pfSense FAQs

pfSense is an open source distribution of FreeBSD-based firewall which provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options.

Matt Williamson takes a look at some frequently asked questions on pfSense such as:

  • Q: What are the minimum hardware requirements for pfSense?
  • Q: How does pfSense identify and assign interfaces?
  • Q: How to enable the Secure Shell (SSH) service in pfSense?
  • Q: How does pfSense assign DNS servers to the DHCP clients?
  • Q: What happens if the Register DHCP Leases in DNS Forwarder is enabled?
  • Q: What is an alias? What are the different types of aliases in pfSense?
  • Q: How does the OpenVPN service work?
  • Q: What are Gateway Groups?
  • Q: How are bridged interfaces useful and how can one bridge together two interfaces in pfSense?
  • Q: What is OLSR and how is it enabled in pfSense?
  • Q: How to configure pfSense to automatically back up its configuration file?

For the answers, check out the pfSense FAQ page on the PacktPub website or the purchase the Matt’s pfSense 2 Cookbook for many more answers and guides.

libcxxrt C++ runtime available under BSD License

The FreeBSD Foundation and the NetBSD Foundation announced that they have acquired a non-exclusive copyright license to the libcxxrt C++ runtime software from PathScale, a leader in high performance Fortran, C and C++ compiler products for AMD64, Intel64 and MIPS.

Check out the press release for the details: libcxxrt C++ runtime available under BSD License

BSD Magazine 2011-05: Embedded BSD – FreeBSD and ALIX

A new issue of the free BSD Magazine is available: Embedded BSD – FreeBSD and ALIX (pdf).

From the table of contents:

Introduction to the Z Shell

In this modern age of computing, we are offered many choices with regard to how we might interact with our machines.

Supporting Multiple Desktops in PC-BSD 9.0

Beginning with version 9.0, PC-BSD will allow the selection of multiple desktops during installation. This article describes what changes were needed to allow for multiple desktop support and how you can help the PC-BSD project in this endeavour.

DragonFly News

Evolution of an OpenBSD Port

In this article I’ll talk about the evolution of the OpenBSD port of radicale (http://www.radicale.org/), a nice small, simple CALDAVbased calendar server written in Python by Guillaume Ayoub.

FreeBSD & Alix A pint sized install of an Enterprise OS

The embedded device or Single Board Computer (SBC) market has for the most part, been dominated by variety of Linux derivatives.

Mono (C# and the .NET Framework) on FreeBSD

The .NET Framework and the C# language have simplified the software development process in many ways.

Drupal on FreeBSD part 6

In this the last article in the series on the Drupal Content Management System, the author looks back at what has been covered in the previous 5 articles and shares his real world experience with Drupal.

Backups – Made Easy A fast solution to a real problem

When you have to do a major Operating System or Application upgrade, this script and server with big disks, will get the job done.

Fighting DDoS Attacks with PF

For a long time, Denial of Service attacks were disregarded, as they were considered to be the work of script kiddies.

The MacOS X Command Line

My wife thinks I bought my Mac laptop to use as a status symbol. But every hacker knows I bought it because I wanted a decent Unix laptop.

Implementing OpenSMTPD An Independent Reference Document

OpenSMTPD is one of the mail servers included with OpenBSD. Configuring OpenSMTPD is more readily understood and comparatively less complex than configuring Sendmail.

License Wars!

When I sat down to brainstorm on this month’s article, I decided to write about something out of the ordinary. Obviously, the topic had to be related to BSD, yet, I was determined to touch upon something that is a bit above than just being ‘geeky’. Why? Simply to make BSD fanatics proud, and at the same time show non-BSD fans how great the world of BSD is!

Allocating Dynamic Memory with Confidence

Embedded software applications face many challenges that are not present on desktop computers.

FreeNAS 8.0-RELEASE now available (detailed)

Following one beta and five release candidates (RC’s), FreeNAS 8.0-RELEASE has been made availabe earlier this week by iXsystems, the corporate sponser behind the FreeNAS Project. The last stable release was FreeNAS 0.7.2 (Sabanda), released mid-October 2010.

FreeNAS is a popular FreeBSD-based network storage server (NAS) that includes a full web based GUI, with support for FTP, NFS, CIFS (Samba), AFP, rsync, iSCSI protocols and software RAID (0,1,5).

FreeNAS 8 includes major architectural optimisations and is more modular than previous versions. To make the system easier to use, the GUI has been redesigned and rebuilt using Python and the Django web framework.

Highlights include better Apple Filing Protocol (AFP) and Common Internet File System (CIFS) configurations, as well as reworked and improved iSCSI support. Other changes include the addition of a volume importer, support for 6gbps 3Ware RAID controllers and GUI access via the HTTPS protocol.

The ZFS and UFS2 filesystems are both supported, but ZFS is the primary filesystem (ZFS on FreeBSD videos) which comes with many features, including quotas, snapshots, compression and replication that are not available in UFS2.

FreeNAS 8 requires a device of at least 1Gb in size and should be installed to a USB stick or Compact Flash device. Unlike previous versions, the drive that FreeNAS is installed on cannot be used as a component for a volume, nor can it be partitioned for sharing.

Upgrades from FreeNAS 0.7.x are unsupported as “the system has no way to import configuration settings from 0.7 versions of FreeNAS”. However, the volume importer “should” be able to handle volumes created with FreeNAS 0.7.

The FreeNAS stable versioning numbers have changed from 0.7.x to 8.0 to reflect the version number of the underlying FreeBSD base version. This version of FreeNAS (8) version is based on FreeBSD 8.2, but it is called 8.0 as there are near-future plans to add functionality that will get the versions caught up. Once FreeNAS 8.2 is out, a suffix will be added, such as 8.2.1 and 8.2.2.

Continue reading

FreeBSD Events Update (EuroBSDCon, BSDCan, NYCBUG, SCALE)

Below some links, resources and updates for future and past (Free)BSD conferences:

1. BSDCan 2011 will be held this month (11-13 May).
Links: RegistrationScheduleMain Page

2. The EuroBSDCon 2011 website has gone live. This year it will be the 10th anniversary and the conference will be held in Holland (6 – 9 Oct). I’m hoping to attend.
Links: Call for papersMain Page

3. BSD High Availability tutorial (NYCBUG) – MP3

The BSD High Availability (HA) suite has some very handy and powerful features. However, as with all systems, there are certain considerations to be made when rolling out a HA implementation. This talk will focus on the security considerations when rolling out a BSD HA implementation.

The talk covers the following:

* An explanation of the BSD HA environment (CARP, pfsync, sasyncd)
* How these components, specifically CARP, function at a lower level
* Current and potential attacks against the HA environment, including some demos
* Security considerations when rolling out a HA implementation and applicable work-arounds
* Ideas on how to improve the security and flexibility of the BSD HA tool suite Download the MP3 file

4. Video of SCALE 2011 presentation by Dru Lavigne, titled”PC-BSD: an Easy to Use Open Source Desktop“.

5. FOSDEM Trip report by Brooks Davis

Brooks Davis has provided a trip report for FOSDEM 2011; it includes some interesting notes on clang/llvm.

 

 

FreeBSD on Amazon EC2 cluster compute, and the Cloud

FreeBSD on Amazon EC2

Colin Percifal announced back in December 2010 that he had managed to make FreeBSD run on Amazon EC2. There were some quirks and some work-rounds needed, but it worked.

FreeBSD ran only on the ‘small t1.micro’ instance, but it wasn’t working on the ‘cc1.4xlarge instances’ (8 cores of 2.93 GHz Nehalem, 23 GB of RAM, two 840 GB disks). Colin announced that this is now working: FreeBSD Amazon EC2 Cluster Compute.

Personally, I don’t like the idea of keeping any (personal) data and files in the Cloud, but it’s great news that FreeBSD runs on Amazon EC2. After all, FreeBSD is lean, agile and flexible,  so it should be able to run on almost anything.

The Cloud

Talking about the Cloud, the idea is nice, but it is dangerous, for security and availability reasons, to be dependent on a 3rd party cloud provider, whether it be Google, Amazon, RackSpace etc.

The following are some links to recent events showing how unreliable and insecure cloud providers can be.

Though these issues, vulnerabilities and problems have been dealt with and fixed (esp. the Tarsnap problem was handled very well), trusting and relying on ‘the cloud’ should be a decision that is well considered. Even Tarsnap, a service run by Colin, a highly regarded FreeBSD security specialist, had a security problem!

No company, however big it is, however much knowledge and experience they have, is able to offer 100% uptime and guarantee 100% data security.

Private Clouds could be the golden middle way, e.g. ownCloud, OpenStack, Eucalyptus. Cloud technology but run and managed within a / your company.

FreeBSD Installer and FreeBSD Version polls (results)

Many thanks to everybody who recently took a minute voting in the “FreeBSD Installer preference” poll and the “FreeBSD version usage” poll.

Below the numbers, percentages and the charts.

1. What kind of FreeBSD Installer do you like?

2. What version of FreeBSD are you using?

These polls are in no way scientific and may not be reflective of views and preferences of the FreeBSD community as a whole, but they give some interesting pictures.

There are at least two servers with FreeBSD 1.x  churning away and at least 13 are still running FreeBSD 4.x. I suppose these are cases of “if it ain’t broken, don’t fix it”. About 80% of the votes were for FreeBSD 7.x and 8.x.

Interestingly, about 50% of the votes were for a FreeBSD installer where you can choose to go either GUI or ncurses.