Pfsense – With out doubt a very good software firewall

An account from a happy user of pfSense:

“I had been reviewing pfsense firewall recently. After using an outdated Watchguard firebox for long, we wanted to replace it with something reliable and easy to manage remotely. Previously our NOC team was looking at Endian for a lot of customers but it ended up as a wrong choice of technology with many of the stuff not working as expected and some of the crucial features missing or not working no matter repeated attempts.

Installation of Pfsense is straight forward but can be a little confusing for a novice user especially assigning the WAN and LAN interfaces. But there are lots of step by step installation videos in youtube to rescue. Once you have got the web based GUI, then configuring everything is a breeze. I liked the PPTP feature which many of the s/w firewalls were missing.

Since we liked it a lot we are moving our internal office n/w also under pfsense which means ‘RIP’ for the pretty old watchguard or serve me at my home.”

Source (confiance.com): Pfsense – With out doubt a very good Software firewall

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

Chris Buechler has created a list of pfSense 2.0 New Features and Changes.

A work in progress list of 2.0 new features and changes is available. I think that has most of the changes, but it’s definitely missing some. If you notice anything that was missed, please leave a comment. We’ll be adding to it as we review the list more in the coming days. (source)

HOWTO: Create a FreeBSD 8 i386 Xen PV domU

Aprogas has put together a very useful howto showing how you can create a FreeBSD Xen PV domU.

Xen is virtualization software, which lets you run multiple operating systems on the same physical machine. The goal of this guide is to show you how to create a FreeBSD 8 installation that will run as a guest OS, without the need for a processor that supports hardware-assisted virtualization. It would go beyond the scope of this guide to explain how exactly Xen works or what the differences between PV and HVM are, suffice to say dom0 is the host OS and domU the guest OS. Although FreeBSD fully supports being a Xen domU, it is not yet very well documented and not suited for novice Xen users. Especially the lack of a Xen-aware installer or pre-built Xen-aware images make things more difficult. If you are a Xen novice, I recommend starting first with pre-built Linux images, and then trying a NetBSD domU installation, before proceeding with FreeBSD.”

Continues (FreeBSD forums)

Minimizing service windows on servers using NanoBSD + ZFS + jails


Paul Schenkeveld: Minimizing service windows on servers using NanoBSD + ZFS + jails

AsiaBSDCon 2010 paper session.

Abstract:

With more and more services and applications running on your average server, upgrading the operating system and application software becomes trickier and larger service windows are needed performing these upgrades.

Over the last four years the author has searched for means and methods to keep software up to date with minimum downtime and inconvenience for users and maximum consistency. The result is a model which combines the strength of NanoBSD, ZFS and jails to build servers where application upgrades result in downtime of only a few seconds and kernel upgrades only need the time to reboot without installing in (tampering with) the running system. This system is in production now for several months on about 10 servers at five different sites.

Hardware Performance Monitoring Counters (video)


George Neville-Neil: Hardware Performance Monitoring Counters on non-X86 Architectures

AsiaBSDCon 2010 paper session.

Abstract:

Hardware Performance Monitoring Counters provide programmers and systems integrators with the ability to gather accurate, low level, information about the performance of their code, both at the user and kernel levels. Until recently these counters were only available on Intel and AMD chips but they have now been made available on alternate, embedded, architectures such as MIPS and ARM.

This paper discusses the motivation, design and implementation of counters using the hwpmc(4) driver in the FreeBSD operating system with an eye towards easing future porting efforts.

BSD in the routing industry (video)


Massimiliano Stucchi: BSD in the routing industry

AsiaBSDCon 2010 paper session.

Abstract:

The BSD family has always been very well known for its robust network stack, hence it has been widely used in many different fields and applications. In the ISP market, though, the situation is totally different, and solutions employing *BSD operating systems are often discarded in favour of proprietary solutions.

In this talk we will discuss the different possibilities offered by the BSD operating systems family in terms of networking tools and practices, compared to proprietary solutions offered by companies such as Cisco and Juniper, detailing the differences between them and highlighting the major points and drawbacks of each of them, up to a cost comparison in real field applications.

Real field applications will be introduced via explanation of the solutions created using BSD-based routing software in the real industry running in two different environments, an ISP spanning Europe and another one offering WISP services.

We will also delve into the experience in running a FreeBSD-/OpenBSD- and OpenBGPd-based route server at MINAP, the MIlanNeutralAccessPoint, describing success stories and guiding the audience into a comparison with the other route servers running at the same IX, powered by Linux and Bird/Quagga.

Quiet Computing with BSD (video)


Constantine A. Murenin: Quiet Computing with BSD

AsiaBSDCon 2010 paper session.

Abstract:

Quiet Computing with BSD (Programming system hardware monitors for quiet computing)

In this talk, we will present an overview of the features and common problems of microprocessor system hardware monitors as they relate to the topic of silent computing. In a nutshell, the topic of programmable fan control will be explored. A live demonstration of the fan-controlling prototype might be possible.

Silent computing is an important subject as its practice reduces the amount of unnecessary stress and improves the motivation of the workforce, at home and in the office.

Attendees will gain knowledge on how to effectively programme the chips to minimise fan noise without impeding reliability or causing any system failures, as well as some basic principles regarding the practice of quiet computing.

A patch for programming the most popular chips (like those from Winbond) is already publicly available for the OpenBSD operating system, although the talk itself will be more specific to the microprocessor system hardware monitors themselves, as opposed to any specific interfacing with thereof in modern operating systems like OpenBSD, NetBSD, DragonFly BSD and FreeBSD.

Wireless Mesh Networks under FreeBSD (video)


Rui Paulo: Wireless Mesh Networks under FreeBSD

AsiaBSDCon 2010 paper session.

Abstract:

With the advent of low cost wireless chipsets, wireless mesh networks became much more attractive for both companies, governments, and the general consumer. Wireless mesh networks are being used extensively since the popularization of the 802.11 wireless technologies, but usually they worked with the help of layer 3 routing technologies.

Since 802.11 didn’t provide any kind of support for wireless mesh networks, in 2004, IEEE created the Task Group s (TGs) to develop a new amendment to 802.11 which would define the operation of a wireless mesh network using existing 802.11 hardware and having a routing protocol work at layer 2. Later, the amendment also included provisions for mesh authentication, encryption, link management, bridging mesh networks with other types of networks, and channel reservation.

This paper will talk about the FreeBSD implementation of 802.11s that’s available in version 8.0 and beyond. This work was sponsored by The FreeBSD Foundation.

Porting HPC Tools to FreeBSD (video)


AsiaBSDCon 2010 paper session.

Abstract:

Since 2001 we have used FreeBSD as a high performance computing (HPC) cluster operating system. In the process we have ported a number of HPC tools including Ganglia, Globus, Open MPI, and Sun Grid Engine. In this talk we will discuss the process of porting these types of applications and issues encountered while maintaining these tools. In addition to generally issues of porting code from one Unix-like operating system to another, there are several type of porting common to many HPC infrastructure codes which we will explore. Beyond porting, we will discuss how the ports collection aids our use of HPC applications and ways we think overall integration could be improved.