diff options
Diffstat (limited to 'share/man')
| -rw-r--r-- | share/man/man8/rc.conf.8 | 33 | ||||
| -rw-r--r-- | share/man/man8/update.8 | 4 | ||||
| -rw-r--r-- | share/man/man8/vpn.8 | 44 | ||||
| -rw-r--r-- | share/man/man8/yp.8 | 7 |
4 files changed, 48 insertions, 40 deletions
diff --git a/share/man/man8/rc.conf.8 b/share/man/man8/rc.conf.8 index 401f8d5ac39..030c92b4d77 100644 --- a/share/man/man8/rc.conf.8 +++ b/share/man/man8/rc.conf.8 @@ -33,7 +33,7 @@ .Nm rc.conf .Nd system daemon configuration database .Sh DESCRIPTION -This file contains a series of Bourne-shell syntax assinments +This file contains a series of Bourne-shell syntax assignments that are used to configure the system daemons. It is not read by the kernel, but is sourced by various other files in the @@ -41,15 +41,15 @@ in the series in order to set shell variables used therein to control the behaviour of the scripts. .Pp -There are three sections to the file. The first is used to turn features -on or off. For example, whether your system runs the +There are three sections in this file. The first is used to turn features +on or off. For example, whether the system runs the .Nm sendmail daemon is determined by the line in this section .Bd -literal -indent xxx sendmail_flags=NO .Ed .Pp -If you edit this line to contain some valid sendmail daemon command-line +If this line is edited to contain some valid sendmail daemon command-line flags, such as .Bd -literal -indent xxx sendmail_flags="-bd -q30m" @@ -59,28 +59,33 @@ then the sendmail daemon will be started with those options. .Pp The second section contains some other programs that can either be run or not, but that don't need options. They can be set to YES or NO. For example, -the distributed system contains the line +the line .Bd -literal -indent xxx nfs_server=NO .Ed .Pp -which prevents the NFS server daemons from starting. If you wish to -run NFS, you need to change this line's value from NO to YES, -.Sy plus -you also need to make whatever changes are needed for the server -to have something to do (like, set up the exports file). +prevents the NFS server daemons from starting. +To run NFS, just change this line's value from NO to YES, +.Sy and +also make whatever changes are needed for the server +to have something to do (set up the +.Xr exports 5 +file etc.). .Pp The third section contains values that parameterize servers started by one of the first two sections, and are ignored if the corresponding -server is not running. For example, if you enabled +server is not running. For example, if .Nm nfs_server , -you should also be aware of the value here +is enabled, then the line .Bd -literal -indent xxx nfsd_flags="-tun 4" .Ed +provides command-line arguments for the nfs server. .Pp -which starts four copies of the server; on a busy file server you'd -probably change to 8 or more. +This particular line instructs +.Xr nfsd 8 +to start four copies of the server. +On a busy file server, 8 (or more) copies are recommended. .Sh SEE ALSO .Xr init 8 , .Xr rc 8 . diff --git a/share/man/man8/update.8 b/share/man/man8/update.8 index 9bed44103b0..691e9e272af 100644 --- a/share/man/man8/update.8 +++ b/share/man/man8/update.8 @@ -27,7 +27,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: update.8,v 1.4 1996/07/13 22:45:25 millert Exp $ +.\" $OpenBSD: update.8,v 1.5 1998/06/29 05:56:26 angelos Exp $ .\" .Dd June 8, 1996 .Dt UPDATE 8 @@ -44,7 +44,7 @@ command no longer exists, but has been incorporated into the kernel where it will flush dirty buffers that have not been touched for thirty seconds or more. .Pp -The same effect can be seen by using the +The same effect can be obtained by using the .Xr sync 8 command, although the in-kernel .Nm update diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8 index 4d1e61ff6a8..891510346d4 100644 --- a/share/man/man8/vpn.8 +++ b/share/man/man8/vpn.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vpn.8,v 1.3 1998/06/02 09:18:33 provos Exp $ +.\" $OpenBSD: vpn.8,v 1.4 1998/06/29 05:56:28 angelos Exp $ .\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -36,14 +36,13 @@ .Nm vpn .Nd configuring the system for virtual private networks .Sh DESCRIPTION -A virtual private network is used to connect two or more subnets via the -internet. For each subnet there is a security gateway which is connected -via a cryptographically secured tunnel to the security gateway of the other -subnet. In -.Ox +A virtual private network is used to securely connect two or more subnets +over the internet. For each subnet there is a security gateway which is +linked via a cryptographically secured tunnel to the security gateway of +the other subnet. .Xr ipsec 4 -is used to provide the necessary cryptographical services. This document -describes the configuration process for setting up a +is used to provide the necessary network-layer cryptographic services. +This document describes the configuration process for setting up a .Nm VPN . .Pp Both subnets need to configure @@ -62,25 +61,26 @@ and on the security gateway of subnet B: ipsecadm flow -dst gatewA -spi 1 -addr netB netBmask netA netAmask -local .Ed .Pp -Additionally both security gateways need to start the +Furthermore, both security gateways need to start the .Xr photurisd 8 key management daemon with the .Fl v -flag and have to make sure that it is configured properly on both sides to -provide encryption and authentication. +flag and need to make sure that it is configured properly on both sides to +provide the required security services (typically, encryption and +authentication). .Pp -Now .Xr ipf 1 -needs to be configured that all packets from the outside are blocked. -Only packets from the security gateways either on the +needs to be configured such that all packets from the outside are blocked. +Only packets from the security gatewaysm either on the .Pa enc0 -interface or +interface (successfully IPsec-processed packets) or .Tn UDP -packets with source and remote ports of 468 -should be allowed in. +packets with source and remote ports of 468 (Photuris) should be allowed in. .Pp -The ipf rules for a tunnel which only uses ESP on security gateway A -might look like this: +The +.Xr ipf 5 +rules for a tunnel which only uses encryption (the ESP IPsec protocol) +on security gateway A might look like this: .Bd -literal # ed0 is the only interface going to the outside. block in log on ed0 from any to any @@ -99,10 +99,12 @@ pass in on ed0 proto udp from gatewB/32 port = 468 to gatewA/32 port = 468 pass out on ed0 proto udp from gatewA/32 port = 468 to gatewB/32 port = 468 .Ed .Pp -If there are no more ipf rules the quick clause can be added to the last -three rules. +If there are no other +.Xr ipf 5 +rules, the "quick" clause can be added to the last three rules. .Sh SEE ALSO .Xr ipf 1 , +.Xr ipf 5 , .Xr ipsecadm 1 , .Xr ipsec 4 , .Xr photurisd 8 . diff --git a/share/man/man8/yp.8 b/share/man/man8/yp.8 index 2df4d0023e6..d047c7d5301 100644 --- a/share/man/man8/yp.8 +++ b/share/man/man8/yp.8 @@ -110,8 +110,9 @@ hosts file entries through the functions .Xr getpwent 3 , .Xr getgrent 3 and -.Xr gethostbyname 3 -(as well as number of other databases and functions). +.Xr gethostbyname 3 . +A number of other databases can be network-managed as well, +and have their respective functions. .Nm YP also provides hooks for numerous other client programs such as @@ -126,7 +127,7 @@ of their maps through is used to initialize YP as a server or master. This creates various files in .Pa /var/yp . -If setup as a server, the required databases are automatically copied +If setup as a client, the required databases are automatically copied from the specified server. .Pp The |