FreeBSD Wi-Fi IPsec setup

Setting up a connection between a Windows host with a wireless ethernet card and a FreeBSD NAT gateway.

FreeBSD Wi-Fi IPsec easy-setup guide

CVSUp FAQ

A page by the creator of cvsup, the tool used to keep your FreeBSD machine up to date. Includes a FAQ too.

CVSup Home Page

Using Samba

Complete text for the invaluable O'Reilly book, Using Samba :

Using Samba

Samba HOWTO Collection

Probably one of the most used, least understood and most problematic port is SAMBA. You use Samba to interface with Windows network shares, either mountint them on your FreeBSD machine (that's how I use it), or mounting FreeBSD folders on Windows machines. It's kind of a pain to configure and get running, so there's lots and lots of questions on it on the freebsd-questions mailing list. Here's a link to the canonical list of Samba HOWTOs:

Samba HOWTO Collection

PPP

How to use PPP article. I think the title is supposed to be on a cable modem, not or a cable modem, though. Also note that a user who wishes to do this needs to be a member of the dialer group, as well as the network group as mentioned in the article, or so I've read about FreeBSD 5.x. Not sure about 4.x, as I don't use PPP.

ONLamp.com: Connecting to the Internet Using PPP or a Cable Modem [Jun. 14, 2000]

Also, see the man page for ppp:

FreeBSD Hypertext Man Pages: ppp

Monitoring Programs

A couple programs you can use to monitor your computer. They will check various statuses and email you if there is a problem. I'm going to probably give Nagios a try, as it is in the ports:

• 
  Port description for net/nagios
  


• Big Brother is the free version of Big Brother Professional; the pro version adds lots of configuration stuff and ease of use. Big Brother System and Network Monitor
  

BSDNexus.com

Interesting little site with lots of BSD links:

BSDnexus.com - home of the daemon

Updating a Binary FreeBSD

If you've installed FreeBSD via a binary, rather than from the source, it can be a bit of a pain getting the updates. Here's a site that runs a server that rebuilds all the security updates, and provides them as an update to binary systems, ala the Windows Update tool in WinNT/WinXP. I do it from the source (via cvsup), so I don't use this service, but it probably is a life-saver for some!

FreeBSD Update

FreeBSD firewall config

Yet Another Page showing a HOW-TO configure a firewall for FreeBSD. Oddly enough, it doesn't say whether it is ipfw or ipfilter, but I'm pretty sure it is ipfw:

FreeBSD Firewall Configuration

cvsup examples

Here is the path to example command files for the very important cvsup command:

/usr/share/examples/cvsup

chkrootkit

Interesting package that checks all your system files to make sure there a trojan horse program hasn't modified any of them:

chkrootkit -- locally checks for signs of a rootkit

Port description for security/chkrootkit

BSD History lesson

Nice BSD history lesson. Only goes up to about 2000, but still gives a nice, in-depth view of how BSD in general came up.

O'Reilly Network: 20 Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable [Mar. 14, 2000]

Find the fastest cvsup server

Cool little PERL utility to ping all the various cvsup servers and find the "fastest" one - ie, the one that currently has the lowest response time. Actually, it gives you the top three. So of course it is merely a slice in time, but hey, at least it gives you something to go off of.

A sample command line might be:

$ fastest_cvsup -c us

This will find the fastest ones in the United States.

Port description for sysutils/fastest_cvsup

Upgrade!

Well, I just upgraded my FreeBSD 4.7 system to 4.9 and things are looking pretty good so far. Sometimes, bugs show up in the strangest places, but the server and such are all running okay, so I'm pretty happy with the move. Now I just need to figure out how to best keep it up to date vis-a-vis the 4.9-RELENG tag. I do a cvsup as required, but I just need to nail down the exact steps needed to keep the actual installation up to date. Like when exactly do I need to do more? Do I just do the complete cycle, including mergemaster? Or is just building the kernel enough? Ahh, things to figure out...

m0n0wall

Another small FreeBSD variant, which gives you a complete embedded firewall. It also claims to have the "first" boot-time php configuration.:

m0n0wall

NetBoz

An interesting FreeBSD variant - a single bootable CD that will turn your old Pentium class PC into a FreeBSD firewall machine. I just might give this one a try:

NetBoz Firewall

Text mode browsers

Here's a great posting by andi payn on lots of text mode browsers:

As othes have mentioned, there are many choices--but you probably just
want to know which one to use, and how to get started.

You probably want elinks. Install it from /usr/ports/www/elinks. Run it
like this: 'elinks http://www.google.com'.

If you want a graphical browser that works without X, and you have
SVGAlib set up, you might want links' graphic mode. Install it from
/usr/ports/www/links, and run it like this: 'links -g
http://www.google.com'. Or try wb0, or w3m-img. There are a few better
options out there, too, but none have been ported to FreeBSD.

Here's a brief survey of each of the choices:

telnet (or nc, or w3c, wget, or curl): If you can speak http and read
html, you can talk directly to the server, if you really want to.

www: If you're stuck with a console without curses/ANSI support--or it's
1989--this is pretty spiffy; otherwise, stay away.

lynx: The first decent text browser; you want the ssl-patched version.
But you probably want elinks instead.

links: Essentally lynx plus frames, tables, image maps, ssl, cache
management, background downloading, etc. You want 2.1, not 0.98. Or,
better, elinks.

elinks: Links enhanced with even more cool features.

links -g: Adds inline images to links. Works in SVGAlib as well as X.

wb0: A graphical browser for SVGAlib, which sometimes works better than
links -g, although it's not nearly as complete.

netrik: The only real alternative to the links family for text browsing;
not as good (especially since it doesn't quite get cons25 or xterm), but
if elinks won't work with some site, try netrik.

w3m: This is what web browsing would have been like on an Apple ][ or
C=64. It does look nice, but it's low on features and has a weird
interface.

w3m-img: This is w3m with inline image support.

emacs-w3m: If you believe that the editor is the operating system, and
never leave emacs, you can run w3m from inside emacs.

w3: If you really love emacs, wouldn't you rather use a web browser
built in emacs-lisp?

retawq: Quite cool in some ways, but not complete, not exactly designed
for novices, and not up-to-date on features. Oh, and dark blue on black
can be a bit hard to read.

surfraw: Not a web browser itself, but very handy for text browsing.
Instead of navigating to the Webster dictionary site and filling in the
forms to look up "free," just type "webster free" and it'll launch your
favorite text browser with the answer.

PicoBSD

A very small FreeBSD (3.0-current) distro. It fits on a single 1.4mb floppy! Very useful for booting from if there are problems.

PicoBSD, the Small BSD.

Wireless FreeBSD

Some links on FreeBSD and wireless networking:

• 
  Wireless Networking
  


• Sys Admin Magazine
  


• My wireless LAN - FreeBSD Bridge
  

Open files?

A couple of ways to find out what files are currently opened on your system:

In the base system, there is fstat :
FreeBSD Hypertext Man Pages: fstat

You can also list information about open files by using lsof found in ports/sysutils/lsof : Port description for sysutils/lsof

Checking connecttions

I always wondered how to check to see if anyone is currently using either ftp or http. Sometimes, if my DSL modem light is blinking furiously, I like to see what's going on. Early on in my server days, I noticed a problem once and it turned out some hackerz had slipped into my ftp site and were using it to trade malware! So I keep a close watch these days.

Anyway, I recently came across two methods that I think do this:

$ netstat -anf inet

and

$ sockstat

They both show current connections, and who is using them.

fwbuilder

More in the firewall vein; here's a tool to help you build your firewall rules, by far the most complicated part of using a firewall - fwbuilder. It supports ipfw out of the box, and also purports to support ipfilter. Gotta get started on this trip myself.

Description for ports/security/fwbuilder

A note by Phil Payne on using fwbuilder:

One quirk, when using fwbuilder with IPFW, the divert to natd isn't
supported so I'm installing the rules with a little script that inserts the
natd rule appropriately.

---
#!/bin/sh
.fw    # Installs the rules generated by fwbuilder
ipfw delete 1       # delete the check-state rule at 00001
ipfw add 1 divert natd ip from any to any via  # add new
divert rule at 1
ipfw add 2 check-state    # re-add the check-state 2
---

ipfw.HOWTO

I still haven't decided what firewall, if any, to use. Yeah, I know, I should have one, but I don't. I think there are pretty much 2 choices with FreeBSD - ipfw (explained in the FreeBSD docs) and ipfilter. Here's a good link to get you started if you go down the ipfw road:

ipfw-HOWTO

FreeBSD LiveCD project

What a great idea! A set of scripts that builds an image to burn on a CD. This image is a complete, bootable FreeBSD installation. This would be especially nice for doing full backups.

The FreeBSD LiveCD Project

Burning CDs

Quick List of apps for burning CDs on FreeBSD:

• mkisofs --- for creating iso's


• burncd --- for ATAPI CDRW


• cdrecord --- for SCSI CDRW, and SCSI emulation of ATAPI CDRW

Thanks to Shantanoo Mahajan on the Freebsd-questions list for such a concise listing.

FreeBSD help site

FreeBSD Tutorials, Notes, Links & Manual Pages

Ports help

Ports Tricks by Dru Lavigne -- One of FreeBSD's biggest benefits is its ports collection. You can go years without learning more than just make install clean, but there are dozens of features built into the ports tools. Dru Lavigne demonstrates several of these tricks to simplify your life.