Annotation of embedaddon/mpd/doc/mpd28.html, revision 1.1
1.1 ! misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
! 2: <HTML>
! 3: <HEAD>
! 4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
! 5: <TITLE>Interface layer</TITLE>
! 6: </HEAD>
! 7: <BODY text="#000000" bgcolor="#ffffff">
! 8:
! 9: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 10: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
! 11: <b>:</b> <EM>Interface layer</EM><BR>
! 12: <b>Previous:</b> <A HREF="mpd27.html"><EM>IPv6CP layer</EM></A><BR>
! 13: <b>Next:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
! 14:
! 15:
! 16: <HR NOSHADE>
! 17: <H2><A NAME="28"></A>4.9. Interface layer<A NAME="interface"></A></H2>
! 18:
! 19: <p>This chapter describes commands that configure the interface layer.
! 20: All of these commands apply to the currently active bundle.</p>
! 21: <p>Note that while most of the time mpd is used for transmitting
! 22: IP traffic, it is designed to support other (currently unimplemented)
! 23: protocols such as AppleTalk, IPX, etc. This is why the Interface
! 24: layer (which is protocol independent) is distinct from the
! 25: <A HREF="mpd26.html#ipcp">ipcp</A> which is specific to IP.</p>
! 26: <p>
! 27: <dl>
! 28:
! 29: <dt><b><code>set iface name [ <em>name</em> ]</code></b><dd><p>This command changes interface name from default ngX to specified one.
! 30: If name argument is not specified, original ngX name is restored.
! 31: Note that inside Netgraph original ngX name is always used.</p>
! 32:
! 33: <dt><b><code>set iface description [ <em>description</em> ]</code></b><dd><p>This command changes interface description.</p>
! 34:
! 35: <dt><b><code>set iface group [ <em>group</em> ]</code></b><dd><p>This command add interface to specific group.</p>
! 36:
! 37: <dt><b><code>set iface addrs [!]<em>local-ip</em> [!]<em>remote-ip</em></code></b><dd><p>This command is usually required when dial-on-demand is enabled.
! 38: Normally, mpd configures the interface with the IP addresses that
! 39: were negotiated when connecting the link. Since dial-on-demand
! 40: configures the interface before actually connecting, mpd has to be
! 41: told initial local and remote IP addresses to give the interface.
! 42: These addresses don't have to correspond to the ``real'' ones; in
! 43: fact, both addresses can be completely fictional. If and when
! 44: different addresses are negotiated later, mpd will automatically
! 45: renumber the interface and adjust the routes.</p>
! 46: <p>Also this command may be used to force specified addresses usage
! 47: instead of negotiated ones. It may be useful in some specific cases,
! 48: for example, to avoid routing loop with misconfigured PPTP server.
! 49: In such case '!' mark specifies IPs to be forced.</p>
! 50:
! 51: <dt><b><code>set iface route <em>address[/width]</em></code></b><dd><p>This command associates a route with the bundle. Whenever the
! 52: interface is configured up, all associated routes are added.
! 53: A route of <code><b>default</b></code> indicates the default route.
! 54: Otherwise, the route is a network address with optional netmask
! 55: width (e.g., <code><b>192.168.1.0/24</b></code>). If the netmask
! 56: width is omitted, a single host route is assumed (i.e., a width
! 57: of 32).</p>
! 58: <p>Routes are automatically removed when the interface is brought down.</p>
! 59:
! 60: <dt><b><code>set iface mtu <em>value</em></code></b><dd><p>This command sets an upper bound on the MTU that will be configured
! 61: on the interface when the bundle comes up.
! 62: This value is not used at all during link negotiation; there are
! 63: separate bundle and link commands for configuring that.
! 64: Even if a higher bundle MTU is negotiated, this limit will still apply.</p>
! 65: <p>This command is useful when you want to manually restrict the MTU
! 66: of the interface for other reasons, e.g., if you're also doing IPSec.</p>
! 67: <p>The default is 1500.</p>
! 68:
! 69: <dt><b><code>set iface idle <em>seconds</em></code></b><dd><p>Sets the idle timeout value for the bundle. If no incoming or
! 70: outgoing packets are transmitted for <code><em>seconds</em></code>
! 71: seconds, the connection is brought down. An idle timeout of
! 72: zero disables this feature.</p>
! 73: <p>When the idle timeout occurs, if the dial-on-demand option is
! 74: enabled, mpd goes back into dial-on-demand mode. Otherwise, the
! 75: interface is brought down and all associated routes removed.</p>
! 76: <p>The default is 0.</p>
! 77:
! 78: <dt><b><code>set iface session <em>seconds</em></code></b><dd><p>Sets the session timeout value for the bundle. An session timeout of
! 79: zero disables this feature.</p>
! 80: <p>The default is 0.</p>
! 81:
! 82: <dt><b><code>set iface up-script <em>script</em> </code></b><dd>
! 83: <dt><b><code>set iface down-script <em>script</em> </code></b><dd>
! 84: <p>Mpd can optionally run a user program every time one of network
! 85: protocols (IPCP/IPv6CP) at the interface is brought up or down.
! 86: The <code><b>up-script</b></code> is called like this:
! 87: <blockquote><code>
! 88: <code><em>script</em> <em>interface</em> <em>proto</em> <em>local-ip</em> <em>remote-ip</em> <em>authname</em> [ dns1 <em>server-ip</em> ] [ dns2 <em>server-ip</em> ]
! 89: <em>peer-address</em></code>
! 90: </code></blockquote>
! 91: </p>
! 92: <p>If up-script exit status is not 0, mpd will kill respective protocol.</p>
! 93: <p>The <code><b>down-script</b></code> is called like this:
! 94: <blockquote><code>
! 95: <code><em>script</em> <em>interface</em> <em>proto</em> <em>local-ip</em> <em>remote-ip</em> <em>authname</em> <em>peer-address</em></code>
! 96: </code></blockquote>
! 97: </p>
! 98:
! 99: <dt><b><code>set iface enable <em>option ...</em><br>
! 100: set iface disable <em>option ...</em></code></b><dd><p>Enable and disable the various interface layer options for the bundle.</p>
! 101:
! 102: </dl>
! 103: </p>
! 104:
! 105: <p>The options available at the interface layer are:</p>
! 106: <p>
! 107: <dl>
! 108:
! 109: <dt><b><code>on-demand</code></b><dd><p>This option causes the interface to operate in dial-on-demand mode,
! 110: allowing you to have a ``virtual full time'' connection.
! 111: An OPEN event causes the interface to be configured, but the actual
! 112: connection of the link is delayed until qualifying outgoing traffic
! 113: is detected. Moreover, after an idle timeout, the interface is not
! 114: brought down; further traffic will bring the link back up again.</p>
! 115: <p>The default is disable.</p>
! 116:
! 117: <dt><b><code>proxy-arp</code></b><dd><p>When this option is enabled, if after link negotiation the peer's
! 118: IP address is determined to lie on a local subnet, then mpd will
! 119: arrange for the local machine to install a proxy ARP entry for
! 120: the remote machine's IP address.</p>
! 121: <p>For example, suppose the local machine lies on a LAN with address
! 122: 192.168.1.10, and another machine will be connecting via mpd
! 123: and using the LAN address 192.168.1.20. Then these commands would
! 124: set up proxy ARP for the remote machine:
! 125: <blockquote><code>
! 126: <code>set iface enable proxy-arp<br>
! 127: set ipcp ranges 192.168.1.10/32 192.168.1.20/32</code>
! 128: </code></blockquote>
! 129: </p>
! 130: <p>The default is disable.</p>
! 131:
! 132: <dt><b><code>tcpmssfix</code></b><dd><p>This option causes mpd to adjust incoming and outgoing TCP SYN
! 133: segments so that the requested maximum segment size is not greater
! 134: than the amount allowed by the interface MTU.</p>
! 135: <p>This is necessary in many setups to avoid problems caused by routers
! 136: that drop ICMP Datagram Too Big messages. Without these messages,
! 137: the originating machine sends data, it passes the rogue router then
! 138: hits a machine that has an MTU that is not big enough for the data.
! 139: Because the IP Don't Fragment option is set, this machine sends an
! 140: ICMP Datagram Too Big message back to the originator and drops the
! 141: packet. The rogue router drops the ICMP message and the originator
! 142: never gets to discover that it must reduce the fragment size or drop
! 143: the IP Don't Fragment option from its outgoing data.</p>
! 144: <p>The code is based on tcpmssd wich was written by Ruslan Ermilov
! 145: <A href="mailto:<ru@FreeBSD.org>">mailto:<ru@FreeBSD.org></A>
! 146: based on work done by Patrick Bihan-Faou
! 147: <A href="mailto:<patrick@mindstep.com>">mailto:<patrick@mindstep.com></A>.</p>
! 148: <p>The default is disable.</p>
! 149:
! 150: <dt><b><code>tee</code></b><dd><p>If enabled, a ng_tee(4) node will be inserted
! 151: into the bundle graph, right after the interface node. The tee node
! 152: can be useful for debugging or traffic accounting.</p>
! 153: <p>The default is disable.</p>
! 154:
! 155: <dt><b><code>nat</code></b><dd><p>Enable NAT for this bundle.
! 156: See
! 157: <A HREF="mpd39.html#nat">nat</A> for more information.</p>
! 158: <p>The default is disable.</p>
! 159:
! 160: <dt><b><code>netflow-in</code></b><dd>
! 161: <dt><b><code>netflow-out</code></b><dd>
! 162: <dt><b><code>netflow-once</code></b><dd><p>If enabled, the bundle will participate in
! 163: NetFlow generation. See
! 164: <A HREF="mpd34.html#netflow">netflow</A>
! 165: for more information. The netflow-out option is like netflow-in, but
! 166: generates NetFlow data for outgoing packets instead of incoming.
! 167: If netflow-once enabled - packet will be accounted only once while
! 168: in kernel.</p>
! 169: <p>The default is disable.</p>
! 170:
! 171: <dt><b><code>ipacct</code></b><dd><p>If enabled, the bundle will participate in IP accounting with ng_ipacct node.
! 172: See
! 173: <A HREF="mpd35.html#ipacct">ipacct</A> for more information.</p>
! 174: <p>The default is disable.</p>
! 175:
! 176: </dl>
! 177: </p>
! 178: <HR NOSHADE>
! 179: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 180: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
! 181: <b>:</b> <EM>Interface layer</EM><BR>
! 182: <b>Previous:</b> <A HREF="mpd27.html"><EM>IPv6CP layer</EM></A><BR>
! 183: <b>Next:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
! 184:
! 185:
! 186:
! 187: </BODY>
! 188: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd28.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc