Skip to main content

You are here

FreeBSD

PF syntax check

[[email protected] /etc]# pfctl -nf /etc/pf.conf
/etc/pf.conf:4: syntax error

Awesome Applications: 

Unix: 

Restarting single network interface in FreeBSD

service netif restart em0

Unix: 

Gigabit Ethernet and pfSense awesomeness

For quite sometime now, I've been wanting to upgrade my home network to Gigabit Ethernet. So finally the time had come to finally retired my aging Linksys WRT54GL wireless router. Flashed with DD-WRT, my WRT54GL has served me well for well over six years. For it's replacement I opted to completely geek out with a dedicated firewall and access point solutions. For my firewall I chose pfSense. Over the last few months, I heard nothing but good things regarding this FreeBSD firewall system; primarily because of it's ease of use. This is what first attracted me to it since practically all my real firewall experience is through administrating it through their respective web interface, ie Cisco Adaptive Security Device Manager for ASA firewalls. (Yes, I really should learn how to do this from the command line, but I digress.)

For pfsense, I used a barebore mini 1.86GHz (dual core) Atom computer. OEM Production 2550L2D-MxPC Intel NM10 2 x 204Pin Intel GMA 3650 Black Mini / Booksize Barebone System. For storage and memory, I had a spare of two 1GB 1066 SODIMM modules and a spare 64GB SSD drive, which is more than plenty for pfSense, if not overkill.
The install and configuration of pfSense itself is absolutely dead simple. Essentially after the install, you just need to specify which is your LAN and WAN interfaces and that's it! My WAN internet connection, is provided via DHCP and a cool thing that pfSense supports is the ability to specify a custom mac address for the new firewall machine. This is handy because it basically saved me from having to call Time Warner Cable to informed them about my new replacement networking device.

Although pfSense supports the addition of wireless card interfaces so it can also function as an accesses point. I opted to use a dedicated wireless access point for my wireless networking. I had Linksys E1000 wireless access that was given to me a few a months ago, so I flashed it with DD-WRT and used the Linksys E1000 as my new wireless access point. So far with this newer wireless access point and newer version of DD-WRT, I noticed that the wireless range of this new device extends much farther than then the old WRT54GL.

The primary reason why I chose to deploy pfSense on my network besides its strong focused on security was because it's essentially a small FreeBSD base system, which has the ability to install numerous third party packages. So far I've enabled anti-virus and intrusion detection transparent proxy solutions using HAVP and Snort (this alone is fucking awesome). As well as some really cool network statistics graphing collection daemons.

With this $130.00 investment, I essentially have the equal level of capabilites that I would've otherwise have with another really fancy commercial firewall/router solution that would've cost thousands of dollars to deploy. The beauty of open source.

To do:
VLAN wired and wireless network.

Awesome Applications: 

Unix: 

OSSEC agent install issue on Debian Squeeze

So the OSSEC installer has a conditional expression that doesn't seem to be supported with the version of Bash in Debian Squeeze.

Error:

3- Configuring the OSSEC HIDS.

./install.sh: 158: [[: not found

Fix, update line 372 on install.sh to the following:

if [ "X${USER_AGENT_SERVER_IP}" = "X" -a "X${USER_AGENT_SERVER_NAME}" = "X" ]; then

This was so frustrating, and it appears to be known issue. Unless I'm mistaken double brackets are only used in Bash to do a regular expression conditions, at least that's the only time I've used them...

UPDATE: I also ran into this same issue on FreeBSD 9 and Ubuntu Server 12.04 LTS.

Resource: https://groups.google.com/forum/?fromgroups=#!topic/ossec-list/jdl8yi5rBgI

Linux: 

Awesome Applications: 

Unix: 

Installing Nagios Remote Plugin Executor in FreeBSD 9.1

This also installs the Nagios plugins in addition of nrpe. Follow the text-based menu install options. The installer will create and configure the nagios user account, and will install the naios and nrpe plugins in /usr/local/libexec/nagios .

cd /usr/ports/net-mgmt/nrpe2
make install clean

Update permissions.

chown -R nagios:nagios /usr/local/libexec/nagios

Create nrpe config file.

cd /usr/local/etc
cp nrpe.cfg-sample nrpe.cfg

Add the following entry to /etc/rc.conf .

nrpe2_enable="YES"

Edit nrpe.cfg (Example: 192.168.1.5 is my nagios server)

allowed_hosts=192.168.1.5

Start the nrpe daemon.

/usr/local/etc/rc.d/nrpe2 start

Awesome Applications: 

Unix: 

FreeBSD diskless PXE booting

After a couple of trial and error tests and lots of caffeine ingested, I finally managed to install FreeBSD 9.1 over my network completely diskless using ISC's DHCP, PXE, tftpd-hpa, and NFS.

Download iso image and copy over all files.

wget ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/Fr...
mount -o loop FreeBSD-9.0-RELEASE-amd64-disc1.iso /mnt
mkdir -p /srv/tftp/freebsd/amd64
cp -a /mnt/* /srv/tftp/freebsd/amd64
cp -a /mnt/.cshrc /srv/tftp/freebsd/amd64
cp -a /mnt/.profile /srv/tftp/freebsd/amd64
cp -a /mnt/.rr_moved /srv/tftp/freebsd/amd64

Create the following directories:

mkdir /srv/tftp/freebsd/amd64/jails
mkdir -p /srv/tftp/freebsd/amd64/conf/base/jails
mkdir /srv/tftp/freebsd/amd64/conf/default
chmod -R 777 /srv/tftp/freebsd/amd64/conf
chmod -R 777 /srv/tftp/freebsd/amd64/jails

Edit /srv/tftp/freebsd/amd64/etc/fstab, comment out the entry in the file:

#/dev/iso9660/FREEBSD_INSTALL / cd9660 ro 0 0

Add the following entry to /srv/tftp/freebsd/amd64/etc/rc.conf:

root_rw_mount="NO"

NFS configuration:

/srv/tftp/freebsd/amd64		192.168.1.1/24(ro,sync,no_root_squash,no_subtree_check)

dhcpd configuration (of course, IP may differ depending on your environment):
192.168.1.128 will be the IP that wil be assigned to the new FreeBSD system.
192.168.1.2 is the IP of the NFS server where the installation files are stored in.
The filename path is relative to what path you configured with tftpd-hpa.

host freebsdboot {
  hardware ethernet 08:00:27:2b:f9:f8;
  fixed-address 192.168.1.128;
  filename "freebsd/amd64/boot/pxeboot";
  option root-path "192.168.1.2:/srv/tftp/freebsd/amd64";
}

FreeBSD Diskless PXE

References:
http://forums.freebsd.org/showthread.php?t=30069
http://lists.freebsd.org/pipermail/freebsd-questions/2012-March/238969.html
http://box.matto.nl/disklessfreebsd.html

Awesome Applications: 

Unix: 

Installing wget on FreeBSD

[[email protected] ~]# cd /usr/ports/ftp/wget
[[email protected] ~]# make install clean

Unix: 

Premium Drupal Themes by Adaptivethemes