non_attrib</literal> - - Audit non-attributable events.</para> - </listitem> - - <listitem> - <para><option>no</option> - <literal>no_class</literal> - - Null class used to disable event auditing.</para> - </listitem> - - <listitem> - <para><option>nt</option> - <literal>network</literal> - - Audit events related to network actions, such as - &man.connect.2; and &man.accept.2;.</para> - </listitem> - - <listitem> - <para><option>ot</option> - <literal>other</literal> - - Audit miscellaneous events.</para> - </listitem> - - <listitem> - <para><option>pc</option> - <literal>process</literal> - - Audit process operations, such as &man.exec.3; and - &man.exit.3;.</para> - </listitem> - </itemizedlist> - - <para>Following is a list of all supported audit prefixes:</para> - - <itemizedlist> - <listitem> - <para><literal>none</literal> - Audit both the success - or failure of an event. For example, just listing a - class will result in the auditing of both success and - failure.</para> - </listitem> - - <listitem> - <para><literal>+</literal> - Audit successful events - only.</para> - </listitem> - - <listitem> - <para><literal>-</literal> - Audit failed events - only.</para> - </listitem> - </itemizedlist> - - <warning> - <para>Using the <option>all</option> class with either the - positive or negative prefix can generate a large amount - of data at an extremely rapid rate.</para> - </warning> - - <para>Extra prefixes used to modify the default configuration - values:</para> -<!-- XXX: Perhaps a variable listing here. --> - <itemizedlist> - <listitem> - <para>^- - Disable auditing of failed events.</para> - </listitem> - - <listitem> - <para>^+ - Enable auditing of successful events.</para> - </listitem> - - <listitem> - <para>^ - Disable auditing of both successful and failed - events.</para> - </listitem> - </itemizedlist> - </sect2> - - <sect2> - <title>Configuration Files</title> - - <para>In most cases, administrators will need to modify only two files - when configuring the audit system: <filename>audit_control</filename> - and <filename>audit_user</filename>. The first controls system-wide - audit paramaters and defaults for both attributable and - non-attributable events. The second may be used to tune the level - and nature of auditing for individual users.</para> - - <sect3 xml:id="audit-auditcontrol"> - <title>The <filename>audit_control</filename> File</title> - - <para>The <filename>audit_control</filename> file contains some basic - defaults that the administrator may wish to modify. Perhaps - even set some new ones. Viewing the contents of this file, - we see the following:</para> - - <programlisting>dir:/var/audit -flags:lo -minfree:20 -naflags:lo</programlisting> - - <para>The <option>dir</option> option is used to set the default - directory where audit logs are stored. Audit is frequently - configured so that audit logs are stored on a dedicated file - system, so as to prevent interference between the audit - subsystem and other subsystems when file systems become full. - </para> - - <para>The <option>flags</option> option is used to set the - system-wide defaults. The current setting, <option>lo</option> - configures the auditing of all &man.login.1; and &man.logout.1; - actions. A more complex example, - <option>lo,ad,-all,^-fa,^-fc,^-cl</option> audits all system - &man.login.1; and &man.logout.1; actions, all administrator - actions, all failed events in the system, and finally disables - auditing of failed attempts for <option>fa</option>, - <option>fc</option>, and <option>cl</option>. Even though - the <option>-all</option> turned on the auditing of all - failed attempts, the <option>^-</option> prefix will override - that for the latter options.</para> - - <para>Notice that the previous paragraph shows the file is - read from left to right. As such, values further on the - right side may override a previous value specified to - its left.</para> - - <para>The <option>minfree</option> option defines the minimum - percentage of free space for audit file systems. This - relates to the file system where audit logs are stored. - For example, if the <option>dir</option> specifies - <filename>/var/audit</filename> and - <option>minfree</option> is set to twenty (20), warning - messages will be generated when the - <filename>/var</filename> file system grows - to eighty (80) percent full.</para> - - <para>The <option>naflags</option> option specifies audit - classes to be audited for non-attributed events — - that is, events for which there is no authenticated user. - </para> - </sect3> - - <sect3 xml:id="audit-audituser"> - <title>The <filename>audit_user</filename> File</title> - - <para>The <filename>audit_user</filename> file permits the - administrator to determine which classes of audit events - should be logged for which system users.</para> - - <para>The following is the defaults currently placed in - the <filename>audit_user</filename> file:</para> - - <programlisting>root:lo:no -audit:fc:no</programlisting> - - <para>Notice how the default is to audit all cases of - <command>login</command>/<command>logout</command> - and disable auditing of all other actions for - <systemitem class="username">root</systemitem>. This configuration - also audits all file creation and disables all - other auditing for the <systemitem class="username">audit</systemitem> - user. While event auditing does not require a special - user exist, some configurations, specifically environments - making use of <acronym>MAC</acronym>, may require it.</para> - </sect3> - </sect2> - </sect1> - - <sect1 xml:id="audit-administration"> - <title>Event Audit Administration</title> - - <para>Events written by the kernel audit subsystem cannot - be altered or read in plain text. Data is stored and accessed - in a method similar to that of &man.ktrace.1; and &man.kdump.1;, - that is, they may only be viewed by dumping them using the - <command>praudit</command> command; audit trails may be reduced - using the <command>auditreduce</command> command, which selects - records from an audit trail based on properties of interest, such - as the user, time of the event, and type of operation.</para> - - <para>For example, the <command>praudit</command> utility will dump the - entire contents of a specified audit log in plain text. To dump an - audit log in its entirety, use:</para> - - <screen>&prompt.root; <userinput>praudit /var/audit/AUDITFILE</userinput></screen> - - <para>Where <replaceable>AUDITFILE</replaceable> is the audit log - of viewing choice. Since audit logs may contain enormous - amounts of data, an administrator may prefer to select records - for specific users. This is made possible with the following - command, where <systemitem class="username">trhodes</systemitem> is the user of - choice:</para> - - <screen>&prompt.root; <userinput>auditreduce -e trhodes /var/audit/AUDITFILE | praudit</userinput></screen> - - <para>This will select all audit records produced by the user - <systemitem class="username">trhodes</systemitem> stored in the - <replaceable>AUDITFILE</replaceable> file.</para> - - <para>There are several other options available for reading audit - records, see the aforementioned command's manual pages for - a more in depth explanation.</para> - - <sect2> - <title>Rotating Audit Log Files</title> - - <para>Due to log reliability requirements, audit trails - are written to only by the kernel, and managed only by - <command>auditd</command>. Administrators should not - attempt to use &man.newsyslog.conf.5; or other tools to - directly rotate audit logs. Instead, the <command>audit</command> - management tool should be used to shut down auditing, - reconfigure the audit system, and perform log rotation. - The following command causes the audit daemon to create a - new audit log and signal the kernel to switch to using the - new log. The old log will be terminated and renamed, at - which point it may then be manipulated by the administrator.</para> - - <screen>&prompt.root; <userinput>audit -n</userinput></screen> - - <warning> - <para>If the <command>auditd</command> daemon is not currently - running, the previous command will fail and an error message - will be produced.</para> - </warning> - - <para>Adding the following line to - <filename>/etc/crontab</filename> will force the rotation - every twelve hours from &man.cron.8;:</para> - - <programlisting>* */12 * * * root /usr/sbin/audit -n</programlisting> - - <para>The change will take effect once you have saved the - new <filename>/etc/crontab</filename>.</para> - </sect2> - - <sect2> - <title>Delegating Audit Review Rights</title> - - <para>By default, only the root user has the right to read system audit - logs. However, that right may be delegated to members of the - <literal>audit</literal> group, as the audit directory and audit - trail files are assigned to that group, and made group-readable. As - the ability to track audit log contents provides significant insight - into the behavior of users and processes, it is recommended that the - delegation of audit review rights be performed with caution.</para> - </sect2> - </sect1> -</chapter> diff --git a/zh_TW.UTF-8/books/handbook/basics/Makefile b/zh_TW.UTF-8/books/handbook/basics/Makefile deleted file mode 100644 index 69b6b899ac..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# -# Build the Handbook with just the content from this chapter. -# -# $FreeBSD$ -# Original revision: 1.1 -# - -CHAPTERS= basics/chapter.xml - -VPATH= .. - -MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX} - -DOC_PREFIX?= ${.CURDIR}/../../../.. - -.include "../Makefile" diff --git a/zh_TW.UTF-8/books/handbook/basics/chapter.xml b/zh_TW.UTF-8/books/handbook/basics/chapter.xml deleted file mode 100644 index 2418f5e57e..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/chapter.xml +++ /dev/null @@ -1,3042 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - The FreeBSD Documentation Project - The FreeBSD Traditional Chinese Project - - $FreeBSD$ - Original revision: r46052 ---> -<chapter xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" - xml:id="basics"> - <!-- - <chapterinfo> - <authorgroup> - <author> - <firstname>Chris</firstname> - <surname>Shumway</surname> - <contrib>Rewritten by in Mar 2000</contrib> - </author> - </authorgroup> - </chapterinfo> - --> - <title>UNIX 基礎概念</title> - - <sect1 xml:id="basics-synopsis"> - <title>概述</title> - - <para>接下來的這一章將涵蓋 FreeBSD 作業系統的基本指令及功能。 - 大部份的內容在 &unix;-like 作業系統中都是相通的。 - 如果您對這些內容熟悉的話,可以放心的跳過。 - 如果您剛接觸 FreeBSD,那您一定要仔細的讀完這章。</para> - - <para>讀完這章,您將了解:</para> - - <itemizedlist> - <listitem> - <para>如何使用 FreeBSD 的<quote>virtual consoles</quote>。</para> - </listitem> - - <listitem> - <para>&unix; 檔案權限運作的方式以及 &os; 中檔案的 flags。</para> - </listitem> - - <listitem> - <para>預設的 &os; 檔案系統配置。</para> - </listitem> - - <listitem> - <para>&os; 的磁碟結構。</para> - </listitem> - - <listitem> - <para>如何掛載(mount)、卸載(umount)檔案系統</para> - </listitem> - - <listitem> - <para>什麼是processes、daemons 以及 signals 。</para> - </listitem> - - <listitem> - <para>什麼是 shell ,以及如何變更您預設的登入環境。</para> - </listitem> - - <listitem> - <para>如何使用基本的文字編輯器。</para> - </listitem> - - <listitem> - <para>什麼是 devices 和 device nodes 。</para> - </listitem> - - <listitem> - <para>&os; 下使用的 binary 格式。</para> - </listitem> - - <listitem> - <para>如何閱讀 manual pages 以獲得更多的資訊。</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="consoles"> - <title>Virtual Consoles 和終端機</title> - - <indexterm> - <primary>virtual consoles</primary> - </indexterm> - <indexterm> - <primary>terminals</primary> - </indexterm> - <indexterm> - <primary>console</primary> - </indexterm> - - <para>有很多方法可以操作 FreeBSD ,其中一種就是在文字終端機上打字。 - 如此使用 FreeBSD 即可輕易的體會到 &unix; 作業系統的威力和彈性。 - 這一節描述什麼是<quote>終端機</quote>和 <quote>console</quote> - ,以及可以如何在 FreeBSD 中運用它們。</para> - - <sect2 xml:id="consoles-intro"> - <title>The Console</title> - <indexterm><primary>console</primary></indexterm> - - <para>如果您沒有將 FreeBSD 設定成開機時自動進入圖形化模式,系統會在啟動的 - script 跑完之後顯示登入的提示符號。 您將會看到像是這樣的東西:</para> - - <screen>Additional ABI support:. -Local package initialization:. -Additional TCP options:. - -Fri Sep 20 13:01:06 EEST 2002 - -FreeBSD/i386 (pc3.example.org) (ttyv0) - -login:</screen> - - <para>這個訊息在您的系統上會有些許的不同,但是應該會看到類似的東西。 - 我們感興趣的是最後兩行,最後兩行是:</para> - - <programlisting>FreeBSD/i386 (pc3.example.org) (ttyv0)</programlisting> - - <para>這行包含了剛開機完系統的資訊。 您看到的是在 Intel 或相容處理器的 - x86 架構上執行的 <quote>FreeBSD</quote>的 console<footnote> - <para>這就是 <literal>i386</literal> 的意義。 注意即使您不是在 - Intel 的 386 處理器上執行 FreeBSD ,一樣是<literal>i386</literal>。 - 這不是指你的處理器的型號,這裡顯示的是你處理器的<quote>架構</quote> - </para> - </footnote>。 這台機器的名字(每台 &unix; 機器都有一個名字)是 - <systemitem>pc3.example.org</systemitem>,而您現在看到的是它的系統 - console— <filename>ttyv0</filename>終端機。</para> - - <para>最後的一行應該都會是:</para> - - <programlisting>login:</programlisting> - - <para>這是您應該要輸入您的<quote>帳號名稱</quote>的地方。 - 下一小節將告訴您如何登入 FreeBSD。</para> - </sect2> - - <sect2 xml:id="consoles-login"> - <title>登入 FreeBSD</title> - - <para>FreeBSD 是一個 multiuser、multiprocessing 的系統。 - 這是一個正式的名稱,指的是在單一機器上可以同時被不同人使用, - 但同時可以執行很多程式的系統。</para> - - <para>每一種多使用者系統都需要可以分辨不同<quote>使用者</quote>的方法。 - 在 FreeBSD (以及所有的 &unix;-like 作業系統) - 中,所有的使用者在執行程式之前必須先<quote>登入</quote>系統。 - 每個使用者都有一組獨特的帳號名稱 - (<quote>username</quote>)及密碼(<quote>password</quote>)。 - FreeBSD 在允許使用者執行程式前將會先問這兩個問題。</para> - - <indexterm><primary>startup scripts</primary></indexterm> - <para>在 FreeBSD 開機並跑完啟動的 script 之後<footnote> - <para>這些啟動的 script 是在開機的時候 FreeBSD 會自動執行的程式。 - 他們主要的功能是將所有該執行的東西設定好, - 並將您設定成背景執行的服務啟動。</para> - </footnote>,它將會印出提示字元要求您輸入正確的帳號名稱:</para> - - <screen>login:</screen> - - <para>在這個範例裡,我們假設您的帳號是<systemitem class="username">john</systemitem>。 - 在提示字元處輸入 <literal>john</literal> 並按下 <keycap>Enter</keycap> - 。 接著您應該會看到另一個提示字元要您輸入<quote>密碼</quote>:</para> - - <screen>login: <userinput>john</userinput> -Password:</screen> - - <para>輸入 <systemitem class="username">john</systemitem> 的密碼,再按下 - <keycap>Enter</keycap>。 輸入的密碼 - <emphasis>不會顯示在螢幕上</emphasis>。 - 您不需要為此擔心,這樣做是為了安全上的問題。</para> - - <para>如果您輸入了正確的密碼,您應該已經登入 FreeBSD。 - 現在就可以嘗試所有可用的指令了。</para> - - <para>您應該會看到<acronym>MOTD</acronym> - (即今日訊息、Messages Of The Day),後面接著命令提示字元 - (一個 <literal>#</literal>,<literal>$</literal>, 或是 - <literal>%</literal> 字元)。 這就表示您已經成功登入 - FreeBSD 了。</para> - </sect2> - - <sect2 xml:id="consoles-virtual"> - <title>多重 Console</title> - - <para>在一個 Console 下執行 &unix; 當然是沒有問題,然而 FreeBSD - 是可以同時執行很多程式的。 像 FreeBSD - 這樣可以同時執行一大堆程式的作業系統,只有一個 - console 可以輸入指令實在是有點浪費。 因此 - <quote>virtual consoles</quote> 就顯得相當好用。</para> - - <para>可以設定讓 FreeBSD 同時有很多 virtual console, - 用幾個按鍵的組合就可以從一個 virtual console 跳到別的 virtual console - 。 每一個 console 都有自已不同的輸出頻道,當從某一個 virtual console - 切換到下一個的時候,FreeBSD 會自動處理鍵盤輸入及螢幕輸出。</para> - - <para>FreeBSD 保留了特別的按鍵組合來切換 console <footnote> - <para>在 &man.syscons.4;、&man.atkbd.4;、&man.vidcontrol.1;、以及 - &man.kbdcontrol.1;等 manual page 中,對於 FreeBSD 的 console - 及鍵盤驅動程式有詳細的技術說明。 我們在這裡不討論細節, - 有興趣的讀者隨時可以在 manual pages - 中查到關於運作方式的更詳細且完整的解釋。</para></footnote>。 - 您可以用 <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>、 - <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>、到 - <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> - 來切換 FreeBSD 的不同 console。</para> - - <para>當您從一個 console 切換到下一個的時候,FreeBSD - 會處理螢幕輸出的儲存及回復。 - 這就<quote>好像</quote>有很多<quote>虛擬</quote>的螢幕和鍵盤, - 可以讓您輸入指令到 FreeBSD 執行。 在某一個 console - 上執行的程式並不會因為切到別的 console 而停止執行,切換到另一個 - console 時,它們仍會繼續執行。</para> - </sect2> - - <sect2 xml:id="consoles-ttys"> - <title><filename>/etc/ttys</filename> 檔</title> - - <para>FreeBSD 預設的虛擬 console 總共有 8 個, - 但這並非硬性規定,您可輕鬆設定這些虛擬 console 的數量增減。 - 有關虛擬 console 的編號跟設定都在 - <filename>/etc/ttys</filename> 這檔案內設定。</para> - - <para>可以用 <filename>/etc/ttys</filename> 檔案來設定 - FreeBSD 的虛擬 console。 檔案內每行非註解文字(該行開頭沒有 - <literal>#</literal> 這字)都是設定終端機或虛擬 console。 - FreeBSD 預設有 9 個虛擬 console 但只啟動 8 個,也就是以下以 - <literal>ttyv</literal> 開頭的那幾行設定。</para> - - <programlisting># name getty type status comments -# -ttyv0 "/usr/libexec/getty Pc" cons25 on secure -# Virtual terminals -ttyv1 "/usr/libexec/getty Pc" cons25 on secure -ttyv2 "/usr/libexec/getty Pc" cons25 on secure -ttyv3 "/usr/libexec/getty Pc" cons25 on secure -ttyv4 "/usr/libexec/getty Pc" cons25 on secure -ttyv5 "/usr/libexec/getty Pc" cons25 on secure -ttyv6 "/usr/libexec/getty Pc" cons25 on secure -ttyv7 "/usr/libexec/getty Pc" cons25 on secure -ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting> - - <para>有關各欄位的設定以及其他選項,請參閱 &man.ttys.5; 說明。</para> - </sect2> - - <sect2 xml:id="consoles-singleuser"> - <title>Single User 模式的 Console</title> - - <para>有關 <quote>single user 模式</quote> 的介紹在 - <xref linkend="boot-singleuser"/> - 這邊有詳盡介紹。 在 single user 模式時,能夠使用的 console - 只有一個,並無虛擬 console 可用。 而 single user 模式相關設定值可以在 - <filename>/etc/ttys</filename> 檔做調整。 下面以 - <literal>console</literal> 開頭的那行,就是了:</para> - - <programlisting># name getty type status comments -# -# If console is marked "insecure", then init will ask for the root password -# when going to single-user mode. -console none unknown off secure</programlisting> - - <note> - <para>在 <literal>console</literal> 那行前面的註解有提到,可以把那行的 - <literal>secure</literal> 改為 <literal>insecure</literal>, - 如此一來,即使 FreeBSD 進入 single user 模式, - 仍會要求您輸入 <systemitem class="username">root</systemitem> 的密碼。</para> - - <para><emphasis>請審慎考慮是否要改為 - <literal>insecure</literal></emphasis>。 因為萬一忘記 - <systemitem class="username">root</systemitem> 密碼的話,若要登入 single user - 模式就有些麻煩了。儘管還有其他方式可以登入,但對不熟 FreeBSD - 開機程序的人而言,就會相當棘手。</para> - </note> - </sect2> - - <sect2 xml:id="consoles-vidcontrol"> - <title>更改 console 的顯示畫面</title> - - <para>FreeBSD console 預設顯示大小可以調整為 1024x768、1280x1024 - 或其他顯示卡與螢幕有支援的解析度大小。 要切換顯示大小,必須要重新編譯 - kernel 並加入下面這兩項設定:</para> - - <programlisting>options VESA -options SC_PIXEL_MODE</programlisting> - - <para>一旦 kernel 有加入這兩項並重新編譯完畢,就可以用 &man.vidcontrol.1; - 來偵測目前所支援的模式有哪些。 若要查看支援的模式,可以打:</para> - - <screen>&prompt.root; <userinput>vidcontrol -i mode</userinput></screen> - - <para>該指令會顯示該機器所支援的顯示模式清單。 然後可以在 - <systemitem class="username">root</systemitem> console 內透過 &man.vidcontrol.1; 指令, - 來更改顯示模式:</para> - - <screen>&prompt.root; <userinput>vidcontrol MODE_279</userinput></screen> - - <para>若對新的顯示模式覺得還不錯,可以在 <filename>/etc/rc.conf</filename> - 設定之,以讓每次重開機後會自動生效。 以上面這情況為例,就是:</para> - - <programlisting>allscreens_flags="MODE_279"</programlisting> - </sect2> - </sect1> - - <sect1 xml:id="users-synopsis"> - <title>Users and Basic Account Management</title> - - <para>&os; allows multiple users to use the computer at the same - time. While only one user can sit in front of the screen and - use the keyboard at any one time, any number of users can log - in to the system through the network. To use the system, each - user should have their own user account.</para> - - <para>This chapter describes:</para> - - <itemizedlist> - <listitem> - <para>The different types of user accounts on a - &os; system.</para> - </listitem> - - <listitem> - <para>How to add, remove, and modify user accounts.</para> - </listitem> - - <listitem> - <para>How to set limits to control the - resources that users and - groups are allowed to access.</para> - </listitem> - - <listitem> - <para>How to create groups and add users as members of a - group.</para> - </listitem> - </itemizedlist> - - <sect2 xml:id="users-introduction"> - <title>Account Types</title> - - <para>Since all access to the &os; system is achieved using - accounts and all processes are run by users, user and account - management is important.</para> - - <para>There are three main types of accounts: system accounts, - user accounts, and the superuser account.</para> - - <sect3 xml:id="users-system"> - <title>System Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>system</secondary> - </indexterm> - - <para>System accounts are used to run services such as DNS, - mail, and web servers. The reason for this is security; if - all services ran as the superuser, they could act without - restriction.</para> - - <indexterm> - <primary>accounts</primary> - <secondary><systemitem - class="username">daemon</systemitem></secondary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary><systemitem - class="username">operator</systemitem></secondary> - </indexterm> - - <para>Examples of system accounts are - <systemitem class="username">daemon</systemitem>, - <systemitem class="username">operator</systemitem>, - <systemitem class="username">bind</systemitem>, - <systemitem class="username">news</systemitem>, and - <systemitem class="username">www</systemitem>.</para> - - <indexterm> - <primary>accounts</primary> - <secondary><systemitem - class="username">nobody</systemitem></secondary> - </indexterm> - - <para><systemitem class="username">nobody</systemitem> is the - generic unprivileged system account. However, the more - services that use - <systemitem class="username">nobody</systemitem>, the more - files and processes that user will become associated with, - and hence the more privileged that user becomes.</para> - </sect3> - - <sect3 xml:id="users-user"> - <title>User Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>user</secondary> - </indexterm> - - <para>User accounts are assigned to real people and are used - to log in and use the system. Every person accessing the - system should have a unique user account. This allows the - administrator to find out who is doing what and prevents - users from clobbering the settings of other users.</para> - - <para>Each user can set up their own environment to - accommodate their use of the system, by configuring their - default shell, editor, key bindings, and language - settings.</para> - - <para>Every user account on a &os; system has certain - information associated with it:</para> - - <variablelist> - <varlistentry> - <term>User name</term> - - <listitem> - <para>The user name is typed at the - <prompt>login:</prompt> prompt. Each user must have - a unique user name. There are a number of rules for - creating valid user names which are documented in - &man.passwd.5;. It is recommended to use user names - that consist of eight or fewer, all lower case - characters in order to maintain backwards - compatibility with applications.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Password</term> - - <listitem> - <para>Each account has an associated password.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>User ID (<acronym>UID</acronym>)</term> - - <listitem> - <para>The User ID (<acronym>UID</acronym>) is a number - used to uniquely identify the user to the &os; system. - Commands that allow a user name to be specified will - first convert it to the <acronym>UID</acronym>. It is - recommended to use a UID less than 65535, since higher - values may cause compatibility issues with some - software.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Group ID (<acronym>GID</acronym>)</term> - - <listitem> - <para>The Group ID (<acronym>GID</acronym>) is a number - used to uniquely identify the primary group that the - user belongs to. Groups are a mechanism for - controlling access to resources based on a user's - <acronym>GID</acronym> rather than their - <acronym>UID</acronym>. This can significantly reduce - the size of some configuration files and allows users - to be members of more than one group. It is - recommended to use a GID of 65535 or lower as higher - GIDs may break some software.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Login class</term> - - <listitem> - <para>Login classes are an extension to the group - mechanism that provide additional flexibility when - tailoring the system to different users. Login - classes are discussed further in - <xref linkend="users-limiting"/>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Password change time</term> - - <listitem> - <para>By default, passwords do not expire. However, - password expiration can be enabled on a per-user - basis, forcing some or all users to change their - passwords after a certain amount of time has - elapsed.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Account expiry time</term> - - <listitem> - <para>By default, &os; does not expire accounts. When - creating accounts that need a limited lifespan, such - as student accounts in a school, specify the account - expiry date using &man.pw.8;. After the expiry time - has elapsed, the account cannot be used to log in to - the system, although the account's directories and - files will remain.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>User's full name</term> - - <listitem> - <para>The user name uniquely identifies the account to - &os;, but does not necessarily reflect the user's real - name. Similar to a comment, this information can - contain spaces, uppercase characters, and be more - than 8 characters long.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Home directory</term> - - <listitem> - <para>The home directory is the full path to a directory - on the system. This is the user's starting directory - when the user logs in. A common convention is to put - all user home directories under <filename - class="directory"><replaceable>/home/username</replaceable></filename> - or <filename - class="directory"><replaceable>/usr/home/username</replaceable></filename>. - Each user stores their personal files and - subdirectories in their own home directory.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>User shell</term> - - <listitem> - <para>The shell provides the user's default environment - for interacting with the system. There are many - different kinds of shells and experienced users will - have their own preferences, which can be reflected in - their account settings.</para> - </listitem> - </varlistentry> - </variablelist> - </sect3> - - <sect3 xml:id="users-superuser"> - <title>The Superuser Account</title> - - <indexterm> - <primary>accounts</primary> - <secondary>superuser (root)</secondary> - </indexterm> - - <para>The superuser account, usually called - <systemitem class="username">root</systemitem>, is used to - manage the system with no limitations on privileges. For - this reason, it should not be used for day-to-day tasks like - sending and receiving mail, general exploration of the - system, or programming.</para> - - <para>The superuser, unlike other user accounts, can operate - without limits, and misuse of the superuser account may - result in spectacular disasters. User accounts are unable - to destroy the operating system by mistake, so it is - recommended to login as a user account and to only become - the superuser when a command requires extra - privilege.</para> - - <para>Always double and triple-check any commands issued as - the superuser, since an extra space or missing character can - mean irreparable data loss.</para> - - <para>There are several ways to gain superuser privilege. - While one can log in as - <systemitem class="username">root</systemitem>, this is - highly discouraged.</para> - - <para>Instead, use &man.su.1; to become the superuser. If - <literal>-</literal> is specified when running this command, - the user will also inherit the root user's environment. The - user running this command must be in the - <systemitem class="groupname">wheel</systemitem> group or - else the command will fail. The user must also know the - password for the - <systemitem class="username">root</systemitem> user - account.</para> - - <para>In this example, the user only becomes superuser in - order to run <command>make install</command> as this step - requires superuser privilege. Once the command completes, - the user types <command>exit</command> to leave the - superuser account and return to the privilege of their user - account.</para> - - <example> - <title>Install a Program As the Superuser</title> - - <screen>&prompt.user; <userinput>configure</userinput> -&prompt.user; <userinput>make</userinput> -&prompt.user; <userinput>su -</userinput> -Password: -&prompt.root; <userinput>make install</userinput> -&prompt.root; <userinput>exit</userinput> -&prompt.user;</screen> - </example> - - <para>The built-in &man.su.1; framework works well for single - systems or small networks with just one system - administrator. An alternative is to install the - <package>security/sudo</package> package or port. This - software provides activity logging and allows the - administrator to configure which users can run which - commands as the superuser.</para> - </sect3> - </sect2> - - <sect2 xml:id="users-modifying"> - <title>Managing Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>modifying</secondary> - </indexterm> - - <para>&os; provides a variety of different commands to manage - user accounts. The most common commands are summarized in - <xref linkend="users-modifying-utilities"/>, followed by some - examples of their usage. See the manual page for each utility - for more details and usage examples.</para> - - <table frame="none" pgwide="1" - xml:id="users-modifying-utilities"> - <title>Utilities for Managing User Accounts</title> - - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="2*"/> - - <thead> - <row> - <entry>Command</entry> - <entry>Summary</entry> - </row> - </thead> - <tbody> - <row> - <entry>&man.adduser.8;</entry> - <entry>The recommended command-line application for - adding new users.</entry> - </row> - - <row> - <entry>&man.rmuser.8;</entry> - <entry>The recommended command-line application for - removing users.</entry> - </row> - - <row> - <entry>&man.chpass.1;</entry> - <entry>A flexible tool for changing user database - information.</entry> - </row> - - <row> - <entry>&man.passwd.1;</entry> - <entry>The command-line tool to change user - passwords.</entry> - </row> - - <row> - <entry>&man.pw.8;</entry> - <entry>A powerful and flexible tool for modifying all - aspects of user accounts.</entry> - </row> - </tbody> - </tgroup> - </table> - - <sect3 xml:id="users-adduser"> - <title><command>adduser</command></title> - - <indexterm> - <primary>accounts</primary> - <secondary>adding</secondary> - </indexterm> - <indexterm> - <primary><command>adduser</command></primary> - </indexterm> - <indexterm> - <primary><filename>/usr/share/skel</filename></primary> - </indexterm> - <indexterm> - <primary>skeleton directory</primary> - </indexterm> - - <para>The recommended program for adding new users is - &man.adduser.8;. When a new user is added, this program - automatically updates <filename>/etc/passwd</filename> and - <filename>/etc/group</filename>. It also creates a home - directory for the new user, copies in the default - configuration files from - <filename>/usr/share/skel</filename>, and can optionally - mail the new user a welcome message. This utility must be - run as the superuser.</para> - - <para>The &man.adduser.8; utility is interactive and walks - through the steps for creating a new user account. As seen - in <xref linkend="users-modifying-adduser"/>, either input - the required information or press <keycap>Return</keycap> - to accept the default value shown in square brackets. - In this example, the user has been invited into the - <systemitem class="groupname">wheel</systemitem> group, - allowing them to become the superuser with &man.su.1;. - When finished, the utility will prompt to either - create another user or to exit.</para> - - <example xml:id="users-modifying-adduser"> - <title>Adding a User on &os;</title> - - <screen>&prompt.root; <userinput>adduser</userinput> -Username: <userinput>jru</userinput> -Full name: <userinput>J. Random User</userinput> -Uid (Leave empty for default): -Login group [jru]: -Login group is jru. Invite jru into other groups? []: <userinput>wheel</userinput> -Login class [default]: -Shell (sh csh tcsh zsh nologin) [sh]: <userinput>zsh</userinput> -Home directory [/home/jru]: -Home directory permissions (Leave empty for default): -Use password-based authentication? [yes]: -Use an empty password? (yes/no) [no]: -Use a random password? (yes/no) [no]: -Enter password: -Enter password again: -Lock out the account after creation? [no]: -Username : jru -Password : **** -Full Name : J. Random User -Uid : 1001 -Class : -Groups : jru wheel -Home : /home/jru -Shell : /usr/local/bin/zsh -Locked : no -OK? (yes/no): <userinput>yes</userinput> -adduser: INFO: Successfully added (jru) to the user database. -Add another user? (yes/no): <userinput>no</userinput> -Goodbye! -&prompt.root;</screen> - </example> - - <note> - <para>Since the password is not echoed when typed, be - careful to not mistype the password when creating the user - account.</para> - </note> - </sect3> - - <sect3 xml:id="users-rmuser"> - <title><command>rmuser</command></title> - - <indexterm> - <primary><command>rmuser</command></primary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>removing</secondary> - </indexterm> - - <para>To completely remove a user from the system, run - &man.rmuser.8; as the superuser. This command performs the - following steps:</para> - - <procedure> - <step> - <para>Removes the user's &man.crontab.1; entry, if one - exists.</para> - </step> - - <step> - <para>Removes any &man.at.1; jobs belonging to the - user.</para> - </step> - - <step> - <para>Kills all processes owned by the user.</para> - </step> - - <step> - <para>Removes the user from the system's local password - file.</para> - </step> - - <step> - <para>Optionally removes the user's home directory, if it - is owned by the user.</para> - </step> - - <step> - <para>Removes the incoming mail files belonging to the - user from <filename>/var/mail</filename>.</para> - </step> - - <step> - <para>Removes all files owned by the user from temporary - file storage areas such as - <filename>/tmp</filename>.</para> - </step> - - <step> - <para>Finally, removes the username from all groups to - which it belongs in <filename>/etc/group</filename>. If - a group becomes empty and the group name is the same as - the username, the group is removed. This complements - the per-user unique groups created by - &man.adduser.8;.</para> - </step> - </procedure> - - <para>&man.rmuser.8; cannot be used to remove superuser - accounts since that is almost always an indication of - massive destruction.</para> - - <para>By default, an interactive mode is used, as shown - in the following example.</para> - - <example> - <title><command>rmuser</command> Interactive Account - Removal</title> - - <screen>&prompt.root; <userinput>rmuser jru</userinput> -Matching password entry: -jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh -Is this the entry you wish to remove? <userinput>y</userinput> -Remove user's home directory (/home/jru)? <userinput>y</userinput> -Removing user (jru): mailspool home passwd. -&prompt.root;</screen> - </example> - </sect3> - - <sect3 xml:id="users-chpass"> - <title><command>chpass</command></title> - - <indexterm> - <primary><command>chpass</command></primary> - </indexterm> - - <para>Any user can use &man.chpass.1; to change their default - shell and personal information associated with their user - account. The superuser can use this utility to change - additional account information for any user.</para> - - <para>When passed no options, aside from an optional username, - &man.chpass.1; displays an editor containing user - information. When the user exits from the editor, the user - database is updated with the new information.</para> - - <note> - <para>This utility will prompt for the user's password when - exiting the editor, unless the utility is run as the - superuser.</para> - </note> - - <para>In <xref linkend="users-modifying-chpass-su"/>, the - superuser has typed <command>chpass jru</command> and is - now viewing the fields that can be changed for this user. - If <systemitem class="username">jru</systemitem> runs this - command instead, only the last six fields will be displayed - and available for editing. This is shown in - <xref linkend="users-modifying-chpass-ru"/>.</para> - - <example xml:id="users-modifying-chpass-su"> - <title>Using <command>chpass</command> as - Superuser</title> - - <screen>#Changing user database information for jru. -Login: jru -Password: * -Uid [#]: 1001 -Gid [# or name]: 1001 -Change [month day year]: -Expire [month day year]: -Class: -Home directory: /home/jru -Shell: /usr/local/bin/zsh -Full Name: J. Random User -Office Location: -Office Phone: -Home Phone: -Other information:</screen> - </example> - - <example xml:id="users-modifying-chpass-ru"> - <title>Using <command>chpass</command> as Regular - User</title> - - <screen>#Changing user database information for jru. -Shell: /usr/local/bin/zsh -Full Name: J. Random User -Office Location: -Office Phone: -Home Phone: -Other information:</screen> - </example> - - <note> - <para>The commands &man.chfn.1; and &man.chsh.1; are links - to &man.chpass.1;, as are &man.ypchpass.1;, - &man.ypchfn.1;, and &man.ypchsh.1;. Since - <acronym>NIS</acronym> support is automatic, specifying - the <literal>yp</literal> before the command is not - necessary. How to configure NIS is covered in <xref - linkend="network-servers"/>.</para> - </note> - </sect3> - - <sect3 xml:id="users-passwd"> - <title><command>passwd</command></title> - - <indexterm> - <primary><command>passwd</command></primary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>changing password</secondary> - </indexterm> - - <para>Any user can easily change their password using - &man.passwd.1;. To prevent accidental or unauthorized - changes, this command will prompt for the user's original - password before a new password can be set:</para> - - <example> - <title>Changing Your Password</title> - - <screen>&prompt.user; <userinput>passwd</userinput> -Changing local password for jru. -Old password: -New password: -Retype new password: -passwd: updating the database... -passwd: done</screen> - </example> - - <para>The superuser can change any user's password by - specifying the username when running &man.passwd.1;. When - this utility is run as the superuser, it will not prompt for - the user's current password. This allows the password to be - changed when a user cannot remember the original - password.</para> - - <example> - <title>Changing Another User's Password as the - Superuser</title> - - <screen>&prompt.root; <userinput>passwd jru</userinput> -Changing local password for jru. -New password: -Retype new password: -passwd: updating the database... -passwd: done</screen> - </example> - - <note> - <para>As with &man.chpass.1;, &man.yppasswd.1; is a link to - &man.passwd.1;, so <acronym>NIS</acronym> works with - either command.</para> - </note> - </sect3> - - <sect3 xml:id="users-pw"> - <title><command>pw</command></title> - - <indexterm> - <primary><command>pw</command></primary> - </indexterm> - - <para>The &man.pw.8; utility can create, remove, - modify, and display users and groups. It functions as a - front end to the system user and group files. &man.pw.8; - has a very powerful set of command line options that make it - suitable for use in shell scripts, but new users may find it - more complicated than the other commands presented in this - section.</para> - </sect3> - </sect2> - - <sect2 xml:id="users-groups"> - <title>Managing Groups</title> - - <indexterm> - <primary>groups</primary> - </indexterm> - <indexterm> - <primary><filename>/etc/groups</filename></primary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>groups</secondary> - </indexterm> - - <para>A group is a list of users. A group is identified by its - group name and <acronym>GID</acronym>. In &os;, the kernel - uses the <acronym>UID</acronym> of a process, and the list of - groups it belongs to, to determine what the process is allowed - to do. Most of the time, the <acronym>GID</acronym> of a user - or process usually means the first group in the list.</para> - - <para>The group name to <acronym>GID</acronym> mapping is listed - in <filename>/etc/group</filename>. This is a plain text file - with four colon-delimited fields. The first field is the - group name, the second is the encrypted password, the third - the <acronym>GID</acronym>, and the fourth the comma-delimited - list of members. For a more complete description of the - syntax, refer to &man.group.5;.</para> - - <para>The superuser can modify <filename>/etc/group</filename> - using a text editor. Alternatively, &man.pw.8; can be used to - add and edit groups. For example, to add a group called - <systemitem class="groupname">teamtwo</systemitem> and then - confirm that it exists:</para> - - <example> - <title>Adding a Group Using &man.pw.8;</title> - - <screen>&prompt.root; <userinput>pw groupadd teamtwo</userinput> -&prompt.root; <userinput>pw groupshow teamtwo</userinput> -teamtwo:*:1100:</screen> - </example> - - <para>In this example, <literal>1100</literal> is the - <acronym>GID</acronym> of - <systemitem class="groupname">teamtwo</systemitem>. Right - now, <systemitem class="groupname">teamtwo</systemitem> has no - members. This command will add - <systemitem class="username">jru</systemitem> as a member of - <systemitem class="groupname">teamtwo</systemitem>.</para> - - <example> - <title>Adding User Accounts to a New Group Using - &man.pw.8;</title> - - <screen>&prompt.root; <userinput>pw groupmod teamtwo -M jru</userinput> -&prompt.root; <userinput>pw groupshow teamtwo</userinput> -teamtwo:*:1100:jru</screen> - </example> - - <para>The argument to <option>-M</option> is a comma-delimited - list of users to be added to a new (empty) group or to replace - the members of an existing group. To the user, this group - membership is different from (and in addition to) the user's - primary group listed in the password file. This means that - the user will not show up as a member when using - <option>groupshow</option> with &man.pw.8;, but will show up - when the information is queried via &man.id.1; or a similar - tool. When &man.pw.8; is used to add a user to a group, it - only manipulates <filename>/etc/group</filename> and does not - attempt to read additional data from - <filename>/etc/passwd</filename>.</para> - - <example> - <title>Adding a New Member to a Group Using &man.pw.8;</title> - - <screen>&prompt.root; <userinput>pw groupmod teamtwo -m db</userinput> -&prompt.root; <userinput>pw groupshow teamtwo</userinput> -teamtwo:*:1100:jru,db</screen> - </example> - - <para>In this example, the argument to <option>-m</option> is a - comma-delimited list of users who are to be added to the - group. Unlike the previous example, these users are appended - to the group and do not replace existing users in the - group.</para> - - <example> - <title>Using &man.id.1; to Determine Group Membership</title> - - <screen>&prompt.user; <userinput>id jru</userinput> -uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)</screen> - </example> - - <para>In this example, - <systemitem class="username">jru</systemitem> is a member of - the groups <systemitem class="groupname">jru</systemitem> and - <systemitem class="groupname">teamtwo</systemitem>.</para> - - <para>For more information about this command and the format of - <filename>/etc/group</filename>, refer to &man.pw.8; and - &man.group.5;.</para> - </sect2> - </sect1> - - <sect1 xml:id="permissions"> - <title>權限</title> - <indexterm><primary>UNIX</primary></indexterm> - - <para>FreeBSD 源自於 BSD &unix;,繼承了幾個重要的 &unix; 概念。 - 首先也最明顯,它是一款 multi-user 作業系統。 它可以同時處理多人多工, - 負責徹底的分享與管理來自每位使用者對硬碟裝置、週邊設備、記憶體及 - CPU 時間的要求。</para> - - <para>也因為系統能夠支援多使用者, - 所以系統管理的一切都有權限來決定誰可以讀取、寫入或執行資源。 - 這些權限分別使用三組八進位的數字儲存,一組代表檔案的所有者, - 一組代表檔案所屬的群組,而最後一組則代表其他所有人。 - 表示這些數字的方式如下:</para> - - <indexterm><primary>permissions</primary></indexterm> - <indexterm> - <primary>file permissions</primary> - </indexterm> - <informaltable frame="none" pgwide="1"> - <tgroup cols="3"> - <thead> - <row> - <entry>值</entry> - <entry>權限</entry> - <entry>目錄顯示</entry> - </row> - </thead> - - <tbody> - <row> - <entry>0</entry> - <entry>不可讀取, 不可寫入, 不可執行</entry> - <entry><literal>---</literal></entry> - </row> - - <row> - <entry>1</entry> - <entry>不可讀取, 不可寫入, 可執行</entry> - <entry><literal>--x</literal></entry> - </row> - - <row> - <entry>2</entry> - <entry>不可讀取, 可寫入, 不可執行</entry> - <entry><literal>-w-</literal></entry> - </row> - - <row> - <entry>3</entry> - <entry>不可讀取, 可寫入, 可執行</entry> - <entry><literal>-wx</literal></entry> - </row> - - <row> - <entry>4</entry> - <entry>可讀取, 不可寫入, 不可執行</entry> - <entry><literal>r--</literal></entry> - </row> - - <row> - <entry>5</entry> - <entry>可讀取, 不可寫入, 可執行</entry> - <entry><literal>r-x</literal></entry> - </row> - - <row> - <entry>6</entry> - <entry>可讀取, 可寫入, 不可執行</entry> - <entry><literal>rw-</literal></entry> - </row> - - <row> - <entry>7</entry> - <entry>可讀取, 可寫入, 可執行</entry> - <entry><literal>rwx</literal></entry> - </row> - </tbody> - </tgroup> - </informaltable> - <indexterm> - <primary><command>ls</command></primary> - </indexterm> - <indexterm><primary>directories</primary></indexterm> - - <para>使用 &man.ls.1; 指令時,可以加上 <option>-l</option> 參數, - 來檢視詳細的目錄清單。 - 清單中欄位的資訊包含檔案對所有者、群組及其他人的權限。 - 在任一個目錄底下執行 <command>ls -l</command>,會顯示如下的結果: - </para> - - <screen>&prompt.user; <userinput>ls -l</userinput> -total 530 --rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile --rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile --rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt -...</screen> - - <para>在這裡告所您該如何區分 <command>ls -l</command> - 第一欄當中的資訊:</para> - - <screen>-rw-r--r--</screen> - - <para>第一個 (最左邊) 的字元用來表示這個檔案的類型為何, - 除標準檔案以外,尚有目錄、特殊字元裝置 (Special character device)、 - Socket 及其他特殊虛擬檔案裝置 (Special pseudo-file device), - 在此例當中,<literal>-</literal> 表示該檔案為一個標準的檔案。 - 範例中接下來的三個字元中,<literal>rw-</literal> - 代表所有者對檔案擁有的權限。 再接下來的三個字元, - <literal>r--</literal> 則代表群組對檔案擁有的權限, - 最後三個字元,<literal>r--</literal> 則代表其他人對檔案擁有的權限。 - 破折號 (-) 表示沒有權限,範例中的這個檔案的權限, - 只允許所有者讀取、寫入檔案,群組以及其他人僅能讀取檔案。 - 根據以上的表格,此種權限的檔案可以使用 <literal>644</literal> 來表示, - 每組數字分別代表檔案的三種權限。</para> - - <para>以上是不錯的方式,但系統該如何控制裝置的權限? 實際上 FreeBSD - 對大多的硬碟裝置就如同檔案,程式可以開啟、讀取以及寫入資料如一般檔案。 - 這些特殊裝置檔案 (Special device file) 都儲存於 <filename>/dev</filename> - 目錄中。</para> - - <para> - 目錄也同如檔案,擁有讀取、寫入及執行的權限, - 但在執行權限上與檔案有明顯的差異。 當目錄被標示為可執行時,代表可以使用 - <quote>cd</quote> (更改目錄) 進入該目錄。 - 也代表能夠存取在此目錄之中的已知檔名的檔案 - (當然,檔案仍擁有自己的權限)</para> - - <para>尤其,要能夠列出目錄內容,必須擁有目錄的讀取權限。 - 而當要刪除已知檔名的檔案時,也必須擁有檔案所在目錄的寫入 - <emphasis>以及</emphasis> 執行的權限。</para> - - <para>還有一些權限,但這些權限主要在特殊情況使用,如 - setuid binaries 及 sticky directories。 - 如果您還想知道更多檔案權限的資訊及使用方法,請務必參閱 - &man.chmod.1; 說明文件。</para> - - <sect2> - <info><title>權限符號</title> - <authorgroup> - <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - - - <indexterm><primary>permissions</primary><secondary>symbolic</secondary></indexterm> - - <para>權限符號可稱做符號表示, - 使用字元的方式來取代使用數值來設定檔案或目錄的權限。 - 符號表示的格式依序為 (某人)(動作)(權限),可使用的符號如下:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="3"> - <thead> - <row> - <entry>項目</entry> - <entry>字母</entry> - <entry>意義</entry> - </row> - </thead> - - <tbody> - <row> - <entry>(某人)</entry> - <entry>u</entry> - <entry>使用者</entry> - </row> - - <row> - <entry>(某人)</entry> - <entry>g</entry> - <entry>群組所有者</entry> - </row> - - <row> - <entry>(某人)</entry> - <entry>o</entry> - <entry>其他</entry> - </row> - - <row> - <entry>(某人)</entry> - <entry>a</entry> - <entry>全部(<quote>world</quote>)</entry> - </row> - - <row> - <entry>(動作)</entry> - <entry>+</entry> - <entry>增加權限</entry> - </row> - - <row> - <entry>(動作)</entry> - <entry>-</entry> - <entry>移除權限</entry> - </row> - - <row> - <entry>(動作)</entry> - <entry>=</entry> - <entry>指定權限</entry> - </row> - - <row> - <entry>(權限)</entry> - <entry>r</entry> - <entry>讀取</entry> - </row> - - <row> - <entry>(權限)</entry> - <entry>w</entry> - <entry>寫入</entry> - </row> - - <row> - <entry>(權限)</entry> - <entry>x</entry> - <entry>執行</entry> - </row> - - <row> - <entry>(權限)</entry> - <entry>t</entry> - <entry>Sticky bit</entry> - </row> - - <row> - <entry>(權限)</entry> - <entry>s</entry> - <entry>Set UID 或 GID</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>如先前同樣使用 &man.chmod.1; 指令來設定,但使用的參數為這些字元。 - 例如,您可以使用下列指令禁止其他使用者存取檔案 - <replaceable>FILE</replaceable>:</para> - - <screen>&prompt.user; <userinput>chmod go= FILE</userinput></screen> - - <para>若有兩個以上的符號表示可以使用逗號 (,) 區隔。 - 例如,下列指令將會移除群組及其他人對檔案 - <replaceable>FILE</replaceable> 的寫入權限, - 並使全部人(<quote>world</quote>)對該檔有執行權限。</para> - - <screen>&prompt.user; <userinput>chmod go-w,a+x FILE</userinput></screen> - -<!-- - <para>Most users will not notice this, but it should be pointed out - that using the octal method will only set or assign permissions to - a file; it does not add or delete them.</para> ---> - </sect2> - - <sect2> - <info><title>&os; 檔案旗標(Flag)</title> - <authorgroup> - <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Contributed by </contrib></author> - </authorgroup> - </info> - - - - <para>除了前面提到的檔案權限外,&os; 支援使用 <quote>檔案旗標</quote>。 - 這些旗標增加了檔案的安全性及管理性,但不包含目錄。</para> - - <para>檔案旗標增加了管理性,確保在某些時候 <systemitem class="username">root</systemitem> - 不會意外將檔案修改或移除。</para> - - <para>修改的檔案 flag 僅需要使用擁有簡易的介面的 &man.chflags.1; 工具。 - 例如,標示系統禁止刪除的旗標於檔案 - <filename>file1</filename>,使用下列指令:</para> - - <screen>&prompt.root; <userinput>chflags sunlink file1</userinput></screen> - - <para>若要移除系統禁止刪除的旗標,只需要簡單在 <option>sunlink</option> - 前加上 <quote>no</quote>,例如:</para> - - <screen>&prompt.root; <userinput>chflags nosunlink file1</userinput></screen> - - <para>使用 &man.ls.1; 及參數 <option>-lo</option> - 可檢視檔案目前的旗標:</para> - - <screen>&prompt.root; <userinput>ls -lo file1 - </userinput></screen> - - <para>輸出的結果如下:</para> - - <programlisting>-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1</programlisting> - - <para>多數的旗標僅能由 <systemitem class="username">root</systemitem> - 使用者來標示或移除,而部份旗標可由檔案所有者設定。 - 我們建議系統管理者可閱讀 &man.chflags.1; 及 &man.chflags.2; - 說明以瞭解相關細節。</para> - </sect2> - </sect1> - - <sect1 xml:id="dirstructure"> - <title>目錄結構</title> - <indexterm><primary>directory hierarchy</primary></indexterm> - - <para>認識 FreeBSD 的目錄架構,就可對系統有概略的基礎理解。 - 最重要的莫過於整個目錄的根目錄,就是 <quote>/</quote> 目錄, - 該目錄會在開機時最先掛載 (mount),裡面會有開機所會用到必備檔案。 - 此外,根目錄還有紀錄其他檔案系統的掛載點相關設定。</para> - - <para>「掛載點」就是讓新增的檔案系統,能接到上層的檔案系統 - (通常就是「根目錄」檔案系統) 的目錄。 - 在 <xref linkend="disk-organization"/> 這邊對此有更詳細介紹。 - 標準的掛載點包括了 <filename>/usr</filename>、<filename>/var</filename>、 - <filename>/tmp</filename>、<filename>/mnt</filename> 以及 - <filename>/cdrom</filename>。 這些目錄通常會記錄在 - <filename>/etc/fstab</filename> 設定檔內。 - <filename>/etc/fstab</filename> 是記錄各檔案系統及相關掛載點的表格。 - 大部分在 <filename>/etc/fstab</filename> 有記錄的檔案系統,會在開機時由 - &man.rc.8; script 來自動掛載,除非它們有設定 <option>noauto</option> - 選項。 其中細節說明可參閱 <xref linkend="disks-fstab"/>。</para> - - <para>有關檔案系統架構的完整說明可參閱 &man.hier.7;。 - 現在呢,讓我們大致先一窺常見的目錄有哪些吧。</para> - - <para> - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <thead> - <row> - <entry>目錄</entry> - <entry>說明</entry> - </row> - </thead> - <tbody valign="top"> - <row> - <entry><filename>/</filename></entry> - <entry>檔案系統的根目錄。</entry> - </row> - - <row> - <entry><filename>/bin/</filename></entry> - <entry>single-user、multi-user 兩種模式皆可使用的基本工具 - 。</entry> - </row> - - <row> - <entry><filename>/boot/</filename></entry> - <entry>作業系統開機過程會用到的程式、設定檔。</entry> - </row> - - <row> - <entry><filename>/boot/defaults/</filename></entry> - <entry>預設的開機啟動設定檔,詳情請參閱 &man.loader.conf.5; - 。</entry> - </row> - - <row> - <entry><filename>/dev/</filename></entry> - <entry>Device nodes,詳情請參閱 &man.intro.4;。</entry> - </row> - - <row> - <entry><filename>/etc/</filename></entry> - <entry>系統設定檔及一些 script 檔。</entry> - </row> - - <row> - <entry><filename>/etc/defaults/</filename></entry> - <entry>預設的系統設定檔,詳情請參閱 &man.rc.8;。</entry> - </row> - - <row> - <entry><filename>/etc/mail/</filename></entry> - <entry>MTA(Mail Transport Agent)的相關設定檔,像是 - &man.sendmail.8;。</entry> - </row> - - <row> - <entry><filename>/etc/namedb/</filename></entry> - <entry><command>named</command> 設定檔,詳情請參閱 - &man.named.8;。</entry> - </row> - - <row> - <entry><filename>/etc/periodic/</filename></entry> - <entry>每日、每週、每月透過 &man.cron.8;; 執行的定期排程 script, - 詳情請參閱 &man.periodic.8;。</entry> - </row> - - <row> - <entry><filename>/etc/ppp/</filename></entry> - <entry><command>ppp</command> 設定檔,詳情請參閱 - &man.ppp.8;。</entry> - </row> - - <row> - <entry><filename>/mnt/</filename></entry> - <entry>系統管理者慣用充當臨時掛載點的空目錄。</entry> - </row> - - <row> - <entry><filename>/proc/</filename></entry> - <entry>Process 檔案系統,詳情請參閱 &man.procfs.5; 及 - &man.mount.procfs.8;。</entry> - </row> - - <row> - <entry><filename>/rescue/</filename></entry> - <entry>緊急救援用途的一些 statically linked 程式,詳情請參閱 - &man.rescue.8;。</entry> - </row> - - <row> - <entry><filename>/root/</filename></entry> - <entry><systemitem class="username">root</systemitem> 帳號的家目錄。</entry> - </row> - - <row> - <entry><filename>/sbin/</filename></entry> - <entry>供 single-user 及 multi-user 環境使用的系統程式及管理工具 - 。</entry> - </row> - - <row> - <entry><filename>/tmp/</filename></entry> - <entry>臨時檔案。 一般而言,重開機之後 - <filename>/tmp</filename> 內的東西會被清除掉。 - 而通常會將 memory-based 檔案系統掛載在 - <filename>/tmp</filename> 上。 - 這些瑣事可透過 tmpmfs 相關的 &man.rc.conf.5; 環境變數來自動完成 - 。(或是在 <filename>/etc/fstab</filename> 內做設定, - 詳情請參閱 &man.mdmfs.8;。)</entry> - </row> - - <row> - <entry><filename>/usr/</filename></entry> - <entry>主要是使用者所安裝的工具程式、應用程式存放處。</entry> - </row> - - <row> - <entry><filename>/usr/bin/</filename></entry> - <entry>常用工具、開發工具、應用軟體。</entry> - </row> - - <row> - <entry><filename>/usr/include/</filename></entry> - <entry>標準 C include 的相關 header 檔案庫。</entry> - </row> - - <row> - <entry><filename>/usr/lib/</filename></entry> - <entry>函式庫存放處。</entry> - </row> - - <row> - <entry><filename>/usr/libdata/</filename></entry> - <entry>其他各式工具的資料檔。</entry> - </row> - - <row> - <entry><filename>/usr/libexec/</filename></entry> - <entry>系統 daemons 及系統工具程式(透過其他程式來執行)。</entry> - </row> - - <row> - <entry><filename>/usr/local/</filename></entry> - - <entry>存放一些自行安裝的執行檔、函式庫等等。 同時,也是 FreeBSD - ports 架構的預設安裝目錄。 <filename>/usr/local</filename> - 內的目錄架構大致與 <filename>/usr</filename> 相同,詳情請參閱 - &man.hier.7; 說明。 但 man 目錄例外,它們是直接放在 - <filename>/usr/local</filename> 底下,而非 - <filename>/usr/local/share</filename>,而 ports - 所安裝的說明文件則在 - <filename>share/doc/port</filename>。 - </entry> - </row> - - <row> - <entry><filename>/usr/obj/</filename></entry> - <entry>在編譯 <filename>/usr/src</filename> - 目錄時所產生的相關架構 object 檔案。</entry> - </row> - - <row> - <entry><filename>/usr/ports</filename></entry> - <entry>FreeBSD Ports Collection (optional)。</entry> - </row> - - <row> - <entry><filename>/usr/sbin/</filename></entry> - <entry>系統 daemon 及系統工具(直接由使用者執行)。</entry> - </row> - - <row> - <entry><filename>/usr/share/</filename></entry> - <entry>各架構皆共通的檔案。</entry> - </row> - - <row> - <entry><filename>/usr/src/</filename></entry> - <entry>BSD 本身的原始碼(或自行新增的)。</entry> - </row> - - <row> - <entry><filename>/usr/X11R6/</filename></entry> - <entry>X11R6 相關套件的執行檔、函式庫等(optional)。</entry> - </row> - - <row> - <entry><filename>/var/</filename></entry> - <entry>存放各種用途的 log 檔、臨時或暫時存放、列印或郵件的 - spool 檔案。有時候,memory-based 檔案系統也會掛載在 - <filename>/var</filename>。 - 這些瑣事可透過 varmfs 相關的 &man.rc.conf.5; - 環境變數來自動完成。(或是在 - <filename>/etc/fstab</filename> 內做設定,相關細節請參閱 - &man.mdmfs.8;。)</entry> - </row> - - - <row> - <entry><filename>/var/log/</filename></entry> - <entry>各項系統記錄的 log 檔案。</entry> - </row> - - <row> - <entry><filename>/var/mail/</filename></entry> - <entry>各使用者的 mailbox 檔案。</entry> - </row> - - <row> - <entry><filename>/var/spool/</filename></entry> - <entry>各種印表機、郵件系統的 spool 目錄。</entry> - </row> - - <row> - <entry><filename>/var/tmp/</filename></entry> - <entry>臨時檔案。 - 這些檔案在重開機後通常仍會保留,除非 - <filename>/var</filename> - 是屬於 memory-based 檔案系統。</entry> - </row> - - <row> - <entry><filename>/var/yp</filename></entry> - <entry>記錄 NIS maps。</entry> - </row> - - </tbody> - </tgroup> - </informaltable> - </para> - - </sect1> - - <sect1 xml:id="disk-organization"> - <title>磁碟組織</title> - - <para>FreeBSD 用來尋找檔案的最小單位就是檔案的名稱了。 - 檔案的名稱有大小寫之分,所以說 <filename>readme.txt</filename> - 和 <filename>README.TXT</filename> 是兩個不同的檔案。 - FreeBSD 並不使用副檔名 (<filename>.txt</filename>) - 來判別這是一個程式檔、文件檔或是其他類型的檔案。</para> - - <para>檔案存在目錄裡面。 - 一個目錄中可能沒有任何檔案,也可能有好幾百個檔案。 - 目錄之中也可以包含其他的目錄; - 您可以建立階層式的目錄以便資料的管理。</para> - - <para>檔案或目錄的對應是藉由給定的檔案或目錄名稱,然後加上正斜線符號 - (<literal>/</literal>);之後再視需要加上其他的目錄名稱。 - 如果您有一個目錄 <filename>foo</filename> ,裡面有一個目錄叫作 - <filename>bar</filename>,這個目錄中又包含了一個叫 - <filename>readme.txt</filename> - 的檔案,那麼這個檔案的全名,或者說檔案的<firstterm>路徑</firstterm>就是 - <filename>foo/bar/readme.txt</filename>。</para> - - <para>目錄及檔案儲存在檔案系統之中。 - 每個檔案系統都有唯一一個最上層的目錄,叫做<firstterm>根目錄 - (root directory)</firstterm>。 - 然後在這個根目錄下面才能有其他的目錄。</para> - - <para>到目前為止大概和其他您用過的的作業系統都差不多。 - 還是有些不一樣的地方就是了,例如 &ms-dos; 用 <literal>\</literal> - 當檔案和目錄名稱的分隔符號,而 &macos; 則是用 <literal>:</literal> - 符號。</para> - - <para>FreeBSD 的路徑中並沒有使用磁碟機代號或其他的磁碟名稱。 - 因此,您不可以使用像 <filename>c:/foo/bar/readme.txt</filename> - 這樣子的檔案名稱。</para> - - <para>相對的,在 FreeBSD - 系統中有一個檔案系統被指定為<firstterm>根檔案系統</firstterm>。 - 根檔案系統的根目錄由 <literal>/</literal> 表示。 - 然後其他的檔案系統再<firstterm>掛載 (mount)</firstterm> - 在根檔案系統之下。因此無論您的 FreeBSD - 系統上有多少顆硬碟,每一個目錄看起來就像在同一個磁碟上。</para> - - <para>假設您有三個檔案系統,分別叫作 <literal>A</literal>、 - <literal>B</literal> 及 <literal>C</literal>。 - 每個檔案系統都包含兩個目錄,叫做 - <literal>A1</literal>、<literal>A2</literal> (依此類推得 - <literal>B1</literal>、<literal>B2</literal> 及 - <literal>C1</literal>、<literal>C2</literal>)。</para> - - <para>稱 <literal>A</literal> 為主要的檔案系統;如果您用 - <command>ls</command> 指令查看此目錄的內容,您會看到兩個子目錄: - <literal>A1</literal> 及 <literal>A2</literal>,如下所示:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="install/example-dir1"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | - `--- A2</literallayout> - </textobject> - </mediaobject> - - <para>一個檔案系統必須以目錄形式掛載於另一個檔案系統上。 - 因此,假設您將 <literal>B</literal> 掛載於 <literal>A1</literal> - 之上,則 <literal>B</literal> 的根目錄就變成了 - <literal>A1</literal>,而在 <literal>B</literal> - 之下的任何目錄的路徑也隨之改變:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="install/example-dir2"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | | - | +--- B1 - | | - | `--- B2 - | - `--- A2</literallayout> - </textobject> - </mediaobject> - - <para>在 <literal>B1</literal> 或 <literal>B2</literal> - 目錄中的任何檔案必須經由路徑 <filename>/A1/B1</filename> - 或 <filename>/A1/B2</filename> 才能達到。 - 所有原來在 <filename>/A1</filename> 中的檔案會暫時被隱藏起來,直到 - <literal>B</literal> 被「<firstterm>移除 - (unmounted)</firstterm>」後才會再顯現出來。</para> - - <para>如果 <literal>B</literal> 掛載在 <literal>A2</literal> - 之上,則會變成:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="install/example-dir3"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | - `--- A2 - | - +--- B1 - | - `--- B2</literallayout> - </textobject> - </mediaobject> - - <para>上面的路徑分別為 <filename>/A2/B1</filename> 及 - <filename>/A2/B2</filename>。</para> - - <para>檔案系統可以掛在其他檔案系統的目錄之上。 - 延續之前的例子,<literal>C</literal> 檔案系統可以掛在檔案系統 - <literal>B</literal> 的 <literal>B1</literal> - 目錄之上,如圖所示:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="install/example-dir4"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | - `--- A2 - | - +--- B1 - | | - | +--- C1 - | | - | `--- C2 - | - `--- B2</literallayout> - </textobject> - </mediaobject> - - <para>或者 <literal>C</literal> 直接掛載於 <literal>A</literal> 的 - <literal>A1</literal> 目錄之上:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="install/example-dir5"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | | - | +--- C1 - | | - | `--- C2 - | - `--- A2 - | - +--- B1 - | - `--- B2</literallayout> - </textobject> - </mediaobject> - - <para>如果您熟悉 &ms-dos; 的話,這和 <command>join</command> - 指令很類似 (雖然不儘相同)。</para> - - <para>一般情況下您不需要擔心這些東西。 - 除非您要安裝新的磁碟,不然通常在您安裝 FreeBSD - 時建立好檔案系統並決定好要掛載在何處之後就不會再做任何更動了。</para> - - <para>您完全可以使用單一的一個大的根檔案系統 (root file system) - 而不建立其他的檔案系統。 這樣有好處也有有壞處。</para> - - <itemizedlist> - <title>使用多個檔案系統的好處</title> - - <listitem> - <para>不同的檔案系統在掛上的時候可以有不同的 - <firstterm>掛載參數</firstterm>。 - 舉例來說,為求謹慎您可以將根檔案系統設成唯讀, - 以避免不小心刪除或修改掉重要的檔案。 - 將使用者可寫入的檔案系統 (例如 <filename>/home</filename>) - 獨立出來也可以讓他們用 <firstterm>nosuid</firstterm> - 的參數掛載,此選項可以讓在這個檔案系統中執行檔的 - <firstterm>suid</firstterm>/<firstterm>guid</firstterm> - bits 失效,也許可以讓系統更安全。</para> - </listitem> - - <listitem> - <para>FreeBSD 會自動根據您檔案系統的使用方式來做最佳的檔案配置方式。 - 因此,一個有很多小檔案、 - 常常寫入的檔案系統跟只有幾個較大的檔案的檔案系統配置是不一樣的。 - 如果您只有單一一個大的檔案系統,這部分就沒用了。</para> - </listitem> - - <listitem> - <para>FreeBSD 的檔案系統在停電的時候很穩固。 - 然而,在某些重要的時候停電仍然會對檔案系統結構造成損害。 - 分割成許多個檔案系統的話在系統在停電後比較能夠正常啟動, - 以便您在需要的時候將備份資料回存回來。</para> - </listitem> - </itemizedlist> - - <itemizedlist> - <title>使用單一檔案系統的好處</title> - - <listitem> - <para>檔案系統的大小是固定的。 - 您當初安裝 FreeBSD - 的時候應該會給定一個大小,可是後來您可能會想把空間加大。 - 如果沒有備份的話是很難達成的; - 您必須將檔案系統重新建立為您需要的大小,然後將備份回存回來。</para> - - <important> - <para>FreeBSD 的 &man.growfs.8; - 指令可以突破此限制直接變更檔案系統的大小。</para> - </important> - </listitem> - </itemizedlist> - - <para>檔案系統包含在分割區裡面。 - 因為 &os; 承襲 &unix; 架構,這邊講的分割區和一般提到的分割區 - (例如 &ms-dos; 分割區) 不同。 每一個分割區由一個代號(字母)表示,從 - <literal>a</literal> 到 <literal>h</literal>。 - 每個分割區只能包含一個檔案系統。 - 因此除了說常見到用檔案系統同的掛載點來表示檔案系統外, - 也可以用包含他的分割區代號來表示。</para> - - <para>FreeBSD 也會拿磁碟空間來當 <firstterm>swap space</firstterm>。 - Swap space 給 FreeBSD 當作<firstterm>虛擬記憶體</firstterm>用。 - 這讓您的電腦好像擁有比實際更多的記憶體。 - 當 FreeBSD 的記憶體用完的時候,它會把一些目前沒用到的資料移到 - swap space,然後在用到的時候移回去 (同時移出部份沒用到的)。</para> - - <para>某些分割區有慣例的使用方式如下:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="5*"/> - - <thead> - <row> - <entry>分割區</entry> - - <entry>慣例</entry> - </row> - </thead> - - <tbody valign="top"> - <row> - <entry><literal>a</literal></entry> - - <entry>通常包含根檔案系統 (root file system)</entry> - </row> - - <row> - <entry><literal>b</literal></entry> - - <entry>通常是 swap space</entry> - </row> - - <row> - <entry><literal>c</literal></entry> - - <entry>通常和整個 slice 的大小一樣,給一些會用到整個 slice - 的工具程式 (例如硬碟壞軌檢查工具) 來使用。 - 一般來說您應該不會把檔案系統建立在這個分割區。</entry> - </row> - - <row> - <entry><literal>d</literal></entry> - - <entry>分割區 <literal>d</literal> - 曾經有代表特殊意義,但是已經不再使用。 - 所以現在 <literal>d</literal> - 就和其他一般的分割區相同了。</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>每個包含有檔案系統的分割區是存在所謂的 - <firstterm>slice</firstterm> 裡面。 - FreeBSD 的 slice 就是指平常我們稱為分割區 (partition) 的東西。 - 同樣地,會這樣子稱呼也是因為 FreeBSD 的 &unix; 色彩。 - 而 slice 是有編號的,從 1 號編到 4 號。</para> - - <indexterm><primary>slices</primary></indexterm> - <indexterm><primary>partitions</primary></indexterm> - <indexterm><primary>dangerously dedicated</primary></indexterm> - - <para>slice 號碼跟在裝置名稱後面,先接一個字母 - <literal>s</literal>,然後從 1 號開始編下去。 - 因此 <quote>da0<emphasis>s1</emphasis></quote> 就是指第一個 SCSI - 硬碟的第一個 slice。 一個磁碟上只能有四個實體的 slice,但是在實體的 - slice 中您可以塞進適當類型的邏輯 slice。 這些延伸的 slice 編號從 5 - 開始,所以 <quote>ad0<emphasis>s5</emphasis></quote> 是第一個 IDE - 硬碟上的第一個延伸 slice。 檔案系統在裝置 (device) 裡就是在一個 slice - 之中。</para> - - <para>Slices、<quote>dangerously dedicated</quote> - 模式的實體磁碟機,以及其他包含<firstterm>分割區(partition)</firstterm> - 的磁碟都是以字母 <literal>a</literal> 到 <literal>h</literal> - 的編號來表示。 編號是接在裝置名稱的後面的,因此 - <quote>da0<emphasis>a</emphasis></quote> 是磁碟機 da 上的第一個 - <quote>dangerously dedicated</quote>模式之分割區。 - 而 <quote>ad1s3<emphasis>e</emphasis></quote> - 則是第二顆 IDE 硬碟上第三個 slice 的第五個分割區。</para> - - <para>最後,我們就可以把系統上的每個磁碟都區分出來了。 - 一個磁碟的名稱會有一個代碼來表示這個磁碟的類型,接著是一個數字, - 表示這是哪一個磁碟。 這邊跟 slice 每個磁碟編號從 0 開始不一樣。 - 常見的代碼可以參考 <xref linkend="basics-dev-codes"/>。</para> - - <para>當要參照一個分割區的時候,FreeBSD 會要您一併輸入包含這個分割區的 - slice 及磁碟機名稱;當要參照一個 slice 的時候,也必須輸入包含這個 - slice 的磁碟名稱。 怎麼做呢?首先先列出磁碟名稱,然後 - <literal>s</literal> 加上 slice 編號,最後再輸入分割區字母代號。 - 範例可以參考 <xref linkend="basics-disk-slice-part"/>.</para> - - <para><xref linkend="basics-concept-disk-model"/> - 示範了一個基本的磁碟分布模式,相信對您有些幫助。</para> - - <para>要安裝 FreeBSD,您必須先建置磁碟的 slice,接著於 slice 中建立要給 - FreeBSD 用的分割區。 最後在這些分割區中建立檔案系統 (或 swap space) - 並決定要將這些檔案系統掛載於哪裡。</para> - - <table frame="none" pgwide="1" xml:id="basics-dev-codes"> - <title>磁碟機代號</title> - - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="5*"/> - - <thead> - <row> - <entry>代號</entry> - - <entry>意義</entry> - </row> - </thead> - - <tbody> - <row> - <entry><filename>ad</filename></entry> - - <entry>ATAPI(IDE) 磁碟機</entry> - </row> - - <row> - <entry><filename>da</filename></entry> - - <entry>SCSI 直接存取磁碟機</entry> - </row> - - <row> - <entry><filename>acd</filename></entry> - - <entry>ATAPI(IDE) 光碟機</entry> - </row> - - <row> - <entry><filename>cd</filename></entry> - - <entry>SCSI 光碟機</entry> - </row> - - <row> - <entry><filename>fd</filename></entry> - - <entry>軟碟機</entry> - </row> - </tbody> - </tgroup> - </table> - - <example xml:id="basics-disk-slice-part"> - <title>磁碟、slice 及分割區命名範例</title> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="5*"/> - - <thead> - <row> - <entry>名稱</entry> - - <entry>意義</entry> - </row> - </thead> - - <tbody> - <row> - <entry><literal>ad0s1a</literal></entry> - - <entry>第一個 IDE 硬碟 (<literal>ad0</literal>) 上第一個 slice - (<literal>s1</literal>)的第一個分割區(<literal>a</literal>) - 。</entry> - </row> - - <row> - <entry><literal>da1s2e</literal></entry> - <entry>第二個 SCSI 硬碟 (<literal>da1</literal>) 上第二個 slice - (<literal>s2</literal>) 的第五個分割區 (<literal>e</literal>) - 。</entry> - </row> - </tbody> - </tgroup> - </informaltable> - </example> - - <example xml:id="basics-concept-disk-model"> - <title>磁碟的概念模型</title> - - <para>此圖顯示 FreeBSD 中接到系統的第一個 IDE 磁碟機內部配置圖。 - 假設這個磁碟的容量是 4 GB,並且包含了兩個 2 GB 的 - slice (&ms-dos; 的分割區)。 第一個 slice 是 DOS 的 - <filename>C:</filename> 磁碟機,第二個則安裝了 FreeBSD。 - 本範例的 FreeBSD 有三個分割區以及一個 swap 分割區。</para> - - <para>這三個分割區每個都是一個檔案系統。 - <literal>a</literal> 分割是根 (root) 檔案系統;分割 - <literal>e</literal> 是 <filename>/var</filename>;而 - <literal>f</literal> 分割是 <filename>/usr</filename> - 目錄結構。</para> - - <mediaobject> - <imageobject> - <imagedata fileref="install/disk-layout"/> - </imageobject> - - <textobject> - <literallayout class="monospaced">.-----------------. --. -| | | -| DOS / Windows | | -: : > First slice, ad0s1 -: : | -| | | -:=================: ==: --. -| | | Partition a, mounted as / | -| | > referred to as ad0s2a | -| | | | -:-----------------: ==: | -| | | Partition b, used as swap | -| | > referred to as ad0s2b | -| | | | -:-----------------: ==: | Partition c, no -| | | Partition e, used as /var > file system, all -| | > referred to as ad0s2e | of FreeBSD slice, -| | | | ad0s2c -:-----------------: ==: | -| | | | -: : | Partition f, used as /usr | -: : > referred to as ad0s2f | -: : | | -| | | | -| | --' | -`-----------------' --'</literallayout> - </textobject> - </mediaobject> - </example> - </sect1> - - - - <sect1 xml:id="mount-unmount"> - <title>掛載與卸載檔案系統</title> - - <para>檔案系統就像一顆樹。<filename>/</filename> - 就像是樹根,而 <filename>/dev</filename>,<filename>/usr</filename> - 以及其他在根目錄下的目錄就像是樹枝,而這些樹枝上面又還有分支,像是 - <filename>/usr/local</filename> 等。</para> - - <indexterm><primary>根檔案系統</primary></indexterm> - <para>因為某些原因,我們會將一些目錄分別放在不同的檔案系統上。 - 如 <filename>/var</filename> 包含了可能會滿出來的 - <filename>log/</filename>,<filename>spool/</filename> - 等目錄以及各式各樣的暫存檔。 - 把根檔案系統塞到滿出來顯然不是個好主意,所以我們往往會比較傾向把 - <filename>/var</filename> 從 <filename>/</filename> 中拉出來。</para> - - <para>另一個常見到把某些目錄放在不同檔案系統上的理由是: - 這些檔案在不同的實體或虛擬磁碟機上。 - 像是<link linkend="network-nfs">網路檔案系統</link> - (Network File System) 或是光碟機。</para> - - <sect2 xml:id="disks-fstab"> - <title> <filename>fstab</filename> 檔</title> - <indexterm> - <primary>檔案系統 file systems</primary> - <secondary>由fstab掛載 mounted with fstab</secondary> - </indexterm> - - <para>在 <filename>/etc/fstab</filename> - 裡面有設定的檔案系統會在<link linkend="boot">開機</link> - 的過程中自動地被掛載 - (除非該檔案系統有被加上 <option>noauto</option> 參數)。</para> - - <para><filename>/etc/fstab</filename> 檔案內容的格式如下:</para> - - <programlisting><replaceable>device</replaceable> <replaceable>/mount-point</replaceable> <replaceable>fstype</replaceable> <replaceable>options</replaceable> <replaceable>dumpfreq</replaceable> <replaceable>passno</replaceable></programlisting> - - <variablelist> - <varlistentry> - <term><literal>device</literal></term> - <listitem> - <para>裝置名稱 (該裝置必須真的存在)。 詳情請參閱 - <xref linkend="disks-naming"/>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>mount-point</literal></term> - - <listitem><para>檔案系統要掛載到的目錄 (該目錄必須真的存在)。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>fstype</literal></term> - - <listitem> - <para>檔案系統類型,這是要傳給 &man.mount.8; 的參數。 - FreeBSD 預設的檔案系統是 <literal>ufs</literal>。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>options</literal></term> - - <listitem> - <para>可讀可寫的檔案系統用 - <option>rw</option>,而唯讀的檔案系統則是用 - <option>ro</option>,後面視需要還可以加其他選項。 - 常見的選項如 <option>noauto</option> - 是用在不要於開機過程中自動的掛載的檔案系統。 - 其他選項可參閱 &man.mount.8; 說明。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>dumpfreq</literal></term> - - <listitem> - <para>&man.dump.8; 由此項目決定那些檔案系統需要傾印。 - 如果這格空白則以零為預設值。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>passno</literal></term> - - <listitem> - <para>這個項目決定檔案系統檢查的順序。 - 對於要跳過檢查的檔案系統,它們的 <literal>passno</literal> - 值要設為零。 根檔案系統的 <literal>passno</literal> 值應設為一 - (因為需要比所有其他的還要先檢查),而其他的檔案系統的 - <literal>passno</literal> 值應該要設得比一大。 - 若有多個檔案系統具有相同的 <literal>passno</literal> 值,則 - &man.fsck.8; 會試著平行地(如果可能的話)檢查這些檔案系統。</para> - </listitem> - </varlistentry> - </variablelist> - - <para>更多關於 <filename>/etc/fstab</filename> - 檔案格式及選項的資訊請參閱 &man.fstab.5; 說明文件。</para> - </sect2> - - <sect2 xml:id="disks-mount"> - <title><command>mount</command> 指令</title> - <indexterm> - <primary>檔案系統 file systems</primary> - <secondary>掛載 mounting</secondary> - </indexterm> - - <para>&man.mount.8; 指令是拿來掛載檔案系統用的。</para> - - <para>基本的操作指令格式如下:</para> - - <informalexample> - <screen>&prompt.root; <userinput>mount device mountpoint</userinput></screen> - </informalexample> - - <para>在 &man.mount.8; - 裡面有提到一大堆的選項,不過最常用的就是這些:</para> - - <variablelist> - <title>掛載選項</title> - - <varlistentry> - <term><option>-a</option></term> - - <listitem> - <para>把 <filename>/etc/fstab</filename> - 裡面所有還沒有被掛載、沒有被標記成 <quote>noauto</quote> - 而且沒有用 <option>-t</option> 排除的檔案系統掛載起來。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-d</option></term> - - <listitem> - <para>執行所有的動作,但是不真的去呼叫掛載的 system call。 - 這個選項和 <option>-v</option> 搭配拿來推測 &man.mount.8; - 將要做什麼動作時很好用。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-f</option></term> - - <listitem> - <para>強迫掛載不乾淨的檔案系統 (危險),或是用來強制取消寫入權限 - (把檔案系統的掛載狀態從可存取變成唯讀)。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-r</option></term> - - <listitem> - <para>用唯讀的方式掛載檔案系統。 這個選項和在 <option>-o</option> - 選項中指定 <option>ro</option> (在 &os; 5.2之前的版本是用 - <option>rdonly</option>) 參數是一樣的。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-t</option> - <replaceable>fstype</replaceable></term> - - <listitem> - <para>用指定的檔案系統型態 (fstype) - 來掛載指定的檔案系統,或是在有 <option>-a</option> - 選項時只掛載指定型態的檔案系統。</para> - - <para>預設的檔案系統是 <quote>ufs</quote>。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-u</option></term> - - <listitem> - <para>更新檔案系統的掛載選項。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-v</option></term> - - <listitem> - <para>顯示較詳細資訊。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-w</option></term> - - <listitem> - <para>以可存取的模式掛載檔案系統。</para> - </listitem> - </varlistentry> - </variablelist> - - <para><option>-o</option> 選項後面會接著以逗號分隔的參數,例如:</para> - <variablelist> - <varlistentry> - <term>noexec</term> - - <listitem> - <para>不允許在這個檔案系統上執行二進位程式碼, - 這也是一個蠻有用的安全選項。</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>nosuid</term> - - <listitem> - <para>不解析檔案系統上的 setuid 或 setgid 旗標, - 這也是一個蠻有用的安全選項。</para> - </listitem> - </varlistentry> - </variablelist> - </sect2> - - <sect2 xml:id="disks-umount"> - <title><command>umount</command> 指令</title> - <indexterm> - <primary>檔案系統 file systems</primary> - <secondary>卸載 unmounting</secondary> - </indexterm> - - <para>&man.umount.8; 指令的參數可以是掛載點 - (mountpoint),裝置名稱,以及 <option>-a</option> 或是 - <option>-A</option> 等選項。</para> - - <para>加上 <option>-f</option> 可以強制卸載,加上 <option>-v</option> - 則是會顯示詳細資訊。 要注意的是一般來說用 <option>-f</option> - 並不是個好主意,強制卸載檔案系統有可能會造成電腦當機, - 或者損壞檔案系統內的資料。</para> - - <para><option>-a</option> 和 <option>-A</option> - 是用來卸載所有已掛載的檔案系統,另外還可以用 <option>-t</option> - 來指定要卸載的是哪些種類的檔案系統。 要注意的是 <option>-A</option> - 並不會試圖卸載根檔案系統。</para> - - </sect2> - </sect1> - - <sect1 xml:id="basics-processes"> - <title>程序</title> - - <para>FreeBSD 是一個多工的作業系統,也就是說在同一時間內可以跑超過一個程式。 - 每一個正在花時間跑的程式就叫做 <firstterm>程序 (process)</firstterm>。 - 您下的每個指令都至少會開啟一個新的程序, - 而有些系統程序是一直在跑以維持系統正常運作的。</para> - - <para>每一個程序都有一個不重覆的數字叫做 <firstterm>process ID - </firstterm>,或稱為 <firstterm>PID - </firstterm>,而且就像檔案一樣,每一個程序也有擁有者及群組。 - 擁有者及群組的資訊是用來決定什麼檔案或裝置是這個程序可以開啟的 - (前面有提到過檔案權限)。 大部份的程序都有父程序。 - 父程序是開啟這個程序的程序,例如:您對 shell 輸入指令,shell - 本身就是一個程序,而您執行的指令也是程序。 - 每一個您用這種方式跑的程序的父程序都是 shell。 - 有一個特別的程序叫做 &man.init.8; 是個例外。<command>init</command> - 永遠是第一個程序,所以他的 PID 一直都會是 1。 在 FreeBSD 開機的時候 - <command>init</command> 會自動地被 kernel 開啟。</para> - - <para>要看系統執行中的程序,有兩個相當有用的指令可用: - &man.ps.1; 以及 &man.top.1;。<command>ps</command> - 指令是用來列出正在執行之程序,而且可以秀它們的 - PID、用了多少記憶體、執行的指令名稱及其後之參數是什麼等等。 - <command>top</command> 指令則是顯示所有正在執行的程序, - 並且數秒鐘更新一次。因此您可以互動式的觀看您的電腦正在做什麼。</para> - - <para>在預設的情況下,<command>ps</command> - 指令只會顯示您所擁有的的程序。 例如:</para> - - <screen>&prompt.user; <userinput>ps</userinput> - PID TT STAT TIME COMMAND - 298 p0 Ss 0:01.10 tcsh - 7078 p0 S 2:40.88 xemacs mdoc.xsl (xemacs-21.1.14) -37393 p0 I 0:03.11 xemacs freebsd.dsl (xemacs-21.1.14) -48630 p0 S 2:50.89 /usr/local/lib/netscape-linux/navigator-linux-4.77.bi -48730 p0 IW 0:00.00 (dns helper) (navigator-linux-) -72210 p0 R+ 0:00.00 ps - 390 p1 Is 0:01.14 tcsh - 7059 p2 Is+ 1:36.18 /usr/local/bin/mutt -y - 6688 p3 IWs 0:00.00 tcsh -10735 p4 IWs 0:00.00 tcsh -20256 p5 IWs 0:00.00 tcsh - 262 v0 IWs 0:00.00 -tcsh (tcsh) - 270 v0 IW+ 0:00.00 /bin/sh /usr/X11R6/bin/startx -- -bpp 16 - 280 v0 IW+ 0:00.00 xinit /home/nik/.xinitrc -- -bpp 16 - 284 v0 IW 0:00.00 /bin/sh /home/nik/.xinitrc - 285 v0 S 0:38.45 /usr/X11R6/bin/sawfish</screen> - - <para>在這個範例裡可以看到 &man.ps.1; 的輸出分成好幾個欄位。 - <literal>PID</literal> 就是前面有提到的 process ID。 PID 的分配是從 - 1 開始一直到 99999,如果用完的話又會繞回來重頭開始分配 - (若該 PID 已經在用了,則 PID 不會重新分配)。 - <literal>TT</literal> 欄位是指這個程式在哪個 tty - 上執行,在這裡可以先忽略不管。<literal>STAT</literal> - 是程式的狀態,也可以先不要管。<literal>TIME</literal> 是這個程式在 - CPU 上執行的時間—這通常不是程式總共花的時間, - 因為當您開始執行程式後,大部份的程式在 CPU 上執行前會先花上不少時間等待 - 。 最後,<literal>COMMAND</literal> 是執行這個程式的命令列。</para> - - <para>&man.ps.1; - 有幾個不同的選項組合可以用來變更顯示出來的資訊,其中一個最有用的組合是 - <literal>auxww</literal>。 - <option>a</option> 可以顯示所有正在跑的程序的指令,不只是您自已的。 - <option>u</option> 則是顯示程序的擁有者名稱以及記憶體使用情況。 - <option>x</option> 可以把 daemon 程序顯示出來, - 而 <option>ww</option> 可讓 &man.ps.1; 顯示出每個程序完整的內容, - 而不致因過長而被螢幕截掉了。</para> - - <para>&man.top.1; 也有類似的輸出。 一般的情況看像是這樣:</para> - - <screen>&prompt.user; <userinput>top</userinput> -last pid: 72257; load averages: 0.13, 0.09, 0.03 up 0+13:38:33 22:39:10 -47 processes: 1 running, 46 sleeping -CPU states: 12.6% user, 0.0% nice, 7.8% system, 0.0% interrupt, 79.7% idle -Mem: 36M Active, 5256K Inact, 13M Wired, 6312K Cache, 15M Buf, 408K Free -Swap: 256M Total, 38M Used, 217M Free, 15% Inuse - - PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND -72257 nik 28 0 1960K 1044K RUN 0:00 14.86% 1.42% top - 7078 nik 2 0 15280K 10960K select 2:54 0.88% 0.88% xemacs-21.1.14 - 281 nik 2 0 18636K 7112K select 5:36 0.73% 0.73% XF86_SVGA - 296 nik 2 0 3240K 1644K select 0:12 0.05% 0.05% xterm -48630 nik 2 0 29816K 9148K select 3:18 0.00% 0.00% navigator-linu - 175 root 2 0 924K 252K select 1:41 0.00% 0.00% syslogd - 7059 nik 2 0 7260K 4644K poll 1:38 0.00% 0.00% mutt -...</screen> - - <para>輸出的資訊分成兩個部份。開頭 (前五行) 秀出最近一個程序的 - PID、系統平均負載 (系統有多忙錄的測試)、系統的開機時間 - (從上次重開算起) 以及現在的時間等。 - 在開頭裡面的其他數字分別是在講有多少程序正在執行 - (在本例中為47)、有多少記憶體及 swap space - 被占用了,還有就是系統分別花了多少時間在不同的 CPU 狀態上。</para> - - <para>接下來的部份是由好幾個欄位所構成,和 &man.ps.1; 輸出的資訊類似。 - 就如同前例,您可以看到 PID、使用者名稱、CPU - 花費的時間以及正在執行的指令。 &man.top.1; - 在預設的情況下還會告訴您程序用掉了多少的記憶體空間。 - 在這邊會分成兩欄,一個是總用量 (total size),另一個是實際用量 - (resident size)—總用量是指這個應用程式需要的記憶體空間, - 而實際用量則是指實際上該程式的記憶體使用量。 - 在這個例子裡面您可以看到 <application>&netscape;</application> - 要了幾乎到 30 MB 的 RAM,但是只有用到 9 MB。</para> - - <para>&man.top.1; 每隔 2 秒鐘會自動更新顯示內容,可用 <option>s</option> - 選項來改變間隔的時間。</para> - - </sect1> - - <sect1 xml:id="basics-daemons"> - <title>Daemon、信號及終止程序</title> - - <para>當在執行文書編輯器時,您可以很容易地使用它,叫它讀取檔案或是什麼的。 - 可以這樣做是因為編輯器有提供這些功能, - 還有就是編輯器依附在一個<firstterm>終端機 (Terminal) </firstterm>之上。 - 有些程式並不是設計成一直在接收使用者的輸入的, - 所以它們在一開始執行的時候就從終端機斷開了。 例如說, - 網頁伺服器整天都在回應網頁方面的要求,它通常不需要您輸入任何東西。 - 另外,像是把信從一個站傳送到另一個站的程式,也是這種類型的應用程式。 - </para> - - <para>我們把這種程式稱作 <firstterm>daemon</firstterm>。 - Daemon (惡魔、守護神) - 是希臘神話中的角色:祂們不屬於善良陣營或邪惡陣營,是守護的小精靈。 - 大致上來說祂們就是在替人類做一些有用的事情, - 跟今天的網頁伺服器或是郵件伺服器很像。 這也就是為何 BSD - 的吉祥物,長期以來都是一隻穿著帆布鞋拿著三叉耙的快樂小惡魔的原因。</para> - - <para>通常來說 deamon 程式的名字後面都會加一個字母 <quote>d</quote>。 - <application>BIND</application> 是 Berkeley Internet Name Domain - 的縮寫 (但實際上執行的程式名稱是 <command>named</command>)、Apache - 網頁伺服器的程式名稱是 <command>httpd</command>、印表機服務程式是 - <command>lpd</command>,依此類推。 - 這是習慣用法,並沒有硬性規定,例如 <application>Sendmail</application> - 主要的寄信 daemon 是叫做 <command>sendmail</command> 而不是 - <command>maild</command>,跟您想像的不一樣。</para> - - <para>有些時候會需要跟某個 daemon 程序溝通, - 這些溝通是透過所謂的<firstterm>信號(signal)</firstterm>來傳遞給該 daemon - 程序(或是其他執行中的程序)。 - 藉由送出信號,您可以和一個 daemon (或是任何一個正在跑的程序) 溝通。 - 信號有很多種—有些有特定的意義,有些則是會由應用程式來解讀。 - 應用程式的說明文件會告訴您該程式是如何解讀信號的。 - 您只能送信號給您擁有的程序,送 &man.kill.1; 或 &man.kill.2; - 的信號給別人的程序是不被允許的。 不過 <systemitem class="username"> root </systemitem> - 不受此限制,他可以送信號給任何人的程序。</para> - - <para>FreeBSD 本身在某些情況也會送信號給應用程式。 - 假設有個應用程式寫得很爛,然後企圖要存取它不該碰的記憶體的時候,FreeBSD - 會送一個 <firstterm>Segmentation Violation</firstterm> 信號 - (<literal>SIGSEGV</literal>) 給這個程序。 - 又如果有一個應用程式用了 &man.alarm.3; 的 system call - 要求系統在過一段時間之後叫他一下,時間到了的時候鬧鐘的信號 - (<literal>SIGALRM</literal>) 就會被送出了,其他的依此類推。</para> - - <para><literal>SIGTERM</literal> and <literal>SIGKILL</literal> - 這兩個信號可以拿來終止程序。 用 <literal>SIGTERM</literal> - 結束程序是比較有禮貌的方式,該程序會<emphasis>捕捉 (catch) </emphasis> - 這個信號而了解到您想要把他關掉。 接著下來它會把它自已開的記錄檔通通關掉, - 然後在關掉程序之前結束掉手邊的工作。 在某些情況下程序有可能會裝作沒看見 - <literal>SIGTERM</literal>,假如它正在做一些不能中斷的工作的話。</para> - - <para><literal>SIGKILL</literal> 就沒有辦法被程序忽略了。 - 這是一個<quote>我管你正在幹嘛,現在就給我停下來</quote>的信號。 - 如果您送了 <literal>SIGKILL</literal> 信號給某個程序,FreeBSD - 將會把它停掉<footnote> - <para>不完全正確—還是有少數東西不能被中斷。 - 例如有個程序正在從網路上的別的電腦讀一個檔案, - 而那部電腦因為某些理由連不到 (機器被關掉,或是網路爛掉了), - 那這個程序我們就說他是一個<quote>不能中斷的</quote>程序。 - 通常在經過兩分鐘左右之後這個程序會逾時。 - 當發生逾時的時候這個程序就會被結束掉了。</para> - </footnote>。</para> - - <para>這些是其他您有可能會要用到的信號: - <literal>SIGHUP</literal>,<literal>SIGUSR1</literal>,以及 - <literal>SIGUSR2</literal>。 - 這些是通用的信號,當送出時不同的應用程式會有不同的反應。</para> - - <para>假設您更動了您的網頁伺服器的設定檔— - 您想要叫網頁伺服器去重新讀取設定值。 您可以關閉後再重新啟動 - <command>httpd</command>,但是這麼做會造成網頁伺服器暫停服務一段時間, - 這樣子可能不太好。 - 大部份的 daemon 都寫成會去回應 <literal>SIGHUP</literal>。 - 當收到這個信號之後,它們會去重新讀取自已的設定檔。 - 因此您可以用送 <literal>SIGHUP</literal> 信號來取代關掉重開。 - 又因為沒有標準在規範如何回應這些信號,不同的 daemon - 可能會有不同的行為,所以有疑問的話請先確認並翻閱 deamon - 的說明文件。</para> - - <para>信號是由 &man.kill.1; 指令送出的,如範例所示:</para> - - <procedure> - <title>送信號給程序</title> - - <para>這個範例將會示範如何送一個信號給 &man.inetd.8;。 - <command>inetd</command> 的設定檔是 - <filename>/etc/inetd.conf</filename>,而 <command>inetd</command> - 會在收到 <literal>SIGHUP</literal> 的時候重新讀取這個設定檔。</para> - - <step> - <para>找出您想要送信號的那個程序的 ID。 您會用到 &man.ps.1; 以及 - &man.grep.1; 這兩個指令。 &man.grep.1; 是用來在輸出中搜尋, - 找出您指定的字串。 這個指令是由一般使用者執行,而 &man.inetd.8; - 是由 <systemitem class="username">root</systemitem> 執行,所以在使用 &man.ps.1; 時需要加上 - <option>ax</option> 選項。</para> - - <screen>&prompt.user; <userinput>ps -ax | grep inetd</userinput> - 198 ?? IWs 0:00.00 inetd -wW</screen> - - <para>因此可知 &man.inetd.8; 的 PID 為 198。 在某些情況下 - <literal>grep inetd</literal> 這個指令本身也會出現在輸出裡。 - 這是因為 &man.ps.1; 乃是找所有執行中的程序的方式造成的。</para> - </step> - - <step> - <para>用 &man.kill.1; 來送信號。 又因為 &man.inetd.8; 是由 - <systemitem class="username">root</systemitem> 執行的,您必須用 &man.su.1; 切換成 - <systemitem class="username">root</systemitem>先。</para> - - <screen>&prompt.user; <userinput>su</userinput> -<prompt>Password:</prompt> -&prompt.root; <userinput>/bin/kill -s HUP 198</userinput></screen> - - <para>一般情況對大多數 &unix; 指令來講,當 &man.kill.1; - 執行成功時並不會輸出任何訊息。 - 假設您送一個信號給某個不是您所擁有的程序, - 那麼您就會吃到這個錯誤訊息: <errorname>kill: - <replaceable>PID</replaceable>: Operation not permitted</errorname>。 - 而如果您打錯 PID 的話,那就會把信號送給錯誤的程序。 這樣可能會很糟, - 不過如果您夠幸運的話,可能剛好就只是把信號送給一個非使用中的 - PID,那您就只會看到 <errorname>kill: - <replaceable>PID</replaceable>: No such process</errorname> 而已。 - </para> - - <note> - <title>為什麼用 <command>/bin/kill</command>?</title> - - <para>很多 shell 有提供內建的 <command>kill</command> 指令。 - 也就是說這種 shell 會直接送信號,而不是執行 - <filename>/bin/kill</filename>。 - 這樣是蠻方便的沒錯啦,但是不同的 shell - 會有不同的語法來指定信號的名稱等。 - 與其嘗試去把它們通通學會,不如就單純的直接用 <command>/bin/kill - ...</command> 吧。</para> - </note> - </step> - </procedure> - - <para>要送其他的信號的話也是非常類似,就視需要把指令中的 - <literal>TERM</literal> 或 <literal>KILL</literal> - 替換掉即可。</para> - - <important> - <para>隨便抓一個系統中的程序然後把他砍掉並不是個好主意。 - 特別是 &man.init.8;, process ID 1,一個非常特別的程序。 - 執行 <command>/bin/kill -s KILL 1</command> - 的結果就是系統立刻關機。 因此在您按下 <keycap>Return</keycap> - 要執行 &man.kill.1;<emphasis>之前</emphasis>, - 請<emphasis>一定</emphasis>要記得再次確認您下的參數。</para> - </important> - </sect1> - - <sect1 xml:id="shells"> - <title>Shells</title> - <indexterm><primary>shells</primary></indexterm> - <indexterm><primary>命令列 command line</primary></indexterm> - - <para>在 FreeBSD 中,很多日常的工作是在一個叫做 shell - 的文字介面中完成的。 - Shell 的主要工作就是從輸入中收到命令並執行它們。 - 許多 shell 也有內建一些有助於日常工作的指令, - 像是檔案管理、檔案比對、命令列編輯、指令巨集以及環境變數等。 - FreeBSD 有內附了幾個 shell,像是 <command>sh</command>, - Bourne Shell,以及 <command>tcsh</command>,改良版的 C-shell。 - 還有許多其他的 shell 可以從 FreeBSD Ports Collection - 中取得,像是 <command>zsh</command> 以及 <command>bash</command> - 等。</para> - - <para>您用哪個 shell 呢? 其實每個人的喜好都不一樣。 - 如果您是一個 C 程式設計師,那對於使用像是 <command>tcsh</command> - 這種 C-like 的 shell 可能會感到相當愉快。 如果你是從 Linux - 跳過來的,或者您是一個 &unix; 新手,那您也許會想要用 - <command>bash</command> 來當作文字介面。 - 每一個 shell 都有自已獨特之處,至於這些特點能不能配合您的工作環境? - 那就是您選擇 shell 的重點了。</para> - - <para>檔名自動補齊就是常見的 shell 功能。 - 首先輸入指令或檔案的前幾個字母,這時通常您只需要按下 <keycap>Tab</keycap> - 鍵,接下來 shell 就會自動把指令或是檔案名稱剩餘的部份補齊。 - 假設您有兩個檔案分別叫作 <filename>foobar</filename> 及 - <filename>foo.bar</filename>。 現在要刪掉 - <filename>foo.bar</filename>,那麼可以輸入: - <command>rm fo[Tab].[Tab]</command> - </para> - - <para>Shell 會印出這個: <command>rm foo[嗶].bar</command>。</para> - - <para>[嗶] 是 console 的響鈴,這嗶的一聲是 shell - 在告訴我說它沒有辦法完全自動補齊檔名,因為有不只一個檔名符合條件。 - <filename>foobar</filename> 和 <filename>foo.bar</filename> 都是 - <literal>fo</literal> 開頭的檔名,不過它至少可以補齊到 <literal>foo</literal>。 - 如果您接著輸入 <literal>.</literal> 然後再按 <keycap>Tab</keycap> - 一次,那 shell 就能夠替您把剩下的檔名填滿了。</para> - - <indexterm><primary>environment variables</primary></indexterm> - - <para>Shell 的另一項特點是使用了環境變數。 - 環境變數是以變數與鍵值(variable/key)的對應關係儲存於 shell - 的環境空間中,任何由 shell 所產生的程序都可以讀取此空間, - 因此這個空間儲存了許多程序的設定組態。 在此附上 - 一份常見環境變數與其涵義的列表:</para> - <indexterm><primary>environment variables</primary></indexterm> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <thead> - <row> - <entry>變數</entry> - <entry>詳細說明</entry> - </row> - </thead> - - <tbody> - <row> - <entry><envar>USER</envar></entry> - <entry>目前登入的使用者名稱。</entry> - </row> - - <row> - <entry><envar>PATH</envar></entry> - <entry>以冒號(:)隔開的目錄列表,用以搜尋執行檔的路徑。</entry> - </row> - - <row> - <entry><envar>DISPLAY</envar></entry> - <entry>若存在這個環境變數,則代表 X11 連結顯示器的網路名稱。</entry> - </row> - - <row> - <entry><envar>SHELL</envar></entry> - <entry>目前使用的 shell。</entry> - </row> - - <row> - <entry><envar>TERM</envar></entry> - <entry>使用者終端機的名稱,能藉由此變數判斷終端機的能力。</entry> - </row> - - <row> - <entry><envar>TERMCAP</envar></entry> - <entry>Database entry of the terminal escape codes to perform - various terminal functions.</entry> - </row> - - <row> - <entry><envar>OSTYPE</envar></entry> - <entry>作業系統的種類,如:FreeBSD。</entry> - </row> - - <row> - <entry><envar>MACHTYPE</envar></entry> - <entry>目前系統所用的 CPU 架構。</entry> - </row> - - <row> - <entry><envar>EDITOR</envar></entry> - <entry>使用者偏好的文字編輯器。</entry> - </row> - - <row> - <entry><envar>PAGER</envar></entry> - <entry>使用者偏好的文字分頁器(text pager)。</entry> - </row> - - <row> - <entry><envar>MANPATH</envar></entry> - <entry>以冒號(:)隔開的目錄列表,用以搜尋 manual pages 的路徑。</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <indexterm><primary>Bourne shells</primary></indexterm> - <para>在不同的 shell 底下設定環境變數的方式也有所不同。 - 舉例來說,在 C-Style 的 shell 底下,像是 - <command>tcsh</command> 和 <command>csh</command>,你必須使用 - <command>setenv</command> 來設定環境變數。 - 但在 Bourne shells 底下,像是 <command>sh</command> 和 - <command>bash</command>,你則必須使用 - <command>export</command> 來設定你所使用的環境變數。 - 再舉個例子來說,若要設定或是修改 - <envar>EDITOR</envar> 這個環境變數,在 <command>csh</command> 或 - <command>tcsh</command> 下設定 <envar>EDITOR</envar> 這個環境變數為 - <filename>/usr/local/bin/emacs</filename> 的指令是:</para> - - <screen>&prompt.user; <userinput>setenv EDITOR /usr/local/bin/emacs</userinput></screen> - - <para>在 Bourne shells 下則是:</para> - - <screen>&prompt.user; <userinput>export EDITOR="/usr/local/bin/emacs"</userinput></screen> - - <para>大多數的 shell 都支援使用者在命令列中將 - <literal>$</literal> 字元放在變數之前,以取得環境變數的值。 - 舉例來說,<command>echo $TERM</command> 會 - 顯示出 <envar>$TERM</envar> 的設定值,這是因為 shell 取得了 - <envar>$TERM</envar> 的設定值, - 並將其傳給 <command>echo</command> 顯示出來。</para> - - <para>Shell 中有某些特別的字元是來表示特殊的資料,我們將其稱作 - meta-characters。 其中最常見的是 - <literal>*</literal> 字元,他代表了檔名中的任意字元。 - 這些特殊字元可以用在檔名展開(filename globbing)上,舉例來說,輸入 - <command>echo *</command> 會和輸入 - <command>ls</command> 得到幾乎相同的結果,這是因為 shell 會將所有符合 - <literal>*</literal> 字元的檔案傳到命令列上,再由 - <command>echo</command> 顯示出來。</para> - - <para>為了避免 shell 轉譯這些特殊字元,我們可以在這些特殊字元前放一個反斜線 - (<literal>\</literal>) 字元使他們跳脫(escape) shell 的轉譯。舉例來說, - <command>echo $TERM</command> 會印出你目前設定的終端機格式, - <command>echo \$TERM</command> 則會直接印出 <envar>$TERM</envar> - 這幾個字。</para> - - <sect2 xml:id="changing-shells"> - <title>變更你的 Shell</title> - - <para>變更 shell 最簡單的方法就是透過 <command>chsh</command> 命令。 - 執行 <command>chsh</command> 將會呼叫環境變數中 <envar>EDITOR</envar> - 指定的文字編輯器。 如果沒有設定,則預設是 <command>vi</command>。 - 請依照需求去修改 <quote>Shell:</quote> 的值。</para> - - <para>你也可以透過 <command>chsh</command> 的參數 <option>-s</option>, - 這可以直接設定你的 shell 而不需要透過任何文字編輯器。 例如, - 假設想把所用的 shell 改為 <command>bash</command>, - 可以透過下列的方式:</para> - - <screen>&prompt.user; <userinput>chsh -s /usr/local/bin/bash</userinput></screen> - - <note> - <para>你所使用的 shell <emphasis>必須</emphasis> 列於 - <filename>/etc/shells</filename> 裡頭。 如果是由 - <link linkend="ports">Ports Collection</link> 來裝 shell, - 那這個步驟已經完成了。 但若是手動安裝了一個 shell, - 那麼就必須為新安裝的 shell 進行設定。</para> - - <para>舉例來說,若手動安裝了 <command>bash</command> 並將它置於 - <filename>/usr/local/bin</filename> 底下,你還得:</para> - - <screen>&prompt.root; <userinput>echo "/usr/local/bin/bash" >> /etc/shells</userinput></screen> - - <para>然後再重新執行 <command>chsh</command>。</para> - </note> - </sect2> - </sect1> - - <sect1 xml:id="editors"> - <title>文字編輯器</title> - <indexterm><primary>text editors</primary></indexterm> - <indexterm><primary>editors</primary></indexterm> - - <para>在 FreeBSD 中有許多設定必須透過編輯文字檔完成。 - 因此,若能熟悉文字編輯器是再好不過的。 - FreeBSD 本身(指 base system)就附有幾種文字編輯器, - 此外,你也可以透過 Ports Collection 來安裝其他的文字編輯器。</para> - - <indexterm> - <primary><command>ee</command></primary> - </indexterm> - <indexterm> - <primary>editors</primary> - <secondary><command>ee</command></secondary> - </indexterm> - <para>最簡單易學的文字編輯器叫做 <application>ee</application>, - 代表了其全名 easy editor。 要開始使用 <application>ee</application>, - 必須在命令列上輸入 - <command>ee filename</command>, - 這邊的 <replaceable>filename</replaceable> 代表你想要編輯的檔案名稱。 - 舉例來說,要編輯 <filename>/etc/rc.conf</filename>,就要輸入 - <command>ee /etc/rc.conf</command>。 - 而在 <command>ee</command> 的操作介面下, - 所有編輯器的功能與操作都會顯示在螢幕的正上方。 - 其中的插入符號(<literal>^</literal>)代表鍵盤上的 <keycap>Ctrl</keycap> - 鍵,所以 <literal>^e</literal> 就等同於 - <keycombo action="simul"><keycap>Ctrl</keycap><keycap>e</keycap></keycombo> - 。 若要結束 <application>ee</application>,請按下 <keycap>Esc</keycap> - 鍵,接著選擇 leave editor 即可。 - 此時如果該檔案有修改過,編輯器會提醒你是否要存檔。</para> - - <indexterm> - <primary><command>vi</command></primary> - </indexterm> - <indexterm> - <primary>editors</primary> - <secondary><command>vi</command></secondary> - </indexterm> - <indexterm> - <primary><command>emacs</command></primary> - </indexterm> - <indexterm> - <primary>editors</primary> - <secondary><command>emacs</command></secondary> - </indexterm> - - <para>此外,FreeBSD 也內附了幾個好用的文字編輯器,像是 base system 的 - <application>vi</application> 及 FreeBSD Ports Collection 內的其他編輯器, - 比如 <application>Emacs</application> 及 <application>vim</application> - (<package>editors/emacs</package> 及 - <package>editors/vim</package>)。 - 這些文字編輯器提供更強的功能,但是也比較難學習。 - 然而若要從事大量文字編輯工作, - 那麼花點時間來學習這些好用的編輯器, - 會在日後為您省下更多的時間。</para> - </sect1> - - <sect1 xml:id="basics-devices"> - <title>設備及設備節點</title> - - <para>設備(device)主要是指跟硬體比較有關的術語, - 包括磁碟、印表機、顯示卡和鍵盤。 FreeBSD 開機過程當中, - 大多數硬體通常都能偵測到並顯示出來,也可以查閱 - <filename>/var/run/dmesg.boot</filename> 內有開機的相關訊息。</para> - - <para>舉例來說,<filename>acd0</filename>即為第一台 IDE 光碟機的代號, - 而 <filename>kbd0</filename> 則代表鍵盤。</para> - - <para>在 &unix; 作業系統, - 大部分的設備都是透過叫做 device nodes(設備節點)的特殊檔案來作存取, - 而這些檔案都位於 <filename>/dev</filename> 目錄。</para> - - <sect2> - <title>建立設備節點</title> - <para>若要在系統上建立新節點,或者是要編譯某些新硬體的支援軟體, - 那麼就要先新增設備節點。</para> - - <sect3> - <title><literal>DEVFS</literal> (DEVice File System)</title> - - <para>設備檔案系統(或稱為 <literal>DEVFS</literal>) 是指在整體檔案系統 - namespace 提供 kernel 的設備 namespace。 <literal>DEVFS</literal> - 乃是維護這些檔案系統,而不能新增或修改這些設備節點。</para> - - <para>細節請參閱 &man.devfs.5; 說明。</para> - </sect3> - </sect2> - </sect1> - - <sect1 xml:id="basics-more-information"> - <title>更多資訊</title> - - <sect2 xml:id="basics-man"> - <title>Manual 線上說明</title> - <indexterm><primary>manual pages</primary></indexterm> - - <para>在使用 FreeBSD 時,最詳細的使用說明莫過於 man 線上說明。 - 幾乎各程式都會有附上簡短說明,以介紹該程式的基本功能跟相關參數用法。 - 可以透過 <command>man</command> 指令來閱讀這些說明,而 - <command>man</command> 指令的使用相當簡單易懂:</para> - - <screen>&prompt.user; <userinput>man command</userinput></screen> - - <para><literal>command</literal> 處就是想要知道的指令。 舉個例子, - 若要知道 <command>ls</command> 的詳細用法,就可以打:</para> - - <screen>&prompt.user; <userinput>man ls</userinput></screen> - - <para>而各線上說明因為性質不同,而區分為下列的數字章節:</para> - - <orderedlist> - <listitem> - <para>使用者指令。</para> - </listitem> - - <listitem> - <para>系統呼叫(System call) 及錯誤代號。</para> - </listitem> - - <listitem> - <para>C 語言函式庫。</para> - </listitem> - - <listitem> - <para>各設備的驅動程式。</para> - </listitem> - - <listitem> - <para>檔案格式。</para> - </listitem> - - <listitem> - <para>小遊戲程式及其他娛樂程式。</para> - </listitem> - - <listitem> - <para>雜項工具、其他資訊。</para> - </listitem> - - <listitem> - <para>系統維護、操作的指令。</para> - </listitem> - - <listitem> - <para>Kernel 開發用途。</para> - </listitem> - </orderedlist> - - <para>有些情況會有同樣主題但不同章節。 舉個例子,系統內會有 - <command>chmod</command> 指令,但也有 <function>chmod()</function> - 系統呼叫。 在這種情況,<command>man</command> - 應該要指定所要查詢的章節:</para> - - <screen>&prompt.user; <userinput>man 1 chmod</userinput></screen> - - <para>如此一來就會查 <command>chmod</command> 指令部分。 - 通常在寫文件時會把有參考到某特定章節的 man 號碼也一併寫在括號內。 - 所以 &man.chmod.1; 就是指 <command>chmod</command> 指令,而 - &man.chmod.2; 則是指系統呼叫的部分。</para> - - <para>如果您已經知道命令的名稱,只是不知道要怎樣使用的話,那就比較好辦。 - 但若不知道要用哪個指令時,該怎麼辦呢? 這個時候,就可以利用 - <command>man</command> 的搜尋關鍵字功能, - 以在各說明的介紹部分搜尋相關字眼。,它的選項是 <option>-k</option>: - </para> - - <screen>&prompt.user; <userinput>man -k mail</userinput></screen> - - <para>如此一來會看到一堆有 <quote>mail</quote> 關鍵字的說明, - 事實上該功能與 <command>apropos</command> 指令是一樣的。</para> - - <para>而有時你會看到像是 <filename>/usr/bin</filename> - 有許多看起來頗炫的指令,但不知其用途? 只要簡單輸入:</para> - - <screen>&prompt.user; <userinput>cd /usr/bin</userinput> -&prompt.user; <userinput>man -f *</userinput></screen> - - <para>或者是</para> - - <screen>&prompt.user; <userinput>cd /usr/bin</userinput> -&prompt.user; <userinput>whatis *</userinput></screen> - - <para>這兩者的指令效果是一樣的。</para> - </sect2> - - <sect2 xml:id="basics-info"> - <title>GNU Info 檔案</title> - <indexterm><primary>Free Software Foundation</primary></indexterm> - - <para>FreeBSD 有許多程式跟工具來自於自由軟體基金會(FSF)。 除了 man - 線上說明之外,這些程式提供了另外一種更具有彈性的 hypertext 格式文件, - 叫做 <literal>info</literal>。 可以用 <command>info</command> - 指令來閱讀,或者若有裝 <application>emacs</application> 亦可透過 - <application>emacs</application> 的 info 模式閱讀。</para> - - <para>要用 &man.info.1; 指令,只需打:</para> - - <screen>&prompt.user; <userinput>info</userinput></screen> - - <para>按 <literal>h</literal> 會有簡單說明,而若要快速查閱相關操作方式, - 則請按 <literal>?</literal>。</para> - </sect2> - </sect1> -</chapter> diff --git a/zh_TW.UTF-8/books/handbook/basics/disk-layout.kil b/zh_TW.UTF-8/books/handbook/basics/disk-layout.kil Binary files differdeleted file mode 100644 index 85820c2878..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/disk-layout.kil +++ /dev/null diff --git a/zh_TW.UTF-8/books/handbook/basics/example-dir1.dot b/zh_TW.UTF-8/books/handbook/basics/example-dir1.dot deleted file mode 100644 index f259e8377d..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/example-dir1.dot +++ /dev/null @@ -1,7 +0,0 @@ -// $FreeBSD$ - -digraph directory { - root [label="Root\n/"]; - root -> "A1/"; - root -> "A2/"; -} diff --git a/zh_TW.UTF-8/books/handbook/basics/example-dir2.dot b/zh_TW.UTF-8/books/handbook/basics/example-dir2.dot deleted file mode 100644 index b846c82399..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/example-dir2.dot +++ /dev/null @@ -1,8 +0,0 @@ -// $FreeBSD$ - -digraph directory { - root [label="Root\n/"]; - root -> "A1/" -> "B1/"; - "A1/" -> "B2/"; - root -> "A2/"; -} diff --git a/zh_TW.UTF-8/books/handbook/basics/example-dir3.dot b/zh_TW.UTF-8/books/handbook/basics/example-dir3.dot deleted file mode 100644 index 178a3a91bb..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/example-dir3.dot +++ /dev/null @@ -1,8 +0,0 @@ -// $FreeBSD$ - -digraph directory { - root [label="Root\n/"]; - root -> "A1/"; - root -> "A2/" -> "B1/"; - "A2/" -> "B2/"; -} diff --git a/zh_TW.UTF-8/books/handbook/basics/example-dir4.dot b/zh_TW.UTF-8/books/handbook/basics/example-dir4.dot deleted file mode 100644 index 82d12b421a..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/example-dir4.dot +++ /dev/null @@ -1,9 +0,0 @@ -// $FreeBSD$ - -digraph directory { - root [label="Root\n/"]; - root -> "A1/"; - root -> "A2/" -> "B1/" -> "C1/"; - "B1/" -> "C2/"; - "A2/" -> "B2/"; -} diff --git a/zh_TW.UTF-8/books/handbook/basics/example-dir5.dot b/zh_TW.UTF-8/books/handbook/basics/example-dir5.dot deleted file mode 100644 index f5aa6e01dc..0000000000 --- a/zh_TW.UTF-8/books/handbook/basics/example-dir5.dot +++ /dev/null @@ -1,9 +0,0 @@ -// $FreeBSD$ - -digraph directory { - root [label="Root\n/"]; - root -> "A1/" -> "C1/"; - "A1/" -> "C2/"; - root -> "A2/" -> "B1/"; - "A2/" -> "B2/"; -} diff --git a/zh_TW.UTF-8/books/handbook/bibliography/Makefile b/zh_TW.UTF-8/books/handbook/bibliography/Makefile deleted file mode 100644 index e1ac7fd2e2..0000000000 --- a/zh_TW.UTF-8/books/handbook/bibliography/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# -# Build the Handbook with just the content from this chapter. -# -# $FreeBSD$ -# Original revision: 1.1 -# - -CHAPTERS= bibliography/chapter.xml - -VPATH= .. - -MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX} - -DOC_PREFIX?= ${.CURDIR}/../../../.. - -.include "../Makefile" diff --git a/zh_TW.UTF-8/books/handbook/bibliography/chapter.xml b/zh_TW.UTF-8/books/handbook/bibliography/chapter.xml deleted file mode 100644 index 2cbfa7068a..0000000000 --- a/zh_TW.UTF-8/books/handbook/bibliography/chapter.xml +++ /dev/null @@ -1,630 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - The FreeBSD Documentation Project - - $FreeBSD$ - Original revision: 1.85 ---> -<appendix xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="bibliography"> - <title>參考文獻</title> - - <para>雖然線上說明(manual pages)有提供 &os; 各個特定部分明確的說明, - 但它們卻難免有「小學而大遺」之憾,像是如何讓整個系統運作順暢。 因此, - 身邊有 &unix; 系統管理的好書以及好的使用手冊是不可或缺的。</para> - - <sect1 xml:id="bibliography-freebsd"> - <title>FreeBSD 相關的書籍、雜誌</title> - - <para><emphasis>非英語的書籍、雜誌:</emphasis></para> - - <itemizedlist> - <listitem> - <para><link xlink:href="http://jdli.tw.FreeBSD.org/publication/book/freebsd2/index.htm">FreeBSD 入門與應用(光碟豪華版)</link> (繁體中文), - <link xlink:href="http://www.drmaster.com.tw/">博碩文化</link> - ,1997。 ISBN 9-578-39435-7</para> - </listitem> - - <listitem> - <para>FreeBSD 技術內幕 (FreeBSD Unleashed 簡體中譯版), - <link xlink:href="http://www.hzbook.com/">機械工業出版社</link> - 。 ISBN 7-111-10201-0 - </para> - </listitem> - - <listitem> - <para>FreeBSD 使用大全第一版 (簡體中文), - 機械工業出版社。 ISBN 7-111-07482-3 - </para> - </listitem> - - <listitem> - <para>FreeBSD 使用大全第二版 (簡體中文), - 機械工業出版社。 ISBN 7-111-10286-X - </para> - </listitem> - - <listitem> - <para>FreeBSD Handbook 第二版 (簡體中譯版), - <link xlink:href="http://www.ptpress.com.cn/">人民郵電出版社</link> - 。 ISBN 7-115-10541-3 - </para> - </listitem> - - <listitem> - <para>FreeBSD 3.x Internet 高級服務器的架設與管理 (簡體中文), - <link xlink:href="http://www.tup.tsinghua.edu.cn/">清華大學出版社</link> - 。 ISBN 7-900625-66-6</para> - </listitem> - - <listitem> - <para>FreeBSD & Windows 集成組網實務 (簡體中文), - <link xlink:href="http://www.tdpress.com/">中國鐵道出版社</link> - 。 ISBN 7-113-03845-X</para> - </listitem> - - <listitem> - <para>FreeBSD 網站架設實務 (簡體中文),中國鐵道出版社 - 。 ISBN 7-113-03423-3</para> - </listitem> - - <listitem> - <para>FreeBSD for PC 98'ers (日文),SHUWA SystemCo, LTD - 。 ISBN 4-87966-468-5 C3055 定價 2900 日圓。</para> - </listitem> - - <listitem> - <para>FreeBSD (日文),CUTT。 ISBN 4-906391-22-2 - C3055 定價 2400 日圓。</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.shoeisha.com/book/Detail.asp?bid=650">Complete Introduction to FreeBSD</link> (日文),<link xlink:href="http://www.shoeisha.co.jp/">Shoeisha Co., Ltd</link>。 ISBN 4-88135-473-6 定價 3600 日圓。</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.ascii.co.jp/pb/book1/shinkan/detail/1322785.html">Personal UNIX Starter Kit FreeBSD</link> (日文), <link xlink:href="http://www.ascii.co.jp/">ASCII</link>。 ISBN 4-7561-1733-3 定價 3000 日圓。</para> - </listitem> - - <listitem> - <para>FreeBSD Handbook (日文譯版), <link xlink:href="http://www.ascii.co.jp/">ASCII</link>。 ISBN 4-7561-1580-2 - 定價 3800 日圓。</para> - </listitem> - - <listitem> - <para>FreeBSD mit Methode (德文),<link xlink:href="http://www.cul.de">Computer und - Literatur Verlag</link>/Vertrieb Hanser,1998。 ISBN 3-932311-31-0</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.cul.de/freebsd.html">FreeBSD 4 - Installieren, Konfigurieren, Administrieren</link> - (德文),<link xlink:href="http://www.cul.de">Computer und Literatur Verlag</link>,2001。 - ISBN 3-932311-88-4</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.cul.de/freebsd.html">FreeBSD 5 - Installieren, Konfigurieren, Administrieren</link> - (德文),<link xlink:href="http://www.cul.de">Computer und Literatur Verlag</link>,2003。 - ISBN 3-936546-06-1</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.mitp.de/vmi/mitp/detail/pWert/1343/"> - FreeBSD de Luxe</link> (德文), - <link xlink:href="http://www.mitp.de">Verlag Modere Industrie</link>, - 2003。 ISBN 3-8266-1343-0</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.pc.mycom.co.jp/FreeBSD/install-manual.html">FreeBSD - Install and Utilization Manual</link> (日文),<link xlink:href="http://www.pc.mycom.co.jp/">Mainichi Communications Inc.</link> - ,1998。 ISBN 4-8399-0112-0</para> - </listitem> - - <listitem> - <para>Onno W Purbo, Dodi Maryanto, Syahrial Hubbany, Widjil Widodo - <emphasis><link xlink:href="http://maxwell.itb.ac.id/"> - Building Internet Server with - FreeBSD</link></emphasis> (印尼文),<link xlink:href="http://www.elexmedia.co.id/">Elex Media Komputindo</link>。</para> - </listitem> - - <listitem> - <para>FreeBSD 完全探索 (Absolute BSD: The Ultimate Guide to FreeBSD - 繁體中文譯版),<link xlink:href="http://www.grandtech.com.tw/">上奇</link>,2003。 - ISBN 986-7944-92-5</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.twbsd.org/cht/book/">FreeBSD 6.0架設管理與應用</link> - (繁體中文),博碩,2006。ISBN 9-575-27878-X</para> - </listitem> - - </itemizedlist> - - <para><emphasis>英文的書籍、雜誌:</emphasis></para> - - <itemizedlist> - <listitem> - <para><link xlink:href="http://www.AbsoluteBSD.com/">Absolute - BSD: The Ultimate Guide to FreeBSD</link>, - <link xlink:href="http://www.nostarch.com/">No Starch Press</link>,2002。 - ISBN: 1886411743</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.freebsdmall.com/cgi-bin/fm/bsdcomp"> - The Complete FreeBSD</link>, - <link xlink:href="http://www.oreilly.com/">O'Reilly</link>,2003。 - ISBN: 0596005164</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.freebsd-corp-net-guide.com/">The - FreeBSD Corporate Networker's Guide</link>, - <link xlink:href="http://www.awl.com/aw/">Addison-Wesley</link>,2000。 - ISBN: 0201704811</para> - </listitem> - - <listitem> - <para><link xlink:href="http://andrsn.stanford.edu/FreeBSD/introbook/"> - FreeBSD: An Open-Source Operating System for Your Personal - Computer</link>,The Bit Tree Press,2001。 - ISBN: 0971204500</para> - </listitem> - - <listitem> - <para>Teach Yourself FreeBSD in 24 Hours, - <link xlink:href="http://www.samspublishing.com/">Sams</link>,2002。 - ISBN: 0672324245</para> - </listitem> - - <listitem> - <para>FreeBSD 6 Unleashed, - <link xlink:href="http://www.samspublishing.com/">Sams</link>,2006。 - ISBN: 0672328755</para> - </listitem> - - <listitem> - <para>FreeBSD: The Complete Reference, - <link xlink:href="http://books.mcgraw-hill.com">McGrawHill</link>,2003。 - ISBN: 0072224096 </para> - </listitem> - - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-userguides"> - <title>使用說明手冊</title> - - <itemizedlist> - <listitem> - <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD - User's Reference Manual</emphasis>. O'Reilly & Associates, - Inc., 1994. ISBN 1-56592-075-9</para> - </listitem> - - <listitem> - <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD - User's Supplementary Documents</emphasis>. O'Reilly & - Associates, Inc., 1994. ISBN 1-56592-076-7</para> - </listitem> - - <listitem> - <para><emphasis>UNIX in a Nutshell</emphasis>. O'Reilly & - Associates, Inc., 1990. ISBN 093717520X</para> - </listitem> - - <listitem> - <para>Mui, Linda. <emphasis>What You Need To Know When You Can't Find - Your UNIX System Administrator</emphasis>. O'Reilly & - Associates, Inc., 1995. ISBN 1-56592-104-6</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.osu.edu/">Ohio State University</link> - 有撰寫 <link xlink:href="http://8help.osu.edu/wks/unix_course/index.html">UNIX - 介紹的課程</link>,並提供 HTML 或 PostScript 兩種格式供人瀏覽。 - </para> - - <para>UNIX 介紹的<link xlink:href="&url.doc.base;/it_IT.ISO8859-15/books/unix-introduction/index.html">義大利文翻譯版</link> - ,同時本文件也是 FreeBSD Italian Documentation Project 之一。</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.jp.FreeBSD.org/">Jpman Project, Japan - FreeBSD Users Group</link>. <link xlink:href="http://www.pc.mycom.co.jp/FreeBSD/urm.html">FreeBSD User's - Reference Manual</link> (日文翻譯)。 <link xlink:href="http://www.pc.mycom.co.jp/">Mainichi Communications - Inc.</link>, 1998. ISBN4-8399-0088-4 P3800E.</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.ed.ac.uk/">Edinburgh - University</link> 為 UNIX 新手所撰寫的 <link xlink:href="http://unixhelp.ed.ac.uk/">Online Guide</link> 指引說明。</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-adminguides"> - <title>系統管理指南</title> - - <itemizedlist> - <listitem> - <para>Albitz, Paul and Liu, Cricket. <emphasis>DNS and - BIND</emphasis>, 4th Ed. O'Reilly & Associates, Inc., 2001. - ISBN 1-59600-158-4</para> - </listitem> - - <listitem> - <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD - System Manager's Manual</emphasis>. O'Reilly & Associates, - Inc., 1994. ISBN 1-56592-080-5</para> - </listitem> - - <listitem> - <para>Costales, Brian, et al. <emphasis>Sendmail</emphasis>, 2nd Ed. - O'Reilly & Associates, Inc., 1997. ISBN 1-56592-222-0</para> - </listitem> - - <listitem> - <para>Frisch, Æleen. <emphasis>Essential System - Administration</emphasis>, 2nd Ed. O'Reilly & Associates, - Inc., 1995. ISBN 1-56592-127-5</para> - </listitem> - - <listitem> - <para>Hunt, Craig. <emphasis>TCP/IP Network - Administration</emphasis>, 2nd Ed. O'Reilly & Associates, Inc., - 1997. ISBN 1-56592-322-7</para> - </listitem> - - <listitem> - <para>Nemeth, Evi. <emphasis>UNIX System Administration - Handbook</emphasis>. 3rd Ed. Prentice Hall, 2000. ISBN - 0-13-020601-6</para> - </listitem> - - <listitem> - <para>Stern, Hal <emphasis>Managing NFS and NIS</emphasis> O'Reilly - & Associates, Inc., 1991. ISBN 0-937175-75-7</para> - </listitem> - - <listitem> - <para><link xlink:href="http://www.jp.FreeBSD.org/">Jpman Project, Japan - FreeBSD Users Group</link>. <link xlink:href="http://www.pc.mycom.co.jp/FreeBSD/sam.html">FreeBSD System - Administrator's Manual</link> (日文翻譯)。 <link xlink:href="http://www.pc.mycom.co.jp/">Mainichi Communications - Inc.</link>, 1998. ISBN4-8399-0109-0 P3300E.</para> - </listitem> - - <listitem> - <para>Dreyfus, Emmanuel. <link xlink:href="http://www.eyrolles.com/Informatique/Livre/9782212114638/">Cahiers - de l'Admin: BSD</link> 2nd Ed. (法文), Eyrolles, 2004. - ISBN 2-212-11463-X</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-programmers"> - <title>程式設計師指南</title> - - <itemizedlist> - <listitem> - <para>Asente, Paul, Converse, Diana, and Swick, Ralph. - <emphasis>X Window System Toolkit</emphasis>. Digital Press, - 1998. ISBN 1-55558-178-1</para> - </listitem> - - <listitem> - <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD - Programmer's Reference Manual</emphasis>. O'Reilly & - Associates, Inc., 1994. ISBN 1-56592-078-3</para> - </listitem> - - <listitem> - <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD - Programmer's Supplementary Documents</emphasis>. O'Reilly & - Associates, Inc., 1994. ISBN 1-56592-079-1</para> - </listitem> - - <listitem> - <para>Harbison, Samuel P. and Steele, Guy L. Jr. <emphasis>C: A - Reference Manual</emphasis>. 4th ed. Prentice Hall, 1995. - ISBN 0-13-326224-3</para> - </listitem> - - <listitem> - <para>Kernighan, Brian and Dennis M. Ritchie. <emphasis>The C - Programming Language</emphasis>. 2nd Ed. PTR Prentice Hall, 1988. - ISBN 0-13-110362-8</para> - </listitem> - - <listitem> - <para>Lehey, Greg. <emphasis>Porting UNIX Software</emphasis>. - O'Reilly & Associates, Inc., 1995. ISBN 1-56592-126-7</para> - </listitem> - - <listitem> - <para>Plauger, P. J. <emphasis>The Standard C Library</emphasis>. - Prentice Hall, 1992. ISBN 0-13-131509-9</para> - </listitem> - - <listitem> - <para>Spinellis, Diomidis. <link xlink:href="http://www.spinellis.gr/codereading/"><emphasis>Code - Reading: The Open Source Perspective</emphasis></link>. - Addison-Wesley, 2003. ISBN 0-201-79940-5</para> - </listitem> - - <listitem> - <para>Spinellis, Diomidis. <link xlink:href="http://www.spinellis.gr/codequality/"><emphasis>Code - Quality: The Open Source Perspective</emphasis></link>. - Addison-Wesley, 2006. ISBN 0-321-16607-8</para> - </listitem> - - <listitem> - <para>Stevens, W. Richard and Stephen A. Rago. - <emphasis>Advanced Programming in the UNIX - Environment</emphasis>. 2nd Ed. - Reading, Mass. : Addison-Wesley, 2005. - ISBN 0-201-43307-9</para> - </listitem> - - <listitem> - <para>Stevens, W. Richard. <emphasis>UNIX Network - Programming</emphasis>. 2nd Ed, PTR Prentice Hall, 1998. ISBN - 0-13-490012-X</para> - </listitem> - - <listitem> - <para>Wells, Bill. <quote>Writing Serial Drivers for UNIX</quote>. - <emphasis>Dr. Dobb's Journal</emphasis>. 19(15), December 1994. - pp68-71, 97-99.</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-osinternals"> - <title>深入作業系統</title> - - <itemizedlist> - <listitem> - <para>Andleigh, Prabhat K. <emphasis>UNIX System - Architecture</emphasis>. Prentice-Hall, Inc., 1990. ISBN - 0-13-949843-5</para> - </listitem> - - <listitem> - <para>Jolitz, William. <quote>Porting UNIX to the 386</quote>. - <emphasis>Dr. Dobb's Journal</emphasis>. January 1991-July - 1992.</para> - </listitem> - - <listitem> - <para>Leffler, Samuel J., Marshall Kirk McKusick, Michael J Karels and - John Quarterman <emphasis>The Design and Implementation of the - 4.3BSD UNIX Operating System</emphasis>. Reading, Mass. : - Addison-Wesley, 1989. ISBN 0-201-06196-1</para> - </listitem> - - <listitem> - <para>Leffler, Samuel J., Marshall Kirk McKusick, <emphasis>The Design - and Implementation of the 4.3BSD UNIX Operating System: Answer - Book</emphasis>. Reading, Mass. : Addison-Wesley, 1991. ISBN - 0-201-54629-9</para> - </listitem> - - <listitem> - <para>McKusick, Marshall Kirk, Keith Bostic, Michael J Karels, and - John Quarterman. <emphasis>The Design and Implementation of the - 4.4BSD Operating System</emphasis>. Reading, Mass. : - Addison-Wesley, 1996. ISBN 0-201-54979-4</para> - - <para>(本書第二章的 <link xlink:href="&url.books.design-44bsd;/book.html">網路版</link> 是 - FreeBSD 文件計劃的一部份,以及第九章的部分可以在 <link xlink:href="http://www.netapp.com/tech_library/nfsbook.html"> - 這邊</link>找到)</para> - </listitem> - - <listitem> - <para>Marshall Kirk McKusick, George V. Neville-Neil <emphasis>The - Design and Implementation of the FreeBSD Operating System</emphasis>. - Boston, Mass. : Addison-Wesley, 2004. ISBN 0-201-70245-2</para> - </listitem> - - <listitem> - <para>Stevens, W. Richard. <emphasis>TCP/IP Illustrated, Volume 1: - The Protocols</emphasis>. Reading, Mass. : Addison-Wesley, - 1996. ISBN 0-201-63346-9</para> - </listitem> - - <listitem> - <para>Schimmel, Curt. <emphasis>Unix Systems for Modern - Architectures</emphasis>. Reading, Mass. : Addison-Wesley, 1994. - ISBN 0-201-63338-8</para> - </listitem> - - <listitem> - <para>Stevens, W. Richard. <emphasis>TCP/IP Illustrated, Volume 3: - TCP for Transactions, HTTP, NNTP and the UNIX Domain - Protocols</emphasis>. Reading, Mass. : Addison-Wesley, 1996. - ISBN 0-201-63495-3</para> - </listitem> - - <listitem> - <para>Vahalia, Uresh. <emphasis>UNIX Internals -- The New - Frontiers</emphasis>. Prentice Hall, 1996. ISBN - 0-13-101908-2</para> - </listitem> - - <listitem> - <para>Wright, Gary R. and W. Richard Stevens. <emphasis>TCP/IP - Illustrated, Volume 2: The Implementation</emphasis>. Reading, - Mass. : Addison-Wesley, 1995. ISBN 0-201-63354-X</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-security"> - <title>資安領域的參考文獻</title> - - <itemizedlist> - <listitem> - <para>Cheswick, William R. and Steven M. Bellovin. <emphasis>Firewalls - and Internet Security: Repelling the Wily Hacker</emphasis>. - Reading, Mass. : Addison-Wesley, 1995. ISBN - 0-201-63357-4</para> - </listitem> - - <listitem> - <para>Garfinkel, Simson and Gene Spafford. - <emphasis>Practical UNIX & Internet Security</emphasis>. - 2nd Ed. O'Reilly & Associates, Inc., 1996. ISBN - 1-56592-148-8</para> - </listitem> - - <listitem> - <para>Garfinkel, Simson. <emphasis>PGP Pretty Good - Privacy</emphasis> O'Reilly & Associates, Inc., 1995. ISBN - 1-56592-098-8</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-hardware"> - <title>硬體方面的參考文獻</title> - - <itemizedlist> - <listitem> - <para>Anderson, Don and Tom Shanley. <emphasis>Pentium Processor - System Architecture</emphasis>. 2nd Ed. Reading, Mass. : - Addison-Wesley, 1995. ISBN 0-201-40992-5</para> - </listitem> - - <listitem> - <para>Ferraro, Richard F. <emphasis>Programmer's Guide to the EGA, - VGA, and Super VGA Cards</emphasis>. 3rd ed. Reading, Mass. : - Addison-Wesley, 1995. ISBN 0-201-62490-7</para> - </listitem> - - <listitem> - <para>Intel Corporation 通常會以 PDF 格式在 <link xlink:href="http://developer.intel.com/">developer web site</link> - 網站放他們的 CPU、晶片組、相關標準的規格書文件。</para> - </listitem> - - <listitem> - <para>Shanley, Tom. <emphasis>80486 System Architecture</emphasis>. - 3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN - 0-201-40994-1</para> - </listitem> - - <listitem> - <para>Shanley, Tom. <emphasis>ISA System Architecture</emphasis>. - 3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN - 0-201-40996-8</para> - </listitem> - - <listitem> - <para>Shanley, Tom. <emphasis>PCI System Architecture</emphasis>. - 4th ed. Reading, Mass. : Addison-Wesley, 1999. ISBN - 0-201-30974-2</para> - </listitem> - - <listitem> - <para>Van Gilluwe, Frank. <emphasis>The Undocumented PC</emphasis>, - 2nd Ed. Reading, Mass: Addison-Wesley Pub. Co., 1996. ISBN - 0-201-47950-8</para> - </listitem> - - <listitem> - <para>Messmer, Hans-Peter. <emphasis>The Indispensable PC Hardware - Book</emphasis>, 4th Ed. - Reading, Mass: Addison-Wesley Pub. Co., 2002. ISBN - 0-201-59616-4</para> - </listitem> - - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-history"> - <title>&unix; 歷史淵源</title> - - <itemizedlist> - <listitem> - <para>Lion, John <emphasis>Lion's Commentary on UNIX, 6th Ed. With - Source Code</emphasis>. ITP Media Group, 1996. ISBN - 1573980137</para> - </listitem> - - <listitem> - <para>Raymond, Eric S. <emphasis>The New Hacker's Dictionary, 3rd - edition</emphasis>. MIT Press, 1996. ISBN - 0-262-68092-0. Also known as the <link xlink:href="http://www.catb.org/~esr/jargon/html/index.html">Jargon - File</link></para> - </listitem> - - <listitem> - <para>Salus, Peter H. <emphasis>A quarter century of UNIX</emphasis>. - Addison-Wesley Publishing Company, Inc., 1994. ISBN - 0-201-54777-5</para> - </listitem> - - <listitem> - <para>Simon Garfinkel, Daniel Weise, Steven Strassmann. <emphasis>The - UNIX-HATERS Handbook</emphasis>. IDG Books Worldwide, Inc., - 1994. ISBN 1-56884-203-1. Out of print, but available <link xlink:href="http://research.microsoft.com/~daniel/unix-haters.html"> - online</link>.</para> - </listitem> - - <listitem> - <para>Don Libes, Sandy Ressler <emphasis>Life with UNIX</emphasis> - — special edition. Prentice-Hall, Inc., 1989. ISBN - 0-13-536657-7</para> - </listitem> - - <listitem> - <para><emphasis>BSD 族譜</emphasis>: - <uri xlink:href="http://www.FreeBSD.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree">http://www.FreeBSD.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree</uri> - 或 FreeBSD 機器內的 <link xlink:href="file://localhost/usr/share/misc/bsd-family-tree"><filename>/usr/share/misc/bsd-family-tree</filename></link> - 。</para> - </listitem> - - <listitem> - <para><emphasis>The BSD Release Announcements collection</emphasis>. - 1997. <uri xlink:href="http://www.de.FreeBSD.org/de/ftp/releases/">http://www.de.FreeBSD.org/de/ftp/releases/</uri></para> - </listitem> - - <listitem> - <para><emphasis>Networked Computer Science Technical Reports - Library</emphasis>. <uri xlink:href="http://www.ncstrl.org/">http://www.ncstrl.org/</uri></para> - </listitem> - - <listitem> - <para><emphasis>Old BSD releases from the Computer Systems Research - group (CSRG)</emphasis>. - <uri xlink:href="http://www.mckusick.com/csrg/">http://www.mckusick.com/csrg/</uri>: - The 4CD set covers all BSD versions from 1BSD to 4.4BSD and - 4.4BSD-Lite2 (but not 2.11BSD, unfortunately). The last - disk also holds the final sources plus the SCCS files.</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="bibliography-journals"> - <title>雜誌、期刊</title> - - <itemizedlist> - <listitem> - <para><emphasis>The C/C++ Users Journal</emphasis>. R&D - Publications Inc. ISSN 1075-2838</para> - </listitem> - - <listitem> - <para><emphasis>Sys Admin — The Journal for UNIX System - Administrators</emphasis> Miller Freeman, Inc., ISSN - 1061-2688</para> - </listitem> - - <listitem> - <para><emphasis>freeX — Das Magazin für Linux - BSD - UNIX</emphasis> - (德文) Computer- und Literaturverlag GmbH, ISSN 1436-7033</para> - </listitem> - - </itemizedlist> - </sect1> -</appendix> diff --git a/zh_TW.UTF-8/books/handbook/book.xml b/zh_TW.UTF-8/books/handbook/book.xml index 68f358dd07..62bc21a37c 100644 --- a/zh_TW.UTF-8/books/handbook/book.xml +++ b/zh_TW.UTF-8/books/handbook/book.xml @@ -1,36 +1,606 @@ <?xml version="1.0" encoding="utf-8"?> -<!DOCTYPE book PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN" - "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [ +<!DOCTYPE book PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN" "http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [ <!-- The FreeBSD Documentation Project - The FreeBSD Traditional Chinese Documentation Project - Original revision: r45698 $FreeBSD$ ---> +--><!ENTITY % chapters SYSTEM "chapters.ent"> +<!-- + Creates entities for each chapter in the FreeBSD Handbook. Each entity + is named chap.foo, where foo is the value of the id attribute on that + chapter, and corresponds to the name of the directory in which that + chapter's .xml file is stored. -<!ENTITY % chapters SYSTEM "chapters.ent"> -%chapters; + Chapters should be listed in the order in which they are referenced. + + $FreeBSD$ +--><!ENTITY chap.preface SYSTEM "preface/preface.xml"> +<!ENTITY % pgpkeys SYSTEM "../../../share/pgpkeys/pgpkeys.ent"> +<!-- $FreeBSD$ --><!-- PGP keyblocks --><!ENTITY pgpkey.aaron SYSTEM "aaron.key"> +<!ENTITY pgpkey.ache SYSTEM "ache.key"> +<!ENTITY pgpkey.achim SYSTEM "achim.key"> +<!ENTITY pgpkey.acm SYSTEM "acm.key"> +<!ENTITY pgpkey.adamw SYSTEM "adamw.key"> +<!ENTITY pgpkey.adrian SYSTEM "adrian.key"> +<!ENTITY pgpkey.ae SYSTEM "ae.key"> +<!ENTITY pgpkey.ahze SYSTEM "ahze.key"> +<!ENTITY pgpkey.ak SYSTEM "ak.key"> +<!ENTITY pgpkey.alc SYSTEM "alc.key"> +<!ENTITY pgpkey.ale SYSTEM "ale.key"> +<!ENTITY pgpkey.alepulver SYSTEM "alepulver.key"> +<!ENTITY pgpkey.alex SYSTEM "alex.key"> +<!ENTITY pgpkey.alexbl SYSTEM "alexbl.key"> +<!ENTITY pgpkey.alexey SYSTEM "alexey.key"> +<!ENTITY pgpkey.allanjude SYSTEM "allanjude.key"> +<!ENTITY pgpkey.alonso SYSTEM "alonso.key"> +<!ENTITY pgpkey.amdmi3 SYSTEM "amdmi3.key"> +<!ENTITY pgpkey.anchie SYSTEM "anchie.key"> +<!ENTITY pgpkey.anders SYSTEM "anders.key"> +<!ENTITY pgpkey.andreas SYSTEM "andreas.key"> +<!ENTITY pgpkey.andrew SYSTEM "andrew.key"> +<!ENTITY pgpkey.anholt SYSTEM "anholt.key"> +<!ENTITY pgpkey.anish SYSTEM "anish.key"> +<!ENTITY pgpkey.anray SYSTEM "anray.key"> +<!ENTITY pgpkey.antoine SYSTEM "antoine.key"> +<!ENTITY pgpkey.araujo SYSTEM "araujo.key"> +<!ENTITY pgpkey.ariff SYSTEM "ariff.key"> +<!ENTITY pgpkey.art SYSTEM "art.key"> +<!ENTITY pgpkey.arun SYSTEM "arun.key"> +<!ENTITY pgpkey.arundel SYSTEM "arundel.key"> +<!ENTITY pgpkey.arved SYSTEM "arved.key"> +<!ENTITY pgpkey.arybchik SYSTEM "arybchik.key"> +<!ENTITY pgpkey.asami SYSTEM "asami.key"> +<!ENTITY pgpkey.ashish SYSTEM "ashish.key"> +<!ENTITY pgpkey.asomers SYSTEM "asomers.key"> +<!ENTITY pgpkey.avatar SYSTEM "avatar.key"> +<!ENTITY pgpkey.avg SYSTEM "avg.key"> +<!ENTITY pgpkey.avilla SYSTEM "avilla.key"> +<!ENTITY pgpkey.avl SYSTEM "avl.key"> +<!ENTITY pgpkey.avos SYSTEM "avos.key"> +<!ENTITY pgpkey.badger SYSTEM "badger.key"> +<!ENTITY pgpkey.bakul SYSTEM "bakul.key"> +<!ENTITY pgpkey.bapt SYSTEM "bapt.key"> +<!ENTITY pgpkey.bar SYSTEM "bar.key"> +<!ENTITY pgpkey.barner SYSTEM "barner.key"> +<!ENTITY pgpkey.bcr SYSTEM "bcr.key"> +<!ENTITY pgpkey.bdrewery SYSTEM "bdrewery.key"> +<!ENTITY pgpkey.beat SYSTEM "beat.key"> +<!ENTITY pgpkey.beech SYSTEM "beech.key"> +<!ENTITY pgpkey.ben SYSTEM "ben.key"> +<!ENTITY pgpkey.benjsc SYSTEM "benjsc.key"> +<!ENTITY pgpkey.benno SYSTEM "benno.key"> +<!ENTITY pgpkey.bf SYSTEM "bf.key"> +<!ENTITY pgpkey.bhaga SYSTEM "bhaga.key"> +<!ENTITY pgpkey.bhd SYSTEM "bhd.key"> +<!ENTITY pgpkey.billf SYSTEM "billf.key"> +<!ENTITY pgpkey.bjk SYSTEM "bjk.key"> +<!ENTITY pgpkey.bk SYSTEM "bk.key"> +<!ENTITY pgpkey.blackend SYSTEM "blackend.key"> +<!ENTITY pgpkey.bland SYSTEM "bland.key"> +<!ENTITY pgpkey.bmah SYSTEM "bmah.key"> +<!ENTITY pgpkey.bms SYSTEM "bms.key"> +<!ENTITY pgpkey.bofh SYSTEM "bofh.key"> +<!ENTITY pgpkey.br SYSTEM "br.key"> +<!ENTITY pgpkey.brd SYSTEM "brd.key"> +<!ENTITY pgpkey.brian SYSTEM "brian.key"> +<!ENTITY pgpkey.brix SYSTEM "brix.key"> +<!ENTITY pgpkey.brnrd SYSTEM "brnrd.key"> +<!ENTITY pgpkey.brooks SYSTEM "brooks.key"> +<!ENTITY pgpkey.brucec SYSTEM "brucec.key"> +<!ENTITY pgpkey.brueffer SYSTEM "brueffer.key"> +<!ENTITY pgpkey.bruno SYSTEM "bruno.key"> +<!ENTITY pgpkey.bryanv SYSTEM "bryanv.key"> +<!ENTITY pgpkey.bsam SYSTEM "bsam.key"> +<!ENTITY pgpkey.bschmidt SYSTEM "bschmidt.key"> +<!ENTITY pgpkey.bsd SYSTEM "bsd.key"> +<!ENTITY pgpkey.bushman SYSTEM "bushman.key"> +<!ENTITY pgpkey.bvs SYSTEM "bvs.key"> +<!ENTITY pgpkey.bz SYSTEM "bz.key"> +<!ENTITY pgpkey.carl SYSTEM "carl.key"> +<!ENTITY pgpkey.cel SYSTEM "cel.key"> +<!ENTITY pgpkey.ceri SYSTEM "ceri.key"> +<!ENTITY pgpkey.cherry SYSTEM "cherry.key"> +<!ENTITY pgpkey.chinsan SYSTEM "chinsan.key"> +<!ENTITY pgpkey.cjc SYSTEM "cjc.key"> +<!ENTITY pgpkey.cjh SYSTEM "cjh.key"> +<!ENTITY pgpkey.clement SYSTEM "clement.key"> +<!ENTITY pgpkey.clive SYSTEM "clive.key"> +<!ENTITY pgpkey.clsung SYSTEM "clsung.key"> +<!ENTITY pgpkey.cmt SYSTEM "cmt.key"> +<!ENTITY pgpkey.cokane SYSTEM "cokane.key"> +<!ENTITY pgpkey.core-secretary SYSTEM "core-secretary.key"> +<!ENTITY pgpkey.cperciva SYSTEM "cperciva.key"> +<!ENTITY pgpkey.cpm SYSTEM "cpm.key"> +<!ENTITY pgpkey.crees SYSTEM "crees.key"> +<!ENTITY pgpkey.cs SYSTEM "cs.key"> +<!ENTITY pgpkey.cshumway SYSTEM "cshumway.key"> +<!ENTITY pgpkey.csjp SYSTEM "csjp.key"> +<!ENTITY pgpkey.culot SYSTEM "culot.key"> +<!ENTITY pgpkey.cy SYSTEM "cy.key"> +<!ENTITY pgpkey.daichi SYSTEM "daichi.key"> +<!ENTITY pgpkey.damien SYSTEM "damien.key"> +<!ENTITY pgpkey.danfe SYSTEM "danfe.key"> +<!ENTITY pgpkey.danger SYSTEM "danger.key"> +<!ENTITY pgpkey.danilo SYSTEM "danilo.key"> +<!ENTITY pgpkey.dannyboy SYSTEM "dannyboy.key"> +<!ENTITY pgpkey.das SYSTEM "das.key"> +<!ENTITY pgpkey.davidch SYSTEM "davidch.key"> +<!ENTITY pgpkey.davide SYSTEM "davide.key"> +<!ENTITY pgpkey.davidxu SYSTEM "davidxu.key"> +<!ENTITY pgpkey.db SYSTEM "db.key"> +<!ENTITY pgpkey.dbn SYSTEM "dbn.key"> +<!ENTITY pgpkey.dchagin SYSTEM "dchagin.key"> +<!ENTITY pgpkey.dcs SYSTEM "dcs.key"> +<!ENTITY pgpkey.dd SYSTEM "dd.key"> +<!ENTITY pgpkey.deb SYSTEM "deb.key"> +<!ENTITY pgpkey.decke SYSTEM "decke.key"> +<!ENTITY pgpkey.deischen SYSTEM "deischen.key"> +<!ENTITY pgpkey.delphij SYSTEM "delphij.key"> +<!ENTITY pgpkey.demon SYSTEM "demon.key"> +<!ENTITY pgpkey.den SYSTEM "den.key"> +<!ENTITY pgpkey.des SYSTEM "des.key"> +<!ENTITY pgpkey.dfr SYSTEM "dfr.key"> +<!ENTITY pgpkey.dhartmei SYSTEM "dhartmei.key"> +<!ENTITY pgpkey.dhn SYSTEM "dhn.key"> +<!ENTITY pgpkey.dhw SYSTEM "dhw.key"> +<!ENTITY pgpkey.dim SYSTEM "dim.key"> +<!ENTITY pgpkey.dinoex SYSTEM "dinoex.key"> +<!ENTITY pgpkey.dru SYSTEM "dru.key"> +<!ENTITY pgpkey.dryice SYSTEM "dryice.key"> +<!ENTITY pgpkey.dteske SYSTEM "dteske.key"> +<!ENTITY pgpkey.dumbbell SYSTEM "dumbbell.key"> +<!ENTITY pgpkey.dutchdaemon SYSTEM "dutchdaemon.key"> +<!ENTITY pgpkey.dvl SYSTEM "dvl.key"> +<!ENTITY pgpkey.dwmalone SYSTEM "dwmalone.key"> +<!ENTITY pgpkey.eadler SYSTEM "eadler.key"> +<!ENTITY pgpkey.ebrandi SYSTEM "ebrandi.key"> +<!ENTITY pgpkey.ed SYSTEM "ed.key"> +<!ENTITY pgpkey.edavis SYSTEM "edavis.key"> +<!ENTITY pgpkey.edwin SYSTEM "edwin.key"> +<!ENTITY pgpkey.ehaupt SYSTEM "ehaupt.key"> +<!ENTITY pgpkey.emaste SYSTEM "emaste.key"> +<!ENTITY pgpkey.emax SYSTEM "emax.key"> +<!ENTITY pgpkey.erj SYSTEM "erj.key"> +<!ENTITY pgpkey.erwin SYSTEM "erwin.key"> +<!ENTITY pgpkey.fabient SYSTEM "fabient.key"> +<!ENTITY pgpkey.fanf SYSTEM "fanf.key"> +<!ENTITY pgpkey.farrokhi SYSTEM "farrokhi.key"> +<!ENTITY pgpkey.feld SYSTEM "feld.key"> +<!ENTITY pgpkey.fjoe SYSTEM "fjoe.key"> +<!ENTITY pgpkey.flo SYSTEM "flo.key"> +<!ENTITY pgpkey.fluffy SYSTEM "fluffy.key"> +<!ENTITY pgpkey.flz SYSTEM "flz.key"> +<!ENTITY pgpkey.foxfair SYSTEM "foxfair.key"> +<!ENTITY pgpkey.gabor SYSTEM "gabor.key"> +<!ENTITY pgpkey.gad SYSTEM "gad.key"> +<!ENTITY pgpkey.gahr SYSTEM "gahr.key"> +<!ENTITY pgpkey.ganbold SYSTEM "ganbold.key"> +<!ENTITY pgpkey.garga SYSTEM "garga.key"> +<!ENTITY pgpkey.garys SYSTEM "garys.key"> +<!ENTITY pgpkey.gavin SYSTEM "gavin.key"> +<!ENTITY pgpkey.gblach SYSTEM "gblach.key"> +<!ENTITY pgpkey.gerald SYSTEM "gerald.key"> +<!ENTITY pgpkey.ghelmer SYSTEM "ghelmer.key"> +<!ENTITY pgpkey.gibbs SYSTEM "gibbs.key"> +<!ENTITY pgpkey.girgen SYSTEM "girgen.key"> +<!ENTITY pgpkey.gjb SYSTEM "gjb.key"> +<!ENTITY pgpkey.glarkin SYSTEM "glarkin.key"> +<!ENTITY pgpkey.gleb SYSTEM "gleb.key"> +<!ENTITY pgpkey.glebius SYSTEM "glebius.key"> +<!ENTITY pgpkey.glewis SYSTEM "glewis.key"> +<!ENTITY pgpkey.gnn SYSTEM "gnn.key"> +<!ENTITY pgpkey.gonzo SYSTEM "gonzo.key"> +<!ENTITY pgpkey.gordon SYSTEM "gordon.key"> +<!ENTITY pgpkey.green SYSTEM "green.key"> +<!ENTITY pgpkey.grehan SYSTEM "grehan.key"> +<!ENTITY pgpkey.grembo SYSTEM "grembo.key"> +<!ENTITY pgpkey.grog SYSTEM "grog.key"> +<!ENTITY pgpkey.gshapiro SYSTEM "gshapiro.key"> +<!ENTITY pgpkey.gsutter SYSTEM "gsutter.key"> +<!ENTITY pgpkey.guido SYSTEM "guido.key"> +<!ENTITY pgpkey.harti SYSTEM "harti.key"> +<!ENTITY pgpkey.hiren SYSTEM "hiren.key"> +<!ENTITY pgpkey.hmp SYSTEM "hmp.key"> +<!ENTITY pgpkey.hq SYSTEM "hq.key"> +<!ENTITY pgpkey.hrs SYSTEM "hrs.key"> +<!ENTITY pgpkey.ijliao SYSTEM "ijliao.key"> +<!ENTITY pgpkey.imp SYSTEM "imp.key"> +<!ENTITY pgpkey.issyl0 SYSTEM "issyl0.key"> +<!ENTITY pgpkey.itetcu SYSTEM "itetcu.key"> +<!ENTITY pgpkey.ivadasz SYSTEM "ivadasz.key"> +<!ENTITY pgpkey.ivoras SYSTEM "ivoras.key"> +<!ENTITY pgpkey.jacula SYSTEM "jacula.key"> +<!ENTITY pgpkey.jadawin SYSTEM "jadawin.key"> +<!ENTITY pgpkey.jah SYSTEM "jah.key"> +<!ENTITY pgpkey.jamie SYSTEM "jamie.key"> +<!ENTITY pgpkey.jase SYSTEM "jase.key"> +<!ENTITY pgpkey.jbeich SYSTEM "jbeich.key"> +<!ENTITY pgpkey.jcamou SYSTEM "jcamou.key"> +<!ENTITY pgpkey.jceel SYSTEM "jceel.key"> +<!ENTITY pgpkey.jch SYSTEM "jch.key"> +<!ENTITY pgpkey.jchandra SYSTEM "jchandra.key"> +<!ENTITY pgpkey.jdp SYSTEM "jdp.key"> +<!ENTITY pgpkey.jedgar SYSTEM "jedgar.key"> +<!ENTITY pgpkey.jesper SYSTEM "jesper.key"> +<!ENTITY pgpkey.jgh SYSTEM "jgh.key"> +<!ENTITY pgpkey.jh SYSTEM "jh.key"> +<!ENTITY pgpkey.jhale SYSTEM "jhale.key"> +<!ENTITY pgpkey.jhay SYSTEM "jhay.key"> +<!ENTITY pgpkey.jhb SYSTEM "jhb.key"> +<!ENTITY pgpkey.jhibbits SYSTEM "jhibbits.key"> +<!ENTITY pgpkey.jilles SYSTEM "jilles.key"> +<!ENTITY pgpkey.jim SYSTEM "jim.key"> +<!ENTITY pgpkey.jinmei SYSTEM "jinmei.key"> +<!ENTITY pgpkey.jkh SYSTEM "jkh.key"> +<!ENTITY pgpkey.jkim SYSTEM "jkim.key"> +<!ENTITY pgpkey.jkois SYSTEM "jkois.key"> +<!ENTITY pgpkey.jkoshy SYSTEM "jkoshy.key"> +<!ENTITY pgpkey.jlaffaye SYSTEM "jlaffaye.key"> +<!ENTITY pgpkey.jlh SYSTEM "jlh.key"> +<!ENTITY pgpkey.jmb SYSTEM "jmb.key"> +<!ENTITY pgpkey.jmcneill SYSTEM "jmcneill.key"> +<!ENTITY pgpkey.jmelo SYSTEM "jmelo.key"> +<!ENTITY pgpkey.jmg SYSTEM "jmg.key"> +<!ENTITY pgpkey.jmmv SYSTEM "jmmv.key"> +<!ENTITY pgpkey.joe SYSTEM "joe.key"> +<!ENTITY pgpkey.joerg SYSTEM "joerg.key"> +<!ENTITY pgpkey.johans SYSTEM "johans.key"> +<!ENTITY pgpkey.jon SYSTEM "jon.key"> +<!ENTITY pgpkey.jonathan SYSTEM "jonathan.key"> +<!ENTITY pgpkey.josef SYSTEM "josef.key"> +<!ENTITY pgpkey.jpaetzel SYSTEM "jpaetzel.key"> +<!ENTITY pgpkey.jsa SYSTEM "jsa.key"> +<!ENTITY pgpkey.jtl SYSTEM "jtl.key"> +<!ENTITY pgpkey.junovitch SYSTEM "junovitch.key"> +<!ENTITY pgpkey.jylefort SYSTEM "jylefort.key"> +<!ENTITY pgpkey.kadesai SYSTEM "kadesai.key"> +<!ENTITY pgpkey.kaiw SYSTEM "kaiw.key"> +<!ENTITY pgpkey.kami SYSTEM "kami.key"> +<!ENTITY pgpkey.kan SYSTEM "kan.key"> +<!ENTITY pgpkey.karels SYSTEM "karels.key"> +<!ENTITY pgpkey.kato SYSTEM "kato.key"> +<!ENTITY pgpkey.ken SYSTEM "ken.key"> +<!ENTITY pgpkey.kensmith SYSTEM "kensmith.key"> +<!ENTITY pgpkey.keramida SYSTEM "keramida.key"> +<!ENTITY pgpkey.kib SYSTEM "kib.key"> +<!ENTITY pgpkey.kmoore SYSTEM "kmoore.key"> +<!ENTITY pgpkey.knu SYSTEM "knu.key"> +<!ENTITY pgpkey.koitsu SYSTEM "koitsu.key"> +<!ENTITY pgpkey.kp SYSTEM "kp.key"> +<!ENTITY pgpkey.krion SYSTEM "krion.key"> +<!ENTITY pgpkey.kris SYSTEM "kris.key"> +<!ENTITY pgpkey.kuriyama SYSTEM "kuriyama.key"> +<!ENTITY pgpkey.kwm SYSTEM "kwm.key"> +<!ENTITY pgpkey.landonf SYSTEM "landonf.key"> +<!ENTITY pgpkey.laszlof SYSTEM "laszlof.key"> +<!ENTITY pgpkey.lawrance SYSTEM "lawrance.key"> +<!ENTITY pgpkey.lbr SYSTEM "lbr.key"> +<!ENTITY pgpkey.le SYSTEM "le.key"> +<!ENTITY pgpkey.leeym SYSTEM "leeym.key"> +<!ENTITY pgpkey.lesi SYSTEM "lesi.key"> +<!ENTITY pgpkey.lev SYSTEM "lev.key"> +<!ENTITY pgpkey.lidl SYSTEM "lidl.key"> +<!ENTITY pgpkey.linimon SYSTEM "linimon.key"> +<!ENTITY pgpkey.lioux SYSTEM "lioux.key"> +<!ENTITY pgpkey.lippe SYSTEM "lippe.key"> +<!ENTITY pgpkey.lme SYSTEM "lme.key"> +<!ENTITY pgpkey.loader SYSTEM "loader.key"> +<!ENTITY pgpkey.lofi SYSTEM "lofi.key"> +<!ENTITY pgpkey.loos SYSTEM "loos.key"> +<!ENTITY pgpkey.lstewart SYSTEM "lstewart.key"> +<!ENTITY pgpkey.lth SYSTEM "lth.key"> +<!ENTITY pgpkey.lulf SYSTEM "lulf.key"> +<!ENTITY pgpkey.luoqi SYSTEM "luoqi.key"> +<!ENTITY pgpkey.lwhsu SYSTEM "lwhsu.key"> +<!ENTITY pgpkey.lx SYSTEM "lx.key"> +<!ENTITY pgpkey.madpilot SYSTEM "madpilot.key"> +<!ENTITY pgpkey.maho SYSTEM "maho.key"> +<!ENTITY pgpkey.mahrens SYSTEM "mahrens.key"> +<!ENTITY pgpkey.makc SYSTEM "makc.key"> +<!ENTITY pgpkey.mandree SYSTEM "mandree.key"> +<!ENTITY pgpkey.manolis SYSTEM "manolis.key"> +<!ENTITY pgpkey.manu SYSTEM "manu.key"> +<!ENTITY pgpkey.marcel SYSTEM "marcel.key"> +<!ENTITY pgpkey.marck SYSTEM "marck.key"> +<!ENTITY pgpkey.marcus SYSTEM "marcus.key"> +<!ENTITY pgpkey.marino SYSTEM "marino.key"> +<!ENTITY pgpkey.marius SYSTEM "marius.key"> +<!ENTITY pgpkey.markj SYSTEM "markj.key"> +<!ENTITY pgpkey.markm SYSTEM "markm.key"> +<!ENTITY pgpkey.markp SYSTEM "markp.key"> +<!ENTITY pgpkey.marks SYSTEM "marks.key"> +<!ENTITY pgpkey.markus SYSTEM "markus.key"> +<!ENTITY pgpkey.martymac SYSTEM "martymac.key"> +<!ENTITY pgpkey.mat SYSTEM "mat.key"> +<!ENTITY pgpkey.matteo SYSTEM "matteo.key"> +<!ENTITY pgpkey.matthew SYSTEM "matthew.key"> +<!ENTITY pgpkey.matusita SYSTEM "matusita.key"> +<!ENTITY pgpkey.mav SYSTEM "mav.key"> +<!ENTITY pgpkey.max SYSTEM "max.key"> +<!ENTITY pgpkey.maxim SYSTEM "maxim.key"> +<!ENTITY pgpkey.mbr SYSTEM "mbr.key"> +<!ENTITY pgpkey.mckay SYSTEM "mckay.key"> +<!ENTITY pgpkey.mckusick SYSTEM "mckusick.key"> +<!ENTITY pgpkey.mdf SYSTEM "mdf.key"> +<!ENTITY pgpkey.melifaro SYSTEM "melifaro.key"> +<!ENTITY pgpkey.metal SYSTEM "metal.key"> +<!ENTITY pgpkey.mheinen SYSTEM "mheinen.key"> +<!ENTITY pgpkey.mi SYSTEM "mi.key"> +<!ENTITY pgpkey.mich SYSTEM "mich.key"> +<!ENTITY pgpkey.mikeh SYSTEM "mikeh.key"> +<!ENTITY pgpkey.milki SYSTEM "milki.key"> +<!ENTITY pgpkey.miwi SYSTEM "miwi.key"> +<!ENTITY pgpkey.mizhka SYSTEM "mizhka.key"> +<!ENTITY pgpkey.mjg SYSTEM "mjg.key"> +<!ENTITY pgpkey.mlaier SYSTEM "mlaier.key"> +<!ENTITY pgpkey.mm SYSTEM "mm.key"> +<!ENTITY pgpkey.mmel SYSTEM "mmel.key"> +<!ENTITY pgpkey.mmoll SYSTEM "mmoll.key"> +<!ENTITY pgpkey.mnag SYSTEM "mnag.key"> +<!ENTITY pgpkey.mp SYSTEM "mp.key"> +<!ENTITY pgpkey.mr SYSTEM "mr.key"> +<!ENTITY pgpkey.mtm SYSTEM "mtm.key"> +<!ENTITY pgpkey.murray SYSTEM "murray.key"> +<!ENTITY pgpkey.mux SYSTEM "mux.key"> +<!ENTITY pgpkey.mva SYSTEM "mva.key"> +<!ENTITY pgpkey.mwlucas SYSTEM "mwlucas.key"> +<!ENTITY pgpkey.naddy SYSTEM "naddy.key"> +<!ENTITY pgpkey.nate SYSTEM "nate.key"> +<!ENTITY pgpkey.nectar SYSTEM "nectar.key"> +<!ENTITY pgpkey.neel SYSTEM "neel.key"> +<!ENTITY pgpkey.nemoliu SYSTEM "nemoliu.key"> +<!ENTITY pgpkey.nemysis SYSTEM "nemysis.key"> +<!ENTITY pgpkey.netchild SYSTEM "netchild.key"> +<!ENTITY pgpkey.ngie SYSTEM "ngie.key"> +<!ENTITY pgpkey.niels SYSTEM "niels.key"> +<!ENTITY pgpkey.nik SYSTEM "nik.key"> +<!ENTITY pgpkey.niklas SYSTEM "niklas.key"> +<!ENTITY pgpkey.nivit SYSTEM "nivit.key"> +<!ENTITY pgpkey.njl SYSTEM "njl.key"> +<!ENTITY pgpkey.nork SYSTEM "nork.key"> +<!ENTITY pgpkey.novel SYSTEM "novel.key"> +<!ENTITY pgpkey.nox SYSTEM "nox.key"> +<!ENTITY pgpkey.np SYSTEM "np.key"> +<!ENTITY pgpkey.nsouch SYSTEM "nsouch.key"> +<!ENTITY pgpkey.nwhitehorn SYSTEM "nwhitehorn.key"> +<!ENTITY pgpkey.nyan SYSTEM "nyan.key"> +<!ENTITY pgpkey.obraun SYSTEM "obraun.key"> +<!ENTITY pgpkey.obrien SYSTEM "obrien.key"> +<!ENTITY pgpkey.ohauer SYSTEM "ohauer.key"> +<!ENTITY pgpkey.oleg SYSTEM "oleg.key"> +<!ENTITY pgpkey.olgeni SYSTEM "olgeni.key"> +<!ENTITY pgpkey.olivier SYSTEM "olivier.key"> +<!ENTITY pgpkey.olivierd SYSTEM "olivierd.key"> +<!ENTITY pgpkey.oshogbo SYSTEM "oshogbo.key"> +<!ENTITY pgpkey.patrick SYSTEM "patrick.key"> +<!ENTITY pgpkey.paul SYSTEM "paul.key"> +<!ENTITY pgpkey.pav SYSTEM "pav.key"> +<!ENTITY pgpkey.pclin SYSTEM "pclin.key"> +<!ENTITY pgpkey.peadar SYSTEM "peadar.key"> +<!ENTITY pgpkey.perky SYSTEM "perky.key"> +<!ENTITY pgpkey.petef SYSTEM "petef.key"> +<!ENTITY pgpkey.peter SYSTEM "peter.key"> +<!ENTITY pgpkey.peterj SYSTEM "peterj.key"> +<!ENTITY pgpkey.pfg SYSTEM "pfg.key"> +<!ENTITY pgpkey.pgj SYSTEM "pgj.key"> +<!ENTITY pgpkey.pgollucci SYSTEM "pgollucci.key"> +<!ENTITY pgpkey.phantom SYSTEM "phantom.key"> +<!ENTITY pgpkey.phil SYSTEM "phil.key"> +<!ENTITY pgpkey.philip SYSTEM "philip.key"> +<!ENTITY pgpkey.phk SYSTEM "phk.key"> +<!ENTITY pgpkey.pho SYSTEM "pho.key"> +<!ENTITY pgpkey.pi SYSTEM "pi.key"> +<!ENTITY pgpkey.pirzyk SYSTEM "pirzyk.key"> +<!ENTITY pgpkey.pjd SYSTEM "pjd.key"> +<!ENTITY pgpkey.pkelsey SYSTEM "pkelsey.key"> +<!ENTITY pgpkey.plosher SYSTEM "plosher.key"> +<!ENTITY pgpkey.pluknet SYSTEM "pluknet.key"> +<!ENTITY pgpkey.portmgr-secretary SYSTEM "portmgr-secretary.key"> +<!ENTITY pgpkey.qingli SYSTEM "qingli.key"> +<!ENTITY pgpkey.rafan SYSTEM "rafan.key"> +<!ENTITY pgpkey.rakuco SYSTEM "rakuco.key"> +<!ENTITY pgpkey.ray SYSTEM "ray.key"> +<!ENTITY pgpkey.rdivacky SYSTEM "rdivacky.key"> +<!ENTITY pgpkey.rea SYSTEM "rea.key"> +<!ENTITY pgpkey.rees SYSTEM "rees.key"> +<!ENTITY pgpkey.remko SYSTEM "remko.key"> +<!ENTITY pgpkey.rene SYSTEM "rene.key"> +<!ENTITY pgpkey.rgrimes SYSTEM "rgrimes.key"> +<!ENTITY pgpkey.rich SYSTEM "rich.key"> +<!ENTITY pgpkey.riggs SYSTEM "riggs.key"> +<!ENTITY pgpkey.rik SYSTEM "rik.key"> +<!ENTITY pgpkey.rink SYSTEM "rink.key"> +<!ENTITY pgpkey.rm SYSTEM "rm.key"> +<!ENTITY pgpkey.rmacklem SYSTEM "rmacklem.key"> +<!ENTITY pgpkey.rmh SYSTEM "rmh.key"> +<!ENTITY pgpkey.rnoland SYSTEM "rnoland.key"> +<!ENTITY pgpkey.roam SYSTEM "roam.key"> +<!ENTITY pgpkey.robak SYSTEM "robak.key"> +<!ENTITY pgpkey.roberto SYSTEM "roberto.key"> +<!ENTITY pgpkey.rodrigc SYSTEM "rodrigc.key"> +<!ENTITY pgpkey.rodrigo SYSTEM "rodrigo.key"> +<!ENTITY pgpkey.romain SYSTEM "romain.key"> +<!ENTITY pgpkey.royger SYSTEM "royger.key"> +<!ENTITY pgpkey.rpaulo SYSTEM "rpaulo.key"> +<!ENTITY pgpkey.rrs SYSTEM "rrs.key"> +<!ENTITY pgpkey.rstone SYSTEM "rstone.key"> +<!ENTITY pgpkey.ru SYSTEM "ru.key"> +<!ENTITY pgpkey.rushani SYSTEM "rushani.key"> +<!ENTITY pgpkey.ryusuke SYSTEM "ryusuke.key"> +<!ENTITY pgpkey.sahil SYSTEM "sahil.key"> +<!ENTITY pgpkey.sam SYSTEM "sam.key"> +<!ENTITY pgpkey.sanpei SYSTEM "sanpei.key"> +<!ENTITY pgpkey.sat SYSTEM "sat.key"> +<!ENTITY pgpkey.sbruno SYSTEM "sbruno.key"> +<!ENTITY pgpkey.sbz SYSTEM "sbz.key"> +<!ENTITY pgpkey.scheidell SYSTEM "scheidell.key"> +<!ENTITY pgpkey.schweikh SYSTEM "schweikh.key"> +<!ENTITY pgpkey.scop SYSTEM "scop.key"> +<!ENTITY pgpkey.scottl SYSTEM "scottl.key"> +<!ENTITY pgpkey.se SYSTEM "se.key"> +<!ENTITY pgpkey.seanc SYSTEM "seanc.key"> +<!ENTITY pgpkey.secteam-secretary SYSTEM "secteam-secretary.key"> +<!ENTITY pgpkey.security-officer SYSTEM "security-officer.key"> +<!ENTITY pgpkey.sem SYSTEM "sem.key"> +<!ENTITY pgpkey.sephe SYSTEM "sephe.key"> +<!ENTITY pgpkey.sepotvin SYSTEM "sepotvin.key"> +<!ENTITY pgpkey.sergei SYSTEM "sergei.key"> +<!ENTITY pgpkey.sgalabov SYSTEM "sgalabov.key"> +<!ENTITY pgpkey.shaun SYSTEM "shaun.key"> +<!ENTITY pgpkey.sheldonh SYSTEM "sheldonh.key"> +<!ENTITY pgpkey.shurd SYSTEM "shurd.key"> +<!ENTITY pgpkey.simon SYSTEM "simon.key"> +<!ENTITY pgpkey.sjg SYSTEM "sjg.key"> +<!ENTITY pgpkey.skra SYSTEM "skra.key"> +<!ENTITY pgpkey.skreuzer SYSTEM "skreuzer.key"> +<!ENTITY pgpkey.slm SYSTEM "slm.key"> +<!ENTITY pgpkey.snb SYSTEM "snb.key"> +<!ENTITY pgpkey.sobomax SYSTEM "sobomax.key"> +<!ENTITY pgpkey.sson SYSTEM "sson.key"> +<!ENTITY pgpkey.ssouhlal SYSTEM "ssouhlal.key"> +<!ENTITY pgpkey.stas SYSTEM "stas.key"> +<!ENTITY pgpkey.stefan SYSTEM "stefan.key"> +<!ENTITY pgpkey.stefanf SYSTEM "stefanf.key"> +<!ENTITY pgpkey.stephane SYSTEM "stephane.key"> +<!ENTITY pgpkey.stephen SYSTEM "stephen.key"> +<!ENTITY pgpkey.stevek SYSTEM "stevek.key"> +<!ENTITY pgpkey.sunpoet SYSTEM "sunpoet.key"> +<!ENTITY pgpkey.swills SYSTEM "swills.key"> +<!ENTITY pgpkey.sylvio SYSTEM "sylvio.key"> +<!ENTITY pgpkey.syrinx SYSTEM "syrinx.key"> +<!ENTITY pgpkey.syuu SYSTEM "syuu.key"> +<!ENTITY pgpkey.tabthorpe SYSTEM "tabthorpe.key"> +<!ENTITY pgpkey.taras SYSTEM "taras.key"> +<!ENTITY pgpkey.tcberner SYSTEM "tcberner.key"> +<!ENTITY pgpkey.tdb SYSTEM "tdb.key"> +<!ENTITY pgpkey.theraven SYSTEM "theraven.key"> +<!ENTITY pgpkey.thierry SYSTEM "thierry.key"> +<!ENTITY pgpkey.thomas SYSTEM "thomas.key"> +<!ENTITY pgpkey.thompsa SYSTEM "thompsa.key"> +<!ENTITY pgpkey.tijl SYSTEM "tijl.key"> +<!ENTITY pgpkey.timur SYSTEM "timur.key"> +<!ENTITY pgpkey.tj SYSTEM "tj.key"> +<!ENTITY pgpkey.tmclaugh SYSTEM "tmclaugh.key"> +<!ENTITY pgpkey.tmm SYSTEM "tmm.key"> +<!ENTITY pgpkey.tmseck SYSTEM "tmseck.key"> +<!ENTITY pgpkey.tobez SYSTEM "tobez.key"> +<!ENTITY pgpkey.tota SYSTEM "tota.key"> +<!ENTITY pgpkey.trasz SYSTEM "trasz.key"> +<!ENTITY pgpkey.trevor SYSTEM "trevor.key"> +<!ENTITY pgpkey.trhodes SYSTEM "trhodes.key"> +<!ENTITY pgpkey.trociny SYSTEM "trociny.key"> +<!ENTITY pgpkey.truckman SYSTEM "truckman.key"> +<!ENTITY pgpkey.tuexen SYSTEM "tuexen.key"> +<!ENTITY pgpkey.twinterg SYSTEM "twinterg.key"> +<!ENTITY pgpkey.tz SYSTEM "tz.key"> +<!ENTITY pgpkey.ue SYSTEM "ue.key"> +<!ENTITY pgpkey.ume SYSTEM "ume.key"> +<!ENTITY pgpkey.ups SYSTEM "ups.key"> +<!ENTITY pgpkey.uqs SYSTEM "uqs.key"> +<!ENTITY pgpkey.vangyzen SYSTEM "vangyzen.key"> +<!ENTITY pgpkey.vanilla SYSTEM "vanilla.key"> +<!ENTITY pgpkey.vd SYSTEM "vd.key"> +<!ENTITY pgpkey.versus SYSTEM "versus.key"> +<!ENTITY pgpkey.vg SYSTEM "vg.key"> +<!ENTITY pgpkey.viny SYSTEM "viny.key"> +<!ENTITY pgpkey.vkashyap SYSTEM "vkashyap.key"> +<!ENTITY pgpkey.vs SYSTEM "vs.key"> +<!ENTITY pgpkey.vsevolod SYSTEM "vsevolod.key"> +<!ENTITY pgpkey.wblock SYSTEM "wblock.key"> +<!ENTITY pgpkey.wen SYSTEM "wen.key"> +<!ENTITY pgpkey.weongyo SYSTEM "weongyo.key"> +<!ENTITY pgpkey.wes SYSTEM "wes.key"> +<!ENTITY pgpkey.wg SYSTEM "wg.key"> +<!ENTITY pgpkey.whu SYSTEM "whu.key"> +<!ENTITY pgpkey.wilko SYSTEM "wilko.key"> +<!ENTITY pgpkey.will SYSTEM "will.key"> +<!ENTITY pgpkey.wkoszek SYSTEM "wkoszek.key"> +<!ENTITY pgpkey.wma SYSTEM "wma.key"> +<!ENTITY pgpkey.wollman SYSTEM "wollman.key"> +<!ENTITY pgpkey.woodsb02 SYSTEM "woodsb02.key"> +<!ENTITY pgpkey.wosch SYSTEM "wosch.key"> +<!ENTITY pgpkey.wxs SYSTEM "wxs.key"> +<!ENTITY pgpkey.xmj SYSTEM "xmj.key"> +<!ENTITY pgpkey.xride SYSTEM "xride.key"> +<!ENTITY pgpkey.yoichi SYSTEM "yoichi.key"> +<!ENTITY pgpkey.yzlin SYSTEM "yzlin.key"> +<!ENTITY pgpkey.zack SYSTEM "zack.key"> +<!ENTITY pgpkey.zbb SYSTEM "zbb.key"> +<!ENTITY pgpkey.zeising SYSTEM "zeising.key"> +<!ENTITY pgpkey.zi SYSTEM "zi.key"> +<!ENTITY pgpkey.zml SYSTEM "zml.key"> +<!ENTITY pgpkey.zont SYSTEM "zont.key"> +<!ENTITY section.pgpkeys-core SYSTEM "pgpkeys-core.xml"> +<!ENTITY section.pgpkeys-developers SYSTEM "pgpkeys-developers.xml"> +<!ENTITY section.pgpkeys-officers SYSTEM "pgpkeys-officers.xml"> +<!ENTITY section.pgpkeys-other SYSTEM "pgpkeys-other.xml"> +<!-- Part One --><!ENTITY chap.introduction SYSTEM "introduction/chapter.xml"> +<!ENTITY chap.bsdinstall SYSTEM "bsdinstall/chapter.xml"> +<!ENTITY chap.basics SYSTEM "basics/chapter.xml"> +<!ENTITY chap.ports SYSTEM "ports/chapter.xml"> +<!ENTITY chap.x11 SYSTEM "x11/chapter.xml"> +<!-- Part Two --><!ENTITY chap.desktop SYSTEM "desktop/chapter.xml"> +<!ENTITY chap.multimedia SYSTEM "multimedia/chapter.xml"> +<!ENTITY chap.kernelconfig SYSTEM "kernelconfig/chapter.xml"> +<!ENTITY chap.printing SYSTEM "printing/chapter.xml"> +<!ENTITY chap.linuxemu SYSTEM "linuxemu/chapter.xml"> +<!-- Part Three --><!ENTITY chap.config SYSTEM "config/chapter.xml"> +<!ENTITY chap.boot SYSTEM "boot/chapter.xml"> +<!ENTITY chap.security SYSTEM "security/chapter.xml"> +<!ENTITY chap.jails SYSTEM "jails/chapter.xml"> +<!ENTITY chap.mac SYSTEM "mac/chapter.xml"> +<!ENTITY chap.audit SYSTEM "audit/chapter.xml"> +<!ENTITY chap.disks SYSTEM "disks/chapter.xml"> +<!ENTITY chap.geom SYSTEM "geom/chapter.xml"> +<!ENTITY chap.zfs SYSTEM "zfs/chapter.xml"> +<!ENTITY chap.filesystems SYSTEM "filesystems/chapter.xml"> +<!ENTITY chap.virtualization SYSTEM "virtualization/chapter.xml"> +<!ENTITY chap.l10n SYSTEM "l10n/chapter.xml"> +<!ENTITY chap.cutting-edge SYSTEM "cutting-edge/chapter.xml"> +<!ENTITY chap.dtrace SYSTEM "dtrace/chapter.xml"> +<!-- Part Four --><!ENTITY chap.serialcomms SYSTEM "serialcomms/chapter.xml"> +<!ENTITY chap.ppp-and-slip SYSTEM "ppp-and-slip/chapter.xml"> +<!ENTITY chap.mail SYSTEM "mail/chapter.xml"> +<!ENTITY chap.network-servers SYSTEM "network-servers/chapter.xml"> +<!ENTITY chap.firewalls SYSTEM "firewalls/chapter.xml"> +<!ENTITY chap.advanced-networking SYSTEM "advanced-networking/chapter.xml"> +<!-- Part Five (appendices) --><!ENTITY chap.mirrors SYSTEM "mirrors/chapter.xml"> +<!ENTITY chap.mirrors.lastmod.inc SYSTEM "mirrors.lastmod.inc"> +<!ENTITY chap.mirrors.ftp.index.inc SYSTEM "mirrors.xml.ftp.index.inc"> +<!ENTITY chap.mirrors.ftp.inc SYSTEM "mirrors.xml.ftp.inc"> +<!ENTITY chap.bibliography SYSTEM "bibliography/chapter.xml"> +<!ENTITY chap.eresources SYSTEM "eresources/chapter.xml"> +<!ENTITY chap.eresources.www.index.inc SYSTEM "eresources.xml.www.index.inc"> +<!ENTITY chap.eresources.www.inc SYSTEM "eresources.xml.www.inc"> +<!ENTITY chap.pgpkeys SYSTEM "pgpkeys/chapter.xml"> +<!ENTITY chap.freebsd-glossary SYSTEM "../../share/xml/glossary.ent"> +<!ENTITY chap.index "<index xmlns='http://docbook.org/ns/docbook'/>"> +<!ENTITY chap.colophon SYSTEM "colophon.xml"> <!ENTITY % txtfiles SYSTEM "txtfiles.ent"> -%txtfiles; -]> +<!-- + Creates entities for each .txt screenshot that is included in the + Handbook. + + Each entity is named txt.dir.foo, where dir is the directory in + which it is stored, and foo is its filename, without the '.txt' + extension. + + Entities should be listed in alphabetical order. -<book xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" - xml:lang="zh_tw"> + $FreeBSD$ +-->]> +<book xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:lang="zh_TW"> <info> <title>FreeBSD 使用手冊</title> - <author> - <orgname>FreeBSD 文件計畫</orgname> - </author> + <author><orgname>FreeBSD 文件計劃</orgname></author> - <pubdate>$FreeBSD$</pubdate> + <pubdate xml:lang="en">$FreeBSD$</pubdate> - <releaseinfo>$FreeBSD$</releaseinfo> + <releaseinfo xml:lang="en">$FreeBSD$</releaseinfo> - <copyright> + <copyright xml:lang="en"> <year>1995</year> <year>1996</year> <year>1997</year> @@ -51,118 +621,9734 @@ <year>2012</year> <year>2013</year> <year>2014</year> - <holder>FreeBSD 文件計畫</holder> + <year>2015</year> + <holder>The FreeBSD Documentation Project</holder> </copyright> - &legalnotice; + +<legalnotice xml:id="legalnotice"> + <title>版權</title> + + <para xml:lang="en">Redistribution and use in source (XML DocBook) and 'compiled' + forms (XML, HTML, PDF, PostScript, RTF and so forth) with or without + modification, are permitted provided that the following conditions are + met:</para> + + <orderedlist> + <listitem> + <para xml:lang="en">Redistributions of source code (XML DocBook) must retain the + above copyright notice, this list of conditions and the following + disclaimer as the first lines of this file unmodified.</para> + </listitem> + + <listitem> + <para xml:lang="en">Redistributions in compiled form (transformed to other DTDs, + converted to PDF, PostScript, RTF and other formats) must + reproduce the above copyright notice, this list of conditions and + the following disclaimer in the documentation and/or other + materials provided with the distribution.</para> + </listitem> + </orderedlist> + + <important> + <para xml:lang="en">THIS DOCUMENTATION IS PROVIDED BY THE FREEBSD DOCUMENTATION + PROJECT "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, + BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + THE FREEBSD DOCUMENTATION PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR + TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + DAMAGE.</para> + </important> +</legalnotice> + <legalnotice xml:id="trademarks" role="trademarks"> - &tm-attrib.freebsd; - &tm-attrib.3com; - &tm-attrib.3ware; - &tm-attrib.arm; - &tm-attrib.adaptec; - &tm-attrib.adobe; - &tm-attrib.apple; - &tm-attrib.creative; - &tm-attrib.google; - &tm-attrib.heidelberger; - &tm-attrib.ibm; - &tm-attrib.ieee; - &tm-attrib.intel; - &tm-attrib.intuit; - &tm-attrib.linux; - &tm-attrib.lsilogic; - &tm-attrib.microsoft; - &tm-attrib.opengroup; - &tm-attrib.oracle; - &tm-attrib.realnetworks; - &tm-attrib.redhat; - &tm-attrib.sun; - &tm-attrib.themathworks; - &tm-attrib.thomson; - &tm-attrib.usrobotics; - &tm-attrib.vmware; - &tm-attrib.waterloomaple; - &tm-attrib.wolframresearch; - &tm-attrib.xfree86; - &tm-attrib.xiph; - &tm-attrib.general; + <para>FreeBSD 是 FreeBSD 基金會的註冊商標。</para> + <para>3Com 和 HomeConnect 是 3Com Corporation 的註冊商標。</para> + <para>3ware 是 3ware Inc 的註冊商標。</para> + <para>ARM 是 ARM Limited. 的註冊商標。</para> + <para>Adaptec 是 Adaptec, Inc. 的註冊商標。</para> + <para>Adobe, Acrobat, Acrobat Reader, Flash 以及 PostScript 是 Adobe Systems Incorporated 在美國和/或其他國家的商標或註冊商標。</para> + <para>Apple, AirPort, FireWire, iMac, iPhone, iPad, Mac, Macintosh, Mac OS, Quicktime 以及 TrueType 是 Apple Inc. 在美國以及其他國家的註冊商標。</para> + <para>Android 是 Google Inc 的商標。</para> + <para>Heidelberg, Helvetica, Palatino 以及 Times Roman 是 Heidelberger Druckmaschinen AG 在美國以及其他國家的商標或註冊商標。</para> + <para>IBM, AIX, OS/2, PowerPC, PS/2, S/390 以及 ThinkPad 是 International Business Machines Corporation 在美國和其他國家的商標。</para> + <para>IEEE, POSIX 以及 802 是 Institute of Electrical and Electronics Engineers, Inc. 在美國的註冊商標。</para> + <para>Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium 以及 Xeon 是 Intel Corporation 及其分支機構在美國和其他國家的商標或註冊商標。</para> + <para>Intuit 和 Quicken 是 Intuit Inc., 或其子公司在美國和其他國家的商標或註冊商標。</para> + <para>Linux 是 Linus Torvalds 的註冊商標。</para> + <para>LSI Logic, AcceleRAID, eXtremeRAID, MegaRAID 以及 Mylex 是 LSI Logic Corp 的商標或註冊商標。</para> + <para>Microsoft, IntelliMouse, MS-DOS, Outlook, Windows, Windows Media 以及 Windows NT 是 Microsoft Corporation 在美國和/或其他國家的商標或註冊商標。</para> + <para>Motif, OSF/1 以及 UNIX 是 The Open Group 在美國和其他國家的註冊商標; IT DialTone 和 The Open Group 是其商標。</para> + <para>Oracle 是 Oracle Corporation 的註冊商標。</para> + <para>RealNetworks, RealPlayer, 和 RealAudio 是 RealNetworks, Inc. 的註冊商標。</para> + <para>Red Hat, RPM, 是 Red Hat, Inc. 在美國和其他國家的註冊商標。</para> + <para>Sun, Sun Microsystems, Java, Java Virtual Machine, JDK, JRE, JSP, JVM, Netra, OpenJDK, Solaris, StarOffice, SunOS 以及 VirtualBox 是 Sun Microsystems, Inc. 在美國和其他國家的商標或註冊商標。</para> + <para>MATLAB 是 The MathWorks, Inc. 的註冊商標。</para> + <para>SpeedTouch 是 Thomson 的商標。</para> + <para>VMware 是 VMware, Inc. 的商標。</para> + <para>Mathematica 是 Wolfram Research, Inc 的註冊商標。</para> + <para>XFree86 是 The XFree86 Project, Inc 的商標。</para> + <para>Ogg Vorbis 以及 Xiph.Org 是 Xiph.Org 的商標。</para> + <para>許多製造商和經銷商使用一些稱為商標的圖案或文字設計來區別自己的產品。 本文件中出現的眾多商標,以及 FreeBSD Project 本身廣所人知的商標,後面將以 <quote>™</quote> 或 <quote>®</quote> 符號來標示。</para> </legalnotice> <abstract> - <para>歡迎使用FreeBSD! 本使用手冊涵蓋範圍包括了 - <emphasis>FreeBSD &rel3.current;-RELEASE</emphasis>、 - <emphasis>FreeBSD &rel2.current;-RELEASE</emphasis> 和 - <emphasis>FreeBSD &rel.current;-RELEASE</emphasis> 的安裝和日常使用。 - 這份使用手冊是很多人的集體創作,而且仍然『持續不斷』的進行中。 - 許多章節仍未完成,已完成的部份也有些需要更新。 - 如果您有興趣協助本計畫的話,請寄 e-mail 到 &a.doc;。 - 在 <link xlink:href="http://www.FreeBSD.org/">FreeBSD 網站</link> - 可以找到這份文件的最新版本(舊版文件可從 <uri xlink:href="http://docs.FreeBSD.org/doc/">http://docs.FreeBSD.org/doc/</uri> 取得),也可以從 <link xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">FreeBSD FTP 伺服器</link> - 或是眾多 <link linkend="mirrors-ftp">mirror 站臺</link> - 下載不同格式的資料。 - 如果比較偏好實體書面資料,那可以在 - <link xlink:href="http://www.freebsdmall.com/">FreeBSD Mall</link> 購買。 - 此外,也可以在 <link xlink:href="&url.base;/search/index.html">使用手冊</link> - 中搜尋資料。 - </para> + <para>歡迎使用 FreeBSD! 本使用手冊涵蓋範圍包括了 <emphasis>FreeBSD 9.3-RELEASE</emphasis> 與 <emphasis>FreeBSD 10.3-RELEASE</emphasis>。 這份使用手冊是很多人的集體創作,而且仍然『持續不斷』的進行中。 許多章節仍未完成,已完成的部份也有些需要更新。 如果您有興趣協助本計畫的話,請寄電子郵件至 <link xlink:href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-doc">FreeBSD 文件專案郵遞論壇</link>。</para> + + <para>在 <link xlink:href="http://www.FreeBSD.org/">FreeBSD 網站</link> 可以找到這份文件的最新版本,舊版文件可從 <uri xlink:href="http://docs.FreeBSD.org/doc/">http://docs.FreeBSD.org/doc/</uri> 取得,也可以從 <link xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">FreeBSD FTP 伺服器</link> 或是眾多 <link linkend="mirrors-ftp">鏡像網站</link> 下載不同格式的資料。 如果比較偏好實體書面資料,那可以在 <link xlink:href="http://www.freebsdmall.com/">FreeBSD 商城</link> 購買。 此外,您可在 <link xlink:href="@@URL_RELPREFIX@@/search/index.html">搜尋頁面</link> 中搜尋本文件或其他文件的資料。</para> </abstract> </info> - &chap.preface; + +<!-- + $FreeBSD$ +--> +<preface version="5.0" xml:id="book-preface"> + <title>序</title> + + <bridgehead xml:id="preface-audience" renderas="sect1">給讀者的話</bridgehead> + + <para>若您是第一次接觸 FreeBSD 的新手,可以在本書第一部分找到 FreeBSD 的安裝方法,同時會逐步介紹 <trademark class="registered">UNIX</trademark> 的基礎概念與一些常用、共通的東西。而閱讀這部分並不難,只需要您有探索的精神和接受新概念。</para> + + <para>讀完這些之後,手冊中的第二部分花很長篇幅介紹的各種廣泛主題,相當值得系統管理者去注意。 在閱讀這些章節的內容時所需要的背景知識,都註釋在該章的大綱裡面,若不熟的話,可在閱讀前先預習一番。</para> + + <para>延伸閱讀方面,可參閱 <xref linkend="bibliography"/>。</para> + + <bridgehead xml:id="preface-changes-from3" renderas="sect1">自第三版後的主要修訂</bridgehead> + + <para>您目前看到的這本手冊代表著上百位貢獻者歷時 10 年所累積的心血之作。以下為自 2014 年發佈的兩冊第三版後所做的主要修訂:</para> + + <itemizedlist> + <listitem> + <para><xref linkend="dtrace"/> 增加說明有關強大的 DTrace 效能分析工具的資訊。</para> + </listitem> + + <listitem> + <para><xref linkend="filesystems"/> 增加有關 FreeBSD 非原生檔案系統的資訊,如:來自 <trademark>Sun</trademark> 的 ZSF。</para> + </listitem> + + <listitem> + <para><xref linkend="audit"/> 增加的內容涵蓋 FreeBSD 的新稽查功能及其使用說明。</para> + </listitem> + + <listitem> + <para><xref linkend="virtualization"/> 增加有關在虛擬化軟體安裝 FreeBSD 的資訊。</para> + </listitem> + + <listitem> + <para><xref linkend="bsdinstall"/> 增加的內容涵蓋使用新安裝工具 <application>bsdinstall</application> 來安裝 FreeBSD。</para> + </listitem> + </itemizedlist> + + <bridgehead xml:id="preface-changes-from2" renderas="sect1">自第二版後的主要修訂 (2004)</bridgehead> + + <para>您目前看到的這本手冊第三版是 FreeBSD 文件計劃的成員歷時兩年完成的心血之作。因文件內容成長到一定大小,印刷版需要分成兩冊發佈。新版的主要修訂部分如下:</para> + + <itemizedlist> + <listitem> + <para><xref linkend="config-tuning"/> 已針對新內容作更新,如:ACPI 電源管理、<command>cron</command> 以及其他更多的核心調校選項說明內容。</para> + </listitem> + + <listitem> + <para><xref linkend="security"/> 增加了虛擬私人網路(VPN)、檔案系統的存取控制(ACL),以及安全報告。</para> + </listitem> + + <listitem> + <para><xref linkend="mac"/> 是此版本新增的章節。該章介紹:什麼是 MAC 機制?以及如何運用它來使您的 FreeBSD 系統更安全。</para> + </listitem> + + <listitem> + <para><xref linkend="disks"/> 新增了像是:USB 隨身碟、檔案系統快照(snapshot)、檔案系統配額(quota) 、檔案及網路的備援檔案系統、以及如何對硬碟分割區作加密等詳解。</para> + </listitem> + + <listitem> + <para><xref linkend="ppp-and-slip"/> 增加了疑難排解的章節。</para> + </listitem> + + <listitem> + <para><xref linkend="mail"/> 新增有關如何使用其它的傳輸代理程式、SMTP 認證、UUCP、<application>fetchmail</application>、<application>procmail</application> 的運用以及其它進階主題。</para> + </listitem> + + <listitem> + <para><xref linkend="network-servers"/> 是該版中全新的一章。這一章介紹了如何架設 <application>Apache HTTP 伺服器</application>、<application>ftpd</application> 以及用於支援 <trademark class="registered">Microsoft</trademark> <trademark class="registered">Windows</trademark> 客戶端的 <application>Samba</application>。其中有些段落來自原先的 <xref linkend="advanced-networking"/> 。</para> + </listitem> + + <listitem> + <para><xref linkend="advanced-networking"/> 新增有關在 FreeBSD 中使用<trademark class="registered">藍牙</trademark>裝置、設定無線網路以及使用非同步傳輸模式 (Asynchronous Transfer Mode, ATM) 網路的介紹。</para> + </listitem> + + <listitem> + <para>增加詞彙表,用以說明全書中出現的術語。</para> + </listitem> + + <listitem> + <para>重新美編書中所列的圖表。</para> + </listitem> + </itemizedlist> + + <bridgehead xml:id="preface-changes" renderas="sect1">自第一版後的主要修訂 (2001)</bridgehead> + + <para>本手冊的第二版是 FreeBSD 文件計劃的成員歷時兩年完成的心血之作。第二版包的主要變動如下︰</para> + +<!-- Talk a little about justification and other stylesheet changes? --> + + <itemizedlist> + <listitem> + <para>增加完整的目錄索引。</para> + </listitem> + + <listitem> + <para>所有的 ASCII 圖表均改成圖檔格式的圖表。</para> + </listitem> + + <listitem> + <para>每個章節均加入概述,以便快速的瀏覽該章節內容摘要、讀者所欲了解的部分。</para> + </listitem> + + <listitem> + <para>內容架構重新組織成三大部分: <quote>入門</quote>、<quote>系統管理</quote> 以及 <quote>附錄</quote>。</para> + </listitem> + + <listitem> + <para><xref linkend="basics"/> 新增了程序、Daemon 以及 Signal 的介紹。</para> + </listitem> + + <listitem> + <para><xref linkend="ports"/> 新增了介紹如何管理 binary 套件的資訊。</para> + </listitem> + + <listitem> + <para><xref linkend="x11"/> 經過全面改寫,著重於在 <trademark>XFree86</trademark> 4.X 上的現代桌面技術,如: <application>KDE</application> 和 <application>GNOME</application>。</para> + </listitem> + + <listitem> + <para><xref linkend="boot"/> 更新相關內容。</para> + </listitem> + + <listitem> + <para><xref linkend="disks"/> 分別以兩個章節 <quote>磁碟</quote> 與 <quote>備份</quote> 來撰寫。我們認為這樣子會比單一章節來得容易瞭解。還有關於 RAID (包含硬體、軟體 RAID) 的段落也新增上去了。</para> + </listitem> + + <listitem> + <para><xref linkend="serialcomms"/> 架構重新改寫,並更新至 FreeBSD 4.X/5.X 的內容。</para> + </listitem> + + <listitem> + <para><xref linkend="ppp-and-slip"/> 有相當程度的更新。</para> + </listitem> + + <listitem> + <para><xref linkend="advanced-networking"/> 加入許多新內容。</para> + </listitem> + + <listitem> + <para><xref linkend="mail"/> 大量新增了設定 <application>sendmail</application> 的介紹。</para> + </listitem> + + <listitem> + <para><xref linkend="linuxemu"/> 增加許多有關安裝 <application><trademark class="registered">Oracle</trademark></application> 以及 <application><trademark class="registered">SAP</trademark> <trademark class="registered">R/3</trademark></application> 的介紹。</para> + </listitem> + + <listitem> + <para>此外,第二版還新加章節,以介紹下列新主題:</para> + + <itemizedlist> + <listitem> + <para><xref linkend="config-tuning"/>。</para> + </listitem> + + <listitem> + <para><xref linkend="multimedia"/>。</para> + </listitem> + </itemizedlist> + </listitem> + </itemizedlist> + + <bridgehead xml:id="preface-overview" renderas="sect1">本書架構</bridgehead> + + <para>本書主要分為五大部分,第一部份<emphasis>入門</emphasis>:介紹 FreeBSD 的安裝、基本操作。 讀者可根據自己的程度,循序或者跳過一些熟悉的主題來閱讀; 第二部分<emphasis>一般作業</emphasis>:介紹 FreeBSD 常用功能,這部分可以不按順序來讀。 每章前面都會有概述,概述會描述本章節涵蓋的內容和讀者應該已知的, 這主要是讓讀者可以挑喜歡的章節閱讀; 第三部分<emphasis>系統管理</emphasis>:介紹 FreeBSD 老手所感興趣的各種主題部分; 第四部分<emphasis>網路通訊</emphasis>:則包括網路和各式伺服器主題;而第五部分則為附錄包含各種有關 FreeBSD 的資源。</para> + + <variablelist> + +<!-- Part I - Introduction --> + + <varlistentry> + <term><emphasis><xref linkend="introduction"/></emphasis></term> + + <listitem> + <para>向新手介紹 FreeBSD。該篇說明了 FreeBSD 計劃的歷史、目標和開發模式。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="bsdinstall"/></emphasis></term> + + <listitem> + <para>帶領使用者走一次使用 <application>bsdinstall</application> 在 FreeBSD 9.<replaceable>x</replaceable> 及之後版本的完整安裝流程。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="basics"/></emphasis></term> + + <listitem> + <para>涵蓋 FreeBSD 作業系統的基礎指令及功能。若您熟悉 <trademark class="registered">Linux</trademark> 或其他類 UNIX® 系統,您則可跳過此章。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="ports"/></emphasis></term> + + <listitem> + <para>涵蓋如何使用 FreeBSD 獨創的 <quote>Ports 套件集</quote> 與標準 Binary 套件安裝第三方軟體。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="x11"/></emphasis></term> + + <listitem> + <para>介紹 X Windows 系統概要及在 FreeBSD 上使用 X11,同時也會介紹常用的桌面環境如 <application>KDE</application> 與 <application>GNOME</application>。</para> + </listitem> + </varlistentry> + +<!-- Part II Common Tasks --> + + <varlistentry> + <term><emphasis><xref linkend="desktop"/></emphasis></term> + + <listitem> + <para>列出一些常用的桌面應用程式,例如:網頁瀏覽器、辦工工具並介紹如何安裝這些應用程式到 FreeBSD。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="multimedia"/></emphasis></term> + <listitem> + <para>示範如何在您的系統設定音效及影像播放支援,同時會介紹幾個代表性的音訊及視訊應用程式。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="kernelconfig"/></emphasis></term> + + <listitem> + <para>說明為何需要設定新的核心並會提供設定、編譯與安裝的詳細操作說明。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="printing"/></emphasis></term> + + <listitem> + <para>介紹如何在 FreeBSD 管理印表機,包含橫幅頁面、列印帳務以及初始設定等資訊。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="linuxemu"/></emphasis></term> + + <listitem> + <para>介紹 FreeBSD 的 <trademark class="registered">Linux</trademark> 相容性功能,同時提供許多熱門的 <trademark class="registered">Linux</trademark> 應用程式詳細的安裝操作說明,例如 <application><trademark class="registered">Oracle</trademark></application> 及 <application><trademark class="registered">Mathematica</trademark></application>。</para> + </listitem> + </varlistentry> + +<!-- Part III - System Administration --> + + <varlistentry> + <term><emphasis><xref linkend="config-tuning"/></emphasis></term> + + <listitem> + <para>介紹可供系統管理者用來調校 FreeBSD 系統的可用參數來最佳化效率,同時也介紹 FreeBSD 用到的各種設定檔以及到何處尋找這些設定檔。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="boot"/></emphasis></term> + + <listitem> + <para>介紹 FreeBSD 開機流程並說明如何使用設定選項控制開機流程。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="security"/></emphasis></term> + + <listitem> + <para>介紹許多可讓您的 FreeBSD 系統更安全的各種工具,包含 Kerberos, IPsec 及 OpenSSH。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="jails"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes the jails framework, and the improvements of + jails over the traditional chroot support of FreeBSD.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="mac"/></emphasis></term> + + <listitem> + <para xml:lang="en">Explains what Mandatory Access Control (MAC) is and + how this mechanism can be used to secure a FreeBSD + system.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="audit"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes what FreeBSD Event Auditing is, how it can be + installed, configured, and how audit trails can be inspected + or monitored.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="disks"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes how to manage storage media and filesystems + with FreeBSD. This includes physical disks, RAID arrays, + optical and tape media, memory-backed disks, and network + filesystems.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="geom"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes what the GEOM framework in FreeBSD is and how + to configure various supported RAID levels.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="filesystems"/></emphasis></term> + + <listitem> + <para xml:lang="en">Examines support of non-native file systems in FreeBSD, + like the Z File System from <trademark>Sun</trademark>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="virtualization"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes what virtualization systems offer, and how + they can be used with FreeBSD.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="l10n"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes how to use FreeBSD in languages other than + English. Covers both system and application level + localization.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="updating-upgrading"/></emphasis></term> + + <listitem> + <para xml:lang="en">Explains the differences between FreeBSD-STABLE, + FreeBSD-CURRENT, and FreeBSD releases. Describes which users + would benefit from tracking a development system and + outlines that process. Covers the methods users may take + to update their system to the latest security + release.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="dtrace"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes how to configure and use the DTrace tool + from <trademark>Sun</trademark> in FreeBSD. Dynamic tracing can help locate + performance issues, by performing real time system + analysis.</para> + </listitem> + </varlistentry> + +<!-- Part IV - Network Communications --> + + <varlistentry> + <term><emphasis><xref linkend="serialcomms"/></emphasis></term> + + <listitem> + <para xml:lang="en">Explains how to connect terminals and modems to your + FreeBSD system for both dial in and dial out + connections.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="ppp-and-slip"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes how to use PPP to connect to remote systems + with FreeBSD.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="mail"/></emphasis></term> + + <listitem> + <para xml:lang="en">Explains the different components of an email server + and dives into simple configuration topics for the most + popular mail server software: + <application>sendmail</application>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="network-servers"/></emphasis></term> + + <listitem> + <para xml:lang="en">Provides detailed instructions and example configuration + files to set up your FreeBSD machine as a network filesystem + server, domain name server, network information system + server, or time synchronization server.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="firewalls"/></emphasis></term> + + <listitem> + <para xml:lang="en">Explains the philosophy behind software-based firewalls + and provides detailed information about the configuration + of the different firewalls available for FreeBSD.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="advanced-networking"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes many networking topics, including sharing an + Internet connection with other computers on your LAN, + advanced routing topics, wireless networking, <trademark class="registered">Bluetooth</trademark>, + ATM, IPv6, and much more.</para> + </listitem> + </varlistentry> + +<!-- Part V - Appendices --> + + <varlistentry> + <term><emphasis><xref linkend="mirrors"/></emphasis></term> + + <listitem> + <para xml:lang="en">Lists different sources for obtaining FreeBSD media on + CDROM or DVD as well as different sites on the Internet + that allow you to download and install FreeBSD.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="bibliography"/></emphasis></term> + + <listitem> + <para xml:lang="en">This book touches on many different subjects that may + leave you hungry for a more detailed explanation. The + bibliography lists many excellent books that are referenced + in the text.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="eresources"/></emphasis></term> + + <listitem> + <para xml:lang="en">Describes the many forums available for FreeBSD users to + post questions and engage in technical conversations about + FreeBSD.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><emphasis><xref linkend="pgpkeys"/></emphasis></term> + + <listitem> + <para xml:lang="en">Lists the PGP fingerprints of several FreeBSD + Developers.</para> + </listitem> + </varlistentry> + </variablelist> + + <bridgehead xml:id="preface-conv" renderas="sect1">本書的編排體裁</bridgehead> + + <para>為方便閱讀本書,以下是一些本書所遵循的編排體裁:</para> + + <bridgehead xml:id="preface-conv-typographic" renderas="sect2">文字編排體裁</bridgehead> + + <variablelist> + <varlistentry> + <term><emphasis>斜體字</emphasis></term> + + <listitem> + <para><emphasis>斜體字</emphasis>用於:檔名、目錄、網址(URL)、 強調語氣、以及第一次提及的技術詞彙。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><literal>等寬字</literal></term> + + <listitem> + <para><literal>等寬字</literal>用於: 錯誤訊息、指令、環境變數、Port 名稱、主機名稱、帳號、群組、裝置名稱、變數、程式碼等。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><application>粗體字</application></term> + + <listitem> + <para>以<keycap>粗體字</keycap>表示:應用程式、命令、按鍵。</para> + </listitem> + </varlistentry> + </variablelist> + +<!-- Var list --> + <bridgehead xml:id="preface-conv-commands" renderas="sect2">使用者輸入</bridgehead> + + <para>鍵盤輸入以<keycap>粗體字</keycap>表示,以便與一般文字做區隔。 組合鍵是指同時按下一些按鍵,我們以 `<literal>+</literal>' 來表示連接,像是:</para> + + <para xml:lang="en"> + <keycombo action="simul"> + <keycap>Ctrl</keycap> + <keycap>Alt</keycap> + <keycap>Del</keycap></keycombo></para> + + <para>是說,一起按 <keycap>Ctrl</keycap>、 <keycap>Alt</keycap> 以及 <keycap>Del</keycap> 鍵。</para> + + <para>若要逐一按鍵,那麼會以逗號(,)來表示,像是:</para> + + <para xml:lang="en"> + <keycombo action="simul"> + <keycap>Ctrl</keycap> + <keycap>X</keycap> + </keycombo>, + <keycombo action="simul"> + <keycap>Ctrl</keycap> + <keycap>S</keycap></keycombo></para> + + <para>是說:先同時按下 <keycap>Ctrl</keycap> 與 <keycap>X</keycap> 鍵, 然後放開後再同時按 <keycap>Ctrl</keycap> 與 <keycap>S</keycap> 鍵。</para> + +<!-- How to type in key stokes, etc.. --> + <bridgehead xml:id="preface-conv-examples" renderas="sect2">範例</bridgehead> + + <para>範例以 <filename>C:\></filename> 為開頭代表 <trademark class="registered">MS-DOS</trademark> 的指令。 若沒有特殊情況的話,這些指令應該是在 <trademark class="registered">Microsoft</trademark> <trademark class="registered">Windows</trademark> 環境的 <quote>命令提示字元(Command Prompt)</quote> 視窗內執行。</para> + + <screen xml:lang="en"><prompt>E:\></prompt> <userinput>tools\fdimage floppies\kern.flp A:</userinput></screen> + + <para>範例以 <prompt>#</prompt> 為開頭代表在 FreeBSD 中以超級使用者權限來執行的指令。 你可以先以 <systemitem class="username">root</systemitem> 登入系統並下指令,或是以你自己的帳號登入再使用 <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> 來取得超級使用者權限。</para> + + <screen xml:lang="en"><prompt>#</prompt> <userinput>dd if=kern.flp of=/dev/fd0</userinput></screen> + + <para>範例以 <prompt>%</prompt> 為開頭代表在 FreeBSD 中以一般使用者帳號執行的指令。 除非有提到其他用法,否則都是預設為 C-shell 語法,用來設定環境變數以及下其他指令的意思。</para> + + <screen xml:lang="en"><prompt>%</prompt> <userinput>top</userinput></screen> + + <bridgehead xml:id="preface-acknowledgements" renderas="sect1">銘謝</bridgehead> + + <para>您所看到的這本書是經過數百個分散在世界各地的人所努力而來的結果。 無論他們只是糾正一些錯誤或提交完整的章節,所有的點滴貢獻都是非常寶貴有用的。</para> + + <para>也有一些公司透過提供資金讓作者專注於撰稿、提供出版資金等模式來支持文件的寫作。 其中,BSDi (之後併入 <link xlink:href="http://www.windriver.com">Wind River Systems</link>) 資助 FreeBSD 文件計劃成員來專職改善這本書直到 2000 年 3 月第一版的出版。(ISBN 1-57176-241-8) Wind River Systems 同時資助其他作者來對輸出架構做很多改進,以及給文章增加一些附加章節。這項工作結束於 2001 年 11 月第二版。(ISBN 1-57176-303-1) 在 2003-2004 兩年中,<link xlink:href="http://www.freebsdmall.com">FreeBSD Mall, Inc</link> 把報酬支付給改進這本手冊以使第三版印刷版本能夠出版的志工。</para> + +</preface> + <part xml:id="getting-started"> - <title>開始使用 FreeBSD </title> + <title>入門</title> <partintro> - <para>這部份是提供給初次使用 FreeBSD 的使用者和系統管理者。 - 這些章節包括:</para> + <para>這部份是提供給初次使用 FreeBSD 的使用者和系統管理者。 這些章節包括:</para> <itemizedlist> <listitem> - <para>介紹 FreeBSD 給您。 </para> + <para>介紹 FreeBSD 給您。</para> </listitem> <listitem> - <para>在安裝過程給您指引。 </para> + <para>在安裝過程給您指引。</para> </listitem> <listitem> - <para>教您 &unix; 的基礎及原理。 </para> + <para>教您 <trademark class="registered">UNIX</trademark> 的基礎及原理。</para> </listitem> <listitem> - <para>展示給您看如何安裝豐富的 FreeBSD 的應用軟體</para> + <para>展示給您看如何安裝豐富的 FreeBSD 的應用軟體。</para> </listitem> <listitem> - <para>向您介紹 X, &unix; 的視窗系統以及詳細的桌面環境設定,讓您更有生產力。 - </para> + <para>向您介紹 X,<trademark class="registered">UNIX</trademark> 的視窗系統以及詳細的桌面環境設定,讓您更有生產力。</para> </listitem> </itemizedlist> - <para>我們試著儘可能的讓這段文字的參考連結數目降到最低,讓您在讀使用手冊的這部份時可以不太需要常常前後翻頁。 - </para> + <para>我們試著儘可能的讓這段文字的參考連結數目降到最低,讓您在讀使用手冊的這部份時可以不太需要常常前後翻頁。</para> </partintro> - &chap.introduction; - &chap.bsdinstall; - &chap.basics; - &chap.ports; - &chap.x11; + +<!-- + The FreeBSD Documentation Project + + $FreeBSD$ +--> +<chapter version="5.0" xml:id="introduction"> + + <info> + <title>簡介</title> + + <authorgroup> + <author xml:lang="en"> + <personname> + <firstname>Jim</firstname> + <surname>Mock</surname> + </personname> + <contrib>Restructured, reorganized, and parts rewritten + by </contrib> + </author> + </authorgroup> + </info> + + <sect1 xml:id="introduction-synopsis"> + <title>概述</title> + + <para>非常感謝您對 FreeBSD 感興趣!以下章節涵蓋 FreeBSD 計劃的各方面:比如它的歷史、目標、開發模式等等。</para> + + <para>讀完這章,您將了解︰</para> + + <itemizedlist> + <listitem> + <para>FreeBSD 與其他作業系統之間的關係。</para> + </listitem> + + <listitem> + <para>FreeBSD 計劃的歷史。</para> + </listitem> + + <listitem> + <para>FreeBSD 計劃的目標。</para> + </listitem> + + <listitem> + <para>FreeBSD 開源開發模式的基礎概念。</para> + </listitem> + + <listitem> + <para>當然囉,還有 <quote>FreeBSD</quote> 這名字的由來。</para> + </listitem> + </itemizedlist> + </sect1> + + <sect1 xml:id="nutshell"> + <title>歡迎使用 FreeBSD!</title> + + <indexterm xml:lang="en"><primary>4.4BSD-Lite</primary></indexterm> + + <para>FreeBSD 是一個從 4.4BSD-Lite 衍生出而能在以 Intel (x86 與 <trademark class="registered">Itanium</trademark>), AMD64, Sun <trademark class="registered">UltraSPARC</trademark> 為基礎的電腦上執行的作業系統。同時,移植到其他平台的工作也在進行中。 對於本計劃歷史的介紹,請看 <link linkend="history">FreeBSD 歷史</link>, 對於 FreeBSD 的最新版本介紹,請看 <link xlink:href="@@URL_RELPREFIX@@/releases">最新的發行版本</link>。 若打算對於 FreeBSD 計劃有所貢獻的話 (程式碼、硬體、經費), 請看 <link xlink:href="@@URL_RELPREFIX@@/doc/zh_TW.UTF-8/articles/contributing/index.html">如何對 FreeBSD 有貢獻</link>。</para> + + <sect2 xml:id="os-overview"> + <title>FreeBSD 能做什麼?</title> + + <para>FreeBSD 提供給你許多先進功能。這些功能包括:</para> + + <itemizedlist> + <listitem> + <para>動態優先權調整的 <emphasis>先佔式多工</emphasis> <indexterm> + <primary>preemptive multitasking</primary> + </indexterm> 能夠確保,即使在系統負擔很重的情況下,程式執行平順並且應用程式與使用者公平地共享資源。</para> + </listitem> + + <listitem> + <para><emphasis>多人共用</emphasis><indexterm> + <primary>multi-user facilities</primary> + </indexterm> 代表著許多人可以同時使用一個 FreeBSD 系統來處理各自的事務。 系統的硬體周邊 (如印表機及磁帶機) 也可以讓所有的使用者適當地分享。 也可以針對各別使用者或一群使用者的系統資源,予以設限,以保護系統不致被過度使用。</para> + </listitem> + + <listitem> + <para>強大的 <emphasis>TCP/IP 網路</emphasis><indexterm> + <primary>TCP/IP networking</primary> + </indexterm> 功能可支援許多業界標準,如:SCTP、DHCP、NFS、NIS、PPP、SLIP、IPSec、IPv6 的支援,也就是說 FreeBSD 可以容易地跟其他作業系統透過網路共同運作,或是當作企業的伺服器用途 ,例如提供遠端檔案共享(NFS)及電子郵件等服務, 或是讓您的企業連上網際網路並提供 WWW、FTP、路由及防火牆 (安全性) 等必備服務。</para> + </listitem> + + <listitem> + <para><emphasis>記憶體保護</emphasis> 能確保程式 (或使用者) 不會互相干擾,即使任何程式有不正常的運作,都不會影響其他程式的執行。</para> + </listitem> + + <listitem> + <para>業界標準的 <emphasis>X Window 系統</emphasis><indexterm> + <primary>X Window System</primary> + </indexterm> (X11R7) 可以在常見的便宜 VGA 顯示卡/螢幕, 提供了圖形化的使用者介面 (GUI),並且包括了完整的原始程式碼。</para> + </listitem> + + <listitem> + <para><indexterm> + <primary>binary compatibility</primary> + <secondary>Linux</secondary> + </indexterm> <indexterm> + <primary>binary compatibility</primary> + <secondary>SCO</secondary> + </indexterm> <indexterm> + <primary>binary compatibility</primary> + <secondary>SVR4</secondary> + </indexterm> <indexterm> + <primary>binary compatibility</primary> + <secondary>BSD/OS</secondary> + </indexterm> <indexterm> + <primary>binary compatibility</primary> + <secondary>NetBSD</secondary> + </indexterm> <emphasis>Binary 相容性</emphasis> 可執行許多其他作業系統 (如: Linux、SCO、SVR4、BSDI 和 NetBSD) 的可執行檔。</para> + </listitem> + + <listitem> + <para>數以萬計的 <emphasis>立即可以執行</emphasis> 的應用程式,這些都可透過 FreeBSD 的 <emphasis>ports</emphasis> 及 <emphasis>套件</emphasis> 管理機制來取得。 不再需要費心到網路上到處搜尋所需要的軟體。</para> + </listitem> + + <listitem> + <para>在網路上有數以千計 <emphasis>易於移植</emphasis> 的應用程式。FreeBSD 的原始程式碼與許多常見的商業版 <trademark class="registered">UNIX</trademark> 系統都相容, 所以大部分的程式都只需要很少的修改(或根本不用修改) ,就可以編譯執行。</para> + </listitem> + <listitem> + <para>需要時才置換的 <emphasis>虛擬記憶體</emphasis><indexterm> + <primary>virtual memory</primary> + </indexterm> 及 <quote>merged VM/buffer cache</quote> 的設計, 這點在系統中有用去大量記憶體的程式執行時,仍然有不錯的效率表現。 </para> + </listitem> + + <listitem> + <para>支援 CPU 的<emphasis>對稱多工處理(SMP)</emphasis><indexterm> + <primary>Symmetric Multi-Processing + (SMP)</primary> + </indexterm>:可以支援多 CPU 的電腦系統。</para> + </listitem> + + <listitem> + <para><indexterm> + <primary>compilers</primary> + <secondary>C</secondary> + </indexterm><indexterm> + <primary>compilers</primary> + <secondary>C++</secondary> + </indexterm>完全相容的 <emphasis>C</emphasis>、<emphasis>C++</emphasis> 以及 Fortran 的環境和其他開發工具。 以及其他許多可供進階研發的程式語言也收集在 ports 和套件。</para> + </listitem> + + <listitem> + <para>整個系統都有 <emphasis>原始程式碼</emphasis><indexterm> + <primary>source code</primary> + </indexterm>, 這讓你對作業環境擁有最完全的掌握度。 既然能擁有完全開放的系統,何苦被特定封閉軟體所約束,任廠商擺佈呢?</para> + </listitem> + + <listitem> + <para>廣泛且豐富的 <emphasis>線上文件</emphasis>。</para> + </listitem> + + <listitem> + <para><emphasis>當然囉,還不止如此!</emphasis></para> + </listitem> + </itemizedlist> + + <para>FreeBSD 系統乃是基於美國加州大學柏克萊分校的電腦系統研究組 (Computer Systems Research Group 也就是 CSRG) 所發行的 4.4BSD-Lite<indexterm> + <primary>4.4BSD-Lite</primary> + </indexterm>,以及基於 BSD 系統開發的優良傳統。 除了由 CSRG 所提供的高品質的成果, 為了提供可處理真正具負荷的工作, FreeBSD 計劃也投入了數千小時以上的細部調整, 以能獲得最好的執行效率以及系統的穩定度。 正當許多商業上的巨人正努力地希望能提供效能及穩定時,FreeBSD 已經具備這樣的特質,並具有其他地方沒有的尖端功能。</para> + + <para>FreeBSD 的運用範圍無限,其實完全限制在你的想像力上。 從軟體的開發到工廠自動化,或是人造衛星上面的天線的方位角度的遠端控制; 這些功能若可以用商用的 <trademark class="registered">UNIX</trademark> 產品來達成, 那麼極有可能使用 FreeBSD 也能辦到! FreeBSD 也受益於來自於全球各研究中心及大學所開發的數千個高品質的軟體 ,這些通常只需要花費很少的費用或根本就是免費的。 當然也有商業軟體,而且出現的數目是與日俱增。</para> + + <para>由於每個人都可以取得 FreeBSD 的原始程式碼, 這個系統可以被量身訂做成能執行任何原本完全無法想像的功能或計劃, 而對於從各廠商取得的作業系統通常沒有辦法這樣地被修改。 以下提供一些人們使用 FreeBSD 的例子:</para> + + <itemizedlist> + <listitem> + <para><emphasis>網際網路服務:</emphasis> FreeBSD 內建強勁的網路功能使它成為網路服務(如下例)的理想平台:</para> + + <itemizedlist> + <listitem> + <para>全球資訊網伺服器<indexterm> + <primary>web servers</primary> + </indexterm> (標準的或更安全的 [SSL])</para> + </listitem> + + <listitem> + <para>IPv4 及 IPv6 路由</para> + </listitem> + + <listitem> + <para>防火牆<indexterm> + <primary>firewall</primary> + </indexterm>以及 NAT<indexterm> + <primary>NAT</primary> + </indexterm> (<quote>IP masquerading</quote>) 通訊閘。</para> + </listitem> + + <listitem> + <para>檔案傳輸協定伺服器<indexterm> + <primary>FTP servers</primary> + </indexterm></para> + </listitem> + + <listitem> + <para><indexterm> + <primary>electronic mail</primary> + <see>email</see> + </indexterm><indexterm> + <primary>email</primary> + </indexterm> 電子郵件伺服器</para> + </listitem> + + <listitem> + <para>還有更多...</para> + </listitem> + </itemizedlist> + </listitem> + + <listitem> + <para><emphasis>教育:</emphasis>若您是資工相關領域的學生,再也沒有比使用 FreeBSD 能學到更多作業系統、計算機結構、及網路的方法了。 另外如果你想利用電腦來處理一些<emphasis>其他</emphasis>的工作,還有一些如 CAD、 數學運算以及圖形處理軟體等可以免費地取得使用。</para> + </listitem> + + <listitem> + <para><emphasis>研究:</emphasis>有了完整的原始程式碼,FreeBSD 是研究作業系統及電腦科學的極佳環境。 具有免費且自由取得特性的 FreeBSD 也使得一個分置兩地的合作計劃,不必擔心版權及系統開放性的問題, 而能自在的交流。</para> + </listitem> + + <listitem> + <para><emphasis>網路:</emphasis> 你如果需要 路由器<indexterm> + <primary>router</primary> + </indexterm>、名稱伺服器 (DNS)<indexterm> + <primary>DNS Server</primary> + </indexterm> 或安全的防火牆, FreeBSD 可以輕易的將你沒有用到的 386 或 486 PC 變身成為絕佳的伺服器,甚至具有過濾封包的功能。</para> + </listitem> + + <listitem> + <para><emphasis>嵌入式:</emphasis> FreeBSD 是一套可用來建立嵌入式系統的傑出平台。 <indexterm> + <primary>embedded</primary> + </indexterm> 支援 <trademark class="registered">ARM</trademark>, <trademark class="registered">MIPS</trademark> 以及 <trademark class="registered">PowerPC</trademark> 平台,再加上健全的網路環境、尖端的功能以及自由的 <link xlink:href="@@URL_RELPREFIX@@/doc/en_US.ISO8859-1/books/faq/introduction.html#bsd-license-restrictions">BSD 授權條款</link>,FreeBSD 成為用來建置嵌入式路由器、防火牆及其他裝置的絕佳基礎。</para> + </listitem> + + <listitem> + <para><indexterm> + <primary>X Window System</primary> + </indexterm> <indexterm> + <primary>GNOME</primary> + </indexterm> <indexterm> + <primary>KDE</primary> + </indexterm> <emphasis>桌面:</emphasis> FreeBSD 同時也是低成本桌面解決方案中不錯的選擇,使用了免費的 X11 伺服器。FreeBSD 提供許多開源桌面環境可選擇,包含了標準 <application>GNOME</application> 及 <application>KDE</application> 圖型化使用者介面。FreeBSD 甚至可以透過中央伺服器做 <quote>無磁碟</quote> 開機,讓個人工作站變的更便宜、更易於管理。</para> + </listitem> + + <listitem> + <para><emphasis>軟體開發:</emphasis> 基本安裝的 FreeBSD 就包含了完整的程式開發工具,如 C/C++<indexterm> + <primary>Compiler</primary> + </indexterm> 編譯器及除錯器。 透過 port 與套件管理系統也可支援需多其他語言。</para> + </listitem> + </itemizedlist> + + <para>你可以經由燒錄 CD-ROM、DVD 或是從 FTP 站上抓回 FreeBSD。 詳情請參閱 <xref linkend="mirrors"/> 取得 FreeBSD。</para> + </sect2> + + <sect2 xml:id="introduction-nutshell-users"> + <title>誰在用 FreeBSD?</title> + + <indexterm><primary>使用者</primary> <secondary>執行 FreeBSD 的大型站台</secondary></indexterm> + + <para>FreeBSD 先進的功能、成熟的安全性、可預測的發佈週期以及自由的授權條款,讓 FreeBSD 已經被用來做為建立許多商業、開源應用、裝置以及產品的平台,有許多世界上最大的資訊公司使用 FreeBSD:</para> + + <itemizedlist> + <listitem> + + <para xml:lang="en"><link xlink:href="http://www.apache.org/">Apache</link> + <indexterm xml:lang="en"> + <primary>Apache</primary> + </indexterm> - The Apache Software Foundation runs most of + its public facing infrastructure, including possibly one + of the largest SVN repositories in the world with over 1.4 + million commits, on FreeBSD.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.apple.com/">Apple</link> + <indexterm xml:lang="en"> + <primary>Apple</primary> + </indexterm> - OS X borrows heavily from FreeBSD for the + network stack, virtual file system, and many userland + components. Apple iOS also contains elements borrowed + from FreeBSD.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.cisco.com/">Cisco</link> + <indexterm xml:lang="en"> + <primary>Cisco</primary> + </indexterm> - IronPort network security and anti-spam + appliances run a modified FreeBSD kernel.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.citrix.com/">Citrix</link> + <indexterm xml:lang="en"> + <primary>Citrix</primary> + </indexterm> - The NetScaler line of security appliances + provide layer 4-7 load balancing, content caching, + application firewall, secure VPN, and mobile cloud network + access, along with the power of a FreeBSD shell.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.dell.com/KACE">Dell + KACE</link> + <indexterm xml:lang="en"> + <primary>Dell KACE</primary> + </indexterm> - The KACE system management appliances run + FreeBSD because of its reliability, scalability, and the + community that supports its continued development.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.experts-exchange.com/">Experts + Exchange</link> + <indexterm xml:lang="en"> + <primary>Experts Exchange</primary> + </indexterm> - All public facing web servers are powered + by FreeBSD and they make extensive use of jails to isolate + development and testing environments without the overhead + of virtualization.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.isilon.com/">Isilon</link> + <indexterm xml:lang="en"> + <primary>Isilon</primary> + </indexterm> - Isilon's enterprise storage appliances + are based on FreeBSD. The extremely liberal FreeBSD license + allowed Isilon to integrate their intellectual property + throughout the kernel and focus on building their product + instead of an operating system.</para> + + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.ixsystems.com/">iXsystems</link> + <indexterm xml:lang="en"> + <primary>iXsystems</primary> + </indexterm> - The TrueNAS line of unified storage + appliances is based on FreeBSD. In addition to their + commercial products, iXsystems also manages development of + the open source projects PC-BSD and FreeNAS.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.juniper.net/">Juniper</link> + <indexterm xml:lang="en"> + <primary>Juniper</primary> + </indexterm> - The JunOS operating system that powers all + Juniper networking gear (including routers, switches, + security, and networking appliances) is based on FreeBSD. + Juniper is one of many vendors that showcases the + symbiotic relationship between the project and vendors of + commercial products. Improvements generated at Juniper + are upstreamed into FreeBSD to reduce the complexity of + integrating new features from FreeBSD back into JunOS in the + future.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.mcafee.com/">McAfee</link> + <indexterm xml:lang="en"> + <primary>McAfee</primary> + </indexterm> - SecurOS, the basis of McAfee enterprise + firewall products including Sidewinder is based on + FreeBSD.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.netapp.com/">NetApp</link> + <indexterm xml:lang="en"> + <primary>NetApp</primary> + </indexterm> - The Data ONTAP GX line of storage + appliances are based on FreeBSD. In addition, NetApp has + contributed back many features, including the new BSD + licensed hypervisor, bhyve.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.netflix.com/">Netflix</link> + <indexterm xml:lang="en"> + <primary>Netflix</primary> + </indexterm> - The OpenConnect appliance that Netflix + uses to stream movies to its customers is based on FreeBSD. + Netflix has made extensive contributions to the codebase + and works to maintain a zero delta from mainline FreeBSD. + Netflix OpenConnect appliances are responsible for + delivering more than 32% of all Internet traffic in North + America.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.sandvine.com/">Sandvine</link> + <indexterm xml:lang="en"> + <primary>Sandvine</primary> + </indexterm> - Sandvine uses FreeBSD as the basis of their + high performance realtime network processing platforms + that make up their intelligent network policy control + products.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.sony.com/">Sony</link> + <indexterm xml:lang="en"> + <primary>Sony</primary> + </indexterm> - The PlayStation 4 gaming console runs a + modified version of FreeBSD.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.sophos.com/">Sophos</link> + <indexterm xml:lang="en"> + <primary>Sophos</primary> + </indexterm> - The Sophos Email Appliance product is based + on a hardened FreeBSD and scans inbound mail for spam and + viruses, while also monitoring outbound mail for malware + as well as the accidental loss of sensitive + information.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.spectralogic.com/">Spectra + Logic</link> + <indexterm xml:lang="en"> + <primary>Spectra Logic</primary> + </indexterm> - The nTier line of archive grade storage + appliances run FreeBSD and OpenZFS.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.weather.com/">The Weather + Channel</link> + <indexterm xml:lang="en"> + <primary>The Weather Channel</primary> + + </indexterm> - The IntelliStar appliance that is installed + at each local cable providers headend and is responsible + for injecting local weather forecasts into the cable TV + network's programming runs FreeBSD.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.verisign.com/">Verisign</link> + <indexterm xml:lang="en"> + <primary>Verisign</primary> + + </indexterm> - Verisign is responsible for operating the + .com and .net root domain registries as well as the + accompanying DNS infrastructure. They rely on a number of + different network operating systems including FreeBSD to + ensure there is no common point of failure in their + infrastructure.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.voxer.com/">Voxer</link> + <indexterm xml:lang="en"> + <primary>Voxer</primary> + + </indexterm> - Voxer powers their mobile voice messaging + platform with ZFS on FreeBSD. Voxer switched from a Solaris + derivative to FreeBSD because of its superior documentation, + larger and more active community, and more developer + friendly environment. In addition to critical features + like <acronym>ZFS</acronym> and DTrace, FreeBSD also offers + TRIM support for <acronym>ZFS</acronym>.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.whatsapp.com/">WhatsApp</link> + <indexterm xml:lang="en"> + <primary>WhatsApp</primary> + </indexterm> - When WhatsApp needed a platform that would + be able to handle more than 1 million concurrent TCP + connections per server, they chose FreeBSD. They then + proceeded to scale past 2.5 million connections per + server.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://wheelsystems.com/">Wheel + Systems</link> + <indexterm xml:lang="en"> + <primary>Wheel Systems</primary> + + </indexterm> - The FUDO security appliance allows + enterprises to monitor, control, record, and audit + contractors and administrators who work on their systems. + Based on all of the best security features of FreeBSD + including ZFS, GELI, Capsicum, HAST, and + auditdistd.</para> + </listitem> + </itemizedlist> + + <para>FreeBSD 也催生了數個相關的開源計劃:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><link xlink:href="http://bsdrp.net/">BSD + Router</link> + <indexterm xml:lang="en"> + <primary>BSD Router</primary> + </indexterm> - A FreeBSD based replacement for large + enterprise routers designed to run on standard PC + hardware.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.freenas.org/">FreeNAS</link> + <indexterm xml:lang="en"> + <primary>FreeNAS</primary> + </indexterm> - A customized FreeBSD designed to be used as a + network file server appliance. Provides a python based + web interface to simplify the management of both the UFS + and ZFS file systems. Includes support for NFS, SMB/CIFS, + AFP, FTP, and iSCSI. Includes an extensible plugin system + based on FreeBSD jails.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.ghostbsd.org/">GhostBSD</link> + <indexterm xml:lang="en"> + <primary>GhostBSD</primary> + </indexterm> - A desktop oriented distribution of FreeBSD + bundled with the Gnome desktop environment.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://mfsbsd.vx.sk/">mfsBSD</link> + <indexterm xml:lang="en"> + <primary>mfsBSD</primary> + </indexterm> - A toolkit for building a FreeBSD system image + that runs entirely from memory.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.nas4free.org/">NAS4Free</link> + <indexterm xml:lang="en"> + <primary>NAS4Free</primary> + </indexterm> - A file server distribution based on FreeBSD + with a PHP powered web interface.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.opnsense.org/">OPNSense</link> + <indexterm xml:lang="en"> + <primary>OPNsense</primary> + </indexterm> - OPNsense is an open source, easy-to-use and + easy-to-build FreeBSD based firewall and routing platform. + OPNsense includes most of the features available in + expensive commercial firewalls, and more in many cases. + It brings the rich feature set of commercial offerings + with the benefits of open and verifiable sources.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.pcbsd.org/">PC-BSD</link> + <indexterm xml:lang="en"> + <primary>PC-BSD</primary> + </indexterm> - A customized version of FreeBSD geared towards + desktop users with graphical utilities to exposing the + power of FreeBSD to all users. Designed to ease the + transition of Windows and OS X users.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.pfsense.org/">pfSense</link> + <indexterm xml:lang="en"> + <primary>pfSense</primary> + </indexterm> - A firewall distribution based on FreeBSD with + a huge array of features and extensive IPv6 + support.</para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://zrouter.org/">ZRouter</link> + <indexterm xml:lang="en"> + <primary>ZRouter</primary> + </indexterm> - An open source alternative firmware for + embedded devices based on FreeBSD. Designed to replace the + proprietary firmware on off-the-shelf routers.</para> + </listitem> + </itemizedlist> + + <para>FreeBSD 也同時被用來驅動一些網際網路上的大型網站,包括:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><link xlink:href="http://www.yahoo.com/">Yahoo!</link> + <indexterm xml:lang="en"> + <primary>Yahoo!</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.yandex.ru/">Yandex</link> + <indexterm xml:lang="en"> + <primary>Yandex</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.rambler.ru/">Rambler</link> + <indexterm xml:lang="en"> + <primary>Rambler</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.sina.com/">Sina</link> + <indexterm xml:lang="en"> + <primary>Sina</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.pair.com/">Pair + Networks</link> + <indexterm xml:lang="en"> + <primary>Pair Networks</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.sony.co.jp/">Sony + Japan</link> + <indexterm xml:lang="en"> + <primary>Sony Japan</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.netcraft.com/">Netcraft</link> + <indexterm xml:lang="en"> + <primary>Netcraft</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="https://signup.netflix.com/openconnect">Netflix</link> + <indexterm xml:lang="en"> + <primary>Netflix</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.163.com/">NetEase</link> + <indexterm xml:lang="en"> + <primary>NetEase</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.weathernews.com/">Weathernews</link> + <indexterm xml:lang="en"> + <primary>Weathernews</primary> + </indexterm></para> + </listitem> + + <listitem> + <para xml:lang="en"><link xlink:href="http://www.telehouse.com/">TELEHOUSE + America</link> + <indexterm xml:lang="en"> + <primary>TELEHOUSE America</primary> + </indexterm></para> + </listitem> + + </itemizedlist> + + <para>還有許多的應用。維基百科也維護了一份 <link xlink:href="http://en.wikipedia.org/wiki/List_of_products_based_on_FreeBSD">以 FreeBSD 為基礎的產品</link>。</para> + </sect2> + </sect1> + + <sect1 xml:id="history"> + <title>關於 FreeBSD 計劃</title> + + <para>接下來講的是 FreeBSD 計劃的背景,包含歷史、計劃目標以及開發模式。</para> + + <sect2 xml:id="intro-history"> + <title>FreeBSD 歷史簡介</title> + + <indexterm xml:lang="en"><primary>386BSD Patchkit</primary></indexterm> + <indexterm xml:lang="en"><primary>Hubbard, Jordan</primary></indexterm> + <indexterm xml:lang="en"><primary>Williams, Nate</primary></indexterm> + <indexterm xml:lang="en"><primary>Grimes, Rod</primary></indexterm> + <indexterm xml:lang="en"> + <primary>FreeBSD Project</primary> + <secondary>history</secondary> + </indexterm> + + <para>FreeBSD 計畫的想法是在 1993 年初所形成的, 那是源自於維護一組『非官方 386BSD 的修正工具』計劃的三個協調維護人 Nate Williams,Rod Grimes 和 Jordan Hubbard。</para> + + <indexterm xml:lang="en"><primary>386BSD</primary></indexterm> + <para>最初的目標是做出一份 386BSD 綜合修正的 snapshot 版,以便修正當時一堆 patchkit 都不容易解決的問題。有些人可能還記得早期的計劃名稱叫做 386BSD 0.5 或 386BSD Interim 就是這個原因。</para> + + <indexterm xml:lang="en"><primary>Jolitz, Bill</primary></indexterm> + <para>386BSD 是 Bill Jolitz 的作業系統,在當時就已有約一年的分裂討論。 當該修正工具 (patchkit) 日漸龐雜得令人不舒服,我們無異議地同意要作一些事了, 並決定提供一份臨時性的 <quote>淨化版(cleanup)</quote> 來幫助 Bill。 然而,由於 Bill Jolitz 忽然決定取消其對該計劃的認可,且沒有明確指出未來的打算, 所以該計劃便突然面臨斷炊危機。</para> + + <indexterm xml:lang="en"><primary>Greenman, David</primary></indexterm> + <indexterm xml:lang="en"><primary>Walnut Creek CDROM</primary></indexterm> + + <para>不久我們便決定在即使沒有 Bill 的支持下,讓該計劃仍然繼續下去, 最後我們採用 David Greenman 丟銅板決定的名字,也就是『FreeBSD』。 在詢問了當時的一些使用者意見之後,就開始決定了最初的目標, 當該計劃開始實施一切就要成真時,一切就變得更清楚了。 我跟 Walnut Creek CD-ROM 討論發行 CD-ROM 這樣子不便上網的人就可以用比較簡單的方式取得 FreeBSD。 Walnut Creek CD-ROM 不只贊成以 CD-ROM 來發行 FreeBSD 的想法,同時提供了一台機器以及快速的網際網路的頻寬。 如果不是 Walnut Creek CD-ROM 幾乎是空前的信任這個剛開始還是完全默默無聞的計劃, 那麼很可能 FreeBSD 不會如此快速的成長到今日這樣的規模。</para> + + <indexterm xml:lang="en"><primary>4.3BSD-Lite</primary></indexterm> + <indexterm xml:lang="en"><primary>Net/2</primary></indexterm> + <indexterm xml:lang="en"><primary>U.C. Berkeley</primary></indexterm> + <indexterm xml:lang="en"><primary>386BSD</primary></indexterm> + <indexterm xml:lang="en"><primary>Free Software + Foundation</primary></indexterm> + <para>第一張以 CD-ROM (及網路)發行的 FreeBSD 1.0 是在 1993 年十二月。 該版本是基於由 U.C. Berkeley 以磁帶方式發行的 4.3BSD-Lite (<quote>Net/2</quote>)以及許多來自於 386BSD 和自由軟體基金會的軟體。對於第一次發行而言還算成功, 我們又接著於 1994 年 5 月發行了相當成功的 FreeBSD 1.1。</para> + + <indexterm xml:lang="en"><primary>Novell</primary></indexterm> + <indexterm xml:lang="en"><primary>U.C. Berkeley</primary></indexterm> + <indexterm xml:lang="en"><primary>Net/2</primary></indexterm> + <indexterm xml:lang="en"><primary>AT&T</primary></indexterm> + <para>然而此後不久,另一個意外的風暴在 Novell 和 U.C. Berkeley 關於 Berkeley Net/2 磁帶之法律地位的訴訟確定之後形成。 U.C. Berkeley 接受大部份的 Net/2 的程式碼都是<quote>侵佔來的</quote>且是屬於 Novell 的財產 -- 事實上是當時不久前從 AT&T 取得的。 Berkeley 得到的是 Novell 對於 4.4BSD-Lite 的<quote>祝福</quote>,最後當 4.4BSD-Lite 終於發行之後,便不再是侵佔行為。 而所有現有 Net/2 使用者都被強烈建議更換新版本,這包括了 FreeBSD。 於是,我們被要求於 1994 年 6 月底前停止散佈基於 Net/2 的產品。在此前提之下,本計劃被允許在期限以前作最後一次發行,也就是 FreeBSD 1.1.5.1。</para> + + <para>FreeBSD 便開始了這宛如『重新發明輪子』的艱鉅工作 -- 從全新的且不完整的 4.4BSD-Lite 重新整合。 這個 <quote>Lite</quote> 版本是不完整的,因為 Berkeley 的 CSRG 已經刪除了大量在建立一個可以開機執行的系統所需要的程式碼 (基於若干法律上的要求),且該版本在 Intel 平台的移植是非常不完整的。 直到 1994 年 11 月本計劃才完成了這個轉移, 同時在該年 12 月底以 CD-ROM 以及網路的形式發行了 FreeBSD 2.0。 雖然該份版本在當時有點匆促粗糙,但仍是富有意義的成功。 隨之於 1995 年 6 月又發行了更容易安裝,更好的 FreeBSD 2.0.5。</para> + + <para>自那時以來,FreeBSD 在每一次對先前版本改進穩定性、速度及功能時便會發佈一個新的發佈版本。</para> + + <para>目前,長期的開發計畫繼續在 10.X-CURRENT (trunk) 分支中進行,而 10.X 的 snapshot 版本可以在 <link xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/snapshots/">Snapshot 伺服器</link> 取得。</para> + </sect2> + + <sect2 xml:id="goals"> + <info> + <title>FreeBSD 計劃目標</title> + + <authorgroup> + <author xml:lang="en"> + <personname> + <firstname>Jordan</firstname> + <surname>Hubbard</surname> + </personname> + <contrib>Contributed by </contrib> + </author> + </authorgroup> + </info> + + <indexterm><primary>FreeBSD 計劃</primary> <secondary>目標</secondary></indexterm> + <para>FreeBSD 計劃的目標在於提供可作任意用途的軟體而不附帶任何限制條文。 我們之中許多人對程式碼 (以及計畫本身) 都有非常大的投入, 因此,當然不介意偶爾有一些資金上的補償,但我們並沒打算堅決地要求得到這類資助。 我們認為我們的首要<quote>使命</quote>是為任何人提供程式碼, 不管他們打算用這些程式碼做什麼, 因為這樣程式碼將能夠被更廣泛地使用,從而發揮其價值。 我認為這是自由軟體最基本的,同時也是我們所倡導的一個目標。</para> + + <indexterm><primary>GNU 通用公共授權條款 (GPL)</primary></indexterm> + <indexterm><primary>GNU 較寬鬆通用公共授權條款 (LGPL)</primary></indexterm> + <indexterm><primary>BSD 版權</primary></indexterm> + <para>我們程式碼樹中,有若干是以 GNU 通用公共授權條款 (GPL) 或者 GNU Lesser General Public License (LGPL) 發佈的那些程式碼帶有少許的附加限制,還好只是強制性的要求開放程式碼而不是別的。 由於使用 GPL 的軟體在商業用途上會增加若干複雜性,因此,如果可以選擇的話, 我們會比較喜歡使用限制相對更寬鬆的 BSD 版權來發佈軟體。</para> + </sect2> + + <sect2 xml:id="development"> + <info> + <title>FreeBSD 開發模式</title> + + <authorgroup> + <author xml:lang="en"> + <personname> + <firstname>Satoshi</firstname> + <surname>Asami</surname> + </personname> + <contrib>Contributed by </contrib> + </author> + </authorgroup> + </info> + + <indexterm><primary>FreeBSD 專案</primary> <secondary>開發模式</secondary></indexterm> + + <para>FreeBSD 的開發是一個非常開放且具彈性的過程,就像從 <link xlink:href="@@URL_RELPREFIX@@/doc/zh_TW.UTF-8/articles/contributors/article.html">貢獻者名單</link> 所看到的,是由全世界成千上萬的貢獻者發展起來的。 FreeBSD 的開發基礎架構允許數以百計的開發者透過網際網路協同工作。 我們也經常關注著那些對我們的計畫感興趣的新開發者和新的創意, 那些有興趣更進一步參與計劃的人只需要在 <link xlink:href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-hackers">FreeBSD 技術討論郵遞論壇</link> 連繫我們。 <link xlink:href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-announce">FreeBSD 公告郵遞論壇</link> 對那些希望了解我們進度的人也是相當有用的。</para> + + <para>無論是單獨開發者或者封閉式的團隊合作,多瞭解 FreeBSD 計劃和它的開發過程會是不錯的︰</para> + + <variablelist> + <varlistentry> + <term>SVN 檔案庫<anchor xml:id="development-cvs-repository"/></term> + + <listitem> + <para><indexterm> + <primary>CVS</primary> + </indexterm> <indexterm> + <primary>CVS Repository</primary> + </indexterm> <indexterm> + <primary>Concurrent Versions System</primary> + <see>CVS</see> + </indexterm> <indexterm> + <primary>Subversion</primary> + </indexterm> <indexterm> + <primary>Subversion Repository</primary> + </indexterm> <indexterm> + <primary>SVN</primary> + <see>Subversion</see> + </indexterm>過去數年來 FreeBSD 的中央原始碼樹 (Source tree) 一直是以 <link xlink:href="http://www.nongnu.org/cvs/">CVS</link> (Concurrent Versions System) 來維護的, 它是一套免費的原始碼控管工具。 從 2008 年 6 月起, FreeBSD 計劃開始改用 <link xlink:href="http://subversion.tigris.org">SVN</link> (Subversion)。 這是一個必要的更換動作,因為隨著原始碼樹及歷史版本儲存的數量不斷快速擴張,<application>CVS</application> 先天的技術限制越來越明顯。 文件計劃與 Ports 套件集檔案庫也同樣於 2012 年 5 月及 2012 年 7 月由 <application>CVS</application> 改為 <application>SVN</application>。請參考 <link linkend="synching">同步您的原始碼樹</link> 一節來取得有關如何取得 FreeBSD <literal>src/</literal> 檔案庫的更多資訊,以及 <link linkend="ports-using">使用 Ports 套件集</link> 了解如何取得 FreeBSD Ports 套件集。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>提交者名單<anchor xml:id="development-committers"/></term> + + <listitem> + <para>所謂的 <firstterm>提交者 (Committers)</firstterm> 指的是對 Subversion 原始碼樹有 <emphasis>寫入</emphasis> 權限的人, 並且被授予修改 FreeBSD 原始碼的權限。 (<quote>committer</quote> 一詞源自版本管理系統中的 <command>commit</command> 指令,該指令是用來把新的修改提交給檔案庫)。 任何人都可以回報問題到 <link xlink:href="https://bugs.FreeBSD.org/submit/">Bug Database</link>,在回報問題之前,可以使用 FreeBSD 郵遞清單、IRC 頻道或論壇來確認問題真的是一個錯誤 (Bug)。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>FreeBSD 核心團隊<anchor xml:id="development-core"/></term> + + <listitem> + <para>如果把 FreeBSD 看成是一家公司的話, <firstterm>FreeBSD 核心團隊</firstterm><indexterm> + <primary>core team</primary> + </indexterm> 就相當於董事會。 核心團隊的主要職責在於確保此計劃有良好的架構,以朝著正確的方向發展。 此外,邀請熱血且負責的軟體開發者加入提交者的行列, 以在若干成員離去時得以補充新血。 目前的核心團隊是在 2014 年 7 月從提交者候選人之中選出來的,這個選舉每兩年會舉辦一次。</para> + + <note> + <para>如同多數的開發者,核心團隊大部分成員加入 FreeBSD 開發都是志工性質而已, 並未從本計劃中獲得任何薪酬,所以這只是一個 <quote>承諾</quote> 不應該被誤解為 <quote>保證支援</quote> 才對。 前面用 <quote>董事會</quote> 來舉例可能不是很恰當,或許我們應該說: 他們是一群自願放棄原本的優渥生活、個人其他領域成就, 而選擇投入 FreeBSD 開發的熱血有為者才對!</para> + </note> + </listitem> + </varlistentry> + + <varlistentry> + <term>非官方貢獻者</term> + + <listitem> + <para>最後一點,但這點絕非最不重要的, 最大的開發者團隊就是持續為我們提供回饋以及錯誤修正的使用者自己。 與 FreeBSD 非核心開發者互動的主要方式,便是透過訂閱 <link xlink:href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-hackers">FreeBSD 技術討論郵遞論壇</link> 來進行溝通,這方面可參考,請參閱 <xref linkend="eresources"/> 以瞭解各式不同的 FreeBSD 郵遞論壇。</para> + + <para><citetitle><link xlink:href="@@URL_RELPREFIX@@/doc/zh_TW.UTF-8/articles/contributors/article.html">FreeBSD 貢獻者名單</link></citetitle> <indexterm> + <primary>contributors</primary> + </indexterm> 相當長且不斷成長中, 只要有貢獻就會被列入其中, 要不要立即考慮貢獻 FreeBSD 一些回饋呢?</para> + + <para>提供原始碼並非為這個計劃做貢獻的唯一方式; 需要大家投入的完整工作清單請參閱 <link xlink:href="@@URL_RELPREFIX@@/index.html">FreeBSD 計畫網站</link>。</para> + </listitem> + </varlistentry> + </variablelist> + + <para>總而言之,我們的開發模式像是由鬆散的同心圓所組織。這個集中模式的設計為的是讓 FreeBSD 的<emphasis>使用者</emphasis>更便利,可以很容易的追蹤同一個中央的程式庫,避免把潛在的貢獻者排除在外!而我們的目標是提供一個穩定的作業系統,並有大量相關的 <link linkend="ports">應用程式</link>,讓使用者能夠輕鬆的安裝與使用 — 而這個開發模式對我們要完成這個目標來說運作的非常好。</para> + + <para>我們對於那些想要加入 FreeBSD 開發者的期待是: 請保持如同前人一樣的投入,以確保繼續成功!</para> + </sect2> + + <sect2 xml:id="third-party-programs"> + <title>第三方程式</title> + + <para xml:lang="en">In addition to the base distributions, FreeBSD offers a + ported software collection with thousands of commonly + sought-after programs. At the time of this writing, there + were over 24,000 ports! The list of ports ranges from + http servers, to games, languages, editors, and almost + everything in between. The entire Ports Collection requires + approximately 500 MB. To compile a port, you simply + change to the directory of the program you wish to install, + type <command>make install</command>, and let the system do + the rest. The full original distribution for each port you + build is retrieved dynamically so you need only enough disk + space to build the ports you want. Almost every port is also + provided as a pre-compiled <quote>package</quote>, which can + be installed with a simple command + (<command>pkg install</command>) by those who do not wish to + compile their own ports from source. More information on + packages and ports can be found in + <xref linkend="ports"/>.</para> + </sect2> + + <sect2> + <title>其他文件</title> + + <para xml:lang="en">All recent FreeBSD versions provide an option in the + installer (either <citerefentry><refentrytitle>sysinstall</refentrytitle><manvolnum>8</manvolnum></citerefentry> or <citerefentry><refentrytitle>bsdinstall</refentrytitle><manvolnum>8</manvolnum></citerefentry>) to + install additional documentation under + <filename>/usr/local/share/doc/freebsd</filename> during the + initial system setup. Documentation may also be installed at + any later time using packages as described in + <xref linkend="doc-ports-install-package"/>. You may view the + locally installed manuals with any HTML capable browser using + the following URLs:</para> + + <variablelist> + <varlistentry> + <term>FreeBSD 使用手冊</term> + + <listitem> + <para xml:lang="en"><link xlink:href="file://localhost/usr/local/share/doc/freebsd/handbook/index.html"><filename>/usr/local/share/doc/freebsd/handbook/index.html</filename></link></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>FreeBSD 常見問答集</term> + + <listitem> + <para xml:lang="en"><link xlink:href="file://localhost/usr/local/share/doc/freebsd/faq/index.html"><filename>/usr/local/share/doc/freebsd/faq/index.html</filename></link></para> + </listitem> + </varlistentry> + </variablelist> + + <para>此外,可在下列網址找到最新版 (也是更新最頻繁的版本):<uri xlink:href="http://www.FreeBSD.org/">http://www.FreeBSD.org/</uri>。</para> + </sect2> + </sect1> +</chapter> + + +<!-- + The FreeBSD Documentation Project + + $FreeBSD$ +--> + +<chapter version="5.0" xml:id="bsdinstall"> + + <info> + <title>安裝 FreeBSD</title> + + <authorgroup> + <author xml:lang="en"> + <personname> + <firstname>Jim</firstname> + <surname>Mock</surname> + </personname> + + <contrib>Restructured, reorganized, and parts rewritten + by </contrib> + </author> + </authorgroup> +<!--- + <authorgroup> + <author> + <personname> + <firstname>Randy</firstname> + <surname>Pratt</surname> + </personname> + <contrib>The sysinstall walkthrough, screenshots, and general + copy by </contrib> + </author> + </authorgroup>--> + + <authorgroup> + <author xml:lang="en"> + <personname> + <firstname>Gavin</firstname> + <surname>Atkinson</surname> + </personname> + + <contrib>Updated for bsdinstall by </contrib> + </author> + + <author xml:lang="en"> + <personname> + <firstname>Warren</firstname> + <surname>Block</surname> + </personname> + </author> + </authorgroup> + + <authorgroup> + <author xml:lang="en"> + <personname> + <firstname>Allan</firstname> + <surname>Jude</surname> + </personname> + + <contrib>Updated for root-on-ZFS by </contrib> + </author> + </authorgroup> + </info> + + <sect1 xml:id="bsdinstall-synopsis"> + <title>概述</title> + + <indexterm><primary>安裝</primary></indexterm> + + <para>自從 FreeBSD 9.0-RELEASE 開始, FreeBSD 提供一個易用,文字介面的安裝程式 <application>bsdinstall</application>。 本章描述如何用 <application>bsdinstall</application> 來安裝 FreeBSD。</para> + + <para>一般來說,本章所寫的安裝說明是針對 <trademark>i386</trademark> 和 <acronym>AMD64</acronym> 架構。如果可以用於其他平台,將會列表說明。 安裝程式和本章所敘述的內容可能會有些微差異,所以請將本章視為通用的指引,而不是完全照著來做。</para> + + <note> + <para>喜歡用圖形化安裝程式安裝 FreeBSD 的使用者, 可能會對 <application>pc-sysinstall</application> 有興趣,這是 PC-BSD 計畫所使用的。 他可以用來安裝圖形化桌面 (PC-BSD) 或是指令列版本的 FreeBSD。 細節請參考 PC-BSD 使用者 Handbook (<link xlink:href="http://wiki.pcbsd.org/index.php/Colophon">http://wiki.pcbsd.org/index.php/Colophon</link>)。</para> + </note> + + <para>讀完這章,您將了解︰</para> + + <itemizedlist> + <listitem> + <para>最低的硬體需求和 FreeBSD 支援的架構。</para> + </listitem> + + <listitem> + <para>如何建立 FreeBSD 的安裝媒體。</para> + </listitem> + + <listitem> + <para>如何開始執行 <application>bsdinstall</application>。</para> + </listitem> + + <listitem> + <para><application>bsdinstall</application> 會詢問的問題,問題代表的意思,以及如何回答。</para> + </listitem> + + <listitem> + <para>安裝失敗時如何做故障排除。</para> + </listitem> + + <listitem> + <para>如何在正式安裝前使用 live 版本的 FreeBSD。</para> + </listitem> + </itemizedlist> + + <para>在開始閱讀這章之前,您需要︰</para> + + <itemizedlist> + <listitem> + <para>閱讀即將安裝的 FreeBSD 版本所附帶的硬體支援清單,並核對系統的硬體是否有支援。</para> + </listitem> + </itemizedlist> + </sect1> + + <sect1 xml:id="bsdinstall-hardware"> + <title>最低硬體需求</title> + + <para>安裝 FreeBSD 的硬體需求隨 FreeBSD 的版本和硬體架構而不同。 FreeBSD 發行版支援的硬體架構和裝置可在 FreeBSD 網站 (<link xlink:href="@@URL_RELPREFIX@@/releases/index.html">http://www.FreeBSD.org/releases/index.html</link>)的發行資訊頁面找到。</para> + + <para>FreeBSD 最小安裝需要至少 64 MB 的 <acronym>RAM</acronym> 和 1.5 GB 的可用硬碟空間 但是這真的是 <emphasis>最小</emphasis>,幾乎沒有剩下多餘的空間。 RAM 的需求視實際使用而訂,經特殊處理過後的 FreeBSD 系統可只使用 128MB RAM,圖形化環境最少需要 4 GB 的 <acronym>RAM</acronym>。</para> + + <para>每一種架構的處理器需求概述如下:</para> + + <variablelist> + <varlistentry> + <term xml:lang="en">amd64</term> + <listitem> + <para>這桌上型電腦與筆記型電腦是最常見的處理器類型,有些廠商可能會稱之為 <acronym>x86-64</acronym>。</para> + + <para>主要有兩個廠商提供 amd64 處理器:<trademark class="registered">Intel</trademark> (生產 <acronym>Intel64</acronym> 級處理器) 以及 AMD (生產 <acronym>AMD64</acronym>)。</para> + + <para>與 amd64 相容的處理器包含:<trademark>AMD Athlon</trademark>64, <trademark>AMD Opteron</trademark>, 多核心 <trademark class="registered">Intel</trademark> <trademark>Xeon</trademark> 以及 <trademark class="registered">Intel</trademark> <trademark>Core</trademark> 2 與之後的處理器。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term xml:lang="en">i386</term> + <listitem> + <para>這個架構即為 32-bit x86 架構。</para> + + <para>幾乎所有含浮點運算單元的 i386 相容處理器都有支援。所有 <trademark class="registered">Intel</trademark> 486 或是更高階的處理器也有支援。</para> + + <para>若 <acronym>CPU</acronym> 有支援實體位址延伸(<acronym>PAE</acronym>) 功能,FreeBSD 可以運用這項功能的所帶來優點。有開啟 <acronym>PAE</acronym> 支援的核心會偵測超過 4 GB 的記憶體,並讓這些記憶體能夠被系統使用。 這項功能會限制驅動程式以及 FreeBSD 可能使用的其他功能,詳情請見 <citerefentry><refentrytitle>pae</refentrytitle><manvolnum>4</manvolnum></citerefentry>。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term xml:lang="en">ia64</term> + <listitem> + <para>目前支援的處理器是 <trademark class="registered">Itanium</trademark> 和 <trademark class="registered">Itanium</trademark> 2。支援的晶片組包括 HP zx1, <trademark class="registered">Intel</trademark> 460GX 和 <trademark class="registered">Intel</trademark> E8870。 單處理器 (Uniprocessor, <acronym>UP</acronym>) 和對稱多處理器 (Symmetric Multi-processor, <acronym>SMP</acronym>)的設定都有支援。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term xml:lang="en">pc98</term> + <listitem> + <para>NEC PC-9801/9821 系列幾乎所有 i386 相容處理器包括 80486、<trademark class="registered">Pentium</trademark>、 <trademark class="registered">Pentium</trademark> Pro 和 <trademark class="registered">Pentium</trademark> II 都有支援。 所有 AMD, Cyrix, IBM, 及 IDT 的i386 相容處理器都有支援。 相容 NEC PC-9801 的 EPSON PC-386/486/586 系列都有支援。 NEC FC-9801/9821 及 NEC SV-98 系列也有支援。</para> + + <para>不支援高解析度模式。NEC PC-98XA/XL/RL/XL^2 和 NEC PC-H98 系列只支援正常 (PC-9801 相容) 模式。 FreeBSD 對稱多處理器 <acronym>SMP</acronym> 相關功能並不支援。 PC-H98, SV-H98 和FC-H98 新延伸標準架構 (<acronym>NESA</acronym>) 匯流排不支援。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term xml:lang="en">powerpc</term> + <listitem> + <para>所有內建 <acronym>USB</acronym> 的 New World <acronym>ROM</acronym> <trademark class="registered">Apple</trademark> <trademark class="registered">Mac</trademark> 系統都有支援。 <acronym>SMP</acronym> 在多 <acronym>CPU</acronym> 的機器都有支援。</para> + + <para>32 位元的核心只能使用前 2 GB 的 <acronym>RAM</acronym>。</para> + </listitem> + </varlistentry> + + <varlistentry> + <term xml:lang="en">sparc64</term> + <listitem> + <para>FreeBSD/sparc64 支援的系統列在 FreeBSD/sparc64 計劃 (<link xlink:href="@@URL_RELPREFIX@@/platforms/sparc.html">http://www.freebsd.org/platforms/sparc.html</link>)。</para> + + <para>所有超過一個處理器的系統都有支援 <acronym>SMP</acronym>。需要專用的磁碟系統,因為此時無法和其他作業系統共用磁碟。</para> + </listitem> + </varlistentry> + </variablelist> + </sect1> + + <sect1 xml:id="bsdinstall-pre"> + <title>安裝前準備工作</title> + + <para>一旦確定系統符合安裝 FreeBSD 的最低硬體需求,就可以下載安裝檔案並準備安裝的媒體。 做這些之前,先檢查以下核對清單的項目是否準備好了:</para> + + <procedure> + <step> + <title>備份重要資料</title> + + <para>安裝任何作業系統前, <emphasis>總是</emphasis> 要先備份所有重要資料。 不要儲存備份在即將安裝的系統上。改為將資料儲存在可移除磁碟,像是 <acronym>USB</acronym> 隨身碟,網路上的另一個系統或是線上備份服務上。 開始安裝前,要測試備份,確定它含有所有需要的檔案。 一旦安裝程式格式化系統的磁碟,所有儲存在上面的資料都會遺失。</para> + </step> + + <step> + <title>決定 FreeBSD 安裝在哪裡</title> + + <para>如果 FreeBSD 是唯一要安裝的作業系統,這個步驟可以略過。 但是假如 FreeBSD 將和其他作業系統分享磁碟空間的話,要決定 FreeBSD 要安裝在哪個磁碟或是哪個分割區。</para> + + <para>在 i386 和 amd64 平台,磁碟可以使用兩種分割區配置之一來分割成多個分割區。 傳統的<firstterm>主開機紀錄</firstterm> (Master Boot Record, <acronym>MBR</acronym>) 有一個分割區表定義最多到 <firstterm>主分割區</firstterm>。 因為歷史性的理由, FreeBSD 稱這些主分割區為 <firstterm>slices</firstterm>。 其中一個主分割區可以分成一個 延伸分割區 ,他包含多個 邏輯分割區。 <firstterm>GUID 分割區表</firstterm> (GUID Partition Table, <acronym>GPT</acronym>) 是較新和較簡單的分割磁碟的方法,一般 <acronym>GPT</acronym> 實作允許每個磁碟最多達 128 個分割區,減少使用邏輯分割區的需要。</para> + + <warning> + <para>一些比較舊的作業系統,像是 <trademark class="registered">Windows</trademark> XP 不相容 <acronym>GPT</acronym> 分割區配置。 如果 FreeBSD 將和這樣的作業系統共享一個磁碟,那就需要用 <acronym>MBR</acronym> 分割。</para> + </warning> + + <para>FreeBSD 開機啟動程式需要主分割區或是 <acronym>GPT</acronym> 分割區。如果所有的主分割區或 <acronym>GPT</acronym> 分割區都已使用,必須釋放其中一個分割區讓 FreeBSD 使用。如果要建立一個分割區而不刪除原有的資料,可以使用磁碟分割工具來縮小現有的分割區,並使用多出的空間來建立新分割區。</para> + + <para>各種自由的和商業化的磁碟分割工具列於 <link xlink:href="http://en.wikipedia.org/wiki/List_of_disk_partitioning_software">http://en.wikipedia.org/wiki/List_of_disk_partitioning_software</link>。<application>GParted Live</application> (<link xlink:href="http://gparted.sourceforge.net/livecd.php">http://gparted.sourceforge.net/livecd.php</link>) 是包含分割編輯工具 <application>GParted</application> 的自由的 live <acronym>CD</acronym>。 GParted 也包含在許多 Linux live <acronym>CD</acronym> 套件裡。</para> + + <warning> + <para>當正確地使用,磁碟分割工具可以安全地建立空間讓新的分割區使用。 因為有可能會誤選已經存在的分割區,所以在修改磁碟分割區前, 一定要備份重要資料,並確認備份的完整性。</para> + </warning> + + <para>包含不同作業系統的磁碟分割區可以讓一台電腦安裝多重作業系統。 另一種作法是使用虛擬化 (<xref linkend="virtualization"/>) ,可以讓多重作業系統同時間執行而不需要改變任何磁碟分割區。</para> + </step> + + <step> + <title>收集網路資訊</title> + + <para>有些 FreeBSD 安裝方法為了下載安裝檔案需要網路連線。 在系統安裝之後,安裝程式將會讓您設定系統的網路介面。</para> + + <para>如果網路有 <acronym>DHCP</acronym> 伺服器,可以自動設定網路。 如果沒有 <acronym>DHCP</acronym> , 需要從區域網路管理者或是網際網路服務商取得以下系統的網路資訊:</para> + + <orderedlist xml:id="bsdinstall-collect-network-information"> + <title>需要的網路資訊</title> + + <listitem> + <para><acronym>IP</acronym> 位址</para> + </listitem> + + <listitem> + <para>子網路遮罩</para> + </listitem> + + <listitem> + <para>預設閘道器 <acronym>IP</acronym> 位址</para> + </listitem> + + <listitem> + <para>網路的網域名稱</para> + </listitem> + + <listitem> + <para>網路 <acronym>DNS</acronym> 伺服器 <acronym>IP</acronym> 位址</para> + </listitem> + </orderedlist> + </step> + + <step> + <title>檢查 FreeBSD 勘誤表</title> + + <para>儘管 FreeBSD Project 努力確保每個 FreeBSD 發行版能夠儘可能地穩定,錯誤偶爾還是會悄悄出現。 有極小的機會錯誤會影響安裝過程。 當這些問題被發現並修正後,會被紀錄在 FreeBSD 網站的 FreeBSD 勘誤表 (<link xlink:href="@@URL_RELPREFIX@@/releases/10.3R/errata.html">http://www.freebsd.org/releases/10.3R/errata.html</link>)。 安裝前要檢查勘誤表,確保沒有會影響到安裝的問題。</para> + + <para>所有發行版的資訊和勘誤表可以在 FreeBSD 網站的發行資訊找到 (<link xlink:href="@@URL_RELPREFIX@@/releases/index.html">http://www.freebsd.org/releases/index.html</link>)。</para> + </step> + </procedure> + + <sect2 xml:id="bsdinstall-installation-media"> + <title>準備安裝的媒體</title> + + <para xml:lang="en">The FreeBSD installer is not an application that can be run + from within another operating system. Instead, download a + FreeBSD installation file, burn it to the media associated with + its file type and size (<acronym>CD</acronym>, + <acronym>DVD</acronym>, or <acronym>USB</acronym>), and boot + the system to install from the inserted media.</para> + + <para xml:lang="en">FreeBSD installation files are available at <link xlink:href="@@URL_RELPREFIX@@/where.html#download">www.freebsd.org/where.html#download</link>. + Each installation file's name includes the release version of + FreeBSD, the architecture, and the type of file. For example, to + install FreeBSD 10.2 on an amd64 system from a + <acronym>DVD</acronym>, download + <filename>FreeBSD-10.2-RELEASE-amd64-dvd1.iso</filename>, burn + this file to a <acronym>DVD</acronym>, and boot the system + with the <acronym>DVD</acronym> inserted.</para> + + <para xml:lang="en">Installation files are available in several formats. + The formats vary depending on computer architecture and media + type.</para> + + <para xml:id="bsdinstall-installation-media-uefi" xml:lang="en">Additional + installation files are included for computers that boot with + <acronym>UEFI</acronym> (Unified Extensible Firmware + Interface). The names of these files include the string + <filename>uefi</filename>.</para> + + <para xml:lang="en">File types:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>-bootonly.iso</literal>: This is the smallest + installation file as it only contains the installer. A + working Internet connection is required during + installation as the installer will download the files it + needs to complete the FreeBSD installation. This file should + be burned to a <acronym>CD</acronym> using a + <acronym>CD</acronym> burning application.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>-disc1.iso</literal>: This file contains all + of the files needed to install FreeBSD, its source, and the + Ports Collection. It should be burned to a + <acronym>CD</acronym> using a <acronym>CD</acronym> + burning application.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>-dvd1.iso</literal>: This file contains all + of the files needed to install FreeBSD, its source, and the + Ports Collection. It also contains a set of popular + binary packages for installing a window manager and some + applications so that a complete system can be installed + from media without requiring a connection to the Internet. + This file should be burned to a <acronym>DVD</acronym> + using a <acronym>DVD</acronym> burning application.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>-memstick.img</literal>: This file contains + all of the files needed to install FreeBSD, its source, and + the Ports Collection. It should be burned to a + <acronym>USB</acronym> stick using the instructions + below.</para> + </listitem> + </itemizedlist> + + <para xml:lang="en">After downloading the image file, download + <filename>CHECKSUM.SHA256</filename> from + the same directory. Calculate a + <firstterm>checksum</firstterm> for the image file. + FreeBSD provides <citerefentry><refentrytitle>sha256</refentrytitle><manvolnum>1</manvolnum></citerefentry> for this, used as <command>sha256 + <replaceable>imagefilename</replaceable></command>. + Other operating systems have similar programs.</para> + + <para xml:lang="en">Compare the calculated checksum with the one shown in + <filename>CHECKSUM.SHA256</filename>. The checksums must + match exactly. If the checksums do not match, the image file + is corrupt and must be downloaded again.</para> + + <sect3 xml:id="bsdinstall-usb"> + <title>寫入映象檔到 <acronym>USB</acronym></title> + + <para xml:lang="en">The <filename>*.img</filename> file is an + <emphasis>image</emphasis> of the complete contents of a + memory stick. It <emphasis>cannot</emphasis> be copied to + the target device as a file. Several applications are + available for writing the <filename>*.img</filename> to a + <acronym>USB</acronym> stick. This section describes two of + these utilities.</para> + + <important> + <para>在繼續之前,請先備份 <acronym>USB</acronym> 上的重要資料,這個程序會清除在隨身碟上既有的資料。</para> + </important> + + <procedure xml:id="bsdinstall-usb-dd"> + <title>使用 <command>dd</command> 來寫入映像檔</title> + + <warning> + <para xml:lang="en">This example uses <filename>/dev/da0</filename> as + the target device where the image will be written. Be + <emphasis>very careful</emphasis> that the correct + device is used as this command will destroy the existing + data on the specified target device.</para> + </warning> + + <step> + <para xml:lang="en">The <citerefentry><refentrytitle>dd</refentrytitle><manvolnum>1</manvolnum></citerefentry> command-line utility is + available on BSD, <trademark class="registered">Linux</trademark>, and <trademark class="registered">Mac OS</trademark> systems. To burn + the image using <command>dd</command>, insert the + <acronym>USB</acronym> stick and determine its device + name. Then, specify the name of the downloaded + installation file and the device name for the + <acronym>USB</acronym> stick. This example burns the + amd64 installation image to the first + <acronym>USB</acronym> device on an existing FreeBSD + system.</para> + + <screen xml:lang="en"><prompt>#</prompt> <userinput>dd if=<replaceable>FreeBSD-10.2-RELEASE-amd64-memstick.img</replaceable> of=/dev/<replaceable>da0</replaceable> bs=1M conv=sync</userinput></screen> + + <para xml:lang="en">If this command fails, verify that the + <acronym>USB</acronym> stick is not mounted and that the + device name is for the disk, not a partition. Some + operating systems might require this command to be run + with <citerefentry><refentrytitle>sudo</refentrytitle><manvolnum>8</manvolnum></citerefentry>. Systems like <trademark class="registered">Linux</trademark> might buffer + writes. To force all writes to complete, use + <citerefentry><refentrytitle>sync</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + </step> + </procedure> + + <procedure> + <title>使用 <trademark class="registered">Windows</trademark> 來寫入映象檔</title> + + <warning> + <para xml:lang="en">Be sure to give the correct drive letter as the + existing data on the specified drive will be overwritten + and destroyed.</para> + </warning> + + <step> + <title>取得 <application>Image Writer <trademark class="registered">Windows</trademark> 版</application></title> + + <para><application>Image Writer <trademark class="registered">Windows</trademark> 版</application> 是一個免費的應用程式,可以正確地將映像檔寫入隨身碟。 從 <uri xlink:href="https://launchpad.net/win32-image-writer/">https://launchpad.net/win32-image-writer/</uri> 下載,並解壓縮到一個資料夾。</para> + </step> + + <step> + <title>用 Image Writer 寫入映象檔</title> + + <para>雙擊 <application>Win32DiskImager</application> 圖示啟動程式。 確認 <computeroutput>Device</computeroutput> 顯示的磁碟機代號是隨身碟的磁碟機代號。 按下資料夾圖示選擇要寫入隨身碟的映像檔。 按下 <guibutton>[ Save ]</guibutton> 按鈕確定映像檔名。 確認所有東西都正確,隨身碟的資料夾並沒有在其他視窗開啟。 所有東西準備好後,按下 <guibutton>[ Write ]</guibutton> 將映像檔寫入隨身碟。</para> + </step> + </procedure> + + <para>您現在可以開始安裝 FreeBSD 。</para> + </sect3> + </sect2> + </sect1> + + <sect1 xml:id="bsdinstall-start"> + <title>開始安裝</title> + + <important> + <para>預設安裝程式在下列訊息顯示之前不會對磁碟做任何更動:</para> + + <programlisting xml:lang="en">Your changes will now be written to disk. If you +have chosen to overwrite existing data, it will +be PERMANENTLY ERASED. Are you sure you want to +commit your changes?</programlisting> + + <para>在這個警告訊息之前可以隨時中止安裝,若有任何設定錯誤的疑慮,只需在此時關閉電腦,將不會對系統磁碟做任何更改。</para> + </important> + + <para xml:lang="en">This section describes how to boot the system from the + installation media which was prepared using the instructions in + <xref linkend="bsdinstall-installation-media"/>. When using a + bootable USB stick, plug in the <acronym>USB</acronym> stick + before turning on the computer. When booting from + <acronym>CD</acronym> or <acronym>DVD</acronym>, turn on the + computer and insert the media at the first opportunity. How to + configure the system to boot from the inserted media depends + upon the architecture.</para> + + <sect2 xml:id="bsdinstall-starting-i386"> + <title>在 <trademark>i386</trademark> 及 amd64 開機</title> + + <para xml:lang="en">These architectures provide a <acronym>BIOS</acronym> + menu for selecting the boot device. Depending upon the + installation media being used, select the + <acronym>CD</acronym>/<acronym>DVD</acronym> or + <acronym>USB</acronym> device as the first boot device. Most + systems also provide a key for selecting the boot device + during startup without having to enter the + <acronym>BIOS</acronym>. Typically, the key is either + <keycap>F10</keycap>, <keycap>F11</keycap>, + <keycap>F12</keycap>, or <keycap>Escape</keycap>.</para> + + <para xml:lang="en">If the computer loads the existing operating system + instead of the FreeBSD installer, then either:</para> + + <orderedlist> + <listitem> + <para xml:lang="en">The installation media was not inserted early enough + in the boot process. Leave the media inserted and try + restarting the computer.</para> + </listitem> + + <listitem> + <para xml:lang="en">The <acronym>BIOS</acronym> changes were incorrect or + not saved. Double-check that the right boot device is + selected as the first boot device.</para> + </listitem> + + <listitem> + <para xml:lang="en">This system is too old to support booting from the + chosen media. In this case, the <application>Plop Boot + Manager</application> (<link xlink:href="http://www.plop.at/en/bootmanagers.html"/>) + can be used to boot the system from the selected + media.</para> + </listitem> + </orderedlist> + </sect2> + + <sect2> + <title>在 <trademark class="registered">PowerPC</trademark> 開機</title> + + <para xml:lang="en">On most machines, holding <keycap>C</keycap> on the + keyboard during boot will boot from the <acronym>CD</acronym>. + Otherwise, hold <keycombo action="simul"> + <keycap>Command</keycap> + <keycap>Option</keycap> + <keycap>O</keycap> + <keycap>F</keycap> + </keycombo>, or + <keycombo action="simul"> + <keycap>Windows</keycap> + <keycap>Alt</keycap> + <keycap>O</keycap> + <keycap>F</keycap> + </keycombo> on non-<trademark class="registered">Apple</trademark> keyboards. At the + <prompt>0 ></prompt> prompt, enter</para> + + <screen xml:lang="en"><userinput>boot cd:,\ppc\loader cd:0</userinput></screen> + </sect2> + + <sect2> + <title>在 <trademark class="registered">SPARC64</trademark> 開機</title> + + <para xml:lang="en">Most <trademark class="registered">SPARC64</trademark> systems are set up to boot automatically + from disk. To install FreeBSD from a <acronym>CD</acronym> + requires a break into the <acronym>PROM</acronym>.</para> + + <para xml:lang="en">To do this, reboot the system and wait until the boot + message appears. The message depends on the model, but should + look something like this:</para> + + <screen xml:lang="en">Sun Blade 100 (UltraSPARC-IIe), Keyboard Present +Copyright 1998-2001 Sun Microsystems, Inc. All rights reserved. +OpenBoot 4.2, 128 MB memory installed, Serial #51090132. +Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4.</screen> + + <para xml:lang="en">If the system proceeds to boot from disk at this point, + press <keycombo action="simul"><keycap>L1</keycap><keycap>A</keycap></keycombo> + or <keycombo action="simul"><keycap>Stop</keycap><keycap>A</keycap></keycombo> + on the keyboard, or send a <command>BREAK</command> over the + serial console. When using <application>tip</application> or + <application>cu</application>, <command>~#</command> will + issue a BREAK. The <acronym>PROM</acronym> prompt will be + <prompt>ok</prompt> on systems with one + <acronym>CPU</acronym> and <prompt>ok {0} </prompt> on + <acronym>SMP</acronym> systems, where the digit indicates the + number of the active <acronym>CPU</acronym>.</para> + + <para xml:lang="en">At this point, place the <acronym>CD</acronym> into the + drive and type <command>boot cdrom</command> from the + <acronym>PROM</acronym> prompt.</para> + </sect2> + + <sect2 xml:id="bsdinstall-view-probe"> + <title>FreeBSD 開機選單</title> + + <para xml:lang="en">Once the system boots from the installation media, a menu + similar to the following will be displayed:</para> + + <figure xml:id="bsdinstall-newboot-loader-menu"> + <title>FreeBSD 開機載入程式選單</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-newboot-loader-menu"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">By default, the menu will wait ten seconds for user input + before booting into the FreeBSD installer or, if FreeBSD is already + installed, before booting into FreeBSD. To pause the boot timer + in order to review the selections, press + <keycap>Space</keycap>. To select an option, press its + highlighted number, character, or key. The following options + are available.</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>Boot Multi User</literal>: This will + continue the FreeBSD boot process. If the boot timer has + been paused, press <keycap>1</keycap>, upper- or + lower-case <keycap>B</keycap>, or + <keycap>Enter</keycap>.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Boot Single User</literal>: This mode can be + used to fix an existing FreeBSD installation as described in + <xref linkend="boot-singleuser"/>. Press + <keycap>2</keycap> or the upper- or lower-case + <keycap>S</keycap> to enter this mode.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Escape to loader prompt</literal>: This will + boot the system into a repair prompt that contains a + limited number of low-level commands. This prompt is + described in <xref linkend="boot-loader"/>. Press + <keycap>3</keycap> or <keycap>Esc</keycap> to boot into + this prompt.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Reboot</literal>: Reboots the system.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Configure Boot Options</literal>: Opens the + menu shown in, and described under, <xref linkend="bsdinstall-boot-options-menu"/>.</para> + </listitem> + </itemizedlist> + + <figure xml:id="bsdinstall-boot-options-menu"> + <title>FreeBSD 開機選項選單</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-boot-options-menu"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">The boot options menu is divided into two sections. The + first section can be used to either return to the main boot + menu or to reset any toggled options back to their + defaults.</para> + + <para xml:lang="en">The next section is used to toggle the available options + to <literal>On</literal> or <literal>Off</literal> by pressing + the option's highlighted number or character. The system will + always boot using the settings for these options until they + are modified. Several options can be toggled using this + menu:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>ACPI Support</literal>: If the system hangs + during boot, try toggling this option to + <literal>Off</literal>.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Safe Mode</literal>: If the system still + hangs during boot even with <literal>ACPI + Support</literal> set to <literal>Off</literal>, try + setting this option to <literal>On</literal>.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Single User</literal>: Toggle this option to + <literal>On</literal> to fix an existing FreeBSD installation + as described in <xref linkend="boot-singleuser"/>. Once + the problem is fixed, set it back to + <literal>Off</literal>.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Verbose</literal>: Toggle this option to + <literal>On</literal> to see more detailed messages during + the boot process. This can be useful when troubleshooting + a piece of hardware.</para> + </listitem> + </itemizedlist> + + <para xml:lang="en">After making the needed selections, press + <keycap>1</keycap> or <keycap>Backspace</keycap> to return to + the main boot menu, then press <keycap>Enter</keycap> to + continue booting into FreeBSD. A series of boot messages will + appear as FreeBSD carries out its hardware device probes and + loads the installation program. Once the boot is complete, + the welcome menu shown in <xref linkend="bsdinstall-choose-mode"/> will be displayed.</para> + + <figure xml:id="bsdinstall-choose-mode"> + <title>歡迎選單</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-choose-mode"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Press <keycap>Enter</keycap> to select the default of + <guibutton>[ Install ]</guibutton> to enter the + installer. The rest of this chapter describes how to use this + installer. Otherwise, use the right or left arrows or the + colorized letter to select the desired menu item. The + <guibutton>[ Shell ]</guibutton> can be used to + access a FreeBSD shell in order to use command line utilities to + prepare the disks before installation. The + <guibutton>[ Live CD ]</guibutton> option can be + used to try out FreeBSD before installing it. The live version + is described in <xref linkend="using-live-cd"/>.</para> + + <tip> + <para xml:lang="en">To review the boot messages, including the hardware + device probe, press the upper- or lower-case + <keycap>S</keycap> and then <keycap>Enter</keycap> to access + a shell. At the shell prompt, type <command>more + /var/run/dmesg.boot</command> and use the space bar to + scroll through the messages. When finished, type + <command>exit</command> to return to the welcome + menu.</para> + </tip> + </sect2> + </sect1> + + <sect1 xml:id="using-bsdinstall"> + <title>使用 <application>bsdinstall</application></title> + + <para xml:lang="en">This section shows the order of the + <application>bsdinstall</application> menus and the type of + information that will be asked before the system is installed. + Use the arrow keys to highlight a menu option, then + <keycap>Space</keycap> to select or deselect that menu item. + When finished, press <keycap>Enter</keycap> to save the + selection and move onto the next screen.</para> + + <sect2 xml:id="bsdinstall-keymap"> + <title>選擇鍵盤對應表選單</title> + + <para xml:lang="en">Depending on the system console being used, + <application>bsdinstall</application> may initially display + the menu shown in <xref linkend="bsdinstall-keymap-select-default"/>.</para> + + <figure xml:id="bsdinstall-keymap-select-default"> + <title>鍵盤對應表選擇</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-keymap-select-default"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">To configure the keyboard layout, press + <keycap>Enter</keycap> with + <guibutton>[ YES ]</guibutton> selected, which will + display the menu shown in <xref linkend="bsdinstall-config-keymap"/>. To instead use the + default layout, use the arrow key to select + <guibutton>[ NO ]</guibutton> and press + <keycap>Enter</keycap> to skip this menu screen.</para> + + <figure xml:id="bsdinstall-config-keymap"> + <title>選擇鍵盤選單</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-config-keymap"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">When configuring the keyboard layout, use the up and down + arrows to select the keymap that most closely represents the + mapping of the keyboard attached to the system. Press + <keycap>Enter</keycap> to save the selection.</para> + + <note> + <para xml:lang="en">Pressing <keycap>Esc</keycap> will exit this menu and + use the default keymap. If the choice of keymap is not + clear, <guimenuitem>United States of America + ISO-8859-1</guimenuitem> is also a safe option.</para> + </note> + + <para xml:lang="en">In FreeBSD 10.0-RELEASE and later, this menu has been + enhanced. The full selection of keymaps is shown, with the + default preselected. In addition, when selecting a different + keymap, a dialog is displayed that allows the user to try the + keymap and ensure it is correct before proceeding.</para> + + <figure xml:id="bsdinstall-keymap-10"> + <title>改進後的鍵盤對應表選單</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-keymap-10"/> + </imageobject> + </mediaobject> + </figure> + + </sect2> + + <sect2 xml:id="bsdinstall-hostname"> + <title>設定主機名稱</title> + + <para xml:lang="en">The next <application>bsdinstall</application> menu is + used to set the hostname for the newly installed + system.</para> + + <figure xml:id="bsdinstall-config-hostname"> + <title>設定主機名稱</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-config-hostname"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Type in a hostname that is unique for the network. It + should be a fully-qualified hostname, such as <systemitem class="fqdomainname">machine3.example.com</systemitem>.</para> + </sect2> + + <sect2 xml:id="bsdinstall-components"> + <title>選擇要安裝的元件</title> + + <para xml:lang="en">Next, <application>bsdinstall</application> will prompt to + select optional components to install.</para> + + <figure xml:id="bsdinstall-config-components"> + <title>選擇要安裝的元件</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-config-components"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Deciding which components to install will depend largely + on the intended use of the system and the amount of disk space + available. The FreeBSD kernel and userland, collectively known + as the <firstterm>base system</firstterm>, are always + installed. Depending on the architecture, some of these + components may not appear:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>doc</literal> - Additional documentation, + mostly of historical interest, to install into + <filename>/usr/share/doc</filename>. The documentation + provided by the FreeBSD Documentation Project may be + installed later using the instructions in <xref linkend="updating-upgrading-documentation"/>.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>games</literal> - Several traditional + <acronym>BSD</acronym> games, including + <application>fortune</application>, + <application>rot13</application>, and others.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>lib32</literal> - Compatibility libraries for + running 32-bit applications on a 64-bit version of + FreeBSD.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>ports</literal> - The FreeBSD Ports Collection + is a collection of files which automates the downloading, + compiling and installation of third-party software + packages. <xref linkend="ports"/> discusses how to use + the Ports Collection.</para> + + <warning> + <para xml:lang="en">The installation program does not check for + adequate disk space. Select this option only if + sufficient hard disk space is available. The FreeBSD Ports + Collection takes up about 500 MB of disk + space.</para> + </warning> + </listitem> + + <listitem> + <para xml:lang="en"><literal>src</literal> - The complete FreeBSD source code + for both the kernel and the userland. Although not + required for the majority of applications, it may be + required to build device drivers, kernel modules, or some + applications from the Ports Collection. It is also used + for developing FreeBSD itself. The full source tree requires + 1 GB of disk space and recompiling the entire FreeBSD + system requires an additional 5 GB of space.</para> + </listitem> + </itemizedlist> + </sect2> + + <sect2 xml:id="bsdinstall-netinstall"> + <title>從網路安裝</title> + + <para xml:lang="en">The menu shown in <xref linkend="bsdinstall-netinstall-notify"/> only appears when + installing from a <filename>-bootonly.iso</filename> + <acronym>CD</acronym> as this installation media does not hold + copies of the installation files. Since the installation + files must be retrieved over a network connection, this menu + indicates that the network interface must be first + configured.</para> + + <figure xml:id="bsdinstall-netinstall-notify"> + <title>從網路安裝</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-netinstall-files"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">To configure the network connection, press + <keycap>Enter</keycap> and follow the instructions in <xref linkend="bsdinstall-config-network-dev"/>. Once the + interface is configured, select a mirror site that is + located in the same region of the world as the computer on + which FreeBSD is being installed. Files can be retrieved more + quickly when the mirror is close to the target computer, + reducing installation time.</para> + + <figure xml:id="bsdinstall-netinstall-mirror"> + <title>選擇鏡像站</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-netinstall-mirrorselect"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Installation will then continue as if the installation + files were located on the local installation media.</para> + </sect2> + </sect1> + + <sect1 xml:id="bsdinstall-partitioning"> + <title>配置磁碟空間</title> + + <para xml:lang="en">The next menu is used to determine the method for + allocating disk space. The options available in the menu + depend upon the version of FreeBSD being installed.</para> + + <figure xml:id="bsdinstall-part-guided-manual"> + <title>FreeBSD 9.x 的分割區選擇</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-part-guided-manual"/> + </imageobject> + </mediaobject> + </figure> + + <figure xml:id="bsdinstall-zfs-partmenu"> + <title>FreeBSD 10.x 或更新版本的磁碟分割選項</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-partmenu"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en"><literal>Guided</literal> partitioning automatically sets up + the disk partitions, <literal>Manual</literal> partitioning + allows advanced users to create customized partitions from menu + options, and <literal>Shell</literal> opens a shell prompt where + advanced users can create customized partitions using + command-line utilities like <citerefentry><refentrytitle>gpart</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry>, and + <citerefentry><refentrytitle>bsdlabel</refentrytitle><manvolnum>8</manvolnum></citerefentry>. <literal>ZFS</literal> partitioning, only + available in FreeBSD 10 and later, creates an optionally encrypted + root-on-ZFS system with support for <firstterm>boot + environments</firstterm>.</para> + + <para xml:lang="en">This section describes what to consider when laying out the + disk partitions. It then demonstrates how to use the different + partitioning methods.</para> + + <sect2 xml:id="configtuning-initial"> + <title>規劃分割區配置</title> + + <indexterm><primary>分割區配置</primary></indexterm> + <indexterm xml:lang="en"> + <primary><filename>/etc</filename></primary> + </indexterm> + <indexterm xml:lang="en"> + <primary><filename>/var</filename></primary> + </indexterm> + <indexterm xml:lang="en"> + <primary><filename>/usr</filename></primary> + </indexterm> + + <para xml:lang="en">When laying out file systems, remember that hard drives + transfer data faster from the outer tracks to the inner. + Thus, smaller and heavier-accessed file systems should be + closer to the outside of the drive, while larger partitions + like <filename>/usr</filename> should be placed toward the + inner parts of the disk. It is a good idea to create + partitions in an order similar to: <filename>/</filename>, + swap, <filename>/var</filename>, and + <filename>/usr</filename>.</para> + + <para xml:lang="en">The size of the <filename>/var</filename> partition + reflects the intended machine's usage. This partition is + used to hold mailboxes, log files, and printer spools. + Mailboxes and log files can grow to unexpected sizes + depending on the number of users and how long log files are + kept. On average, most users rarely need more than about a + gigabyte of free disk space in + <filename>/var</filename>.</para> + + <note> + <para xml:lang="en">Sometimes, a lot of disk space is required in + <filename>/var/tmp</filename>. When new software is + installed, the packaging tools extract a temporary copy of + the packages under <filename>/var/tmp</filename>. Large + software packages, like <application>Firefox</application>, + <application>Apache OpenOffice</application> or + <application>LibreOffice</application> may be tricky to + install if there is not enough disk space under + <filename>/var/tmp</filename>.</para> + </note> + + <para xml:lang="en">The <filename>/usr</filename> partition holds many of the + files which support the system, including the FreeBSD Ports + Collection and system source code. At least 2 gigabytes is + recommended for this partition.</para> + + <para xml:lang="en">When selecting partition sizes, keep the space + requirements in mind. Running out of space in one partition + while barely using another can be a hassle.</para> + + <indexterm xml:lang="en"> + <primary>swap sizing</primary> + </indexterm> + <indexterm xml:lang="en"> + <primary>swap partition</primary> + </indexterm> + + <para xml:lang="en">As a rule of thumb, the swap partition should be about + double the size of physical memory (<acronym>RAM</acronym>). + Systems with minimal <acronym>RAM</acronym> may perform + better with more swap. Configuring too little swap can lead + to inefficiencies in the <acronym>VM</acronym> page scanning + code and might create issues later if more memory is + added.</para> + + <para xml:lang="en">On larger systems with multiple <acronym>SCSI</acronym> + disks or multiple <acronym>IDE</acronym> disks operating on + different controllers, it is recommended that swap be + configured on each drive, up to four drives. The swap + partitions should be approximately the same size. The + kernel can handle arbitrary sizes but internal data structures + scale to 4 times the largest swap partition. Keeping the swap + partitions near the same size will allow the kernel to + optimally stripe swap space across disks. Large swap sizes + are fine, even if swap is not used much. It might be easier + to recover from a runaway program before being forced to + reboot.</para> + + <para xml:lang="en">By properly partitioning a system, fragmentation + introduced in the smaller write heavy partitions will not + bleed over into the mostly read partitions. Keeping the + write loaded partitions closer to the disk's edge will + increase <acronym>I/O</acronym> performance in the + partitions where it occurs the most. While + <acronym>I/O</acronym> performance in the larger partitions + may be needed, shifting them more toward the edge of the disk + will not lead to a significant performance improvement over + moving <filename>/var</filename> to the edge.</para> + </sect2> + + <sect2 xml:id="bsdinstall-part-guided"> + <title>引導式磁碟分割</title> + + <para xml:lang="en">When this method is selected, a menu will display the + available disk(s). If multiple disks are connected, choose + the one where FreeBSD is to be installed.</para> + + <figure xml:id="bsdinstall-part-guided-disk"> + <title>自多個磁碟選擇</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-part-guided-disk"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Once the disk is selected, the next menu prompts to + install to either the entire disk or to create a partition + using free space. If + <guibutton>[ Entire Disk ]</guibutton> is + chosen, a general partition layout filling the whole disk is + automatically created. Selecting + <guibutton>[ Partition ]</guibutton> creates a + partition layout from the unused space on the disk.</para> + + <figure xml:id="bsdinstall-part-entire-part"> + <title>選擇完整磁碟或分割區</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-part-entire-part"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">After the partition layout has been created, review it to + ensure it meets the needs of the installation. Selecting + <guibutton>[ Revert ]</guibutton> will reset the + partitions to their original values and pressing + <guibutton>[ Auto ]</guibutton> will recreate the + automatic FreeBSD partitions. Partitions can also be manually + created, modified, or deleted. When the partitioning is + correct, select <guibutton>[ Finish ]</guibutton> to + continue with the installation.</para> + + <figure xml:id="bsdinstall-part-review"> + <title>確認已建立的分割區</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-part-review"/> + </imageobject> + </mediaobject> + </figure> + </sect2> + + <sect2 xml:id="bsdinstall-part-manual"> + <title>手動磁碟分割</title> + + <para xml:lang="en">Selecting this method opens the partition editor:</para> + + <figure xml:id="bsdinstall-part-manual-create"> + <title>手動建立分割區</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-part-manual-create"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Highlight the installation drive + (<filename>ada0</filename> in this example) and select + <guibutton>[ Create ]</guibutton> to display a menu + of available partition schemes:</para> + + <figure xml:id="bsdinstall-part-manual-partscheme"> + <title>手動建立分割區</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-part-manual-partscheme"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en"><acronym>GPT</acronym> is usually the most appropriate + choice for amd64 computers. Older computers that are + not compatible with <acronym>GPT</acronym> should use + <acronym>MBR</acronym>. The other partition schemes are + generally used for uncommon or older computers.</para> + + <table frame="none" rowsep="1" pgwide="1"> + <title>磁碟分割格式</title> + + <tgroup cols="2" align="left"> + <thead> + <row> + <entry align="left">縮寫</entry> + <entry align="left">說明</entry> + </row> + </thead> + + <tbody> + <row> + <entry xml:lang="en">APM</entry> + <entry xml:lang="en">Apple Partition Map, used by <trademark class="registered">PowerPC</trademark>.</entry> + </row> + + <row> + <entry xml:lang="en">BSD</entry> + <entry xml:lang="en"><acronym>BSD</acronym> label without an + <acronym>MBR</acronym>, sometimes called + <firstterm>dangerously dedicated mode</firstterm> as + non-<acronym>BSD</acronym> disk utilities may not + recognize it.</entry> + </row> + + <row> + <entry xml:lang="en">GPT</entry> + <entry xml:lang="en">GUID Partition Table (<link xlink:href="http://en.wikipedia.org/wiki/GUID_Partition_Table">http://en.wikipedia.org/wiki/GUID_Partition_Table</link>).</entry> + </row> + + <row> + <entry xml:lang="en">MBR</entry> + <entry xml:lang="en">Master Boot Record (<link xlink:href="http://en.wikipedia.org/wiki/Master_boot_record">http://en.wikipedia.org/wiki/Master_boot_record</link>).</entry> + </row> + + <row> + <entry xml:lang="en">PC98</entry> + <entry xml:lang="en"><acronym>MBR</acronym> variant used by NEC PC-98 + computers (<link xlink:href="http://en.wikipedia.org/wiki/Pc9801">http://en.wikipedia.org/wiki/Pc9801</link>).</entry> + </row> + + <row> + <entry xml:lang="en">VTOC8</entry> + <entry xml:lang="en">Volume Table Of Contents used by Sun SPARC64 and + UltraSPARC computers.</entry> + </row> + </tbody> + </tgroup> + </table> + + <para xml:lang="en">After the partitioning scheme has been selected and + created, select <guibutton>[ Create ]</guibutton> + again to create the partitions.</para> + + <figure xml:id="bsdinstall-part-manual-addpart"> + <title>手動建立分割區</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-part-manual-addpart"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">A standard FreeBSD <acronym>GPT</acronym> installation uses + at least three partitions:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>freebsd-boot</literal> - Holds the FreeBSD boot + code.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>freebsd-ufs</literal> - A FreeBSD + <acronym>UFS</acronym> file system.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>freebsd-swap</literal> - FreeBSD swap + space.</para> + </listitem> + </itemizedlist> + + <para xml:lang="en">Another partition type worth noting is + <literal>freebsd-zfs</literal>, used for partitions that will + contain a FreeBSD <acronym>ZFS</acronym> file system (<xref linkend="zfs"/>). Refer to <citerefentry><refentrytitle>gpart</refentrytitle><manvolnum>8</manvolnum></citerefentry> for + descriptions of the available <acronym>GPT</acronym> partition + types.</para> + + <para xml:lang="en">Multiple file system partitions can be created and some + people prefer a traditional layout with separate partitions + for <filename>/</filename>, <filename>/var</filename>, + <filename>/tmp</filename>, and <filename>/usr</filename>. See + <xref linkend="bsdinstall-part-manual-splitfs"/> for an + example.</para> + + <para xml:lang="en">The <literal>Size</literal> may be entered with common + abbreviations: <emphasis>K</emphasis> for kilobytes, + <emphasis>M</emphasis> for megabytes, or + <emphasis>G</emphasis> for gigabytes.</para> + + <tip> + <para xml:lang="en">Proper sector alignment provides the best performance, + and making partition sizes even multiples of 4K bytes helps + to ensure alignment on drives with either 512-byte or + 4K-byte sectors. Generally, using partition sizes that are + even multiples of 1M or 1G is the easiest way to make sure + every partition starts at an even multiple of 4K. There is + one exception: the <emphasis>freebsd-boot</emphasis> + partition should be no larger than 512K due to current boot + code limitations.</para> + </tip> + + <para xml:lang="en">A <literal>Mountpoint</literal> is needed if the partition + will contain a file system. If only a single + <acronym>UFS</acronym> partition will be created, the + mountpoint should be <filename>/</filename>.</para> + + <para xml:lang="en">The <literal>Label</literal> is a name by which the + partition will be known. Drive names or numbers can change if + the drive is connected to a different controller or port, but + the partition label does not change. Referring to labels + instead of drive names and partition numbers in files like + <filename>/etc/fstab</filename> makes the system more tolerant + to hardware changes. <acronym>GPT</acronym> labels appear in + <filename>/dev/gpt/</filename> when a disk is attached. Other + partitioning schemes have different label capabilities and + their labels appear in different directories in + <filename>/dev/</filename>.</para> + + <tip> + <para xml:lang="en">Use a unique label on every partition to avoid + conflicts from identical labels. A few letters from the + computer's name, use, or location can be added to the label. + For instance, use <literal>labroot</literal> or + <literal>rootfslab</literal> for the <acronym>UFS</acronym> + root partition on the computer named + <literal>lab</literal>.</para> + </tip> + + <example xml:id="bsdinstall-part-manual-splitfs"> + <title>建立傳統分割的檔案系統分割區</title> + + <para xml:lang="en">For a traditional partition layout where the + <filename>/</filename>, <filename>/var</filename>, + <filename>/tmp</filename>, and <filename>/usr</filename> + directories are separate file systems on their own + partitions, create a <acronym>GPT</acronym> partitioning + scheme, then create the partitions as shown. Partition + sizes shown are typical for a 20G target disk. If more + space is available on the target disk, larger swap or + <filename>/var</filename> partitions may be useful. Labels + shown here are prefixed with <literal>ex</literal> for + <quote>example</quote>, but readers should use other unique + label values as described above.</para> + + <para xml:lang="en">By default, FreeBSD's <filename>gptboot</filename> expects + the first <acronym>UFS</acronym> partition to be the + <filename>/</filename> partition.</para> + + <informaltable frame="none"> + <tgroup cols="4"> + <thead> + <row> + <entry xml:lang="en">Partition Type</entry> + <entry xml:lang="en">Size</entry> + <entry xml:lang="en">Mountpoint</entry> + <entry xml:lang="en">Label</entry> + </row> + </thead> + + <tbody> + <row> + <entry xml:lang="en"><literal>freebsd-boot</literal></entry> + <entry xml:lang="en"><literal>512K</literal></entry> + </row> + + <row> + <entry xml:lang="en"><literal>freebsd-ufs</literal></entry> + <entry xml:lang="en"><literal>2G</literal></entry> + <entry xml:lang="en"><filename>/</filename></entry> + <entry xml:lang="en"><literal>exrootfs</literal></entry> + </row> + + <row> + <entry xml:lang="en"><literal>freebsd-swap</literal></entry> + <entry xml:lang="en"><literal>4G</literal></entry> + <entry/> + <entry xml:lang="en"><literal>exswap</literal></entry> + </row> + + <row> + <entry xml:lang="en"><literal>freebsd-ufs</literal></entry> + <entry xml:lang="en"><literal>2G</literal></entry> + <entry xml:lang="en"><filename>/var</filename></entry> + <entry xml:lang="en"><literal>exvarfs</literal></entry> + </row> + + <row> + <entry xml:lang="en"><literal>freebsd-ufs</literal></entry> + <entry xml:lang="en"><literal>1G</literal></entry> + <entry xml:lang="en"><filename>/tmp</filename></entry> + <entry xml:lang="en"><literal>extmpfs</literal></entry> + </row> + + <row> + <entry xml:lang="en"><literal>freebsd-ufs</literal></entry> + <entry xml:lang="en">accept the default (remainder of the + disk)</entry> + <entry xml:lang="en"><filename>/usr</filename></entry> + <entry xml:lang="en"><literal>exusrfs</literal></entry> + </row> + </tbody> + </tgroup> + </informaltable> + </example> + + <para xml:lang="en">After the custom partitions have been created, select + <guibutton>[ Finish ]</guibutton> to continue with + the installation.</para> + </sect2> + + <sect2 xml:id="bsdinstall-part-zfs"> + <title>Root-on-ZFS 自動磁碟分割</title> + + <para xml:lang="en">Support for automatic creation of root-on-ZFS + installations was added in FreeBSD 10.0-RELEASE. This + partitioning mode only works with whole disks and will erase + the contents of the entire disk. The installer will + automatically create partitions aligned to 4k boundaries and + force <acronym>ZFS</acronym> to use 4k sectors. This is safe + even with 512 byte sector disks, and has the added benefit of + ensuring that pools created on 512 byte disks will be able to + have 4k sector disks added in the future, either as additional + storage space or as replacements for failed disks. The + installer can also optionally employ <acronym>GELI</acronym> + disk encryption as described in <xref linkend="disks-encrypting-geli"/>. + If encryption is enabled, a 2 GB unencrypted boot pool + containing the <filename>/boot</filename> directory is + created. It holds the kernel and other files necessary to + boot the system. A swap partition of a user selectable size + is also created, and all remaining space is used for the + <acronym>ZFS</acronym> pool.</para> + + <para xml:lang="en">The main <acronym>ZFS</acronym> configuration menu offers + a number of options to control the creation of the + pool.</para> + + <figure xml:id="bsdinstall-zfs-menu"> + <title><acronym>ZFS</acronym> 分割區選單</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-menu"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Select <keycap>T</keycap> to configure the <literal>Pool + Type</literal> and the disk(s) that will constitute the + pool. The automatic <acronym>ZFS</acronym> installer + currently only supports the creation of a single top level + vdev, except in stripe mode. To create more complex pools, + use the instructions in <xref linkend="bsdinstall-part-shell"/> to create the pool. The + installer supports the creation of various pool types, + including stripe (not recommended, no redundancy), mirror + (best performance, least usable space), and RAID-Z 1, 2, and 3 + (with the capability to withstand the concurrent failure of 1, + 2, and 3 disks, respectively). while selecting the pool type, + a tooltip is displayed across the bottom of the screen with + advice about the number of required disks, and in the case of + RAID-Z, the optimal number of disks for each + configuration.</para> + + <figure xml:id="bsdinstall-zfs-vdev_type"> + <title><acronym>ZFS</acronym> 儲存池類型</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-vdev_type"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Once a <literal>Pool Type</literal> has been selected, a + list of available disks is displayed, and the user is prompted + to select one or more disks to make up the pool. The + configuration is then validated, to ensure enough disks are + selected. If not, select <guibutton><Change + Selection></guibutton> to return to the list of disks, or + <guibutton><Cancel></guibutton> to change the pool + type.</para> + + <figure xml:id="bsdinstall-zfs-disk_select"> + <title>磁碟選擇</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-disk_select"/> + </imageobject> + </mediaobject> + </figure> + + <figure xml:id="bsdinstall-zfs-vdev_invalid"> + <title>無效的選擇</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-vdev_invalid"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">If one or more disks are missing from the list, or if + disks were attached after the installer was started, select + <guibutton>- Rescan Devices</guibutton> to repopulate the list + of available disks. To ensure that the correct disks are + selected, so as not to accidently destroy the wrong disks, the + <guibutton>- Disk Info</guibutton> menu can be used to inspect + each disk, including its partition table and various other + information such as the device model number and serial number, + if available.</para> + + <figure xml:id="bsdinstall-zfs-disk_info"> + <title>分析磁碟</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-disk_info"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">The main <acronym>ZFS</acronym> configuration menu also + allows the user to enter a pool name, disable forcing 4k + sectors, enable or disable encryption, switch between + <acronym>GPT</acronym> (recommended) and + <acronym>MBR</acronym> partition table types, and select the + amount of swap space. Once all options have been set to the + desired values, select the + <guibutton>>>> Install</guibutton> option at the + top of the menu.</para> + + <para xml:lang="en">If <acronym>GELI</acronym> disk encryption was enabled, + the installer will prompt twice for the passphrase to be used + to encrypt the disks.</para> + + <figure xml:id="bsdinstall-zfs-geli_password"> + <title>磁碟加密密碼</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-geli_password"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">The installer then offers a last chance to cancel before + the contents of the selected drives are destroyed to create + the <acronym>ZFS</acronym> pool.</para> + + <figure xml:id="bsdinstall-zfs-warning"> + <title>最後修改</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-zfs-warning"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">The installation then proceeds normally.</para> + + </sect2> + + <sect2 xml:id="bsdinstall-part-shell"> + <title>Shell 模式磁碟分割</title> + + <para xml:lang="en">When creating advanced installations, the + <application>bsdinstall</application> paritioning menus may + not provide the level of flexibility required. Advanced users + can select the <guibutton>Shell</guibutton> option from the + partitioning menu in order to manually partition the drives, + create the file system(s), populate + <filename>/tmp/bsdinstall_etc/fstab</filename>, and mount the + file systems under <filename>/mnt</filename>. Once this is + done, type <command>exit</command> to return to + <application>bsdinstall</application> and continue the + installation.</para> + </sect2> + </sect1> + + <sect1 xml:id="bsdinstall-final-warning"> + <title>確認安裝</title> + + <para xml:lang="en">Once the disks are configured, the next menu provides the + last chance to make changes before the selected hard drive(s) + are formatted. If changes need to be made, select + <guibutton>[ Back ]</guibutton> to return to the main + partitioning menu. + <guibutton>[ Revert & Exit ]</guibutton> + will exit the installer without making any changes to the hard + drive.</para> + + <figure xml:id="bsdinstall-final-confirmation"> + <title>最後確認</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-final-confirmation"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">To instead start the actual installation, select + <guibutton>[ Commit ]</guibutton> and press + <keycap>Enter</keycap>.</para> + + <para xml:lang="en">Installation time will vary depending on the distributions + chosen, installation media, and speed of the computer. A series + of messages will indicate the progress.</para> + + <para xml:lang="en">First, the installer formats the selected disk(s) and + initializes the partitions. Next, in the case of a bootonly + media, it downloads the selected components:</para> + + <figure xml:id="bsdinstall-distfile-fetching"> + <title>取得發佈版本檔案</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-distfile-fetching"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Next, the integrity of the distribution files is verified + to ensure they have not been corrupted during download or + misread from the installation media:</para> + + <figure xml:id="bsdinstall-distfile-verify"> + <title>檢驗發佈版本檔案</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-distfile-verifying"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Finally, the verified distribution files are extracted to + the disk:</para> + + <figure xml:id="bsdinstall-distfile-extract"> + <title>解開發佈版本檔案</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-distfile-extracting"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Once all requested distribution files have been extracted, + <application>bsdinstall</application> displays the first + post-installation configuration screen. The available + post-configuration options are described in the next + section.</para> + </sect1> + + <sect1 xml:id="bsdinstall-post"> + <title>安裝後注意事項</title> + + <para xml:lang="en">Once FreeBSD is installed, + <application>bsdinstall</application> will prompt to configure + several options before booting into the newly installed system. + This section describes these configuration options.</para> + + <tip> + <para xml:lang="en">Once the system has booted, + <command>bsdconfig</command> provides a menu-driven method for + configuring the system using these and additional + options.</para> + </tip> + + <sect2 xml:id="bsdinstall-post-root"> + <title>設定 <systemitem class="username">root</systemitem> 密碼</title> + + <para xml:lang="en">First, the <systemitem class="username">root</systemitem> + password must be set. While entering the password, the + characters being typed are not displayed on the screen. After + the password has been entered, it must be entered again. This + helps prevent typing errors.</para> + + <figure xml:id="bsdinstall-post-set-root-passwd"> + <title>設定 <systemitem class="username">root</systemitem> 密碼</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-post-root-passwd"/> + </imageobject> + </mediaobject> + </figure> + </sect2> + + <sect2 xml:id="bsdinstall-config-network-dev"> + <title>設定網路介面</title> + + <para xml:lang="en">Next, a list of the network interfaces found on the + computer is shown. Select the interface to configure.</para> + + <note> + <para xml:lang="en">The network configuration menus will be skipped if the + network was previously configured as part of a + <emphasis>bootonly</emphasis> installation.</para> + </note> + + <figure xml:id="bsdinstall-configure-net-interface"> + <title>選擇網路介面</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-interface"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">If an Ethernet interface is selected, the installer will + skip ahead to the menu shown in <xref linkend="bsdinstall-configure-net-ipv4"/>. If a wireless + network interface is chosen, the system will instead scan for + wireless access points:</para> + + <figure xml:id="bsdinstall-wireless-scan"> + <title>掃描無線網路存取點</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-wireless-scan"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Wireless networks are identified by a Service Set + Identifier (<acronym>SSID</acronym>), a short, unique name + given to each network. <acronym>SSIDs</acronym> found during + the scan are listed, followed by a description of the + encryption types available for that network. If the desired + <acronym>SSID</acronym> does not appear in the list, select + <guibutton>[ Rescan ]</guibutton> to scan again. If + the desired network still does not appear, check for problems + with antenna connections or try moving the computer closer to + the access point. Rescan after each change is made.</para> + + <figure xml:id="bsdinstall-wireless-accesspoints"> + <title>選擇無線網路</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-wireless-accesspoints"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Next, enter the encryption information for connecting to + the selected wireless network. <acronym>WPA2</acronym> + encryption is strongly recommended as older encryption types, + like <acronym>WEP</acronym>, offer little security. If the + network uses <acronym>WPA2</acronym>, input the password, also + known as the Pre-Shared Key (<acronym>PSK</acronym>). For + security reasons, the characters typed into the input box are + displayed as asterisks.</para> + + <figure xml:id="bsdinstall-wireless-wpa2"> + <title>WPA2 設定</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-wireless-wpa2setup"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Next, choose whether or not an <acronym>IPv4</acronym> + address should be configured on the Ethernet or wireless + interface:</para> + + <figure xml:id="bsdinstall-configure-net-ipv4"> + <title>選擇 <acronym>IPv4</acronym> 網路</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-interface-ipv4"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">There are two methods of <acronym>IPv4</acronym> + configuration. <acronym>DHCP</acronym> will automatically + configure the network interface correctly and should be used + if the network provides a <acronym>DHCP</acronym> server. + Otherwise, the addressing information needs to be input + manually as a static configuration.</para> + + <note> + <para xml:lang="en">Do not enter random network information as it will not + work. If a <acronym>DHCP</acronym> server is not available, + obtain the information listed in <xref linkend="bsdinstall-collect-network-information"/> from + the network administrator or Internet service + provider.</para> + </note> + + <para xml:lang="en">If a <acronym>DHCP</acronym> server is available, select + <guibutton>[ Yes ]</guibutton> in the next menu to + automatically configure the network interface. The installer + will appear to pause for a minute or so as it finds the + <acronym>DHCP</acronym> server and obtains the addressing + information for the system.</para> + + <figure xml:id="bsdinstall-net-ipv4-dhcp"> + <title>選擇 <acronym>IPv4</acronym> <acronym>DHCP</acronym> 設定</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-interface-ipv4-dhcp"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">If a <acronym>DHCP</acronym> server is not available, + select <guibutton>[ No ]</guibutton> and input the + following addressing information in this menu:</para> + + <figure xml:id="bsdinstall-net-ipv4-static"> + <title><acronym>IPv4</acronym> 靜態位置設定</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-interface-ipv4-static"/> + </imageobject> + </mediaobject> + </figure> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>IP Address</literal> - The + <acronym>IPv4</acronym> address assigned to this computer. + The address must be unique and not already in use by + another piece of equipment on the local network.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Subnet Mask</literal> - The subnet mask for + the network.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Default Router</literal> - The + <acronym>IP</acronym> address of the network's default + gateway.</para> + </listitem> + </itemizedlist> + + <para xml:lang="en">The next screen will ask if the interface should be + configured for <acronym>IPv6</acronym>. If + <acronym>IPv6</acronym> is available and desired, choose + <guibutton>[ Yes ]</guibutton> to select it.</para> + + <figure xml:id="bsdinstall-net-ipv6"> + <title>選擇 IPv6 網路</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-interface-ipv6"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en"><acronym>IPv6</acronym> also has two methods of + configuration. StateLess Address AutoConfiguration + (<acronym>SLAAC</acronym>) will automatically request the + correct configuration information from a local router. Refer + to <link xlink:href="http://tools.ietf.org/html/rfc4862">http://tools.ietf.org/html/rfc4862</link> + for more information. Static configuration requires manual + entry of network information.</para> + + <para xml:lang="en">If an <acronym>IPv6</acronym> router is available, select + <guibutton>[ Yes ]</guibutton> in the next menu to + automatically configure the network interface. The installer + will appear to pause for a minute or so as it finds the router + and obtains the addressing information for the system.</para> + + <figure xml:id="bsdinstall-net-ipv6-slaac"> + <title>選擇 IPv6 SLAAC 設定</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-interface-slaac"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">If an <acronym>IPv6</acronym> router is not available, + select <guibutton>[ No ]</guibutton> and input the + following addressing information in this menu:</para> + + <figure xml:id="bsdinstall-net-ipv6-static"> + <title>IPv6 靜態位置設定</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-interface-ipv6-static"/> + </imageobject> + </mediaobject> + </figure> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>IPv6 Address</literal> - The + <acronym>IPv6</acronym> address assigned to this computer. + The address must be unique and not already in use by + another piece of equipment on the local network.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Default Router</literal> - The + <acronym>IPv6</acronym> address of the network's default + gateway.</para> + </listitem> + </itemizedlist> + + <para xml:lang="en">The last network configuration menu is used to configure + the Domain Name System (<acronym>DNS</acronym>) resolver, + which converts hostnames to and from network addresses. If + <acronym>DHCP</acronym> or <acronym>SLAAC</acronym> was used + to autoconfigure the network interface, the <literal>Resolver + Configuration</literal> values may already be filled in. + Otherwise, enter the local network's domain name in the + <literal>Search</literal> field. <literal>DNS #1</literal> + and <literal>DNS #2</literal> are the <acronym>IPv4</acronym> + and/or <acronym>IPv6</acronym> addresses of the + <acronym>DNS</acronym> servers. At least one + <acronym>DNS</acronym> server is required.</para> + + <figure xml:id="bsdinstall-net-dns-config"> + <title>DNS 設定</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-configure-network-ipv4-dns"/> + </imageobject> + </mediaobject> + </figure> + </sect2> + + <sect2 xml:id="bsdinstall-timezone"> + <title>設定時區</title> + + <para xml:lang="en">The next menu asks if the system clock uses + <acronym>UTC</acronym> or local time. When in doubt, select + <guibutton>[ No ]</guibutton> to choose the more + commonly-used local time.</para> + + <figure xml:id="bsdinstall-local-utc"> + <title>選擇本地或 UTC 時鐘</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-set-clock-local-utc"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">The next series of menus are used to determine the correct + local time by selecting the geographic region, country, and + time zone. Setting the time zone allows the system to + automatically correct for regional time changes, such as + daylight savings time, and perform other time zone related + functions properly.</para> + + <para xml:lang="en">The example shown here is for a machine located in the + Eastern time zone of the United States. The selections will + vary according to the geographical location.</para> + + <figure xml:id="bsdinstall-timezone-region"> + <title>選擇區域</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-timezone-region"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">The appropriate region is selected using the arrow keys + and then pressing <keycap>Enter</keycap>.</para> + + <figure xml:id="bsdinstall-timezone-country"> + <title>選擇城市</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-timezone-country"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Select the appropriate country using the arrow keys and + press <keycap>Enter</keycap>.</para> + + <figure xml:id="bsdinstall-timezone-zone"> + <title>選擇時區</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-timezone-zone"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">The appropriate time zone is selected using the arrow keys + and pressing <keycap>Enter</keycap>.</para> + + <figure xml:id="bsdinstall-timezone-confirmation"> + <title>確認時區</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-timezone-confirm"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Confirm the abbreviation for the time zone is correct. If + it is, press <keycap>Enter</keycap> to continue with the + post-installation configuration.</para> + </sect2> + + <sect2 xml:id="bsdinstall-sysconf"> + <title>開啟服務</title> + + <para xml:lang="en">The next menu is used to configure which system services + will be started whenever the system boots. All of these + services are optional. Only start the services that are + needed for the system to function.</para> + + <figure xml:id="bsdinstall-config-serv"> + <title>選擇要開啟的其他服務</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-config-services"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Here is a summary of the services which can be enabled in + this menu:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>sshd</literal> - The Secure Shell + (<acronym>SSH</acronym>) daemon is used to remotely access + a system over an encrypted connection. Only enable this + service if the system should be available for remote + logins.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>moused</literal> - Enable this service if the + mouse will be used from the command-line system + console.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>ntpd</literal> - The Network Time Protocol + (<acronym>NTP</acronym>) daemon for automatic clock + synchronization. Enable this service if there is a + <trademark class="registered">Windows</trademark>, Kerberos, or <acronym>LDAP</acronym> server on + the network.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>powerd</literal> - System power control + utility for power control and energy saving.</para> + </listitem> + </itemizedlist> + </sect2> + + <sect2 xml:id="bsdinstall-crashdump"> + <title>開啟 Crash Dumps</title> + + <para xml:lang="en">The next menu is used to configure whether or not crash + dumps should be enabled. Enabling crash dumps can be useful + in debugging issues with the system, so users are encouraged + to enable crash dumps.</para> + + <figure xml:id="bsdinstall-config-crashdump"> + <title>開啟 Crash Dumps</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-config-crashdump"/> + </imageobject> + </mediaobject> + </figure> + </sect2> + + <sect2 xml:id="bsdinstall-addusers"> + <title>新增使用者</title> + + <para xml:lang="en">The next menu prompts to create at least one user account. + It is recommended to login to the system using a user account + rather than as <systemitem class="username">root</systemitem>. + When logged in as <systemitem class="username">root</systemitem>, there are essentially no + limits or protection on what can be done. Logging in as a + normal user is safer and more secure.</para> + + <para xml:lang="en">Select <guibutton>[ Yes ]</guibutton> to add new + users.</para> + + <figure xml:id="bsdinstall-add-user1"> + <title>新增使用者帳號</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-adduser1"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Follow the prompts and input the requested information for + the user account. The example shown in <xref linkend="bsdinstall-add-user2"/> creates the <systemitem class="username">asample</systemitem> user account.</para> + + <figure xml:id="bsdinstall-add-user2"> + <title>輸入使用者資訊</title> + + <mediaobject> + <imageobject> + <imagedata fileref="bsdinstall/bsdinstall-adduser2"/> + </imageobject> + </mediaobject> + </figure> + + <para xml:lang="en">Here is a summary of the information to input:</para> + + <itemizedlist> + <listitem> + <para xml:lang="en"><literal>Username</literal> - The name the user will + enter to log in. A common convention is to use the first + letter of the first name combined with the last name, as + long as each username is unique for the system. The + username is case sensitive and should not contain any + spaces.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Full name</literal> - The user's full name. + This can contain spaces and is used as a description for + the user account.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Uid</literal> - User <acronym>ID</acronym>. + Typically, this is left blank so the system will assign a + value.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Login group</literal> - The user's group. + Typically this is left blank to accept the default.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Invite <replaceable>user</replaceable> into + other groups?</literal> - Additional groups to which the + user will be added as a member. If the user needs + administrative access, type <literal>wheel</literal> + here.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Login class</literal> - Typically left blank + for the default.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Shell</literal> - Type in one of the listed + values to set the interactive shell for the user. Refer + to <xref linkend="shells"/> for more information about + shells.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Home directory</literal> - The user's home + directory. The default is usually correct.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Home directory permissions</literal> - + Permissions on the user's home directory. The default is + usually correct.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Use password-based authentication?</literal> + - Typically <literal>yes</literal> so that the user is + prompted to input their password at login.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Use an empty password?</literal> - + Typically <literal>no</literal> as it is insecure to have + a blank password.</para> + </listitem> + + <listitem> + <para xml:lang="en"><literal>Use a random password?</literal> - Typically + <literal>no</literal> so that the user can set their own + password in th |