|
version 1.4, 2015/06/19 18:13:41
|
version 1.5, 2015/06/19 19:18:31
|
|
Line 14 take the i386/GENERIC config file as an
|
Line 14 take the i386/GENERIC config file as an
|
| platforms should contain similar information, the comments in the config files |
platforms should contain similar information, the comments in the config files |
| give additional hints. Besides the information given here, each kernel option is |
give additional hints. Besides the information given here, each kernel option is |
| also documented in the |
also documented in the |
| [options(4)](http://netbsd.gw.com/cgi-bin/man-cgi?options+4+NetBSD-5.0.1+i386) |
[[!template id=man name="options" section="4"]] |
| manpage, and there is usually a manpage for each driver too, e.g. |
manpage, and there is usually a manpage for each driver too, e.g. |
| [tlp(4)](http://netbsd.gw.com/cgi-bin/man-cgi?tlp+4+NetBSD-5.0.1+i386). |
[[!template id=man name="tlp" section="4"]]. |
| |
|
| The first line of each config file shows the version. It can be used to compare |
The first line of each config file shows the version. It can be used to compare |
| against other versions via CVS, or when reporting bugs. |
against other versions via CVS, or when reporting bugs. |
|
Line 25 against other versions via CVS, or when
|
Line 25 against other versions via CVS, or when
|
| |
|
| If you want to run the Network Time Protocol (NTP), this option can be enabled |
If you want to run the Network Time Protocol (NTP), this option can be enabled |
| for maximum precision. If the option is not present, NTP will still work. See |
for maximum precision. If the option is not present, NTP will still work. See |
| [ntpd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ntpd+8+NetBSD-5.0.1+i386) for |
[[!template id=man name="ntpd" section="8"]] for |
| more information. |
more information. |
| |
|
| file-system NFS # Network File System client |
file-system NFS # Network File System client |
|
Line 46 information on NFS.
|
Line 46 information on NFS.
|
| If you want to setup a router that forwards packets between networks or network |
If you want to setup a router that forwards packets between networks or network |
| interfaces, setting this option is needed. It doesn't only switch on packet |
interfaces, setting this option is needed. It doesn't only switch on packet |
| forwarding, but also increases some buffers. See |
forwarding, but also increases some buffers. See |
| [options(4)](http://netbsd.gw.com/cgi-bin/man-cgi?options+4+NetBSD-5.0.1+i386) |
[[!template id=man name="options" section="4"]] |
| for details. |
for details. |
| |
|
| options INET # IP + ICMP + TCP + UDP |
options INET # IP + ICMP + TCP + UDP |
|
Line 54 for details.
|
Line 54 for details.
|
| This enables the TCP/IP code in the kernel. Even if you don't want/use |
This enables the TCP/IP code in the kernel. Even if you don't want/use |
| networking, you will still need this for machine-internal communication of |
networking, you will still need this for machine-internal communication of |
| subsystems like the X Window System. See |
subsystems like the X Window System. See |
| [inet(4)](http://netbsd.gw.com/cgi-bin/man-cgi?inet+4+NetBSD-5.0.1+i386) for |
[[!template id=man name="inet" section="4"]] for |
| more details. |
more details. |
| |
|
| options INET6 # IPV6 |
options INET6 # IPV6 |
|
Line 62 more details.
|
Line 62 more details.
|
| If you want to use IPv6, this is your option. If you don't want IPv6, which is |
If you want to use IPv6, this is your option. If you don't want IPv6, which is |
| part of NetBSD since the 1.5 release, you can remove/comment out that option. |
part of NetBSD since the 1.5 release, you can remove/comment out that option. |
| See the |
See the |
| [inet6(4)](http://netbsd.gw.com/cgi-bin/man-cgi?inet6+4+NetBSD-5.0.1+i386) |
[[!template id=man name="inet6" section="4"]] |
| manpage and [[Next generation Internet protocol - |
manpage and [[Next generation Internet protocol - |
| IPv6|guide/net-intro#ipv6-intro]] for more information on the next generation |
IPv6|guide/net-intro#ipv6-intro]] for more information on the next generation |
| Internet protocol. |
Internet protocol. |
|
Line 72 Internet protocol.
|
Line 72 Internet protocol.
|
| Includes support for the IPsec protocol, including key and policy management, |
Includes support for the IPsec protocol, including key and policy management, |
| authentication and compression. This option can be used without the previous |
authentication and compression. This option can be used without the previous |
| option INET6, if you just want to use IPsec with IPv4, which is possible. See |
option INET6, if you just want to use IPsec with IPv4, which is possible. See |
| [ipsec(4)](http://netbsd.gw.com/cgi-bin/man-cgi?ipsec+4+NetBSD-5.0.1+i386) for |
[[!template id=man name="ipsec" section="4"]] for |
| more information. |
more information. |
| |
|
| #options IPSEC_ESP # IP security (encryption part; define w/IPSEC) |
#options IPSEC_ESP # IP security (encryption part; define w/IPSEC) |
|
Line 83 This option is needed in addition to IPS
|
Line 83 This option is needed in addition to IPS
|
| |
|
| If multicast services like the MBone services should be routed, this option |
If multicast services like the MBone services should be routed, this option |
| needs to be included. Note that the routing itself is controlled by the |
needs to be included. Note that the routing itself is controlled by the |
| [mrouted(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mrouted+8+NetBSD-5.0.1+i386) |
[[!template id=man name="mrouted" section="8"]] |
| daemon. |
daemon. |
| |
|
| options ISO,TPIP # OSI |
options ISO,TPIP # OSI |
|
Line 91 daemon.
|
Line 91 daemon.
|
| |
|
| These options include the OSI protocol stack, which was said for a long time to |
These options include the OSI protocol stack, which was said for a long time to |
| be the future of networking. It's mostly history these days. :-) See the |
be the future of networking. It's mostly history these days. :-) See the |
| [iso(4)](http://netbsd.gw.com/cgi-bin/man-cgi?iso+4+NetBSD-5.0.1+i386) manpage |
[[!template id=man name="iso" section="4"]] manpage |
| for more information. |
for more information. |
| |
|
| options NETATALK # AppleTalk networking protocols |
options NETATALK # AppleTalk networking protocols |
|
Line 100 Include support for the AppleTalk protoc
|
Line 100 Include support for the AppleTalk protoc
|
| needed to make use of that. See pkgsrc/net/netatalk and pkgsrc/net/netatalk-asun |
needed to make use of that. See pkgsrc/net/netatalk and pkgsrc/net/netatalk-asun |
| for such packages. More information on the AppleTalk protocol and protocol stack |
for such packages. More information on the AppleTalk protocol and protocol stack |
| are available in the |
are available in the |
| [atalk(4)](http://netbsd.gw.com/cgi-bin/man-cgi?atalk+4+NetBSD-5.0.1+i386) |
[[!template id=man name="atalk" section="4"]] |
| manpage. |
manpage. |
| |
|
| options PPP_BSDCOMP # BSD-Compress compression support for PPP |
options PPP_BSDCOMP # BSD-Compress compression support for PPP |
|
Line 115 enables code to filter some packets.
|
Line 115 enables code to filter some packets.
|
| options IPFILTER_LOG # ipmon(8) log support |
options IPFILTER_LOG # ipmon(8) log support |
| |
|
| These options enable firewalling in NetBSD, using IPFilter. See the |
These options enable firewalling in NetBSD, using IPFilter. See the |
| [ipf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?ipf+4+NetBSD-5.0.1+i386) and |
[[!template id=man name="ipf" section="4"]] and |
| [ipf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ipf+8+NetBSD-5.0.1+i386) manpages |
[[!template id=man name="ipf" section="8"]] manpages |
| for more information on operation of IPFilter, and [[Configuring the |
for more information on operation of IPFilter, and [[Configuring the |
| gateway/firewall|guide/net-practice#ipnat-configuring-gateway]] for a |
gateway/firewall|guide/net-practice#ipnat-configuring-gateway]] for a |
| configuration example. |
configuration example. |
|
Line 135 broadcast-address to `0`. The `TCP_COMPA
|
Line 135 broadcast-address to `0`. The `TCP_COMPA
|
| |
|
| These options enable lookup of data via DHCP or the BOOTPARAM protocol if the |
These options enable lookup of data via DHCP or the BOOTPARAM protocol if the |
| kernel is told to use a NFS root file system. See the |
kernel is told to use a NFS root file system. See the |
| [diskless(8)](http://netbsd.gw.com/cgi-bin/man-cgi?diskless+8+NetBSD-5.0.1+i386) |
[[!template id=man name="diskless" section="8"]] |
| manpage for more information. |
manpage for more information. |
| |
|
| # Kernel root file system and dump configuration. |
# Kernel root file system and dump configuration. |
|
Line 165 Others with attachment on USB, PCMCIA or
|
Line 165 Others with attachment on USB, PCMCIA or
|
| This rather long list contains all sorts of network drivers. Please pick the one |
This rather long list contains all sorts of network drivers. Please pick the one |
| that matches your hardware, according to the comments. For most drivers, there's |
that matches your hardware, according to the comments. For most drivers, there's |
| also a manual page available, e.g. |
also a manual page available, e.g. |
| [tlp(4)](http://netbsd.gw.com/cgi-bin/man-cgi?tlp+4+NetBSD-5.0.1+i386), |
[[!template id=man name="tlp" section="4"]], |
| [ne(4)](http://netbsd.gw.com/cgi-bin/man-cgi?ne+4+NetBSD-5.0.1+i386), etc. |
[[!template id=man name="ne" section="4"]], etc. |
| |
|
| # MII/PHY support |
# MII/PHY support |
| |
|
| This section lists media independent interfaces for network cards. Pick one that |
This section lists media independent interfaces for network cards. Pick one that |
| matches your hardware. If in doubt, enable them all and see what the kernel |
matches your hardware. If in doubt, enable them all and see what the kernel |
| picks. See the |
picks. See the |
| [mii(4)](http://netbsd.gw.com/cgi-bin/man-cgi?mii+4+NetBSD-5.0.1+i386) manpage |
[[!template id=man name="mii" section="4"]] manpage |
| for more information. |
for more information. |
| |
|
| # USB Ethernet adapters |
# USB Ethernet adapters |
|
Line 192 for more information.
|
Line 192 for more information.
|
| This pseudo-device allows sniffing packets of all sorts. It's needed for |
This pseudo-device allows sniffing packets of all sorts. It's needed for |
| tcpdump, but also rarpd and some other applications that need to know about |
tcpdump, but also rarpd and some other applications that need to know about |
| network traffic. See |
network traffic. See |
| [bpf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?bpf+4+NetBSD-5.0.1+i386) for more |
[[!template id=man name="bpf" section="4"]] for more |
| information. |
information. |
| |
|
| pseudo-device ipfilter # IP filter (firewall) and NAT |
pseudo-device ipfilter # IP filter (firewall) and NAT |
| |
|
| This one enables the IPFilter's packet filtering kernel interface used for |
This one enables the IPFilter's packet filtering kernel interface used for |
| firewalling, NAT (IP Masquerading) etc. See |
firewalling, NAT (IP Masquerading) etc. See |
| [ipf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?ipf+4+NetBSD-5.0.1+i386) and |
[[!template id=man name="ipf" section="4"]] and |
| [Configuring the gateway/firewall|guide/net-practice#ipnat-configuring-gateway]] |
[Configuring the gateway/firewall|guide/net-practice#ipnat-configuring-gateway]] |
| for more information. |
for more information. |
| |
|
|
Line 207 for more information.
|
Line 207 for more information.
|
| |
|
| This is the `lo0` software loopback network device which is used by some |
This is the `lo0` software loopback network device which is used by some |
| programs these days, as well as for routing things. It should not be omitted. |
programs these days, as well as for routing things. It should not be omitted. |
| See [lo(4)](http://netbsd.gw.com/cgi-bin/man-cgi?lo+4+NetBSD-5.0.1+i386) for |
See [[!template id=man name="lo" section="4"]] for |
| more details. |
more details. |
| |
|
| pseudo-device ppp 2 # Point-to-Point Protocol |
pseudo-device ppp 2 # Point-to-Point Protocol |
| |
|
| If you want to use PPP either over a serial interface or ethernet (PPPoE), you |
If you want to use PPP either over a serial interface or ethernet (PPPoE), you |
| will need this option. See |
will need this option. See |
| [ppp(4)](http://netbsd.gw.com/cgi-bin/man-cgi?ppp+4+NetBSD-5.0.1+i386) for |
[[!template id=man name="ppp" section="4"]] for |
| details on this interface. |
details on this interface. |
| |
|
| pseudo-device sl 2 # Serial Line IP |
pseudo-device sl 2 # Serial Line IP |
|
Line 222 details on this interface.
|
Line 222 details on this interface.
|
| Serial Line IP is a simple encapsulation for IP over (well :) serial lines. It |
Serial Line IP is a simple encapsulation for IP over (well :) serial lines. It |
| does not include negotiation of IP addresses and other options, which is the |
does not include negotiation of IP addresses and other options, which is the |
| reason that it's not in widespread use today any more. See |
reason that it's not in widespread use today any more. See |
| [sl(4)](http://netbsd.gw.com/cgi-bin/man-cgi?sl+4+NetBSD-5.0.1+i386). |
[[!template id=man name="sl" section="4"]]. |
| |
|
| pseudo-device strip 2 # Starmode Radio IP (Metricom) |
pseudo-device strip 2 # Starmode Radio IP (Metricom) |
| |
|
| If you happen to have one of the old Metricom Ricochet packet radio wireless |
If you happen to have one of the old Metricom Ricochet packet radio wireless |
| network devices, use this pseudo-device to use it. See the |
network devices, use this pseudo-device to use it. See the |
| [strip(4)](http://netbsd.gw.com/cgi-bin/man-cgi?strip+4+NetBSD-5.0.1+i386) |
[[!template id=man name="strip" section="4"]] |
| manpage for detailed information. |
manpage for detailed information. |
| |
|
| pseudo-device tun 2 # network tunneling over tty |
pseudo-device tun 2 # network tunneling over tty |
|
Line 237 This network device can be used to tunne
|
Line 237 This network device can be used to tunne
|
| `/dev/tun*`. Packets routed to the tun0 interface can be read from `/dev/tun0`, |
`/dev/tun*`. Packets routed to the tun0 interface can be read from `/dev/tun0`, |
| and data written to `/dev/tun0` will be sent out the tun0 network interface. |
and data written to `/dev/tun0` will be sent out the tun0 network interface. |
| This can be used to implement e.g. QoS routing in userland. See |
This can be used to implement e.g. QoS routing in userland. See |
| [tun(4)](http://netbsd.gw.com/cgi-bin/man-cgi?tun+4+NetBSD-5.0.1+i386) for |
[[!template id=man name="tun" section="4"]] for |
| details. |
details. |
| |
|
| pseudo-device gre 2 # generic L3 over IP tunnel |
pseudo-device gre 2 # generic L3 over IP tunnel |
| |
|
| The GRE encapsulation can be used to tunnel arbitrary layer 3 packets over IP, |
The GRE encapsulation can be used to tunnel arbitrary layer 3 packets over IP, |
| e.g. to implement VPNs. See |
e.g. to implement VPNs. See |
| [gre(4)](http://netbsd.gw.com/cgi-bin/man-cgi?gre+4+NetBSD-5.0.1+i386) for more. |
[[!template id=man name="gre" section="4"]] for more. |
| |
|
| pseudo-device gif 4 # IPv[46] over IPv[46] tunnel (RFC 1933) |
pseudo-device gif 4 # IPv[46] over IPv[46] tunnel (RFC 1933) |
| |
|
| Using the GIF interface allows to tunnel e.g. IPv6 over IPv4, which can be used |
Using the GIF interface allows to tunnel e.g. IPv6 over IPv4, which can be used |
| to get IPv6 connectivity if no IPv6-capable uplink (ISP) is available. Other |
to get IPv6 connectivity if no IPv6-capable uplink (ISP) is available. Other |
| mixes of operations are possible, too. See the |
mixes of operations are possible, too. See the |
| [gif(4)](http://netbsd.gw.com/cgi-bin/man-cgi?gif+4+NetBSD-5.0.1+i386) manpage |
[[!template id=man name="gif" section="4"]] manpage |
| for some examples. |
for some examples. |
| |
|
| #pseudo-device faith 1 # IPv[46] tcp relay translation i/f |
#pseudo-device faith 1 # IPv[46] tcp relay translation i/f |
| |
|
| The faith interface captures IPv6 TCP traffic, for implementing userland |
The faith interface captures IPv6 TCP traffic, for implementing userland |
| IPv6-to-IPv4 TCP relays e.g. for protocol transitions. See the |
IPv6-to-IPv4 TCP relays e.g. for protocol transitions. See the |
| [faith(4)](http://netbsd.gw.com/cgi-bin/man-cgi?faith+4+NetBSD-5.0.1+i386) |
[[!template id=man name="faith" section="4"]] |
| manpage for more details on this device. |
manpage for more details on this device. |
| |
|
| #pseudo-device stf 1 # 6to4 IPv6 over IPv4 encapsulation |
#pseudo-device stf 1 # 6to4 IPv6 over IPv4 encapsulation |
|
Line 266 manpage for more details on this device.
|
Line 266 manpage for more details on this device.
|
| This adds a network device that can be used to tunnel IPv6 over IPv4 without |
This adds a network device that can be used to tunnel IPv6 over IPv4 without |
| setting up a configured tunnel before. The source address of outgoing packets |
setting up a configured tunnel before. The source address of outgoing packets |
| contains the IPv4 address, which allows routing replies back via IPv4. See the |
contains the IPv4 address, which allows routing replies back via IPv4. See the |
| [stf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?stf+4+NetBSD-5.0.1+i386) manpage |
[[!template id=man name="stf" section="4"]] manpage |
| and [IPv6 Connectivity & Transition via 6to4|guide/net-practice#ipv6-6to4]] for |
and [IPv6 Connectivity & Transition via 6to4|guide/net-practice#ipv6-6to4]] for |
| more details. |
more details. |
| |
|
|
Line 277 tagging Ethernet frames with a `vlan` ID
|
Line 277 tagging Ethernet frames with a `vlan` ID
|
| (that also have to support VLAN, of course), this can be used to build virtual |
(that also have to support VLAN, of course), this can be used to build virtual |
| LANs where one set of machines doesn't see traffic from the other (broadcast and |
LANs where one set of machines doesn't see traffic from the other (broadcast and |
| other). The |
other). The |
| [vlan(4)](http://netbsd.gw.com/cgi-bin/man-cgi?vlan+4+NetBSD-5.0.1+i386) manpage |
[[!template id=man name="vlan" section="4"]] manpage |
| tells more about this. |
tells more about this. |
| |
|
| ## Overview of the network configuration files |
## Overview of the network configuration files |
|
Line 401 to the provider is alan, an example conn
|
Line 401 to the provider is alan, an example conn
|
| |
|
| In the previous example, the script specifies a *chat file* to be used for the |
In the previous example, the script specifies a *chat file* to be used for the |
| connection. The options in the script are detailed in the |
connection. The options in the script are detailed in the |
| [pppd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?pppd+8+NetBSD-5.0.1+i386) man |
[[!template id=man name="pppd" section="8"]] man |
| page. |
page. |
| |
|
| ### Note |
### Note |
|
Line 413 connection script
|
Line 413 connection script
|
| kdebug 4 |
kdebug 4 |
| |
|
| You will get a log of the operations performed when the system tries to connect. |
You will get a log of the operations performed when the system tries to connect. |
| See [pppd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?pppd+8+NetBSD-5.0.1+i386), |
See [[!template id=man name="pppd" section="8"]], |
| [syslog.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?syslog.conf+5+NetBSD-5.0.1+i386). |
[[!template id=man name="syslog.conf" section="5"]]. |
| |
|
| The connection script calls the chat application to deal with the physical |
The connection script calls the chat application to deal with the physical |
| connection (modem initialization, dialing, ...) The parameters to chat can be |
connection (modem initialization, dialing, ...) The parameters to chat can be |
|
Line 431 separate file. If, for example, the tele
|
Line 431 separate file. If, for example, the tele
|
| |
|
| *Note*: If you have problems with the chat file, you can try connecting manually |
*Note*: If you have problems with the chat file, you can try connecting manually |
| to the POP with the |
to the POP with the |
| [cu(1)](http://netbsd.gw.com/cgi-bin/man-cgi?cu+1+NetBSD-5.0.1+i386) program and |
[[!template id=man name="cu" section="1"]] program and |
| verify the exact strings that you are receiving. |
verify the exact strings that you are receiving. |
| |
|
| ### Authentication |
### Authentication |
|
Line 498 The only thing left to do is the creatio
|
Line 498 The only thing left to do is the creatio
|
| noipdefault |
noipdefault |
| |
|
| Check the |
Check the |
| [pppd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?pppd+8+NetBSD-5.0.1+i386) man |
[[!template id=man name="pppd" section="8"]] man |
| page for the meaning of the options. |
page for the meaning of the options. |
| |
|
| ### Testing the modem |
### Testing the modem |
|
Line 506 page for the meaning of the options.
|
Line 506 page for the meaning of the options.
|
| Before activating the link it is a good idea to make a quick modem test, in |
Before activating the link it is a good idea to make a quick modem test, in |
| order to verify that the physical connection and the communication with the |
order to verify that the physical connection and the communication with the |
| modem works. For the test the |
modem works. For the test the |
| [cu(1)](http://netbsd.gw.com/cgi-bin/man-cgi?cu+1+NetBSD-5.0.1+i386) program can |
[[!template id=man name="cu" section="1"]] program can |
| be used, as in the following example. |
be used, as in the following example. |
| |
|
| 1. Create the file `/etc/uucp/port` with the following lines: |
1. Create the file `/etc/uucp/port` with the following lines: |
|
Line 532 be used, as in the following example.
|
Line 532 be used, as in the following example.
|
| |
|
| In the previous example the reset command (ATZ) was sent to the modem, which |
In the previous example the reset command (ATZ) was sent to the modem, which |
| replied with OK: the communication works. To exit |
replied with OK: the communication works. To exit |
| [cu(1)](http://netbsd.gw.com/cgi-bin/man-cgi?cu+1+NetBSD-5.0.1+i386), write |
[[!template id=man name="cu" section="1"]], write |
| `~` (tilde) followed by `.` (dot), as in the example. |
`~` (tilde) followed by `.` (dot), as in the example. |
| |
|
| If the modem doesn't work, check that it is connected to the correct port (i.e. |
If the modem doesn't work, check that it is connected to the correct port (i.e. |
| you are using the right port with |
you are using the right port with |
| [cu(1)](http://netbsd.gw.com/cgi-bin/man-cgi?cu+1+NetBSD-5.0.1+i386). Cables are |
[[!template id=man name="cu" section="1"]]. Cables are |
| a frequent cause of trouble, too. |
a frequent cause of trouble, too. |
| |
|
| When you start |
When you start |
| [cu(1)](http://netbsd.gw.com/cgi-bin/man-cgi?cu+1+NetBSD-5.0.1+i386) and a |
[[!template id=man name="cu" section="1"]] and a |
| message saying `Permission denied` appears, check who is the owner of the |
message saying `Permission denied` appears, check who is the owner of the |
| `/dev/tty##` device, it must be "uucp". For example: |
`/dev/tty##` device, it must be "uucp". For example: |
| |
|
|
Line 614 The two scripts must be executable:
|
Line 614 The two scripts must be executable:
|
| |
|
| If you find yourself to always run the same set of commands each time you dial |
If you find yourself to always run the same set of commands each time you dial |
| in, you can put them in a script `/etc/ppp/ip-up` which will be called by |
in, you can put them in a script `/etc/ppp/ip-up` which will be called by |
| [pppd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?pppd+8+NetBSD-5.0.1+i386) after |
[[!template id=man name="pppd" section="8"]] after |
| successful dial-in. Likewise, before the connection is closed down, |
successful dial-in. Likewise, before the connection is closed down, |
| `/etc/ppp/ip-down` is executed. Both scripts are expected to be executable. See |
`/etc/ppp/ip-down` is executed. Both scripts are expected to be executable. See |
| [pppd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?pppd+8+NetBSD-5.0.1+i386) for |
[[!template id=man name="pppd" section="8"]] for |
| more details. |
more details. |
| |
|
| ## Creating a small home network |
## Creating a small home network |
|
Line 915 The first step is to make sure support f
|
Line 915 The first step is to make sure support f
|
| running kernel. Support is included in the GENERIC kernel. |
running kernel. Support is included in the GENERIC kernel. |
| |
|
| When the system is ready the bridge can be created, this can be done using the |
When the system is ready the bridge can be created, this can be done using the |
| [brconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?brconfig+8+NetBSD-current) |
[[!template id=man name="brconfig" section="8"]] |
| command. First of a bridge interface has to be created. With the following |
command. First of a bridge interface has to be created. With the following |
| `ifconfig` command the `bridge0` interface will be created: |
`ifconfig` command the `bridge0` interface will be created: |
| |
|
|
Line 1112 example for such a configured tunnel is
|
Line 1112 example for such a configured tunnel is
|
| described in |
described in |
| [RFC1933](http://tools.ietf.org/html/rfc1933) ("RFC 1933: Transition Mechanisms |
[RFC1933](http://tools.ietf.org/html/rfc1933) ("RFC 1933: Transition Mechanisms |
| for IPv6 Hosts and Routers"), and that's implemented e.g. by the |
for IPv6 Hosts and Routers"), and that's implemented e.g. by the |
| [gif(4)](http://netbsd.gw.com/cgi-bin/man-cgi?gif+4+NetBSD-5.0.1+i386) |
[[!template id=man name="gif" section="4"]] |
| device found in NetBSD. |
device found in NetBSD. |
| |
|
| An *automatic* tunnel consists of a public server that has some kind of IPv6 |
An *automatic* tunnel consists of a public server that has some kind of IPv6 |
|
Line 1122 registration of the sites using it as up
|
Line 1122 registration of the sites using it as up
|
| protocol is the 6to4 mechanism described in |
protocol is the 6to4 mechanism described in |
| [RFC3056](http://tools.ietf.org/html/rfc3056) ("RFC 3056: Connection of IPv6 |
[RFC3056](http://tools.ietf.org/html/rfc3056) ("RFC 3056: Connection of IPv6 |
| Domains via IPv4 Clouds"), and that is implemented in the |
Domains via IPv4 Clouds"), and that is implemented in the |
| [stf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?stf+4+NetBSD-5.0.1+i386) device |
[[!template id=man name="stf" section="4"]] device |
| found in NetBSD's. Another mechanism that does not require registration of |
found in NetBSD's. Another mechanism that does not require registration of |
| IPv6-information is the 6over4 mechanism, which implements transporting of IPv6 |
IPv6-information is the 6over4 mechanism, which implements transporting of IPv6 |
| over a multicast-enabled IPv4 network, instead of e.g. ethernet or FDDI. 6over4 |
over a multicast-enabled IPv4 network, instead of e.g. ethernet or FDDI. 6over4 |
|
Line 1198 them:
|
Line 1198 them:
|
| * subnet broadcast address as source/destination: depends on your IPv4 setup |
* subnet broadcast address as source/destination: depends on your IPv4 setup |
| |
|
| The NetBSD |
The NetBSD |
| [stf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?stf+4+NetBSD-5.0.1+i386) manual |
[[!template id=man name="stf" section="4"]] manual |
| page documents some common configuration mistakes intercepted by default by the |
page documents some common configuration mistakes intercepted by default by the |
| KAME stack as well as some further advice on filtering, but keep in mind that |
KAME stack as well as some further advice on filtering, but keep in mind that |
| because of the requirement of these filters, 6to4 is not perfectly secure. |
because of the requirement of these filters, 6to4 is not perfectly secure. |
|
Line 1241 it for using IPv6 and 6to4, e.g. on NetB
|
Line 1241 it for using IPv6 and 6to4, e.g. on NetB
|
| pseudo-device stf # 6to4 IPv6 over IPv4 encapsulation |
pseudo-device stf # 6to4 IPv6 over IPv4 encapsulation |
| |
|
| Note that the |
Note that the |
| [stf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?stf+4+NetBSD-5.0.1+i386) device is |
[[!template id=man name="stf" section="4"]] device is |
| not enabled by default on NetBSD releases older than 4.0. Rebuild your kernel, |
not enabled by default on NetBSD releases older than 4.0. Rebuild your kernel, |
| then reboot your system to use the new kernel. Please consult |
then reboot your system to use the new kernel. Please consult |
| [[Compiling the kernel|guide/kernel]] for further information on configuring, |
[[Compiling the kernel|guide/kernel]] for further information on configuring, |
|
Line 1258 here are:
|
Line 1258 here are:
|
| |
|
| The first step in setting up 6to4 is creating the 6to4 interface and assigning |
The first step in setting up 6to4 is creating the 6to4 interface and assigning |
| an IPv6 address to it. This is achieved with the |
an IPv6 address to it. This is achieved with the |
| [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-5.0.1+i386) |
[[!template id=man name="ifconfig" section="8"]] |
| command. Assuming the example configuration above, the commands for NetBSD are: |
command. Assuming the example configuration above, the commands for NetBSD are: |
| |
|
| # ifconfig stf0 create |
# ifconfig stf0 create |
|
Line 1272 NetBSD:
|
Line 1272 NetBSD:
|
| # route add -inet6 default 2002:c058:6301:: |
# route add -inet6 default 2002:c058:6301:: |
| |
|
| Note that NetBSD's |
Note that NetBSD's |
| [stf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?stf+4+NetBSD-5.0.1+i386) device |
[[!template id=man name="stf" section="4"]] device |
| determines the IPv4 address of the 6to4 uplink from the routing table. Using |
determines the IPv4 address of the 6to4 uplink from the routing table. Using |
| this feature, it is easy to setup your own 6to4 (uplink) gateway if you have an |
this feature, it is easy to setup your own 6to4 (uplink) gateway if you have an |
| IPv6 uplink, e.g. via 6Bone. |
IPv6 uplink, e.g. via 6Bone. |
|
Line 1344 Steps to setup the pkgsrc/net/hf6to4 pac
|
Line 1344 Steps to setup the pkgsrc/net/hf6to4 pac
|
| # make install |
# make install |
| |
|
| 2. Make sure you have the |
2. Make sure you have the |
| [stf(4)](http://netbsd.gw.com/cgi-bin/man-cgi?stf+4+NetBSD-5.0.1+i386) |
[[!template id=man name="stf" section="4"]] |
| pseudo-device in your kernel, see above. |
pseudo-device in your kernel, see above. |
| |
|
| 3. Configure the 'hf6to4' package. First, copy |
3. Configure the 'hf6to4' package. First, copy |
|
Line 1356 Steps to setup the pkgsrc/net/hf6to4 pac
|
Line 1356 Steps to setup the pkgsrc/net/hf6to4 pac
|
| # vi hf6to4.conf |
# vi hf6to4.conf |
| |
|
| Please see the |
Please see the |
| [hf6to4(8)](http://netbsd.gw.com/cgi-bin/man-cgi?hf6to4+8+NetBSD-5.0.1+i386) |
[[!template id=man name="hf6to4" section="8"]] |
| manpage for an explanation of all the variables you can set in |
manpage for an explanation of all the variables you can set in |
| `hf6to4.conf`. If you have dialup IP via PPP, and don't want to run Router |
`hf6to4.conf`. If you have dialup IP via PPP, and don't want to run Router |
| Advertizing for other IPv6 machines on your home or office network, you |
Advertizing for other IPv6 machines on your home or office network, you |
|
Line 1370 Steps to setup the pkgsrc/net/hf6to4 pac
|
Line 1370 Steps to setup the pkgsrc/net/hf6to4 pac
|
| # /usr/pkg/sbin/hf6to4 start |
# /usr/pkg/sbin/hf6to4 start |
| |
|
| 5. After that, you should be connected, use |
5. After that, you should be connected, use |
| [ping6(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ping6+8+NetBSD-5.0.1+i386): to |
[[!template id=man name="ping6" section="8"]]: to |
| see if everything works: |
see if everything works: |
| |
|
| # ping6 www.NetBSD.org |
# ping6 www.NetBSD.org |
|
Line 1512 rules) v4-encapsulated IPv6 packets, all
|
Line 1512 rules) v4-encapsulated IPv6 packets, all
|
| gateway. Of course you only want to do this on one host and use native IPv6 |
gateway. Of course you only want to do this on one host and use native IPv6 |
| between your hosts, and you may also want to enforce this with more restrictive |
between your hosts, and you may also want to enforce this with more restrictive |
| rulesets, please see |
rulesets, please see |
| [ipf.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?ipf.conf+5+NetBSD-5.0.1+i386) |
[[!template id=man name="ipf.conf" section="5"]] |
| for more information on IPFilter rules. |
for more information on IPFilter rules. |
| |
|
| After your firewall lets pass encapsulated IPv6 packets, you may want to set up |
After your firewall lets pass encapsulated IPv6 packets, you may want to set up |
![[BACK]](/icons/back.gif){kind=icon}
Return to net-practice.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / guide