Archive for the ‘Unix – FreeBSD’ Category

FreeBSD 10 / PCBSD 10 and Edimax 7811un

March 5, 2014

FreeBSD 10 supports the Edimax 7811un (RTL8188CUS chipset, FreeBSD calls the device “urtnw0″) right off the bat.  BUT…there is a small trick to get it working if you don’t see the error message.  Plug in your 7811un to your PC.  Install FreeBSD.

**** if you are using PC-BSD, do the same steps as below.  You’ll have to go into /boot/loader.conf.pcbsd file and edit out the step 3 options.

Do the following:

1. setup your /etc/rc.conf with the following…
wlans_urtwn0=”wlan0″
ifconfig_wlan0=”WPA DHCP”

2. setup your /etc/wpa_supplicant.conf with the following…(my network is WPA2)

network={
     ssid=”yourSSID”
      psk=”yourKey”
}

3. setup your /boot/loader.conf file with the following…
if_urtwn_load=”YES”
wlan_wep_load=”YES”
wlan_ccmp_load=”YES”
wlan_tkip_load=”YES”
legal.realtek.license_ack=1

***The last line is the most important.  If you don’t add that it won’t work.  

4. REBOOT  -  this is a must.

Thats it.  It should come up on its own.  This is if you have your network setup with a WPA2 encryption.  If you need additional help, consult the FreeBSD Handbook wireless section.

PF Firewall settings

February 7, 2014

Here are my PF settings.  Very basic for a firewall on one PC.  I’m not running a router or gateway off my PC.

What this does is block everything coming in, allow anything out and remember its state status so it can come back in.  I do allow SSH to come from the outside and to protect me from hackers I have enabled <ssh_bruteforce> and made it add IP address that have 3 bad login attempts in 60 seconds to be added to the list.  They will be blocked indefinitely.

CONFIG:

#
# Steve’s PF Firewall Rules
#

#Variables
ext_if = “ale0″
ext_ip = “( ” $ext_if ” )”
tcp_services = “{ 22 }”
#icmp_types = “echoreq”

# Tables
table <ssh_bruteforce> persist

# Return a reset for all blacks
set block-policy return

# Ignore the loopback
set skip on lo0

# Anything in the blacklist should be stopped here
block in quick on $ext_if from <ssh_bruteforce> to any

block in all
pass proto icmp all
pass out all keep state
pass in on $ext_if proto tcp from any to $ext_ip port $tcp_services flags S/SA keep state (max-src-conn-rate 3/60, overload <ssh_bruteforce> flush global)

Bash backup script

December 15, 2013

Just a simple back up script and my cron entry.  This script will check to see if your USB device exist.  If so, it mounts, it rsyncs, it echo’s a date and a “complete” string into a file then unmounts the drive.  If the USB device don’t exist, it echos a fail into a file.

My script runs every night 1 minute after 3am.

*Reason I have unmount is so I can just yank it out whenever I want.  Also, with any *nix, there is more than one way to skin a cat, this is my way I figured out on my own.

#######  SCRIPT ########

#!/bin/sh

if [ -e '/dev/da0p1' ] ; then

/sbin/mount /dev/da0p1 /backup

/usr/local/bin/rsync -a –delete /data/ /backup/

echo “$(date) COMPLETE” >> /home/user/backup.log

/sbin/umount -f /backup

else

echo “$(date) FAILED” >> /home/user/backup.log

fi

##############  CRONTAB ENTRY ##########

1 3 * * * root cd /home/user && ./backup.sh

 

FreeBSD handy commands

December 11, 2013

These are just some commands for trouble issues, kernel, device, etc stuff.

- usbconfig   check USB devices

- pciconf -lv   check PCI devices

- kldstat – check kernel modules

- fsck -t ufs -y /dev/ (drive/slice)    “/dev/da0p1″

 

Install FreeBSD 9.1/9.2 on Acer Veriton N2620G

December 10, 2013

Here I describe how to and any issues getting FreeBSD 9.2 on this nettop.

To install FreeBSD, follow the ever easy to follow Handbook…click here.  You can also use my install guide for FreeBSD 9.1, pretty similar…click here.

Problems:

- with 9.2, the BIOS with the Acer doesnt seem to like GPT partitions. You’ll need to use MBR in the partition section of the Handbook.  With GPT it wont recognize the drive.

- With partitioning in MBR, you need to do a Manual partition instead of Guided when you come to the Install.  You will Delete the very top GPT partition.  Then Create a new one but using MBR.  Specify the whole drive and no mount point.  You should see the first partition show up underneath the top one.  Highlight it.

Now we need to create two partition.  One for the root (/) and one for SWAP.   This is just a single drive, no reason to get fancy with different partition tables, just always back up your shit.

Partition swap –  hit Create.  In the name you see “FreeBSD”  change this to “Freebsd-swap”, specify the size.  Here the general rule of thumb is usually twice the amount of RAM.  if you have 2 GB go with 4GB swap.   Thats all.

Partition #1 – hit Create.  Leave the name the same.  Use the rest of the size left.  And for mount point put a ” / ”  (forward slash for root).   Don’t put the quotes.

USB3 – It works but there seems to be an issue.  I will have to check into it.  I was in Gnome, went to do a copy/paste from my USB 3 drive to my desktop and my computer did a reboot right away.  I put the USB drive on USB2 port, did a fsck to recover it and mounted it manually instead of automatic thru Gnome.  I did a copy thru command line and it works.  So once I get my data off of it I will test different scenarios.

***** UPDATE on USB3******  USB3 on 9.1 will not work correctly on this device.  I saw in the forums that there was a fix for 9.2 release.  9.1 sees it as USB3 but any device you plug into the USB3 will show up on the USB2 bus.

Package management – If you want to switch to PKGNG, which is the newest utility, follow the Handbook but if you have any issues, see my Forum post HERE.  the fix is towards the bottom.

Thats is all.  It picked up most of my hardware except for Wifi, I never planned on using it anyways so I never loaded the drivers.

Follow the rest of the Handbook or my guide for installing the system and getting it up to speed.  Good luck and happy computing!

Acer Veriton N2620G – Add memory and change hard drive

December 10, 2013

Newegg had a good deal on this light weight and low power consumption desktop/nettop.  Click here to see details.  It only came with 2GB of memory and 320GB hard drive.  I decided to upgrade it to 8GB memory and 1TB hard drive.

Here is a brief tutorial on opening this baby up and taking it apart to upgrade.  You have to take the motherboard out to get to the screws that are holding the hard drive down underneath.

If you really need to know how to change the memory, here is a YouTube video for a different but similar model…click here

Tools needed:  Pliers, screw driver and a very small screw driver (eye glass repair kit small).

1. First, place the nettop with the DVI/HDMI facing you.  There is a screw next in the middle, take it out.

photo 1

2.  Now just lightly pull the cover off by pulling up on the side with the screw.  It will just pop off.

3.  There is a metal cover underneath the plastic cover.  Remove the 4 black screws.

4.  Once the metal cover is off, we can now see the board as below.  Where there are red circles are the screws and post you need to remove.  4 silver board post, 4 heatsink/fan screws, and one audio board screw.

photo 3

5. After the screws are removed, we need to remove the audio board.  You will pull up and then out but do it lightly.

photo 4

6. Once you remove the audio board, remove the WiFi antenna wires, the white and black wires as see in the above photo. (they may be taped to the board, just lift up the tape.

7.  Now we can remove the board.  You’ll remove the board by pulling up on the far end.  Pull up and then out.  You may need to push out on the case to get it over the rim.

photo 2

8.  Hopefully you successfully removed the board.  Now all you have to do is turn it over and you’ll see the 4 screws for the hard drive.

9.  Do everything in reverse to put it back together again!

I put FreeBSD 9.2 on my little Acer nettop.  If you want to know the process for that, click here.

FreeDNS on pfSense

July 3, 2013

Once you signed up for a FreeDNS account.  You’ll need to configure it on pfSense.  Its a bit weird.

 

In pfSense, go to Services and DynDns.

In there, choose FreeDNS.

Only fields you need to input in are “HOSTNAME” and “Password”

Hostname = you.domain.com

Password =   This is the “direct url” in your account in FreeDNS.  In your FreeDNS account, over to the left click DynamicDNS, then down near the bottom where you see your ddns name, click Direct URL.  It will give you a blank page, in the URL there is a long string after the ? in the URL.

For example http://freedns.afraid.org/dynamic/update.php?dfgdsgfsdjk689GYUIFdfg==
this is what you want to paste in the password field in pf: dfgdsgfsdjk689GYUIFdfg

Then click save.  Should be good.

 

 

restore Cisco AP 1131

May 28, 2013

I had a Cisco AP 1131 work threw away in the trash cause they said it was “bricked”.  They just didnt spend anytime with it.  I cant access it because I dont know the enable password so I had to reset to defaults.

Task at hand….

- turn up TFTP server on my FreeBSD box

-configure static IP on another NIC on my FreeBSD box

-download an image for this model

-turn up Cisco 3550 PoE switch

-default the AP so it picks up the image from TFTP

#### TFTP Server

mkdir -p /tftpboot

Follow the link below…

http://jdc.koitsu.org/freebsd/pxeboot_serial_install_8.html#configuring-tftp

##### Static IP on spare NIC

When you default a Cisco AP, depending on the model, it will default to a 10.0.0.1 ip address then do a broadcast for a TFTP server.  So configure your spare NIC as 10.0.0.2/24.

ee /etc/rc.conf

ifconfig_re1=”inet 10.0.0.2 netmask 255.255.255.0″

save the file

start these services below…

/etc/rc.d/netif stop  (then start)

/etc/rc.d/router stop  (then start)

#### Cisco AP image

download your AP image.  I found mine by doing a Google search.  Make sure you do this on a *nix box cause if its windows, you’ll get malware’d

once downloaded, add the image to the /tftpboot directory you made above.  Then be sure to remame it.

For example, if your file was named  c1130-k9w7-tar.123-8.JA.tar then rename your file c1130-k9w7-tar.default

##### Cisco 3550 switch or equal PoE switch

Before you plug in your AP, push back the cover on the AP like so http://www.cisco.com/en/US/docs/wireless/access_point/1130/installation/guide/113h_c2.html#wpxref42478

Hold down the MODE reset button for 20 seconds or until the status light turns red.  Let go.  It will go thru a reload and reach out for the TFTP, you can watch the status thru the AP’s console port.

Thats it.  Hook your AP up to a LAN that has a DHCP so it can pull an IP or configure it from the console.  Your choice.   Default GUI password is Cisco/Cisco.

Installing FreeBSD 9.1 x64

January 31, 2013

+++Objectives+++

Install FreeBSD 9.1 x64
Install Gnome and XFCE (like to have a second option)
Setup Jails

+++ Hardware +++

motherboard: ASRock 970DE3/U3S3
cpu: AMD FX 6100 Six-Core
video card: Nvidia GeForce 8400GS
network cards:
-Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
-Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
-Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
-Intel Corporation 82541PI Gigabit Ethernet Controller
storage:  (1) 128GB SSD SATA III drive and (1) 1TB Hitachi 7200rpm SATA II drive

+++Partition Setup+++

I put my /boot and / directory on my SSD using UFS.  Then I put my /usr and /home directory on my SATA HDD using UFS.
I’ve used ZFS and I’m not that impressed with it at the moment, still a little buggy and the main feature is utilizing SSD drives better and snap shots.  Personally, UFS worked better on my SSD than ZFS did, even fine tuned ZFS.
***if you are new to FreeBSD or PC-BSD, keep the defaults and choose guided partition table and let the system setup.

+++The Install+++

Several ways of installing.  I went old fashion with downloading the DVD .iso and installing from a DVD disc
Follow the install instructions here in the handbook  CLICK HERE

The handbook is your friend!  Use it!

NOTE:  during the install, when you get into putting the name for your computer, make sure you use a full dns name.  For example,  mycomputer.mydomain.com.   I used computername.local    If you do not do this, you’ll get a timeout during the initial boot of your system and it will hang trying to resolve the full hostname.

During the setup it will prompt you to install Docs, SSD trim, and a few other things.  I only did the Docs and 32-bit libraries.

+++The Setup+++

So you’ve rebooted, removed the DVD and are now booted into your live environment.

Login as root

Run the following commands…

# freebsd-update fetch
# freebsd-update install

Reboot

Now lets get the ports directory filled so we can install software…

# portsnap fetch
# portsnap extract

NOTE: If you ever go to update your ports collection use…   (update your ports at least once a month)

# portsnap update

Now lets install your kernel sources, you’ll need them for gnome…but first we need to install subversion.  Its used to pull down the sources from the repo’s…

# cd /usr/ports/devel/subversion
# make -DBATCH install clean
# rehash

Now run the subversion command…

# svn checkout https://svn0.us-west.freebsd.org/base/releng/9.1/ /usr/src

Now lets install X11…

# cd /usr/ports/x11/xorg
# make -DBATCH install clean

Now lets install Gnome…

# cd /usr/ports/x11/gnome2
# make -DBATCH install clean

Now lets install XFCE

#cd /usr/ports/x11-wm/xfce4
# make -DBATCH install clean

IMPORTANT:  You will get an error message that xfce-notifyd conflicts with package notifications-0.7 whatever.  These packages are basically the same, the notifications package is used by Gnome but they can use one or the other but not both.  So we use “portmaster” command to fix this.

Install portmaster

# cd /usr/ports/ports-mgmt/portmaster
# make -DBATCH install clean

# portmaster -o deskutils/xfce4-notifyd notification-daemon

Continue building XFCE…

# cd /usr/ports/x11-wm/xfce4
# make -DBATCH install clean

After that is complete run portmaster command below to check for any dependency issues but you should be good…

# portmaster –check-depends

Now we configure the X server…

- follow the xorg guide on FreeBSD website HERE
Also, you can install two nvidia tools…. nvidia-xconfig and nvidia-settings found HERE  see down at bottom of page.  nvidia will auto configure your settings.

Now we setup GDM…follow instructions HERE

After you configure, reboot and you should be at GUI login in prompt and login to your new Gnome environment.

Install all desktop related tool and programs that you need from the ports as described in the handbook.
Now for jails.  FreeBSD 9 changed the way you can do jails a bit.  You can use the old way by building your jails and putting your configurations in /etc/rc.conf or you an do the new way and use the “jail” command and /etc/jail.conf file.   I will work with the newer method.  Also, you can use ezjail but do a google search on that as I will not be using that way.  There is also PC-BSD which has a GUI interface to manipulate jails and simplify jails.

*** Jails ****

Follow the instructions in the Jail man page HERE   Scroll down to about half way, the instructions start there.

Once thats completed, you’ll need to create a /etc/jail.conf file.  Below is mine…

ssh {
path = /usr/jails/ssh;
mount.devfs;
host.hostname = ssh;
ip4.addr = 192.168.1.18;
interface = re1;
allow.raw_sockets = true;
exec.start = “/bin/sh /etc/rc”;
exec.stop = “/bin/sh /etc/rc.shutdown”;
}

You need to change your “interface” to your network cards interface, change your IP address to your network, and if you want your jails name.

After you have done this…you can easily start and stop your jail from outside the jail with the command…
jail -c ssh start
jail -r ssh  stop
jail -cr ssh  restart

Remember to add a /etc/resolv.conf into your jail so it can find a nameserver.

So, that is the new way of making a jail.  Not to bad.  But this will not let your jail start automatically at boot time.  You still have to do it the old way with putting info into the /etc/rc.conf file. Example of my file is below…

# Jails
jail_enable=”YES”
jail_list=”ssh”
jail_ssh_rootdir=”/usr/jails/ssh”
jail_ssh_hostname=”ssh.local”
jail_ssh_ip=”192.168.1.18″
jail_ssh_devfs_enable=”YES”
jail_ssh_exec_start=”/bin/sh /etc/rc”

ifconfig_re1_alias0=”inet 192.168.1.18 netmask 255.255.255.255″

You have to create an alias for your network card with the IP address of the jail…see above…again change the name of the interface per your network card.  You have to start with alias “zero”.

Do you want your jail to ping from inside?  add this into your /etc/sysctl.conf

security.jail.allow_raw_sockets=1

Restart your computer, jails should fire up.  You should be good to go.

FYI:  jail command looks at the “jail.conf” file…the jail info in rc.conf is used at boot.  You can use the command “jls” to view what jails are running.  you can also use “jexec” to get into the jail shell.  Example…jexec 1 sh    the 1 is from the jls, meaning jail #1 in the list.

 

 


Follow

Get every new post delivered to your Inbox.