Introduction to FreeBSD

Introduction

I originally started this tutorial after failing to secure a Windows2000 Pro host to act as a router to connect our LAN to the Net through cable modem, but I returned to FreeBSD to install a thinclient to run Asterisk on a compact flash.

Setup

The easiest way to install FreeBSD is to download an ISO image from the main site. You can either burn a whole image, or just a small, bootable CD that will fetch the actual files from the Net.

Note that "Minimum Install" does not install the Ports system, and man pages: Run sysinstall > 'Configure'  > 'Distributions' > 'man'

To stop the host, run "shutdown -p now".

Post-install steps

SSHd

FreeBSD comes with its own SSHd, so it doesn't show when you run pkg_info.

By default, only non-root users can SSH to the FreeBSD box, and only those who belong to the Wheel group can su to root (to add myuser to this group, "pw user mod myuser -G wheel").

If you want to allow root to connect to SSH directly, edit /etc/ssh/sshd_config to add "PermitRootLogin", and restart the SSHd service (/etc/rc.d/sshd restart).

If you want to only allow root to connect from such and such host, it looks like AllowHosts is not available with the version of SSH that comes with FreeBSD, and you'll have to use AllowUsers:

AllowUsers root@127.* root@192.168.0.* root@1.2.3.4

? PasswordAuthentication yes

To reduce clutter from script kiddies trying to connect to SSHd, just run it on a different port than TCP22.

NTP

Making sure your host is actually using the right time is very important, as I've had an issue compiling a Ports because the time was wrong.

1. Install either the package through "pkg_add -r ntp" or the ports through "cd /usr/ports/net/ntp ; make ; make install"
2. nvi /etc/ntp.conf
       server 0.fr.pool.ntp.org
       server 1.fr.pool.ntp.org
       server 2.fr.pool.ntp.org
       server 3.fr.pool.ntp.org
   
       driftfile /var/db/ntp.drift
3. touch /var/db/ntp.drift
4. nvi /etc/rc.conf:
   
   ntpdate_enable="NO"
   xntpd_enable="YES"
   xntpd_program="/usr/local/bin/ntpd"
   xntpd_flags="-A -g -N -c /etc/ntp.conf -p /var/run/ntpd.pid -l /var/log/ntpd.log"
   ntpd -p /var/run/ntpd.pid OR /etc/rc.d/ntpdate start

"The ntpd(8) program changes the clock gradually, whereas ntpdate(8) sets the clock, no matter how great the difference between a machine's current clock setting and the correct time."

rm -i

To create an alias for rm : /etc/cshrc?

Smooth scrolling in nano

1. nvi ~/.nanorc
2. set smooth

Bash

/bin/csh is the default shell, but offers less features than Bash (eg. not tab completion). To install bash, run "pkg_add -r bash; bash". To make bash your default shell, create an /etc/make.conf containing with "MAKE_SHELL=sh", or log on and run "chsh" manually.

Important! Do NOT edit /root/.cshrc and /root/.login and add as last line in each: [ -x /usr/local/bin/bash ] && exec /usr/local/bin/bash . This will keep "make buildworld" from running.

To turn off beeping when using Bash :

To add 'll', vi ~/.profile, and add "alias ll='ls -alG'"

Add a non-root user

To create a new user account, run "adduser", and follow the on-screen instructions.

Applications

There are three ways to install applications in FreeBSD:

• Packages, which are pre-compiled applications, eg. pkg_add -r lsof
• Ports, which is "essentially a set of Makefiles, patches, and description files placed in /usr/ports."
• Source code, which is not specifically built for FreeBSD

Applications are installed under /usr/local : settings in ./etc/, binaries in either ./bin or ./sbin.

Packages

To install packages (ie. pre-compiled binaries as opposed to using ports, ie. going from source code) : pkg_add /path/to/tar/gz/package . To query installed packages : pkg_info . To remove a package : pkg_delete . To list the files that make up a package, type pkg_info -L mypackage.1.2.3.

Ports

As said above, "Minimum Install" does not install the Ports system. To install, run sysinstall > Configure > Distributions > select "ports" > Select install media. Once done, you can update Ports with CVSup ("With CVSup, FreeBSD users can easily keep their own source trees up to date"), or, rather, its text-mode version CVSup-without-gui.

Note: csup replaces cvsup on 6.2. csup is a rewrite in C of cvsup. csup is already part of the standard install, so there's no need to download cvsup-without-gui

1. pkg_add -r cvsup-without-gui (or # cd /usr/ports/net/cvsup-without-gui; make; make install)
2. cp /usr/share/examples/cvsup/standard-supfile /root
3. cp /usr/share/examples/cvsup/ports-supfile /root
4. cd (to go to root's home directory)
5. nvi standard-supfile:
   
   #Mirrors
   *default host=cvsup.fr.FreeBSD.org
   
   save with "w!" since it's read-only
   
   
6. nvi ports-supfile: same as above
7. cvsup standard-supfile
8. cvsup ports-supfile

As an example, here's how to install the Apache Port:

1. cd /usr/ports/www/apache13
2. make
3. make install

By default, the DocumentRoot directory is /usr/local/www/data/

To check if any software in the Ports collection need upgrading, run

1. "pkg_version -v"
2. Read /usr/ports/UPDATING to check if any upgrade will affect a program you use
3. cd /usr/ports/ports-mgmt/portupgrade
4. make install clean
5. portupgrade -ai

To upgrade a package through the Ports collection:

cd /usr/ports/mysoftware ; make clean ; make config ; make ; make deinstall ; make reinstall

Note that it's sometimes required to restart a running process that uses a port (eg. upgrading PHP requires restarting Apache.)

To add PHP as a dynamic module to the port, and rebuild:

1. cd /usr/ports/www/php/....
2. make ; make install

To uninstall a port, cd to its port location (eg. cd /usr/ports/sysutils/lsof) and run "make deinstall".

Adding vim

1. pkg_add -r vim5
2. vi ~/.bashrc : export EDITOR=/usr/local/bin/vim
3. . ~/.bashrc

To have vim support the arrow keys, # cat ~/.vimrc:

set t_ku=A

set t_kd=B

set t_kr=C

set t_kl=D

To have TAB move 4 characters to the right:

set tabstop=4

wget

FreeBSD uses fetch instead of wget, which some applications expect to find. To install wget, run this:

# cd /usr/ports/ftp/wget

# make install clean

# rehash

Python

pkg_add -rv python //installs 2.4.x

OR

cd /usr/ports/lang/python25 ; make install

Peripherals

To add an IDE ZIP drive installed as slave on the IDE plug #2 (I had a 10GB hard-disk on IDE plug #1, the CD-ROM player as master on IDE plug #2), create a /zip directory, and run "mount -t msdos /dev/afd0s4 /zip". Add the relevant infos in /etc/fstab so you can just run "mount /zip".

System configuration

The FreeBSD MBR is located in /boot/boot0. This is a copy of the MBR, as the real MBR must be placed on a special part of the disk, outside the FreeBSD area.

boot -s

/etc/sysconfig

/etc/defaults/rc.conf

/etc/rc.conf (overrides entries in /etc/defaults/rc.conf) Note: Do not place any commands in /etc/rc.conf. To start daemons, or run any commands at boot time, place a script in /etc/rc.d/ or /usr/local/etc/rc.d instead.

/etc/rc.local

/etc/inetd.conf

Networking

To tell the host which DNS to query to resolve names, use /etc/resolv.conf

/etc/rc.conf

ifconfig_dc0="inet 192.168.1.3 netmask 255.255.255.0"

ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP"

ifconfig_fxp0_alias0="inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"

/etc/namedb

rc.conf : gateway_enable="YES" . This option will set the sysctl variable net.inet.ip.forwarding (/etc/sysctl.conf) to 1. If you should need to stop routing temporarily, you can reset this to 0 temporarily.

The client-side program, dhclient, comes integrated within FreeBSD. To tell an interface to use DHCP for its IP configuration, edit your /etc/rc.conf to include the following: ifconfig_fxp0="DHCP" (replacing fxp0 with the actual driver name.) /etc/dhclient.conf . To tell an interface to switch to DHCP mode without making this change permanent (ie. no editing of rc.conf), just run "dhclient dc0", where dc0 is the name of the interface.

Once the interface received its DHCP configuration from the ISP, run "netstat -rn" to check the routing information.

Run "sockstat" to list open sockets.

Samba

Install

1. Run "pkg_version -v" to check if you need to update your ports collection
2. cd /usr/ports/net/samba3/
3. make config ; make ; make install
4. echo samba_enable=\"YES\" >> /etc/rc.conf
5. Add users to OS + smbpassd: adduser fred ; smbpasswd -a fred
6. (Not needed if deny access to guest user) groupadd smbguest ; useradd -g smbguest -d /dev/null -s /bin/false smbguest
7. cd /usr/local/etc/ ; cp smb.conf smb.conf.orig
8. vi smb.conf
9. /usr/local/bin/testparm
10. /usr/local/etc/rc.d/samba start

Important files live in /usr/local/etc/samba/ and /var/db/samba/ . To check where smbd will look for smb.conf, run "smbd -b | grep smb.conf".

User vs. share?

In user-level security, the client sends a session setup request directly following protocol negotiation. This request provides a username and password. The server can either accept or reject that username/password combination. At this stage the server has no idea what share the client will eventually try to connect to, so it can't base the accept/reject on anything other than: the username/password, and the name of the client machine.

In share-level security, the client authenticates itself separately for each share. It sends a password along with each tree connection request (share mount), but it does not explicitly send a username with this operation. The client expects a password to be associated with each share, independent of the user. This means that Samba has to work out what username the client probably wants to use, the SMB server is not explicitly sent the username.

Clear text vs. encrypted passwords

MS Windows clients may use encrypted passwords as part of a challenge/response authentication model (a.k.a. NTLMv1 and NTLMv2) or alone, or clear-text strings for simple password-based authentication. It should be realized that with the SMB protocol, the password is passed over the network either in plaintext or encrypted, but not both in the same authentication request. MS Windows 95 pre-service pack 1 and MS Windows NT versions 3.x and version 4.0 pre-service pack 3 will use either mode of password authentication. All versions of MS Windows that follow these versions no longer support plain-text passwords by default.

Standalone servers vs. workgroup servers?

Minimal smb.conf to support access to home directories

[global]

workgroup = WORKGROUP

netbios name = Samba server

hosts allow = 192.168.0. 127.

log file = /var/log/samba/log.%m

max log size = 50

socket options = SO_RCVBUF=8192 SO_SNDBUF=8192

hide dot files = yes

 

[homes]

comment = Home Directories

valid users = %S

read only = No

browseable = No

Guest access

The Guest account of the windows world is mapped to the user nobody in the unix world. This can be changed with the global option guest account which defaults to nobody. Also the guest ok parameter on every share deafult to no. The unix account nobody must exist in your account database. If the Guest has read or write access to the share depends on the mode bits of the path and wether the share has read only = no set.

To enable guest access to a share you need the following parameters in your smb.conf:

[global]

    security = user

    map to guest = Bad Password

 

[share_definition]

    guest ok = yes

The other way to get public access is to use security = share. Then all access is mapped to the guest account. But this is not a good choice since you cant distinguish between authorized users and anonymous users.

No-security smb.conf

[global]

        guest account = smbguest

        log file = /var/log/samba.log

        log level = 1

        netbios name = FLUFFYGERBIL

        security = share

        socket options = TCP_NODELAY IPTOS_LOWDELAY     

        workgroup = WORKGROUP

 

[public]

        guest ok = yes

        guest only = yes

        path = /tmp

        read only = no

         

[cdrom]

        fake oplocks = yes

        guest ok = yes

        guest only = yes

        path = /mnt/cdrom

        read only = yes

Disable LANMan Authentication

If you don't have any 9x hosts, raise security thusly:

lanman auth = no

lm announce = no

min protocol = NT1

Restrict access to local hosts

hosts allow = 192.168.0.0/16 127.0.0.1

hosts deny = ALL

# If your machine has more than one Internet address, you can restrict

# the subnets which Samba will listen to.

interfaces = 192.168.0.0/24 127.0.0.1

bind interfaces only = Yes

Acting as a Domain Controller

1. umask 077
2. mkdir -p /etc/samba/private
3. touch /etc/samba/private/smbpasswd
4. groupadd smbuser
5. useradd -d /home/fred -g smbuser -s /bin/false -m fred
6. smbpasswd -a fred
7. Create an account authorized to add hosts to the domain. Its password should be different from the Unix root password: smbpasswd -a root
8. groupadd workstation
9. useradd -d /dev/null -g workstation -s /bin/false fluffbox$
10. smbpasswd -a -m fluffbox
11. vi smb.conf:
    
    [global]
            domain logons = yes
            domain master = Yes
            netbios name = fluffygerbil
            os level = 255
            preferred master = yes
            security = user
            wins support = yes
            workgroup = fluffygroup
    
    [homes]
            valid users = %S
            read only = no
            browseable = no
            create mode = 0600
            directory mode = 0700

Stuff

To launch SMB and NMBD manually : /usr/local/sbin/smbd -D ; /usr/local/sbin/nmbd -D .

When using security= user and using encrypted passwords (required for recent versions of Windows):

Add encrypted passwords for Samba users with "cd /usr/local/private ; mv smbpasswd smbpasswd.original ; touch smbpasswd ; chmod 0600 smbpasswd". Then, for each user, run "/usr/local/bin/smbpasswd -a uname".

Resources

• The Unofficial Samba HOWTO
• The Official Samba 3.2.x HOWTO and Reference Guide

Compiling Asterisk on FreeBSD

Although the version of Asterisk available trough Ports is available a bit behind what's available on Digium's site, it's easier to compile it this way instead of using the raw source code.

1. Update the ports using cvsup, and make sure the the kernel source is available in /usr/src/sys
2. If you have a PCI TDM card, "pciconf -lv" to check that the TDM card is seen by the BIOS/FreeBSD. If OK: do this:
1. cd /usr/ports/misc/zaptel
2. make install
3. edit /usr/local/etc/zaptel.conf
4. Edit /etc/rc.conf:
   
   zaptel_enable="YES"
   
   Be sure to change all the /etc/ to /usr/local/etc/
   
   ? /etc/rc.conf <-> /usr/local/etc/rc.d/zaptel?
    
5. Load zaptel manually : /usr/local/etc/rc.d/zaptel start
6. ztcfg -vv
   
   Note: If you get "line 0: Unable to open master device '/dev/zap/ctl'", make sure you edited /etc/rc.conf above
   
   You can check that the Zaptel driver is loaded by running "kldstat"
    
3. cd /usr/ports/net/asterisk
4. make install
5. gmake samples (yes, it says "gmake")
6. you will be prompted for the building options, uncheck them all. Note: if you need to change them again, run: make config. Asterisk will be built and installed in /usr/local/etc/asterisk/
7. To have Asterisk loaded at boot-time, add the following in /etc/rc.conf
   
   asterisk_enable="YES"
    
8. If you have a TDM card, edit /usr/local/etc/asterisk/zapata.conf
9. Edit /usr/local/etc/asterisk/sip.conf
10. Edit /usr/local/etc/asterisk/extensions.conf
11. Start Asterisk manually to check that it works: asterisk -vvvc
12. "stop now" to close the console, and reboot to check that Zaptel + Asterisk start OK
13. Connect to the server with "asterisk -r", and exit to close the client

Resources

• Asterisk on a FreeBSD server
• Asterisk Installation Guide (Asterisk 1.4.3 on FreeBSD 6.2)

Downgrading

After upgrading Zaptel, it turned out not to work on my hardware. Here's how to install the "portdowngrade" utility in FreeBSD 6.3, and downgrade both Zaptel and Asterisk:

1. cd /usr/ports/ports-mgmt/portdowngrade
2. make DEFAULT_CVS_SERVER=":anoncvs@anoncvs1.FreeBSD.org:/home/ncvs" install
3. portdowngrade -s anoncvs@anoncvs1.FreeBSD.org:/home/ncvs zaptel
4. portupgrade -f zaptel
5. cd /usr/ports/misc/zaptel
6. make clean deinstall reinstall
7. portdowngrade -s anoncvs@anoncvs1.FreeBSD.org:/home/ncvs net/asterisk
8. portupgrade -f asterisk
9. cd /usr/ports/net/asterisk
10. make clean deinstall reinstall

Compiling a new kernel

From Installing FreeBSD 6.2

1. Make sure you have the kernel source in the Ports
2. cd /usr/src/sys/i386/conf/
3. cp GENERIC MYKRL
4. Edit MYKRL: change ident from GENERIC to MYRKL (hostname?); if need be, remove the line for i486 and i586, you might need to add support for other filesystems, and for SMP if you have a multi-processor host. Save.
5. cd /usr/src
6. make buildworld
7. make buildkernel KERNCONF=MYKRL; make installkernel KERNCONF=MYKRL
8. reboot, and boot in single-user mode (option 4)
9. fsck -p
10. mount -u /
11. mount -a -t ufs
12. swapon -a
13. Important: if you made any configuration change since installing FreeBSD, backup /etc under eg. /root/etc now, since the "make installworld" will update configuration files, if needed
14. cd /usr/src
15. mergemaster -p
16. make installworld
17. mergemaster
18. reboot
19. Since FreeBSD uses fetch instead, you might want to download wget using "pkg_add -r wget"

Apache + PHP + MySQL + MemCacheD

1. cd /usr/ports/www/apache22 ; make config ; make ; make install. Data live in /usr/local/www/apache22/data, and the configuration is /usr/local/etc/apache22/httpd.conf
2. Edit /etc/rc.conf:
   apache22_enable="YES"
3. cd /usr/ports/databases/mysql51-client ; make config ; make install
4. cd /usr/ports/databases/mysql51-server ; make configure ; make install
5. Edit /etc/rc.conf:
   mysql_enable="YES"
6. cd /usr/ports/lang/php5 ; make config ; make ; make install
7. cd /usr/ports/lang/php5-extensions ; make config ; make ; make install
8. cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini
9. Check /usr/local/etc/php/extensions.ini
10. cd /usr/ports/databases/memcached; make ; make install
11. edit configuration file?
12. vi /etc/rc.conf, and add " memcached_enable="YES" "
13. /usr/local/etc/rc.d/memcached start
14. run "netstat -an" to check that a process is listening on TCP 11211
15. ? cd /usr/ports/devel/pear ; make ; make install
16. cd /usr/ports/databases/pecl-memcache ; make ; make install
17. /usr/local/bin/php -i | grep -i 'memcache'
18. cd /usr/ports/www/pecl-APC ; make config ; make ; make install
19. (in case default settings aren't suitable) vi /usr/local/etc/php.ini:
    
      apc.enabled=1
      apc.shm_segments=1
      apc.shm_size=128
      apc.ttl=7200
      apc.user_ttl=7200
      apc.num_files_hint=1024
      apc.mmap_file_mask=/tmp/apc.XXXXXX
      apc.enable_cli=1
     
20. Edit /usr/local/etc/apache22/httpd.conf to change this part:
    
    <IfModule mime_module>
        <IfModule php4_module>
            AddType application/x-httpd-php .php
        </IfModule>
        <IfModule php5_module>
            AddType application/x-httpd-php .php
        </IfModule>
    </IfModule>
     
21. ... and this part:
    
    <IfModule dir_module>
        <IfModule php5_module>
            DirectoryIndex index.php index.html
        </IfModule>
        <IfModule !php5_module>
            <IfModule php4_module>
                DirectoryIndex index.php index.html
            </IfModule>
            <IfModule !php4_module>
                DirectoryIndex index.html
            </IfModule>
        </IfModule>
    </IfModule>
     
22. /usr/local/etc/rc.d/mysql-server start
23. If not using a DNS, edit /etc/hosts, and add the server's IP address
24. /usr/local/etc/rc.d/apache22 start
25. Set a password for MySQL's root password:
    
    DELETE FROM mysql.user WHERE Host <> 'localhost' OR User <> 'root';
    SET PASSWORD FOR root@localhost=PASSWORD('mypassword');
    FLUSH PRIVILEGES;

FYI, PHP saves its session files under /var/temp/. Files are prefixed with sess_ and have the PHPSESSID cookie appended.

Lighttpd + PHP + MySQL

(Source)

1. cd /usr/ports/www/lighttpd ; make ; make install; make clean
2. cd /usr/ports/lang/php5 ; make ; make install ; make clean ; make test ("make: don't know how to make test. Stop")
3. cd /usr/ports/lang/php5-extensions ; make (select ctype, curl, dom, gd, imap, mbstring, mcrypt, mysql, mysqli, pcre, posix, session, simplexml, xml, xmlreader, xmlwriter, zlib) ; make install ; make clean
4. cd /usr/local/etc/
5. cp php.ini-recommended php.ini
6. vim php.ini, uncomment the line that says "cgi.fix_pathinfo=1"
7. vim lighttpd.conf, and uncomment lines that deal with mod_fastcgi : Why fails running as www.www?
8. vim /etc/rc.conf:
   lighttpd_enable="YES"
9. /usr/local/etc/rc.d/lighttpd restart
10. netstat -nat
11. cd /usr/local/www/data
12. vim index.php:
    <?php phpinfo(); ?>
13. http://server/
14. /usr/local/etc/rc.d/lighttpd stop
15. cd /usr/ports/databases/mysql50-server/ ; make ; make install ; make clean
16. cd /usr/ports/databases/mysql50-client ; make ; make install ; make clean
17. cd /usr/ports/databases/mysql50-scripts ; make ;  make install ; make clean
18. vim /etc/rc.conf:
    mysql_enable="YES"
    
19. /usr/local/etc/rc.d/mysql-server start
20. /usr/local/etc/rc.d/lighttpd start
21. netstat -nat

Q&A

Why failed installing mysql-client?

# make install

===>  Installing for mysql-client-5.0.51

===>   Generating temporary packing list

===>  Checking if databases/mysql50-client already installed

===>   mysql-client-5.0.51 is already installed

      You may wish to ``make deinstall'' and install this port again

      by ``make reinstall'' to upgrade it properly.

      If you really wish to overwrite the old port of databases/mysql50-client

      without deleting it first, set the variable "FORCE_PKG_REGISTER"

      in your environment or the "make install" command line.

*** Error code 1

Stop in /usr/ports/databases/mysql50-client.

=> Set up NTPd, restart, retry

Why does the default fail in lighttpd.conf?

fastcgi.server             = ( ".php" =>

                             #BAD  ( "localhost" =>

                                 (

                                   "socket" => "/tmp/php-fastcgi.socket",

                                   "bin-path" => "/usr/local/bin/php-cgi"

                                 )

                               )

                            )

Installing FreeBSD on a Compact Flash

To mount a binary image file used to flash a CF card:

# file myimage.img

# zcat myimage.img > image.bin

# mdconfig -a -t vnode -f /root/image.bin

# fdisk /dev/md0

# ls /dev/md0*

# mkdir /mnt/cf

# mount /dev/md0a /mnt/cf

# ls -l /mnt/cf

To read a Compact Flash through a USB card-reader:

1. Run "dmesg | grep da" to find which device is attached to the reader. If the reader supports different types of cars, you'll see several devices, eg. da0, da1, etc.
2. mkdir /mnt/cf
3. mount /dev/da1 /mnt/cf

It seems like FreeBSD doesn't support ext2fs by default, so if the CF card is partitioned with that filesystem, try "mount_ext2fs /dev/da1s1 /mnt/cf" instead.

Resources

FreeBSD on the Soekris net4501 By Michael R. Brumm

FreeBSD on a Soekris net4801

Installing FreeBSD 6.2 on a Soekris net5501

UltraDesic miniBSD 6.x Guide

FreeBSD, Compact Flash, ZFS, and minimum root partition size

TinyBSD

• FreeBSD and Solid State Devices (2001)
• miniBSD 6.x Guide (miniBSD; miniBSD - reducing FreeBSD)
• TinyBSD
• PicoBSD (floppy size)
• FreeSBIE ("a LiveCD based on the FreeBSD Operating system. This toolkit can also be used to make embedded images a-la miniBSD or nanoBSD"; Last updated Feb 2007)
• Introduction to NanoBSD
• FreeBSD, Mini-PCs and Compact Flash
• Embedded FreeBSD Cookbook
• Embedded FreeBSD Project
• Homemade Embedded BSD Systems and Diskless, Low-Form-Factor OpenBSD Systems by Michael W. Lucas

Tips & Tricks

After moving the HD from a PC that used a Via Rhine embedded Ethernet interface (vr0) to a PC using an Intel 10/100 embedded interface (fxp0), you'll need to edit /etc/rc.conf to have this new interface to get its IP configuration from the DHCP server (if need be), and restart the network service (/etc/rc.d/netif restart).

To switch to single-user mode,type shutdown now and press Enter when prompted to do so. To return to multiuser mode, type exit.

The equivalent of Linux's "netstat -nltp" to list TCP apps listening on ports is "netstat -nat | grep LISTEN"

To search through the Ports collection, instead of using the usual "find /usr/ports -name "samba*", you can use this:

• whereis "samba*"
• cd /usr/ports && make search name=samba

Q&A

How to launch a CRON job every week on Sunday at Midnight?

"crontab -e", and add the following:

0 0 ** 0 root /root/myscript.bash

Alternatively, some cron support a shorter, more readable format:

@weekly root /root/myscript.bash

How to handle modules?

kldstat = lsmod in Linux

kldunload = rmmog

kldload = insmod

How to upgrade related packages like PHP5?

1. Install portupgrade
2. portupgrade -vrR php5

Some daemons are started even though they aren't listed in /etc/rc.conf

Check /etc/defaults/rc.conf. If you need to disable some, set them to "NO" in /etc/rc.conf.

How to check which application is listening on which port?

sockstat

How to read e-mail with /usr/bin/mail?

http://www.freebsd.org/cgi/man.cgi?query=mail&sektion=1

[6.2] Even with "PermitRootLogin yes", can't ssh into the server

Have to log on as a regular user that belongs to the Wheel group, and su to root

lighttpd can't find its configuration file

# which lighttpd

/usr/bin/lighttpd

# cat /usr/bin/lighttpd

#!/bin/sh

/usr/local/sbin/lighttpd -f /usr/local/etc/lighttpd.conf $@

# lighttpd start

2008-01-13 22:27:26: (server.c.504) No configuration available. Try using -f option.

pkg_add -rv mystuff ; pkg_information mystuff doesn't work

pkg_info | grep mypackage

pkg_remove doesn't work

Must include the package's name + version number, eg. pkg_delete mutt-1.4.2.1_2

When using FreeBSD as a gateway between the LAN and a modem/DSL DHCP connection, what about /etc/resolve.conf?

The problem is that dhclient updates /etc/resolve.conf to point to the ISP's DNS servers, which is not an issue : To resolve local hostnames (ie. hosts located on the LAN, just point the gateway to the host acting as DNS for the local host, so that external DNS servers will not be queried to resolve private hostnames.

chsh only works when connecting remotely with SSH

At the console, running "chsh -s /usr/local/bin/bash ; echo $SHELL" still returns "/bin/csh".

Bash doesn't read ~/.bash_profile when I log on

# cat ~/.bash_profile

alias l='ls -lAFG'

# ll

bash: ll: command not found

Portsnap vs. c(v)sup?

"Portsnap is a system for securely downloading and updating a compressed snapshot of the FreeBSD ports tree, and using this compressed snapshot to extract or update a (uncompressed) copy of the ports tree. Historically, most people have used CVSup to keep their ports tree up to date, but CVSup has a number of limitations"

Vim doesn't handle arrows correctly

While in edit mode, hitting eg. left arrow displays A's

A port/package doesn't start

Make sure it's listed in /etc/rc.conf

/usr/local/etc/rc.d/apache.sh start fails

Make sure the FQDN for the host is defined in either the DNS or in /etc/hosts.

How to list files installed by a ports?

pkg_info | grep mysql

pkg_info -L mysql-server-5.0.51

How to compress WAV files to MP3?

cd /usr/ports/audio/lame ; make install

lame -h -b 128 test.wav test.mp3

Resources

• FreeBSD Handbook
• A comprehensive guide to FreeBSD
• The Complete FreeBSD (covers version 5)
• Absolute BSD (2002)
• FreshPorts
• The FreeBSD Ports Archive
• Daemon News
• FreeBSD Wiki
• FreeBSD Diary
• FreeBSD - The Power to Serve
• FreeBSD Install Guide
• Why FreeBSD - A quick tour of the BSD alternative by Frank Pohlmann
• FreeBSD for Linux Users and More FreeBSD for Linux Users by Dru Lavigne