Date: Thu, 19 Jul 2001 05:30:01 -0700 (PDT) From: Dima Dorfman <dima@unixfreak.org> To: freebsd-doc@freebsd.org Subject: Re: docs/28994: New article for docproj "Checkpoint VPN-1/Firewall-1 and FreeBSD IPSEC" Message-ID: <200107191230.f6JCU1n00941@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/28994; it has been noted by GNATS.
From: Dima Dorfman <dima@unixfreak.org>
To: jono@networkcommand.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: docs/28994: New article for docproj "Checkpoint VPN-1/Firewall-1 and FreeBSD IPSEC"
Date: Thu, 19 Jul 2001 05:28:32 -0700
jono@networkcommand.com writes:
Some very minor style/convention nits:
> $Header$
This should be "$FreeBSD$".
> <article>
> <articleinfo>
> <title>Integration of Checkpoint VPN-1/Firewall-1 and FreeBSD IPSEC</title>
Notice how you capitalized "IPSEC" here.
> <pubdate>$Date$</pubdate>
This should also be "$FreeBSD$"; it may be a bit too much, but $Date$
wouldn't get expanded.
> <programlisting>
> External Interface External Interface
> 208.229.100.6 216.218.197.2
> | |
> +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+
> | |
> FW-1 Protected Nets Internal Nets
> 199.208.192.0/24 192.168.10.0/24
> </programlisting>
Things inside <programlisting> should cuddle up to the tags. Thus,
the above should be written like this:
<programlisting>External Interface External Interface
208.229.100.6 216.218.197.2
| |
+--> Firewall-1 <--> Internet <--> FreeBSD GW <--+
| |
FW-1 Protected Nets Internal Nets
199.208.192.0/24 192.168.10.0/24</programlisting>
There are some more violations of this below; I won't point them out
explicitly, but you should fix them.
> <para>The FreeBSD GW serves as a firewall and NAT device for
> "internal nets."</para>
How about: <quote>internal networks</quote>
>
> <para>The FreeBSD kernel must be compiled to support IPSec.
Remember how you capitalized "IPSEC" above? It'd be nice if they were
the same. Personally I'd make them all "IPsec", but it's up to you.
There are some other instances of this that should be fixed as well.
> <para>Also, racoon must be installed to support key exchange.
"<command>racoon</command>" or "&man.racoon.1;", please (pick one).
> <programlisting>208.229.100.6 rUac0wtoo?</programlisting>
>
>
> </sect1>
Extraneous whitespace.
> -----------------------------------------------------------------------
> -
> FreeBSD GW | FW-1 Protected Net | VPN services | Encrypt | Long
> FW-1 Protected Net| FreeBSD GW | | |
> </programlisting>
>
> <para>"VPN services" are any services (i.e. telnet, ssh, ntp, etc.)
<quote>VPN services</quote>....
Also, since you're referring to the protocols TELNET, SSH, NTP,
etc. and not the commands, you should capitalize them. And if you
were referring to protocols, you would mark them up inside <command>.
> <para>At this point, the VPN policy on FreeBSD GW must be defined. The
> <filename>/usr/sbin/setkey</filename> tool performs this function.</para>
"&man.setkey.1;", please.
> <para>Ensure that <filename>/usr/local/etc/racoon/psk.txt</filename>
> contains the shared secret configured in the "Firewall-1 Network Object
<quote>Firewall-1 Network Object Configuration</quote>
> Configuration" section of this document and has mode 600 permissions.</para>
"<literal>600</literal>", please.
> <para>This command attempts to connect to the ssh port on 199.208.192.66,
> a machine in the Firewall-1 protected network. The <literal>-s</literal> switch indicates
"<option>-s</option>", please.
> the source interface of the outbound connection. This is particularly important
> when running NAT and IPFW on FreeBSD GW. Using <literal>-s</literal> and specifying an
> explicit source address prevents NAT from mangling the packet prior to
> tunneling.</para>
>
> <para>A successful racoon key exchange will output the following to racoon.log:</para>
Lines should be <= 80 characters in width (note that this does *not*
apply to text inside <programlisting> or <screen>).
Overall, this is a *very* good article! I think it would be one of
the most well-written ones in our tree. I'll gladly add it once you
fix the above nits.
Thanks, and nice work!
Dima Dorfman
dima@unixfreak.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107191230.f6JCU1n00941>