diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1.0/doc/README.FreeBSD --- skipsrc-1.0.orig/doc/README.FreeBSD Wed Dec 31 16:00:00 1969 +++ skipsrc-1.0/doc/README.FreeBSD Sun Apr 12 16:10:32 1998 @@ -0,0 +1,74 @@ + +Some notes regarding the FreeBSD port of SKIP +December 8, 1997 + +- Most of the non-man page documentation has NOT be patched to + reflect the different locations of files, etc. The main difference + is that the original version of SKIP puts everything under /usr/skip, + wheras the FreeBSD port puts it under /usr/local (or elsewhere if + you set ${PREFIX}). This documentation can be found under + /usr/local/share/doc/skip. + +- Thanks to S. Wehner, skiphost now takes a new argument for specifying + the source address for encrypted packets. This allows encrypted packets + that are being tunnelled between two routers to have source and dest + IP addresses of only those two routers. This reduces firewall complexity + in many cases. From his description: + + This adds another command line option to skiphost, namely + -f . Every packet going out to the other host + will then have this source address in the packet. + +- SKIP is applied to packets *after* any ipfw(8) filtering is applied. + This is true for both incoming and outgoing packets. Note that SKIP + has its own access control functionality. + + One way to deal with this is to do the following: + + - Setup ipfw as you normally would to restrict access to your machine. + - Add additional ipfw rules to allow SKIP related traffic: + - ipfw add 10 allow 57 from any to any + - ipfw add 10 allow 79 from any to any (if using SunScreen mode) + - ipfw add 10 allow 50 from any to any (if using raw ESP/AH mode) + - ipfw add 10 allow 51 from any to any (if using raw ESP/AH mode) + - ipfw add 10 allow udp from any to 1640 + - ipfw add 10 allow udp from 1640 to any + - Set the default rule for SKIP to be to allow access. + +- Skipd will logs via syslog(3) instead of logging directly + to /var/log/skip.log as before, using the LOG_DAEMON facility. + + You may want to redirect this output to its own log file. + This is done by the following steps: + + 1. touch /var/log/skipd.log + 2. Edit /etc/syslog.conf and add these lines at the end: + + !skipd + *.* /var/log/skipd.log + + 3. Edit /etc/newsyslog.conf as appropriate + 4. Restart syslogd + +- Each time skip is started (at reboot time), the skiphost + output is written to /var/log/skiphost.log. You may also + want to add an entry to /etc/newsyslog.conf for this one + as well. + +- Users of skip should subscribe to the SKIP mailing list + by sending an email to "majordomo@skip.org" containing + the line "subscribe skip-info". + +- If you have trouble: + + - If there is a problem with the port itself (e.g., it won't + compile on your system), use send-pr(1) to send a problem report. + + - If you are having trouble with SKIP configuration, use, + compatibility, etc., send your questions to the SKIP + mailing list: skip-info@skip.org (you should subscribe + to it first). + +Thanks, +-Archie Cobbs +