FreeBSD news and links round-up – week 44

Welcome to the weekly (Free)BSD news round-up (week 44) where we have a mix of news snippets, links, howto’s and software/package updates for you all. These tid-bits are all very interesting and news worthy, yet too small to package as individual posts.

FreeBSD News

A FreeBSD Success Story

… Then, we switched the server to a new one, quad core, sixty gigabytes of ram and two terabytes of disk. This time, I chose FreeBSD because I knew that it would work greatly ! Linux could have worked too, maybe we could have more performance, but it would not be as easy to manage as our FreeBSD box… More

FreeBSD Ports

Bernhard Fröhlich joined the FreeBSD Ports Team in October.

Releases

1. FreeNAS 8.3 User Guide

The FreeNAS 8.3.0 Users Guide is available for download as EPUB, HTML and PDF.

2. M0n0wall 1.34b1 released

Manuel Kasper has announced Beta1 of M0n0wall 1.34.

“A maintenance version in the m0n0wall 1.3 branch has been released: 1.34b1 includes the CSRF-related fixes recently made to the beta branch, as well as a few others security-relevant things. Nothing is high priority, but once 1.34b1 has received some wider testing, it will be re-released as 1.34, and 1.33 users will be recommended to upgrade.”

Software/package updates

1. FreeBSD/Raspberry Pi

Gonzo has mentions that he has moved his FreeBSD/Raspberry Pi project into FreeBSD Head / Current.

2 KNemo 0.7.4 receives major improvements for FreeBSD

KNemo is a tool that monitors the network traffic and provides a tray widget for every network interface, support for network statistics, and different icon themes.

Highlights of the release are:

• Bugs in the BSD backend has been fixed;
• Wrong traffic bug reported on FreeBSD has been repaired;
• Wrong encryption state for mixed WEP connections on FreeBSD has been fixed;
• Default gateway previously undetected on FreeBSD is now working properly;
• A monochrome icon theme has been added;
• Support for the legacy system tray icon has been removed;
• Embedded plotter code has been dropped in favor of libksignalplotter.

Websites / Social Media

As some of you may have seen already RootBSD has a new website. It looks very clean and slick and looks more ‘web 2.0′ than the previous version.

RootBSD was established with one goal in mind: to provide reliable, flexible, and supported BSD-based hosting services to professionals and businesses. Our extensive selection of FreeBSD, OpenBSD, and Linux hosting packages means there is a right package for almost everyone.

(Free)BSD Events

1. PfSense Weekend (Brazil)

There will be a classroom pfSense weekend in Porto Alegre (Brazil) from 14-16 December. More details on http://www.cursopfsense.com.br/

New FreeBSD Committers

In October 2012 the following people became new committers or were given enhanced FreeBSD update rights: Simon J. Gerraty (src), Erwin Lansing (src, ports) and Eitan Adler (src, ports, doc).

BSD / Unix Family News

OpenBSD 5.2 arrives with improved multi-core support.

The OpenBSD project has released version 5.2 of its free BSD-based UNIX-like operating system. According to its developers, the most important change in the new release is the switch from user-level to kernel-level threads. This allows programs with multiple threads to use multiple CPU cores. (via)

pfSense tutorial: Configure pfSense as an SMB-caliber firewall

“Imagine this scenario: Another business group in your midsize company needs some new network connectivity, but they also require a number of network security features, including an integrated access point, user authentication, VPN capabilities, and a firewall to separate a certain group from the rest of the network. Oh, and they also want access to Snort and Nmap. Luckily, pfSense offers all of these features along with a number of customization options.”

Keith Barker explains in this video tutorial how to configure an SMB-caliber firewall

pfSense – Squid + Squidguard / Traffic Shapping Tutorial

Ever wanted to set up a pfSense firewall/router with content filtering? Howtoforge has one of the easiest tutorials to help you set this up. If you have a spare box, there’s no reason now to wait any longer: pfSense – Squid + Squidguard / Traffic Shapping Tutorial

In this tutorial I will show you how to set up pfSense 2.0.1 up as an Internet Gateway with Squid Proxy / Squidguard Filtering. I will also show that you have to configure some extra features of pfSense like traffic shapping with squid.

Installing and configuring Squid and DansGuardian under FreeBSD

Installing and configuring FreeBSD as router is something most of us won’t do daily. It’s one of those jobs you do once, and when it’s up and running, you let your server / router do its work and you don’t touch it – unless there’s a problem.

Squid and DansGuardian are some excellent tools for caching and content filtering. Squid is a caching proxy  supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. DansGuardian is a web content filter. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering.

Since configuring Squid and DansGuardian is not something we daily do, the following tutorial may be useful: Installing and configuring Squid and DansGuardian under FreeBSD.

If you run pfSense, you can install Squid and DansGuardian too.

Another interesting tutorial is the one on creating plugins for FreeBSD’s new pkgng package management: Writing plugins for pkgns.

 

Traffic Shaping with pfSense and HFSC (video)

This screencast demonstrates the use of a pfSense device for traffic shaping on a typical home network, with the goals of minimizing latency and maximizing throughput. In particular, we use a three-tier queue configuration where a parent speedboost queue on each interface contains leaf queues that catch all the traffic. The speedboost queues use HFSC’s non-linear service curve to match the behavior of the comcast speedboost. The leaf queues are configured to partition the available bandwidth, and automatically allow ‘borrowing’ when there is no contention.


Section links:

  • Installation / Setup: 3min:01sec
  • Monitoring: 6min:30sec
  • Traffic Shaping: 15min:34sec

HOWTO: Run pfSense nanobsd in VirtualBox

There’s a very useful howto on the pfsense forums showing step-by-step how to run pfSense in virtualbox:

  1. Get Oracle VirtualBox from https://www.virtualbox.org/ or from the repo of your distribution. Works in Windows, Linux too.
  2. Download a VGA-enabled nanobsd version of pfSense from here. For example pfSense-2.0.1-RELEASE-4g-i386-nanobsd_vga.img.gz.
  3. Decompress the .gz to get a plain disk image .img file (you need pfSense-2.0.1-RELEASE-4g-i386-nanobsd_vga.img)
  4. Convert the disk image to a virtual hard disk using this command:
    1. Code: VBoxManage convertfromraw pfSense-2.0.1-RELEASE-4g-i386-nanobsd_vga.img pfSense-2.0.1-RELEASE-4g-i386-nanobsd_vga.vdi
    2. Don’t worry if the .vdi file will be much smaller. It will actually be a dynamic virtual disk, which physically occupies only the amount of data which is not empty.
  5. Create a new virtual machine in VirtualBox, using these settings:
    1. Enable IO APIC
    2. 512MB of RAM (or more, I guess)
    3. no audio, no USB
    4. 2 network adapters, first bridged to your physical NIC, second “Host-Only Adapter”, both Intel PRO/1000 T Server. Untick “Cable connected”
    5. a serial port, just to be sure
    6. use as hard disk the .vdi image you created in step 4
  6. Boot up the virtual machine, let pfSense start up
  7. Assign network interfaces as usual, to simulate cable connection open “Network Adapters” window and tick back  “Cable connected” when appropriate. Make the first (em0) as WAN, the second (em1) as LAN.
  8. Set manually IP address of LAN to 192.168.56.10 (or any IP within your “Host-Only Adapter network”)
  9. Type your LAN address in your browser and you’re in!

pfSense 2.0.1, load balancing and pfSense Cookbook

 

pfSense is a powerful, open source, free and FreeBSD based firewall and security solution. The follwoing are three links you may be interested in if you use or would like to use pfSense.

pfSense 2.0.1 announcement

Chris Buechler has announced the release of pfSense 2.0.1. This is a maintenance release with some bug and security fixes since 2.0 release. This is the recommended release for all installations.

How To Use pfSense to load balance your Web Servers

This howto shows you how to configure pfSense 2.0 as a load balancer for your web servers. It is assumed that you already have a pfSense box and at least 2 Apache servers installed and running on your network, and that you have some pfSense knowledge.

How To Use pfSense To Load Balance Your Web Server

pfSense Cookbook

There’s a great pfSense reference book published earlier this year, pfSense 2 Cookbook. It’s great for network admins, but also the casuel pfSense user. It’s a preatical, example-driven guide to configure the simple and the most advanced features for pfSense.

The chapters in the book are:

  • Initial Configuratino
  • Essential Services
  • General Configuration
  • Virtual Private Networking
  • Advance Configuration
  • Redundancy, load balancing and fail over
  • Services and maintenance
  • Appendix 1 – Monitoring and logging
  • Appendix 2 – Determining hardware requirements

The book is full with screenshots, explaining all the different settings.

You can “look inside” book: pfSense Cookbook