From owner-svn-doc-all@FreeBSD.ORG Wed May 14 19:58:51 2014 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6EBEB24D; Wed, 14 May 2014 19:58:51 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A9C32459; Wed, 14 May 2014 19:58:51 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EJwpuf024028; Wed, 14 May 2014 19:58:51 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4EJwp64024027; Wed, 14 May 2014 19:58:51 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201405141958.s4EJwp64024027@svn.freebsd.org> From: Dru Lavigne Date: Wed, 14 May 2014 19:58:51 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44832 - head/en_US.ISO8859-1/books/faq X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 19:58:51 -0000 Author: dru Date: Wed May 14 19:58:50 2014 New Revision: 44832 URL: http://svnweb.freebsd.org/changeset/doc/44832 Log: More rewording around "you". Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/faq/book.xml Modified: head/en_US.ISO8859-1/books/faq/book.xml ============================================================================== --- head/en_US.ISO8859-1/books/faq/book.xml Wed May 14 15:52:23 2014 (r44831) +++ head/en_US.ISO8859-1/books/faq/book.xml Wed May 14 19:58:50 2014 (r44832) @@ -4628,7 +4628,7 @@ options SYSVMSG # enable for - Yes, if you configure X for a 5 button mouse. To + Yes, if X is configured for a 5 button mouse. To do this, add the lines Buttons 5 and ZAxisMapping 4 5 to the InputDevice section of @@ -5146,8 +5146,8 @@ Key F15 A A Menu Wo xlink:href="&url.books.handbook;/userppp.html">Handbook entry on user PPP. - If you are using kernel-mode PPP or have an Ethernet - connection to the Internet, you need to use &man.natd.8;. + If the + connection to the Internet is over Ethernet, use &man.natd.8;. A tutorial can be found in the natd section of the Handbook. @@ -5176,10 +5176,10 @@ Key F15 A A Menu Wo - Yes. If you want to use NAT over a user PPP + Yes. For instructions on how to use NAT over a PPP connection, see the Handbook - entry on user PPP. If you want to use NAT over + entry on PPP. To use NAT over some other sort of network connection, look at the natd @@ -5205,7 +5205,7 @@ Key F15 A A Menu Wo &prompt.root; ifconfig ed0 alias 172.16.141.5 netmask 0xffffff00 - You can read more about this in the &os; More information can be found in the &os; Handbook. @@ -5249,23 +5249,11 @@ Key F15 A A Menu Wo - &os; supports multicast host operations by default. - If you want your box to run as a multicast router, you - need to recompile your kernel with the - MROUTING option and run - &man.mrouted.8;. &os; will start &man.mrouted.8; at boot - time if the flag mrouted_enable is set - to YES in - /etc/rc.conf. - - - In recent &os; releases, the &man.mrouted.8; - multicast routing daemon, the &man.map-mbone.8; and - &man.mrinfo.8; utilities have been removed from the base - system. These programs are now available in the &os; - Ports Collection as - net/mrouted. - + Install the net/mrouted package + or port and add + mrouted_enable="YES" to + /etc/rc.conf start this service at + boot time. @@ -5289,25 +5277,25 @@ Key F15 A A Menu Wo - If you have compiled your kernel with the - IPFIREWALL option, you need to be aware + If the kernel is compiled with the + IPFIREWALL option, be aware that the default policy is to deny all packets that are not explicitly allowed. - If you had unintentionally misconfigured your system - for firewalling, you can restore network operability by - typing the following while logged in as If the firewall is unintentionally misconfigured, + restore network operability by + typing the following as root: &prompt.root; ipfw add 65534 allow all from any to any - You can also set + Consider setting firewall_type="open" in /etc/rc.conf. - For further information on configuring a &os; + For further information on configuring this firewall, see the Handbook + xlink:href="&url.books.handbook;/firewalls-ipfw.html">Handbook chapter. @@ -5320,11 +5308,11 @@ Key F15 A A Menu Wo - Possibly because you want to do network address - translation (NAT) and not just forward packets. A - fwd rule does exactly what it says; it - forwards packets. It does not actually change the data - inside the packet. Say we have a rule like: + Possibly because network address + translation (NAT) is needed instead of just forwarding packets. A + fwd rule only + forwards packets, it does not actually change the data + inside the packet. Consider this rule: 01000 fwd 10.0.0.1 from any to foo 21 @@ -5332,9 +5320,9 @@ Key F15 A A Menu Wo foo arrives at the machine with this rule, the packet is forwarded to 10.0.0.1, but it still has the - destination address of foo! + destination address of foo. The destination address of the packet is - not changed to + not changed to 10.0.0.1. Most machines would probably drop a packet that they receive with a destination address that is not their own. Therefore, @@ -5357,10 +5345,11 @@ Key F15 A A Menu Wo - You can redirect FTP (and other service) request with - the sysutils/socket port. - Replace the service's command line to call - socket instead, like so: + FTP and other service requests can be redirected with + the sysutils/socket package or port. + Replace the entry for the service in /etc/inetd.conf to call + socket, as seen in this example for + ftpd: ftp stream tcp nowait nobody /usr/local/bin/socket socket ftp.example.com ftp @@ -5394,9 +5383,9 @@ Key F15 A A Menu Wo - You are running a program that requires the Berkeley - Packet Filter (&man.bpf.4;), but it is not in your kernel. - Add this to your kernel config file and build a new + The running application requires the Berkeley + Packet Filter (&man.bpf.4;), but it was removed from a custom kernel. + Add this to the kernel config file and build a new kernel: device bpf # Berkeley Packet Filter @@ -5426,9 +5415,9 @@ Key F15 A A Menu Wo - This is the kernel telling you that some activity is - provoking it to send more ICMP or TCP reset (RST) - responses than it thinks it should. ICMP responses are + This kernel message indicates that some activity is + provoking it to send a large amount of ICMP or TCP reset (RST) + responses. ICMP responses are often generated as a result of attempted connections to unused UDP ports. TCP resets are generated as a result of attempted connections to unopened TCP ports. Among @@ -5449,27 +5438,26 @@ Key F15 A A Menu Wo - The first number in the message tells you how many + The first number in the message indicates how many packets the kernel would have sent if the limit was not in - place, and the second number tells you the limit. You can - control the limit using the - net.inet.icmp.icmplim sysctl variable - like this, where 300 is the limit in + place, and the second indicates the limit. This limit + is controlled using + net.inet.icmp.icmplim. This example + sets the limit to 300 packets per second: &prompt.root; sysctl net.inet.icmp.icmplim=300 - If you do not want to see messages about this in your - log files, but you still want the kernel to do response - limiting, you can use the - net.inet.icmp.icmplim_output sysctl - variable to disable the output like this: + To disable these messages + without disabling response + limiting, use + net.inet.icmp.icmplim_output + to disable the output: &prompt.root; sysctl net.inet.icmp.icmplim_output=0 - Finally, if you want to disable response limiting, you - can set the net.inet.icmp.icmplim - sysctl variable (see above for an example) to + Finally, to disable response limiting completely, + set net.inet.icmp.icmplim to 0. Disabling response limiting is discouraged for the reasons listed above. @@ -5482,13 +5470,13 @@ Key F15 A A Menu Wo - This means that some device on your local Ethernet is + This means that some device on the local Ethernet is using a MAC address in a format that &os; does not recognize. This is probably caused by someone experimenting with an Ethernet card somewhere else on the - network. You will see this most commonly on cable modem + network. This is most commonly seen on cable modem networks. It is harmless, and should not affect the - performance of your &os; machine. + performance of the &os; system. @@ -5529,14 +5517,14 @@ Key F15 A A Menu Wo into the process from being able to break into the wider system. - The process is said to be able to - play inside the walls. That is, - nothing the process does in regards to executing code - is supposed to be able to breech the walls so you do - not have to do a detailed audit of its code to be able + The process is be able to + run inside the walls. + Since nothing the process does in regards to executing code + is supposed to be able to breech the walls, + a detailed audit of its code is not needed in order to be able to say certain things about its security. - The walls might be a user ID, for example. + The walls might be a user ID, for example. This is the definition used in the &man.security.7; and &man.named.8; man pages. @@ -5645,14 +5633,11 @@ Key F15 A A Menu Wo enabled. The securelevel of a running system can not be - lowered as this would defeat its purpose. If you need - to do a task that requires that the securelevel be - non-positive (e.g., an - installworld or changing the - date), you will have to change the securelevel setting in - /etc/rc.conf (you want to look for - the kern_securelevel and - kern_securelevel_enable variables) and + lowered as this would defeat its purpose. If a task + requires that the securelevel be + non-positive, change the kern_securelevel and + kern_securelevel_enable variables in + /etc/rc.conf and reboot. For more information on securelevel and the specific @@ -5699,8 +5684,8 @@ Key F15 A A Menu Wo queries. Recent versions of it choose a new, random UDP port for each query. This may cause problems for some network configurations, especially if a firewall blocks - incoming UDP packets on particular ports. If you want to - get past that firewall, you can try the + incoming UDP packets on particular ports. To + get past that firewall, try the avoid-v4-udp-ports and avoid-v6-udp-ports options to avoid selecting random port numbers within a blocked @@ -5717,7 +5702,7 @@ Key F15 A A Menu Wo Congratulations, by the way. It is good practice to - read your &man.sockstat.1; output and notice odd + read &man.sockstat.1; output and notice odd things! @@ -5747,39 +5732,37 @@ Key F15 A A Menu Wo Do not worry. toor is an - alternative superuser account (toor is root - spelt backwards). Previously it was created when the - &man.bash.1; shell was installed but now it is created by - default. It is intended to be used with a non-standard - shell so you do not have to change root's default shell. + alternative superuser account, where toor is root + spelled backwards. It is intended to be used with a non-standard + shell so the default shell for root does not need to change. This is important as shells which are not part of the base - distribution (for example a shell installed from ports or - packages) are likely to be installed in + distribution, but are instead installed from ports or + packages, are installed in /usr/local/bin which, by default, resides on a different file system. If root's shell is located in - /usr/local/bin and - /usr (or whatever file system - contains /usr/local/bin) is not - mounted for some reason, /usr/local/bin and the + file system + containing /usr/local/bin) is not + mounted, root will not be able to - log in to fix a problem (although if you reboot into - single-user mode you will be prompted for the path to a - shell). + log in to fix a problem and will have to reboot into + single-user mode in order to enter the path to a + shell. Some people use toor for day-to-day root tasks with a non-standard shell, leaving root, with a standard - shell, for single-user mode or emergencies. By default - you cannot log in using toor as it does not have a password, so log in as root and set a password - for toor if you - want to use it. + for toor before + using it to login. @@ -5796,30 +5779,28 @@ Key F15 A A Menu Wo - You should first read the &man.ppp.8; manual page and + First, read &man.ppp.8; and the PPP - section of the Handbook. Enable logging with the + section of the Handbook. To assist in + troubleshooting, enable logging with the following command: set log Phase Chat Connect Carrier lcp ipcp ccp command This command may be typed at the &man.ppp.8; command - prompt or it may be entered in the - /etc/ppp/ppp.conf configuration file - (the start of the default section is - the best place to put it). Make sure that - /etc/syslog.conf (see - &man.syslog.conf.5;) contains the lines below and the file + prompt or it may be entered at the start of the + default section + in /etc/ppp/ppp.conf. Make sure that + /etc/syslog.conf contains the lines below and the file /var/log/ppp.log exists: !ppp *.* /var/log/ppp.log - You can now find out a lot about what is going on from - the log file. Do not worry if it does not all make sense. - If you need to get help from someone, it may make sense to - them. + A lot about what is going can be learned from + the log file. Do not worry if it does not all make sense as + it may make sense to someone else. @@ -5829,23 +5810,22 @@ Key F15 A A Menu Wo - This is usually because your hostname will not + This is usually because the hostname will not resolve. The best way to fix this is to make sure that - /etc/hosts is consulted by your - resolver first by editing - /etc/host.conf and putting the - hosts line first. Then, put an - entry in /etc/hosts for your local - machine. If you have no local network, change your + /etc/hosts is read first by the + by ensuring that the hosts line is listed first in + /etc/host.conf. Then, put an + entry in /etc/hosts for the local + machine. If there is no local network, change the localhost line: 127.0.0.1 foo.example.com foo localhost - Otherwise, add another entry for your host. + Otherwise, add another entry for the host. Consult the relevant manual pages for more details. - You should be able to successfully ping -c1 - `hostname` when you are done. + When finished, verify that this command is successful: + ping -c1 `hostname`. @@ -5856,27 +5836,23 @@ Key F15 A A Menu Wo - First, check that you have got a default route. By - running netstat -rn (see - &man.netstat.1;), you should see two entries like - this: + First, check that a default route exists. This command + should display two entries: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.2 UGSc 0 0 tun0 10.0.0.2 10.0.0.1 UH 0 0 tun0 - This is assuming that you have used the addresses from - the Handbook, the manual page, or from - ppp.conf.sample. If you do not have - a default route, it may be because you forgot to add the - HISADDR line to - ppp.conf. + If + a default route is not listed, make sure that the + HISADDR line has been added to + /etc/ppp/ppp.conf. Another reason for the default route line being - missing is that you have mistakenly set up a default - router in your /etc/rc.conf (see - &man.rc.conf.5;) file and you have omitted the line below - from ppp.conf: + missing is that a default + route has been added to /etc/rc.conf + and this line is missing + from /etc/ppp/ppp.conf: delete ALL @@ -5894,20 +5870,20 @@ default 10.0.0.2 UG - This error is usually due that the following section - is missing in your + This error is usually because the following section + is missing in /etc/ppp/ppp.linkup: MYADDR: delete ALL add 0 0 HISADDR - This is only necessary if you have a dynamic IP - address or do not know the address of your gateway. If - you are using interactive mode, you can type the following - after entering packet mode (packet mode + This is only necessary for a dynamic IP + address or when the address of the default gateway is unknown. When + using interactive mode, the following can be typed in + after entering packet mode. Packet mode is indicated by the capitalized PPP in - the prompt): + the prompt: delete ALL add 0 0 HISADDR @@ -5950,10 +5926,10 @@ add 0 0 HISADDR - If you have Link Quality Reporting (LQR) configured, - it is possible that too many LQR packets are lost between + If Link Quality Reporting (LQR) is configured, + it is possible that too many LQR packets are lost between your machine and the peer. &man.ppp.8; deduces that the - line must therefore be bad, and disconnects. LQR is + line must therefore be bad, and disconnects. LQR is disabled by default and can be enabled with the following line: @@ -5969,8 +5945,8 @@ add 0 0 HISADDR Sometimes, on a noisy phone line or even on a line - with call waiting enabled, your modem may hang up because - it thinks (incorrectly) that it lost carrier. + with call waiting enabled, the modem may hang up because + it incorrectly thinks that it lost carrier. There is a setting on most modems for determining how tolerant it should be to temporary losses of carrier. @@ -5989,30 +5965,30 @@ add 0 0 HISADDR apparent explanation. The first thing to establish is which side of the link is hung. - If you are using an external modem, try + When using an external modem, try using &man.ping.8; to see if the TD - light is flashing when you transmit data. If it flashes - (and the RD light does not), the + light is flashing when data is transmitted. If it flashes + but the RD light does not, the problem is with the remote end. If TD does not flash, the problem is local. With an internal - modem, you will need to use the set + modem, use the set server command in ppp.conf. When the hang occurs, - connect to &man.ppp.8; using &man.pppctl.8;. If your - network connection suddenly revives (PPP was revived due - to the activity on the diagnostic socket) or if you cannot - connect (assuming the set socket - command succeeded at startup time), the problem is local. - If you can connect and things are still hung, enable local - async logging with set log local async + connect to &man.ppp.8; using &man.pppctl.8;. If the + network connection suddenly revives due + to the activity on the diagnostic socket, or if it will not + connect but the set socket + command succeeded at startup time, the problem is local. + If it can connect but things are still hung, enable local + logging with set log local async and use &man.ping.8; from another window or terminal to - make use of the link. The async logging will show you the + make use of the link. The async logging will show the data being transmitted and received on the link. If data is going out and not coming back, the problem is remote. Having established whether the problem is local or - remote, you now have two possibilities: + remote, there are now two possibilities: @@ -6035,17 +6011,15 @@ add 0 0 HISADDR - There is very little you can do about this. Most ISPs - will refuse to help if you are not running a µsoft; - OS. You can enable lqr in your - ppp.conf, allowing &man.ppp.8; to + There is very little that can be done about this. Many ISPs + will refuse to help users not running a µsoft; + OS. You can enable lqr in + /etc/ppp/ppp.conf, allowing &man.ppp.8; to detect the remote failure and hang up, but this detection - is relatively slow and therefore not that useful. You may - want to avoid telling your ISP that you are running - user-PPP. + is relatively slow and therefore not that useful. First, try disabling all local compression by adding - the following to your configuration: + the following to the configuration: disable pred1 deflate deflate24 protocomp acfcomp shortseq vj deny pred1 deflate deflate24 protocomp acfcomp shortseq vj @@ -6053,12 +6027,11 @@ deny pred1 deflate deflate24 protocomp a Then reconnect to ensure that this makes no difference. If things improve or if the problem is solved completely, determine which setting makes the difference - through trial and error. This will provide good - ammunition when you contact your ISP (although it may make - it apparent that you are not running a µsoft; - product). + through trial and error. This is good information for + the ISP, although it may make + it apparent that it is not a µsoft; system. - Before contacting your ISP, enable async logging + Before contacting the ISP, enable async logging locally and wait until the connection hangs again. This may use up quite a bit of disk space. The last data read from the port may be of interest. It is usually ASCII @@ -6066,9 +6039,9 @@ deny pred1 deflate deflate24 protocomp a fault, Core dumped). - If your ISP is helpful, they should be able to enable + If the ISP is helpful, they should be able to enable logging on their end, then when the next link drop occurs, - they may be able to tell you why their side is having a + they may be able to tell why their side is having a problem. @@ -6079,18 +6052,18 @@ deny pred1 deflate deflate24 protocomp a - Your best bet here is to rebuild &man.ppp.8; with + In this case, rebuild &man.ppp.8; with debugging information, and then use &man.gdb.1; to grab a stack trace from the ppp process that is stuck. To rebuild the ppp utility with debugging - information, you can type: + information, type: &prompt.root; cd /usr/src/usr.sbin/ppp &prompt.root; env DEBUG_FLAGS='-g' make clean &prompt.root; env DEBUG_FLAGS='-g' make install - Then you should restart ppp + Then, restart ppp and wait until it hangs again. When the debug build of ppp hangs, start gdb on the stuck process by @@ -6098,9 +6071,9 @@ deny pred1 deflate deflate24 protocomp a &prompt.root; gdb ppp `pgrep ppp` - At the gdb prompt, you can + At the gdb prompt, use the bt or where - commands to get a stack trace. Save the output of your + commands to get a stack trace. Save the output of the gdb session, and detach from the running process by typing quit. @@ -6114,12 +6087,12 @@ deny pred1 deflate deflate24 protocomp a - Occasionally, just after connecting, you may see + Occasionally, just after connecting, there may be messages in the log that say Magic is same. Sometimes, these messages are harmless, and sometimes one side or the other exits. Most PPP implementations cannot survive this problem, and even - if the link seems to come up, you will see repeated + if the link seems to come up, there will be repeated configure requests and configure acknowledgments in the log file until &man.ppp.8; eventually gives up and closes the connection.