pfSense – Squid + Squidguard / Traffic Shapping Tutorial

Ever wanted to set up a pfSense firewall/router with content filtering? Howtoforge has one of the easiest tutorials to help you set this up. If you have a spare box, there’s no reason now to wait any longer: pfSense – Squid + Squidguard / Traffic Shapping Tutorial

In this tutorial I will show you how to set up pfSense 2.0.1 up as an Internet Gateway with Squid Proxy / Squidguard Filtering. I will also show that you have to configure some extra features of pfSense like traffic shapping with squid.

PC-BSD 9.1 Review (Jupiter Broadcasting – video)

Jupiter Broadcasting has an episode reviewing PC-BSD

The PC-BSD 9.1 review starts at 39:50.

Notes and Summary

  • Your choice of Desktop Environments, Installer automatically adjusts the defaults depending on how much ram you have installed
  • Your options: KDE, Gnome, LXDE or XFCE
  • Another option is TrueOS, a console based server, FreeBSD with the CLI version of Warden, the PBI system, ZFS Boot Environments and other utilities
  • The install also offers vanilla FreeBSD Server
  • PC-BSD allows you to do a full ‘root on ZFS’ install (only recommended if you have 4 or more GB of ram), including creating many different datasets with different settings such as compression for optimal use of space
  • You have the option of the Basic Wizard, the Advanced Wizard, or the FreeBSD CLI partitioning system
  • The advanced Wizard also allows you to setup more complex ZFS mirror or RAIDZ
  • You can choose to optionally encrypt your hard disk using GELI
  • Warden is a Graphical and Command Line based manager for FreeBSD’s Jails feature
  • In FreeBSD a jail is a secondary installation of the OS files, which is then started in a chroot, and the processes, network and user/group IDs are separate
  • Allows you to manage three types of jails:
  • Traditional Jail – run internet applications in a container, if compromised, the attacker only gains access to the jail, not the host OS
  • Ports Jail – less secure version if jails, allows you to install applications from the FreeBSD ports tree without interfering with the PBI package manager in the host OS
  • Linux Jail – install Debian or Gentoo in a jail, and run your linux applications in a full linux environment
  • Warden also allows you to stop a jail, pack it up, and move it to a different physical machine
  • Warden also allows you to install meta-packages into the jails with a single click, allowing you to deploy apache+php+mysql in no time
  • Warden can back your jails storage with ZFS, allowing you to take advantage of ZFS features such as snapshots, clones (writable snapshots), revert to a previous snapshot, etc

Installing and configuring Squid and DansGuardian under FreeBSD

Installing and configuring FreeBSD as router is something most of us won’t do daily. It’s one of those jobs you do once, and when it’s up and running, you let your server / router do its work and you don’t touch it – unless there’s a problem.

Squid and DansGuardian are some excellent tools for caching and content filtering. Squid is a caching proxy  supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. DansGuardian is a web content filter. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering.

Since configuring Squid and DansGuardian is not something we daily do, the following tutorial may be useful: Installing and configuring Squid and DansGuardian under FreeBSD.

If you run pfSense, you can install Squid and DansGuardian too.

Another interesting tutorial is the one on creating plugins for FreeBSD’s new pkgng package management: Writing plugins for pkgns.

 

Miscelaneous FreeBSD news updates (Calligra, EC2, Dev’s Corner, GhostBSD)

FreeNAS 8.3.0-BETA1 is now available

The FreeNAS development team has announced the availability of FreeNAS 8.3.0-BETA1.  This is the first public release of the 8.3.0 branch of FreeNAS, which upgrades the underlying base system of FreeNAS to FreeBSD 8.3-RELEASE-p7. This update brings with it version 28 of the ZFS filesystem, as well as a number of updates to the drivers and utilities in the base system.

FreeNAS 8.2.0 brought with it the ability to install plugins, this functionality is present in FreeNAS 8.3.0 as well.  At the moment upgrading the plugin jail to the version included with FreeNAS 8.3.0-BETA1 will cause plugins to stop working and will require re-installation and reconfiguration of all plugins to resume normal operation.  It is recommended to avoid upgrading working components of the plugin system.

ZFS v28 includes several features such as the ability to detach a dedicated ZIL device, triple parity RAIDZ, and deduplication.  There are numerous caveats to using deduplication, please do some research into the possible caveats of using dedup before enabling it.

Take Note, upgrading an existing ZFS pool is a one way street, once the upgrade is done it is not possible to use older versions of FreeNAS, nor is it possible to downgrade your pool.  This upgrade can be done by running zpool upgrade from the CLI, it is not done automatically via the upgrader, nor is there a way to do the upgrade from the GUI.

FreeNAS 8.3.0-BETA1 can be downloaded from this location this location.

FreeNAS is shaping up to become one of the best, free NAS operating systems