Hitchhiker's Guide to Openbsd
- Tuning networking parameters
Download 1.27 Mb. Pdf ko'rish
|
obsd-faq49
- Bu sahifa navigatsiya:
- 6.6.1 - I dont want the kernel to dynamically allocate a certain port
|
6.6 - Tuning networking parameters
One goal of OpenBSD is to have the system Just Work for the vast majority of our users. Twisting knobs you don't understand is far more likely to break the system than it is to improve its performance. Always start from the default settings, and only adjust things you actually see a problem with. VERY FEW people will need to adjust any networking parameters! 6.6.1 - I don't want the kernel to dynamically allocate a certain port From sysctl(8) : To set the list of reserved TCP ports that should not be allocated by the kernel dynamically: # sysctl net.inet.tcp. baddynamic=749,750,751,760,761,871 This can be used to keep daemons from stealing a specific port that an- other program needs to function. List elements may be separated by com- mas and/or whitespace. It is also possible to add or remove ports from the current list: # sysctl net.inet.tcp.baddynamic=+748 # sysctl net.inet.tcp.baddynamic=-871 6.7 - Simple NFS usage NFS, or Network File System, is used to share a filesystem over the network. A few choice man pages to read before trying to setup a NFS server are: ● nfsd(8) http://www.openbsd.org/faq/faq6.html (16 of 33)9/4/2011 10:02:06 AM 6 - Networking ● mountd(8) ● exports(5) This section will go through the steps for a simple setup of NFS. This example details a server on a LAN, with clients accessing NFS on the LAN. It does not talk about securing NFS. We presume you have already setup packet filtering or other firewalling protection, to prevent outside access. If you are allowing outside access to your NFS server, and you have any kind of sensitive data stored on it, we strongly recommend that you employ IPsec. Otherwise, people can potentially see your NFS traffic. Someone could also pretend to be the IP address which you are allowing into your NFS server. There are several attacks that can result. When properly configured, IPsec protects against these types of attacks. Download 1.27 Mb. Do'stlaringiz bilan baham: 
|