January 29, 2004
FreeBSD Wi-Fi IPsec setup
Setting up a connection between a Windows host with a wireless ethernet card and a FreeBSD NAT gateway. FreeBSD Wi-Fi IPsec easy-setup guideCVSUp FAQ
A page by the creator of cvsup, the tool used to keep your FreeBSD machine up to date. Includes a FAQ too. CVSup Home PageSamba HOWTO Collection
Probably one of the most used, least understood and most problematic port is SAMBA. You use Samba to interface with Windows network shares, either mountint them on your FreeBSD machine (that's how I use it), or mounting FreeBSD folders on Windows machines. It's kind of a pain to configure and get running, so there's lots and lots of questions on it on the freebsd-questions mailing list. Here's a link to the canonical list of Samba HOWTOs: Samba HOWTO CollectionJanuary 28, 2004
PPP
How to use PPP article. I think the title is supposed to be on a cable modem, not or a cable modem, though. Also note that a user who wishes to do this needs to be a member of the dialer group, as well as the network group as mentioned in the article, or so I've read about FreeBSD 5.x. Not sure about 4.x, as I don't use PPP. ONLamp.com: Connecting to the Internet Using PPP or a Cable Modem [Jun. 14, 2000] Also, see the man page for ppp:FreeBSD Hypertext Man Pages: ppp
January 27, 2004
Monitoring Programs
A couple programs you can use to monitor your computer. They will check various statuses and email you if there is a problem. I'm going to probably give Nagios a try, as it is in the ports:- Port description for net/nagios
- Big Brother is the free version of Big Brother Professional; the pro version adds lots of configuration stuff and ease of use. Big Brother System and Network Monitor
January 26, 2004
Updating a Binary FreeBSD
If you've installed FreeBSD via a binary, rather than from the source, it can be a bit of a pain getting the updates. Here's a site that runs a server that rebuilds all the security updates, and provides them as an update to binary systems, ala the Windows Update tool in WinNT/WinXP. I do it from the source (via cvsup), so I don't use this service, but it probably is a life-saver for some! FreeBSD UpdateFreeBSD firewall config
Yet Another Page showing a HOW-TO configure a firewall for FreeBSD. Oddly enough, it doesn't say whether it is ipfw or ipfilter, but I'm pretty sure it is ipfw: FreeBSD Firewall ConfigurationJanuary 25, 2004
cvsup examples
Here is the path to example command files for the very important cvsup command:/usr/share/examples/cvsup
chkrootkit
Interesting package that checks all your system files to make sure there a trojan horse program hasn't modified any of them: chkrootkit -- locally checks for signs of a rootkit Port description for security/chkrootkitBSD History lesson
Nice BSD history lesson. Only goes up to about 2000, but still gives a nice, in-depth view of how BSD in general came up. O'Reilly Network: 20 Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable [Mar. 14, 2000]January 24, 2004
Find the fastest cvsup server
Cool little PERL utility to ping all the various cvsup servers and find the "fastest" one - ie, the one that currently has the lowest response time. Actually, it gives you the top three. So of course it is merely a slice in time, but hey, at least it gives you something to go off of. A sample command line might be:$ fastest_cvsup -c usThis will find the fastest ones in the United States. Port description for sysutils/fastest_cvsup
Upgrade!
Well, I just upgraded my FreeBSD 4.7 system to 4.9 and things are looking pretty good so far. Sometimes, bugs show up in the strangest places, but the server and such are all running okay, so I'm pretty happy with the move. Now I just need to figure out how to best keep it up to date vis-a-vis the 4.9-RELENG tag. I do a cvsup as required, but I just need to nail down the exact steps needed to keep the actual installation up to date. Like when exactly do I need to do more? Do I just do the complete cycle, including mergemaster? Or is just building the kernel enough? Ahh, things to figure out...January 23, 2004
m0n0wall
Another small FreeBSD variant, which gives you a complete embedded firewall. It also claims to have the "first" boot-time php configuration.: m0n0wallNetBoz
An interesting FreeBSD variant - a single bootable CD that will turn your old Pentium class PC into a FreeBSD firewall machine. I just might give this one a try: NetBoz FirewallJanuary 22, 2004
Text mode browsers
Here's a great posting by andi payn on lots of text mode browsers:As othes have mentioned, there are many choices--but you probably just want to know which one to use, and how to get started. You probably want elinks. Install it from /usr/ports/www/elinks. Run it like this: 'elinks http://www.google.com'. If you want a graphical browser that works without X, and you have SVGAlib set up, you might want links' graphic mode. Install it from /usr/ports/www/links, and run it like this: 'links -g http://www.google.com'. Or try wb0, or w3m-img. There are a few better options out there, too, but none have been ported to FreeBSD. Here's a brief survey of each of the choices: telnet (or nc, or w3c, wget, or curl): If you can speak http and read html, you can talk directly to the server, if you really want to. www: If you're stuck with a console without curses/ANSI support--or it's 1989--this is pretty spiffy; otherwise, stay away. lynx: The first decent text browser; you want the ssl-patched version. But you probably want elinks instead. links: Essentally lynx plus frames, tables, image maps, ssl, cache management, background downloading, etc. You want 2.1, not 0.98. Or, better, elinks. elinks: Links enhanced with even more cool features. links -g: Adds inline images to links. Works in SVGAlib as well as X. wb0: A graphical browser for SVGAlib, which sometimes works better than links -g, although it's not nearly as complete. netrik: The only real alternative to the links family for text browsing; not as good (especially since it doesn't quite get cons25 or xterm), but if elinks won't work with some site, try netrik. w3m: This is what web browsing would have been like on an Apple ][ or C=64. It does look nice, but it's low on features and has a weird interface. w3m-img: This is w3m with inline image support. emacs-w3m: If you believe that the editor is the operating system, and never leave emacs, you can run w3m from inside emacs. w3: If you really love emacs, wouldn't you rather use a web browser built in emacs-lisp? retawq: Quite cool in some ways, but not complete, not exactly designed for novices, and not up-to-date on features. Oh, and dark blue on black can be a bit hard to read. surfraw: Not a web browser itself, but very handy for text browsing. Instead of navigating to the Webster dictionary site and filling in the forms to look up "free," just type "webster free" and it'll launch your favorite text browser with the answer.
PicoBSD
A very small FreeBSD (3.0-current) distro. It fits on a single 1.4mb floppy! Very useful for booting from if there are problems. PicoBSD, the Small BSD.Open files?
A couple of ways to find out what files are currently opened on your system:
In the base system, there is fstat : FreeBSD Hypertext Man Pages: fstat
You can also list information about open files by using lsof found in ports/sysutils/lsof : Port description for sysutils/lsof
January 21, 2004
Checking connecttions
I always wondered how to check to see if anyone is currently using either ftp or http. Sometimes, if my DSL modem light is blinking furiously, I like to see what's going on. Early on in my server days, I noticed a problem once and it turned out some hackerz had slipped into my ftp site and were using it to trade malware! So I keep a close watch these days.
Anyway, I recently came across two methods that I think do this:
$ netstat -anf inetand
$ sockstat
They both show current connections, and who is using them.
fwbuilder
More in the firewall vein; here's a tool to help you build your firewall rules, by far the most complicated part of using a firewall - fwbuilder. It supports ipfw out of the box, and also purports to support ipfilter. Gotta get started on this trip myself.
Description for ports/security/fwbuilder A note by Phil Payne on using fwbuilder:One quirk, when using fwbuilder with IPFW, the divert to natd isn't supported so I'm installing the rules with a little script that inserts the natd rule appropriately.
--- #!/bin/sh.fw # Installs the rules generated by fwbuilder ipfw delete 1 # delete the check-state rule at 00001 ipfw add 1 divert natd ip from any to any via # add new divert rule at 1 ipfw add 2 check-state # re-add the check-state 2 ---
ipfw.HOWTO
I still haven't decided what firewall, if any, to use. Yeah, I know, I should have one, but I don't. I think there are pretty much 2 choices with FreeBSD - ipfw (explained in the FreeBSD docs) and ipfilter. Here's a good link to get you started if you go down the ipfw road:
ipfw-HOWTOFreeBSD LiveCD project
What a great idea! A set of scripts that builds an image to burn on a CD. This image is a complete, bootable FreeBSD installation. This would be especially nice for doing full backups.
The FreeBSD LiveCD ProjectBurning CDs
Quick List of apps for burning CDs on FreeBSD:- mkisofs --- for creating iso's
- burncd --- for ATAPI CDRW
- cdrecord --- for SCSI CDRW, and SCSI emulation of ATAPI CDRW
January 06, 2004
January 02, 2004
Ports help
Ports Tricks by Dru Lavigne -- One of FreeBSD's biggest benefits is its ports collection. You can go years without learning more than just make install clean, but there are dozens of features built into the ports tools. Dru Lavigne demonstrates several of these tricks to simplify your life.
