[hcoop/debian/openafs.git] / doc / man-pages / pod5 / NetRestrict.pod

=head1 NAME

NetRestrict - Defines interfaces not to register with AFS servers

=head1 DESCRIPTION

There are two F<NetRestrict> files, one for an AFS client and one for an
AFS File Server or database server.  The AFS client F<NetRestrict> file
specifies the IP addresses that the client should not register with the
File Servers it connects to.  The server F<NetRestrict> file specifies
what interfaces should not be registered with AFS Database Servers or used
to talk to other database servers.

=head2 FORMAT

The F<NetRestrict> file is in ASCII format. One IP address appears on each
line, in dotted decimal format.  To specify a network instead, use a
slash (C</>) followed by a subnet length.  The order of the addresses is
not significant.

=head2 Client NetRestrict

The F<NetRestrict> file, if present in a client machine's F</usr/vice/etc>
directory, defines the IP addresses of the interfaces that the local Cache
Manager does not register with a File Server when first establishing a
connection to it. For an explanation of how the File Server uses the
registered interfaces, see L<NetInfo(5)>.

As it initializes, the Cache Manager constructs a list of interfaces to
register, from the F</usr/vice/etc/NetInfo> file if it exists, or from the
list of interfaces configured with the operating system otherwise.  The
Cache Manager then removes from the list any addresses that appear in the
F<NetRestrict> file, if it exists. The Cache Manager records the resulting
list in kernel memory.

To display the addresses the Cache Manager is currently registering with
File Servers, use the B<fs getclientaddrs> command.

=head2 Server NetRestrict

The F<NetRestrict> file, if present in the F</usr/afs/local> directory,
defines the following:

=over 4

=item *

On a file server machine, the local interfaces that the File Server
(B<fileserver> process) does not register in the Volume Location Database
(VLDB) at initialization time.

=item *

On a database server machine, the local interfaces that the Ubik
synchronization library does not use when communicating with the database
server processes running on other database server machines.

=back

As it initializes, the File Server constructs a list of interfaces to
register, from the F</usr/afs/local/NetInfo> file if it exists, or from
the list of interfaces configured with the operating system otherwise. The
File Server then removes from the list any addresses that appear in the
F<NetRestrict> file, if it exists. The File Server records the resulting
list in the F</usr/afs/local/sysid> file and registers the interfaces in
the VLDB. The database server processes use a similar procedure when
initializing, to determine which interfaces to use for communication with
the peer processes on other database machines in the cell.

To display the File Server interface addresses registered in the VLDB, use
the B<vos listaddrs> command.

=head1 EXAMPLES

If the File Server should not use the IP address 192.168.1.1 on one of
its private interfaces, then the F<NetRestrict> file should contain
the following:

   196.168.1.1

In order to prevent the usage of any 192.168/16 addresses on its local
interfaces, the F<NetRestrict> file should contain:

   196.168.0.0/16

=head1 SEE ALSO

L<NetInfo(5)>,
L<sysid(5)>,
L<vldb.DB0(5)>,
L<fileserver(8)>,
L<fs_getclientaddrs(1)>
L<vos_listaddrs(1)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Commit	Line	Data
805e021f CE	1	=head1 NAME
	2
	3	NetRestrict - Defines interfaces not to register with AFS servers
	4
	5	=head1 DESCRIPTION
	6
	7	There are two F<NetRestrict> files, one for an AFS client and one for an
	8	AFS File Server or database server. The AFS client F<NetRestrict> file
	9	specifies the IP addresses that the client should not register with the
	10	File Servers it connects to. The server F<NetRestrict> file specifies
	11	what interfaces should not be registered with AFS Database Servers or used
	12	to talk to other database servers.
	13
	14	=head2 FORMAT
	15
	16	The F<NetRestrict> file is in ASCII format. One IP address appears on each
	17	line, in dotted decimal format. To specify a network instead, use a
	18	slash (C</>) followed by a subnet length. The order of the addresses is
	19	not significant.
	20
	21	=head2 Client NetRestrict
	22
	23	The F<NetRestrict> file, if present in a client machine's F</usr/vice/etc>
	24	directory, defines the IP addresses of the interfaces that the local Cache
	25	Manager does not register with a File Server when first establishing a
	26	connection to it. For an explanation of how the File Server uses the
	27	registered interfaces, see L<NetInfo(5)>.
	28
	29	As it initializes, the Cache Manager constructs a list of interfaces to
	30	register, from the F</usr/vice/etc/NetInfo> file if it exists, or from the
	31	list of interfaces configured with the operating system otherwise. The
	32	Cache Manager then removes from the list any addresses that appear in the
	33	F<NetRestrict> file, if it exists. The Cache Manager records the resulting
	34	list in kernel memory.
	35
	36	To display the addresses the Cache Manager is currently registering with
	37	File Servers, use the B<fs getclientaddrs> command.
	38
	39	=head2 Server NetRestrict
	40
	41	The F<NetRestrict> file, if present in the F</usr/afs/local> directory,
	42	defines the following:
	43
	44	=over 4
	45
	46	=item *
	47
	48	On a file server machine, the local interfaces that the File Server
	49	(B<fileserver> process) does not register in the Volume Location Database
	50	(VLDB) at initialization time.
	51
	52	=item *
	53
	54	On a database server machine, the local interfaces that the Ubik
	55	synchronization library does not use when communicating with the database
	56	server processes running on other database server machines.
	57
	58	=back
	59
	60	As it initializes, the File Server constructs a list of interfaces to
	61	register, from the F</usr/afs/local/NetInfo> file if it exists, or from
	62	the list of interfaces configured with the operating system otherwise. The
	63	File Server then removes from the list any addresses that appear in the
	64	F<NetRestrict> file, if it exists. The File Server records the resulting
65	list in the F</usr/afs/local/sysid> file and registers the interfaces in
66	the VLDB. The database server processes use a similar procedure when
67	initializing, to determine which interfaces to use for communication with
68	the peer processes on other database machines in the cell.
69
70	To display the File Server interface addresses registered in the VLDB, use
71	the B<vos listaddrs> command.
72
73	=head1 EXAMPLES
74
75	If the File Server should not use the IP address 192.168.1.1 on one of
76	its private interfaces, then the F<NetRestrict> file should contain
77	the following:
78
79	196.168.1.1
80
81	In order to prevent the usage of any 192.168/16 addresses on its local
82	interfaces, the F<NetRestrict> file should contain:
83
84	196.168.0.0/16
85
86	=head1 SEE ALSO
87
88	L<NetInfo(5)>,
89	L<sysid(5)>,
90	L<vldb.DB0(5)>,
91	L<fileserver(8)>,
92	L<fs_getclientaddrs(1)>
93	L<vos_listaddrs(1)>
94
95	=head1 COPYRIGHT
96
97	IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
98
99	This documentation is covered by the IBM Public License Version 1.0. It was
100	converted from HTML to POD by software written by Chas Williams and Russ
101	Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.