Module Name: src Committed By: mbalmer Date: Sat Jan 9 10:43:12 UTC 2010
Modified Files: src/usr.sbin/faithd: faithd.8 Log Message: Various language fixes. >From FreeBSD. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/usr.sbin/faithd/faithd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.sbin/faithd/faithd.8 diff -u src/usr.sbin/faithd/faithd.8:1.26 src/usr.sbin/faithd/faithd.8:1.27 --- src/usr.sbin/faithd/faithd.8:1.26 Sun Oct 25 01:34:40 2009 +++ src/usr.sbin/faithd/faithd.8 Sat Jan 9 10:43:11 2010 @@ -1,4 +1,4 @@ -.\" $NetBSD: faithd.8,v 1.26 2009/10/25 01:34:40 wiz Exp $ +.\" $NetBSD: faithd.8,v 1.27 2010/01/09 10:43:11 mbalmer Exp $ .\" $KAME: faithd.8,v 1.37 2002/05/09 14:21:23 itojun Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 25, 2009 +.Dd January 9, 2010 .Dt FAITHD 8 .Os .Sh NAME @@ -42,22 +42,20 @@ .Op Ar serverpath Op Ar serverargs .Nm .Sh DESCRIPTION +The .Nm -provides IPv6-to-IPv4 TCP relay. -.Nm -must be used on an IPv4/v6 dual stack router. +utility provides IPv6-to-IPv4 TCP relaying. +It can only be used on an IPv4/v6 dual stack router. .Pp When .Nm receives .Tn TCPv6 -traffic, -.Nm -will relay the +traffic, it will relay the .Tn TCPv6 traffic to .Tn TCPv4 . -Destination for relayed +The destination for the relayed .Tn TCPv4 connection will be determined by the last 4 octets of the original .Tn IPv6 @@ -73,14 +71,14 @@ the traffic will be relayed to IPv4 destination .Li 10.1.1.1 . .Pp -To use +To use the .Nm translation service, an IPv6 address prefix must be reserved for mapping IPv4 addresses into. -Kernel must be properly configured to route all the TCP connection +The kernel must be properly configured to route all the TCP connections toward the reserved IPv6 address prefix into the .Xr faith 4 -pseudo interface, by using +pseudo interface, using the .Xr route 8 command. Also, @@ -91,7 +89,7 @@ .Dv 1 . .Pp The router must be configured to capture all the TCP traffic -toward reserved +for the reserved .Tn IPv6 address prefix, by using .Xr route 8 @@ -99,22 +97,22 @@ .Xr sysctl 8 commands. .Pp +The .Nm -needs a special name-to-address translation logic, so that -hostnames gets resolved into special +utility needs special name-to-address translation logic, so that +hostnames gets resolved into the special .Tn IPv6 address prefix. -For small-scale installation, use -.Xr hosts 5 . -For large-scale installation, it is useful to have +For small-scale installations, use +.Xr hosts 5 ; +For large-scale installations, it is useful to have a DNS server with special address translation support. An implementation called .Nm totd -is available -at +is available at .Pa http://www.vermicelli.pasta.cs.uit.no/software/totd.html . -Make sure you do not propagate translated DNS records to normal DNS cloud, -it is highly harmful. +Make sure you do not propagate translated DNS records over to normal +DNS, as it can cause severe problems. .Ss Daemon mode When .Nm @@ -146,10 +144,11 @@ to .Nm , you can run local daemons on the router. +The .Nm -will invoke local daemon at +utility will invoke ia local daemon at .Ar serverpath -if the destination address is local interface address, +if the destination address is a local interface address, and will perform translation to IPv4 TCP in other cases. You can also specify .Ar serverargs @@ -177,7 +176,7 @@ .Nm includes special support for protocols used by .Xr ftp 1 . -When translating FTP protocol, +When translating the FTP protocol, .Nm translates network level addresses in .Li PORT/LPRT/EPRT @@ -186,8 +185,8 @@ commands. .Pp Inactive sessions will be disconnected in 30 minutes, -to avoid stale sessions from chewing up resources. -This may be inappropriate for some of the services +to prevent stale sessions from chewing up resources. +This may be inappropriate for some services .Pq should this be configurable? . .Ss inetd mode When @@ -195,13 +194,13 @@ is invoked via .Xr inetd 8 , .Nm -will handle connection passed from standard input. +will handle connections passed from standard input. If the connection endpoint is in the reserved IPv6 address prefix, .Nm will relay the connection. Otherwise, .Nm -will invoke service-specific daemon like +will invoke a service-specific daemon like .Xr telnetd 8 , by using the command argument passed from .Xr inetd 8 . @@ -213,14 +212,14 @@ .Nm is invoked via .Xr inetd 8 -on FTP port, it will operate as a FTP relay. +on the FTP port, it will operate as an FTP relay. .\".Pp .\"The operation mode requires special support for .\".Nm .\"in .\".Xr inetd 8 . .Ss Access control -To prevent malicious accesses, +To prevent malicious access, .Nm implements a simple address-based access control. With @@ -235,7 +234,7 @@ will avoid relaying unwanted traffic. The .Pa faithd.conf -contains directives with the following format: +configuration file contains directives of the following format: .Bl -bullet .It .Xo @@ -280,6 +279,7 @@ .Sh EXAMPLES Before invoking .Nm , +the .Xr faith 4 interface has to be configured properly. .Bd -literal @@ -333,12 +333,12 @@ .Ed .Pp .Xr inetd 8 -will open listening sockets with enabling kernel TCP relay support. -Whenever connection comes in, +will open listening sockets with kernel TCP relay support enabled. +Whenever a connection comes in, .Nm will be invoked by .Xr inetd 8 . -If it the connection endpoint is in the reserved IPv6 address prefix. +If the connection endpoint is in the reserved IPv6 address prefix. .Nm will relay the connection. Otherwise, @@ -376,7 +376,7 @@ .Sh HISTORY The .Nm -command first appeared in WIDE Hydrangea IPv6 protocol stack kit. +utility first appeared in the WIDE Hydrangea IPv6 protocol stack kit. .\" .Sh SECURITY CONSIDERATIONS It is very insecure to use IP-address based authentication, for connections relayed by @@ -387,16 +387,15 @@ .Nm using .Pa faithd.conf , -or by using IPv6 packet filters. -It is to protect +or by using IPv6 packet filters, to protect the .Nm -service from malicious parties and avoid theft of service/bandwidth. -IPv6 destination address can be limited by -carefully configuring routing entries that points to +service from malicious parties, and to avoid theft of service/bandwidth. +IPv6 destination addresses can be limited by +carefully configuring routing entries that point to .Xr faith 4 , using .Xr route 8 . -IPv6 source address needs to be filtered by using packet filters. -Documents listed in +The IPv6 source address needs to be filtered using packet filters. +The documents listed in .Sx SEE ALSO -have more discussions on this topic. +have more information on this topic.