English Chinese (Simplified) (zh_CN)
The first route in this table specifies the `default` route. When the local system needs to make a connection to a remote host, it checks the routing table to determine if a known path exists. If the remote host matches an entry in the table, the system checks to see if it can connect using the interface specified in that entry. 此表中的第一个路由指定<literal>default</literal>路由。当本地系统需要与远程主机建立连接时, 它会检查路由表以决定是否有已知的路径存在。 如果远程主机属于一个我们已知如何到达 (克隆的路由) 的子网内,那么系统会检查看沿着那个接口是否能够连接。
If the destination does not match an entry, or if all known paths fail, the system uses the entry for the default route. For hosts on a local area network, the `Gateway` field in the default route is set to the system which has a direct connection to the Internet. When reading this entry, verify that the `Flags` column indicates that the gateway is usable (`UG`). 如果目标与路由表中的条目不匹配, 或者所有已知路径都失败, 则系统将使用默认路由的条目。对于局域网上的主机, 默认路由中的<literal>Gateway</literal>字段设置为直接连接到 Internet 的系统。读取此条目时, 请验证<literal>Flags</literal>列指示网关可用 (<literal>UG</literal>)。
defaultrouter="10.20.30.1"
defaultrouter="10.20.30.1"
A FreeBSD system can be configured as the default gateway, or router, for a network if it is a dual-homed system. A dual-homed system is a host which resides on at least two different networks. Typically, each network is connected to a separate network interface, though IP aliasing can be used to bind multiple addresses, each on a different subnet, to one physical interface. 如果一个 FreeBSD 系统是一个双宿主系统, 则可以被配置为网络的默认网关或路由器。双宿主系统是指至少驻留在两个不同的网络上的主机。通常情况下, 每一个网络都连接到一个独立的网络接口上, 虽然可以使用 <acronym>IP</acronym> 别名来绑定多个地址, 每个地址都在不同的子网上, 并将其绑定到一个物理接口上。
In order for the system to forward packets between interfaces, FreeBSD must be configured as a router. Internet standards and good engineering practice prevent the FreeBSD Project from enabling this feature by default, but it can be configured to start at boot by adding this line to [.filename]#/etc/rc.conf#: 网络路由器只是一个将数据包从一个接口转发到另一个接口的系统。 互联网标准和良好的工程实践阻止了 FreeBSD 计划在 FreeBSD 中把它置成默认值。您在可以在 <citerefentry><refentrytitle>rc.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> 中改变下列变量的值为 <literal>YES</literal>,使这个功能生效:
gateway_enable="YES" # Set to YES if this host will be a gateway
gateway_enable="YES" # Set to YES if this host will be a gateway
# Add Internal Net 2 as a persistent static route
static_routes="internalnet2"
route_internalnet2="-net 192.168.2.0/24 192.168.1.2"
# Add Internal Net 2 as a persistent static route
static_routes="internalnet2"
route_internalnet2="-net 192.168.2.0/24 192.168.1.2"
static_routes="net1 net2"
route_net1="-net 192.168.0.0/24 192.168.0.1"
route_net2="-net 192.168.1.0/24 192.168.1.1"
static_routes="net1 net2"
route_net1="-net 192.168.0.0/24 192.168.0.1"
route_net2="-net 192.168.1.0/24 192.168.1.1"
When an address space is assigned to a network, the service provider configures their routing tables so that all traffic for the network will be sent to the link for the site. But how do external sites know to send their packets to the network's ISP? 当您得到一个分配给您的网络的地址空间时, ISP(网络服务商)会设置它们的路由表, 这样指向您子网的数据就会通过 PPP 连接下传到您的网络。 但是其它跨越国界的网络是如何知道将数据传给您的 ISP 的呢?
Sometimes, there is a problem with route propagation and some sites are unable to connect. Perhaps the most useful command for trying to figure out where routing is breaking down is `traceroute`. It is useful when `ping` fails. 有时候,路由传播会有一个问题,一些网络无法与您连接。 或许能帮您找出路由是在哪里中断的最有用的命令就是 <citerefentry><refentrytitle>traceroute</refentrytitle><manvolnum>8</manvolnum></citerefentry>了。当您无法与远程主机连接时, 这个命令一样有用(例如 <citerefentry><refentrytitle>ping</refentrytitle><manvolnum>8</manvolnum></citerefentry> 失败)。
options MROUTING
options MROUTING
Separate from the underlying transmission techniques, 802.11 networks have a variety of security mechanisms. The original 802.11 specifications defined a simple security protocol called WEP. This protocol uses a fixed pre-shared key and the RC4 cryptographic cipher to encode data transmitted on a network. Stations must all agree on the fixed key in order to communicate. This scheme was shown to be easily broken and is now rarely used except to discourage transient users from joining networks. Current security practice is given by the IEEE(R) 802.11i specification that defines new cryptographic ciphers and an additional protocol to authenticate stations to an access point and exchange keys for data communication. Cryptographic keys are periodically refreshed and there are mechanisms for detecting and countering intrusion attempts. Another security protocol specification commonly used in wireless networks is termed WPA, which was a precursor to 802.11i. WPA specifies a subset of the requirements found in 802.11i and is designed for implementation on legacy hardware. Specifically, WPA requires only the TKIP cipher that is derived from the original WEP cipher. 802.11i permits use of TKIP but also requires support for a stronger cipher, AES-CCM, for encrypting data. The AES cipher was not required in WPA because it was deemed too computationally costly to be implemented on legacy hardware. 除了底层传输技术之外,802.11网络还有各种安全机制。最初的802.11规范定义了一个简单的安全协议,称为WEP。该协议使用一个固定的预共享密钥和RC4加密密码来对网络上传输的数据进行编码。各站必须在固定密钥上达成一致,才能进行通信。这种方案被证明是很容易被破解的,现在除了为了阻止瞬时用户加入网络,很少使用这种方案。目前的安全实践是由IEEE® 802.11i规范给出的,该规范定义了新的加密密码器和额外的协议,用于认证站与接入点的身份,并交换数据通信的密钥。加密密钥会定期刷新,并有检测和反击入侵企图的机制。无线网络中常用的另一种安全协议规范是WPA,它是802.11i的前身。WPA规定了802.11i中的要求的一个子集,是为在传统硬件上实现而设计的。具体来说,WPA只需要从原始的WEP密码中提取的TKIP密码。802.11i允许使用TKIP,但也要求支持更强的密码AES-CCM,用于加密数据。WPA中不需要AES密码,因为它被认为计算成本太高,无法在传统硬件上实现。
The other standard to be aware of is 802.11e. It defines protocols for deploying multimedia applications, such as streaming video and voice over IP (VoIP), in an 802.11 network. Like 802.11i, 802.11e also has a precursor specification termed WME (later renamed WMM) that has been defined by an industry group as a subset of 802.11e that can be deployed now to enable multimedia applications while waiting for the final ratification of 802.11e. The most important thing to know about 802.11e and WME/WMM is that it enables prioritized traffic over a wireless network through Quality of Service (QoS) protocols and enhanced media access protocols. Proper implementation of these protocols enables high speed bursting of data and prioritized traffic flow. 除了前面介绍的那些协议标准之外, 还有一种需要介绍的标准是 802.11e。 它定义了用于在 802.11 网络上运行多媒体应用, 如视频流和使用 IP 传送的语音 (VoIP) 的协议。 与 802.11i 类似, 802.11e 也有一个前身标准, 通常称作 WME (后改名为 WMM), 它也是由业界组织定义的 802.11e 的子集, 以便能够在旧式硬件中使用多媒体应用。 关于 802.11e 与 WME/WMM 之间的另一项重要区别是, 前者允许对流量通过服务品质 (QoS) 协议和增强媒体访问协议来安排优先级。 对于这些协议的正确实现, 能够实现高速突发数据和流量分级。
FreeBSD supports networks that operate using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i security protocols are likewise supported (in conjunction with any of 11a, 11b, and 11g) and QoS and traffic prioritization required by the WME/WMM protocols are supported for a limited set of wireless devices. FreeBSD 支持采用 802.11a, 802.11b 和 802.11g 的网络。 类似地, 它也支持 WPA 和 802.11i 安全协议 (与 11a、 11b 和 11g 配合), 而 WME/WMM 所需要的 QoS 和流量分级, 则在部分无线设备上提供了支持。
On FreeBSD 11 or higher, use this command instead: 在 FreeBSD 11 或更高版本上,改用此命令:
If a wireless adapter is not listed, an additional kernel module might be required, or it might be a model not supported by FreeBSD. 如果未列出无线适配器,则可能需要额外的内核模块,也可能是该网卡不支持 FreeBSD。
Add entries to [.filename]#/etc/rc.conf# to configure the network on startup: 接下来, 在 <filename>/etc/rc.conf</filename> 中, 我们将指定无线设备的配置, 令其采用 WPA, 并通过 DHCP 来获取 IP 地址:
if_ath_load="YES"
if_ath_load="YES"
if_wi_load="YES"
if_wi_load="YES"
wlan_wep_load="YES"
wlan_ccmp_load="YES"
wlan_tkip_load="YES"
wlan_wep_load="YES"
wlan_ccmp_load="YES"
wlan_tkip_load="YES"