UNIX System Administration Handbook - Evi Nemeth [200]
The S in the default route indicates that it is a static route and therefore should not be removed by a routing protocol.
The following example is from a FreeBSD 4.0 machine that is running both IPv4 and IPv6. The standard ifconfig command can be used to configure the interface and to display its configuration, even for IPv6.
% ifconfig fxp1
fxp1: flags=8943 inet 135.197.1.116 netmask 0xffffff00 broadcast 135.197.1.255 inet6 fe80::208:c7ff:fe89:4f03%fxp1 prefixlen 64 scopeid 0x2 ether 00:08:c7:89:4f:03 media: autoselect (100baseTX supported media: autoselect 100baseTX 10baseT/UTP DHCP configuration for FreeBSD dhcp_program="/sbin/dhclient" # Path to dhcp client dhcp_flags="" # Flags to pass to client These values are probably right and don’t need to be changed unless you move the dhclient program or want to use a different one. To turn on DHCP for a particular interface, add a line such as the following to /etc/rc.conf: ifconfig_interface="DHCP" # DHCP on this interface This configuration will start dhclient at boot time if the file /etc/dhclient.conf exists. dhclient takes care of getting the IP address for the interface, installing a default route, pointing to the right name server, etc. dhclient.conf is a free-form text configuration file similar in appearance to that of BIND or the ISC DHCP server. There are way too many options and behavior parameters to be described here. Conveniently, the defaults are quite sensible, so an empty /etc/dhclient.conf file usually is sufficient for basic network autoconfiguration. dhclient keeps its lease information in a file named dhclient.leases and its process ID in /var/run/dhclient.pid. Dynamic reconfiguration and tuning for FreeBSD sysctl -A displays the variables and their current values. Network-related variables all have “net” in their names, so the command sysctl -A | grep net limits the display to those variables. To get the value of a specific variable, just name it on the sysctl command line. For example, you could use the following command to see if a host forwards IP packets: % sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 The 1 means yes. To change a variable’s value, use the -w flag and assign a new value with an equals sign (=): % sudo sysctl -w net.inet.ip.forwarding=0 net.inet.ip.forwarding: 1 -> 0 We have just turned off IP forwarding. Security, firewalls, filters, and NAT for FreeBSD Table 13.23 Security-related network behaviors in FreeBSD a. Also icmp_log_redirect to log them. It’s not a good idea to use a UNIX or NT box as a network firewall, especially at a corporate site that has important data on-line. A dedicated hardware solution such as Cisco’s PIX is a far more secure and reliable solution. That said, UNIX
FreeBSD ships ISC’s DHCP client. Its use is configured in the rc.conf files. The default values set in /etc/defaults/rc.conf are
FreeBSD uses the sysctl command to get or set kernel variables. Hundreds of different variables are defined, of which about 65 are related to networking. The sysctl(3) man page lists the variables and their meanings.
Table 13.23 shows FreeBSD’s behavior with regard to various security-related network issues. For a brief description of the implications of these behaviors, see page 295. The third column of Table 13.23 shows how to change each behavior; the listed variables should be set in /etc/rc.conf, not set with sysctl.