Installing FreeBSD 7.0 - DHCP and DNS with dnsmasq

DHCP and DNS with dnsmasq

• See to it that you are root
  
• Execute: cd /usr/ports/dns/dnsmasq
  
• Execute: make install clean
  
• Execute: ee /etc/rc.conf
  
• Add row: dnsmasq_enable="YES"
  
• Exit editor with ESC, A, A
  
• Execute: cd /usr/local/etc/
  
• Execute: cp dnsmasq.conf.example dnsmasq.conf
  
• Execute: ee dnsmasq.conf

This is the cofiguration file for dnsmasq. Lets walk though the most important settings.

Uncomment line "interface=" and put the name of your interface that is facing towards your LAN as the value. In my case this line looks like this "interface=re0" because my network card that is called re0 has IP 192.168.0.1 assigned to it.

If you have only one network card and it has both an internal and external IP assigned to it then you can use the "listen-address" alternative. But I don't use it and will not include it here.

Uncomment line "expand-hosts". This will make it easier to access computers within the domain. For example you have a computer called foo on domain example.com. Normally you would have to request foo.example.com, but since you're using the expand-hosts option you only need to request foo.

Uncomment line "domain=" and assign your domain to it. This will automatically name your local computers with the fully qualified name. Example when you hook up your computer named foo, and your domain is example.com the name of the computer will be foo.example.com. But since you're using expand-hosts you won't notice the difference from any other computer in the network.

Uncomment line "dhcp-range=" and put any IP-range in there. I use "dhcp-range=192.168.0.150,192.168.0.250,12h".

Find line "dhcp-host", if you want computers in your network to always retrieve a certain IP then setup that computers MAC address with that special IP. This makes it more easy to address port redirects in the firewall.

Take note of line "#dhcp-option=42,0.0.0.0", it's important if you want to use kerberos authentication in the future.

Uncomment line "dhcp-authoritative". BUT ONLY IF THIS IS THE ONLY DHCP-SERVER ON THE NETWORK. Also take care that the "interface=" alternatively "listen-address=" options is setup correctly. Otherwise you might bring down any other DHCP-service.

Now, dnsmasq assumes that the machine running dnsmasq is the gateway. Either you must configure the DHCP settings in dnsmasq to provide an alternative IP or you have to setup ipnat. I want this machine to route my traffic so I want to configure ipnat. Remeber when we made our custom kernel? Look at that entry again and also read this http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html Network Address Translation.

• Still root?
  
• Execute: cd /etc
  
• Execute: ee rc.conf
  
• Add lines: 
  
• gateway_enable="YES" # Enable as LAN gateway
  
• natd_enable="YES" # Enable NAT deamon 
  
• natd_interface="vr0" # Change vr0 to whatever interface you have facing your ISP
  
• natd_flags="" # Flags, if you use -f /etc/

Now reboot!

Installing FreeBSD 7.0 - Apache 2.2 MySQL 5.1

Installing Apache 2.2 and MySQL

• See to it that you are root
  
• Execute: cd /usr/ports/www/apache22
  
• Execute: make install clean
  
• Choose any options that you like for Apache
  
• Execute: ee /etc/rc.conf
  
• Add the following line to rc.conf
  
• apache22_enable="YES"

Ok, now you've got Apache 2.2 installed. Let's install MySQL 5.1.

• Make sure that you're still root
  
• Execute: cd /usr/ports/databases/mysql51-server
  
• Execute: make install clean
  
• Execute: ee /etc/rc.conf
  
• Add the following line to rc.conf
  
• mysql_enable="YES"

Now reboot!

Ok, so try and access the website by punch in the IP of your server in a browser somewhere. "It works!" Cool!

For MySQL i recommend downloading MySQL GUI Tools. Hook MySQL Administrator to your server. This will probably not work because you haven't set your password yet. Also your MySQL server isn't configured for remote connections.

Make this work was a bit of a problem, and it took it's time. I didn't make notes of what I actually did to make it work :|. However I think that I started out by setting the password and then I logged on to webmin.

Setting password:

• Fire up the terminal and login as root
  
• mysqladmin -u root password newpassword

Apparently there is a "safer way" to do this. Follow this link if you are concerned Installing and configuring mySQL2.

Configure:

• Login to webmin
• Unfold "Servers"
  
• Clicked MySQL Database Server (However the module doesn't work)
  
• Click the "Module Config" at the top left corner
  
• Find "MySQL configuration file" and change the current value to "/var/db/mysql/my.cnf"
  
• Click "Save"

I make reservations for the possibility that you may need to change the location to all the commands. If that's the case, they're all placed in "/usr/local/bin/". But if all is correct you should now be able to configure MySQL from webmin. What you need to do is set up the ability for remote connections.

• Back to the main menu of MySQL in webmin
  
• Click "User Permissions"
  
• Click "Create new user"
  
• Choose username, my choice was developer
  
• Set a password
  
• Either you can set a fixed IP or you can put wildcards in it I put 192.168.0.% which means that I can access MySQL from any machine on my LAN.

Now you might want to configure the webmin Apache module to work with your FreeBSD installation of Apache22. I actually don't remember the exact variables that i changed but basically it's the paths. Most of them point to something/apache/something which you should change to something/apache22/something.

Installing FreeBSD 7.0 - Apple shares

Ok so you want your FreeBSD machine to share files with Apple machines.

Assuming that you have recompiled your kernel with option NETATALK you can go on and install the netatalk deamon.

• Execute: cd /usr/ports/net/netatalk
  
• Execute: su and enter password 
  
• Execute: make install clean
  
• Execute: cd /usr/ports/net/howl
  
• Execute: make install clean
  
• Execute: ee /etc/rc.conf
  
• Add lines:

slpd_enable="YES" # Promotes services on network
netatalk_enable="YES" # Enable netatalk
atalkd_enable="YES" # Deamon
cnid_metad_enable="YES" # No idea
afpd_enable="YES" # Apple File Protocol deamon

# This is a part of howl
mdnsresponder_enable="YES"
mdnsresponder_flags="-f /usr/local/etc/mDNSResponder.conf"

• Exit editor: Press ESC, then A and then A
  
• Execute: ee /usr/local/etc/mDNSResponder.conf
  
• Add lines:
  

MyServerName _afpovertcp._tcp local. 548
MyServerName _ssh._tcp Servers. 548

It's important that everything is separated with tabs in this file. It's also very important that there is a empty line at the end of the file.

The first line see to it that your macs will find the shared file folders on the network. The second line will promote ssh login.

Now we want something to share! I created a folder in /usr that I call netshare. If you want to follow my example do this:

• See to it that you still have root access
  
• Execute: mkdir /usr/netshare
  
• Execute: ee /usr/local/etc/AppleVolumes.default
  
• Scroll to bottom of file

You will probably have a ~ on the last line. This means that the authenticated users home folder is shared. If you don't like that, just remove the ~. Anyway, we want to share our common /usr/netshare folder. I also decided that only users belonging to group shares should have access to this folder. This is why I choose to install webmin so go ahead and create a new group.

• Web browser: your webminaccess (mine is https://192.168.0.1:10000)
  
• Login
  
• Unfold System and click "Users and Groups"
  
• Scroll down to "Local Groups" and click "Create a new group"
  
• I called my group shares, you can call it whatever you like
  
• Add members to the group, I added my self and root
  
• Click "Create"

• Back to the AppleVolumes.default file and add a line:
  

/usr/netshare netshare allow:@shares

First part is of course the path to the shared folder. Second the display name of the share. Third the rights to this share. When defining right to groups you use @ as prefix. Say that you want the mygroup group and myuser to have access then you would write allow:myuser, @mygroup.

You can learn more about it here AppleVolumes.default

Save your file!

Finally you need to update the rights to the actual folder. Since I'm not a unix person from the beginning I'm taking the sneak way around chmod and chown and I use webmin instead.

• Login to webmin
  
• Unfold the "Others" item and click "File Manager"
  
• A java applet wan't need your permission to run, just accept and you will end up in a nice looking gui application.
  
• Click usr in the left tree and select netshare in the right listing
  
• Click the "info" icon in the toolbar
  
• In the "Permissions" area click Read, Write, List on Group. I personally deselected any rights for "Other".
  
• In the "Ownership" area change group to shares or whatever group you like
  
• In the "Apply changes to" dropdown choose "This directory and all it's subdirectories"
  
• Click "Save" button in the bottom
  

Reboot your machine!

Your FreeBSD machine should automatically show in Finder on all your OS X machines on the network. It should display your home folder and the netshare folder.

Installing FreeBSD 7.0 - Custom Kernel

Most users need a custom kernel because the many features of FreeBSD originates from functionality in the kernel. But how to do it? Basically, a custom kernel is all about configuring and then recompiling. It's quite easy actually.

In this blog I will not talk about hints. That might come in a later blog.

Also I will take the opportunity to promote the FreeBSD handbook. I really suggest that you learn how to use it because it is really simple. It's not hard with a lot of unnecessary text, but very straight on. I suggest that you always go and read the handbook before google any problem you might have. I usually solved my problems the other way around, which gave me more problems since those blogs were about older versions of the kernel and so forth. The subject that is interesting for you to read about today is Configuring the FreeBSD kernel.

Make sure you have root access, preferably by logging in as regular user and:

• Execute: su (and enter password)
  
• Execute: cd /usr/src/sys/i386/conf (You might want to change i386 for your particular architecture.)
• Execute: mkdir /root/kernels (This will create a directory in your root home folder)
• Execute: cp GENERIC /root/kernels/MYKERNEL (where you change MYKERNEL to whatever you like, usually your machine name)
• Execute: ln -s /root/kernels/MYKERNEL (this creates a symbolic link from the actual file in your /root/kernels directory into the /usr/src/sys/i386/conf directory)

Now you have the basics setup. What we just did was making a copy of the GENERIC kernel configuration into your root home folder. Then we linked that file up into the conf folder. The reason why we did this is actually so that we can delete the /usr/src folder if we like, without being afraid that we loose our custom kernel configuration.

Lets edit the configuration file with the ee editor, we have had enough of VI for now:

• Execute: ee /root/kernels/MYKERNEL
  

If you scroll through the file you might notice that at the beginning it's all about options, then further down we have devices. Notice on the second line from the top, it sais "GENERIC" and a short description. Change that to whatever you like. It doesn't have any functional meaning but it just feels right to do it.

CPU optimization

• Find three lines that looks like this cpu
  I486_CPU cpu
  I586_CPU cpu
  I686_CPU
• Comment out any line that doesn't match your CPU. (My CPU is a Pentium 4 2.8 GHz HyperThreading. So I comment out I486 and I586 and keep I686)

Kernel identification, I'm not sure what this is good for. But it feels right to update.

• Find the line that begins with "ident"
  
• Change GENERIC to MYKERNEL (or whatever you called it before)

I like to turn off debugging aswell. I'm not sure if it has any effect on the FreeBSD Kernel but it usually do have a positive performance effect on other software så I suggest that you comment out debugging.

• Find line makeoptions DEBUG=-g and comment it out
  

Now lets see what we might want to add to the kernel.

• options NETATALK # AppleTalk, because I like Apple so mouch
  
• options IPFILTER # Enable statefull Firewall
  # Note: The IPF can be enabled
  # as a loadable module in rc.conf
  # with ipfilter_enable="YES"
  

If you are looking for other options, then I suggest that you take a look inside /usr/src/sys/i386/conf/NOTES because this file has the list of all options available for the kernel.

Now perhaps you want to optimize your kernel. Scroll through all the device rows in the file and comment out any device not available for your system. Remember that some of the devices is not optional. Example the miibus device is a must have if your NIC is one of those that is dependent upon that device. Both of my NIC:s is.  Just read the comments and you will be fine.

Now that you have your own kernel configuration just hit ESC and press A to Exit ee and A again to Save and Exit.

• Execute: cd /usr/src/
  
• Execute: make buildkernel KERNCONF=MYKERNEL
  
• Wait for it...
  
• Wait for it...
  
• Wait for it...

Now you might have experienced either a complete compilation or you have a compiler error. If you have a error then you have probably left a device that is dependent of a device that you have removed. Try from the error message to understand what devices it's about and then figure out if you should remove or add a device to the kernel.

If everything is fine then you

• Execute: make installkernel KERNCONF=MYKERNEL

Okay, your kernel is now installed and will be used next time you reboot!

Installing FreeBSD 7.0 - Webmin

Install webmin

• Execute cd /usr/ports/sysutils/webmin
  
• Execute make install clean
  
• Execute cd /usr/local/lib/webmin
  
• Execute ./setup.sh
  

You will have to answer some questions.

• Where should logging be placed
  
• What port number should webmin bind to
  
• What username and password
  
• Should SSL be used
  
• Maby some other stuff

Default answers to any of these is good enough. I prefer using SSL.

• Execute: ee /etc/rc.conf
  
• Now add a line at the bottom that say: webmin_enable="YES"

Press ESC and chose alternative A to quit and another A to perform saving before quitting.

Reboot your machine

• Execute reboot
  

Now when you startup you have sshd and webmin enabled which in my case means that I can continue my configuration from the comfort of my MacBook.

Updating webmin

• With web browser point to https://machine-IP:webminportnr
  
• Enter credentials
  
• Unfold Webmin in the left menu
  
• Click "upgrade webmin" (the upwards pointy icon)
  
• Make sure that the "Latest version from www.webmin.com" option is selected and click "Upgrade webmin"
  
• Take a break
  
• If there are any modules that needs upgrading, you will be informed about that. Personally I always chose to upgrade those too.

Adding a user from webmin

• Unfold System in the left menu
  
• Click "Users and groups"
  
• Somewhere around the top there should be a link called "Create a new user." Click it.
  
• Enter whatever username you like
  
• Enter whatever Real Name you like
  
• (if you like) Choose /usr/local/bin/bash in the Shell option
  
• Select "Normal password" and enter a password in the textbox
  
• In the "Group Membership" area click option "Existing group" and enter "wheel" in the textbox.
  
• Let everything else be as set by default
  
• Press the "Create" button down at the bottom.

Now you can start a remote SSH session to your FreeBSD machine from
any other machine on your network.

Installing FreeBSD 7.0 - SSH, sudo

Install sshd for remote login

• Execute: sysinstall
  
• Chose configure -> Networking
  
• Select sshd
  
• Exit installation
  

Install sudo for gaining root access:

• Execute: cd /usr/ports/security/sudo
  
• Execute: make install clean
  
• Execute: visudo
  

This opens up the dreaded VI. If you don't know how to use VI read this: Installing freebsd 7.0 - Using VI. In the editor you look for a line quite far down in the file. It looks like this:

# %wheel ALL=(ALL) SETENV: ALL

And there is another one that looks like this:

# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL

The first one allows any user that belongs to the wheel group to gain root privileges by typing either sudo before any command or execute su to become root.

The second line does the same thing, but requires no password when using the sudo action.

You need to choose whichever option you like the most (I prefer the secure alternative that requires password, even if it is annoying sometimes). Then uncomment that line - that means remove the bracket at the beginning of the line.

You should know enough to get around in VI by now. But I'll take it step by step anyway. Simply stand on the bracket character and press delete when in "the other mode".

Now press the corresponding key for character ":". This gives you a command line at the bottom of the screen. Now write a "w" on the command line and press enter. The file is saved and you can exit with ":" and command "q".

Installing FreeBSD 7.0 - Using VI

Creating new file:

• Execute: cd ~/ (walk to your home folder)
  
• Execute: vi testing

You are now in the VI-editor.

First: If you for some reason think that you have destroyed the file that you are editing and just want to quit as fast as possible without saving anything, do this:

• Press: ESC
  
• Press: corresponding key for character ":"
  
• Write: q! and press enter

This will exit VI without saving.

Vi works in three modes. Edit mode, strange mode and command mode. The strange mode is what mode VI starts with.

Be careful, you can do harmful stuff in all modes. When you are in strange mode you can do the following:

• Press "i" to enter edit mode
  
• Press ":" to enter command mode

When in edit or command mode you can always press ESC to return to strange mode.

Sometimes when you update text in edit mode, your changes doesn't seem to appear. Press left or right arrow key, and the text will be updated if any changes were made.

In strange mode (remember the ESC-key) you can use the Delete key. Which I find impossible to use in edit mode.

Adding new text will easily be performed in edit mode (remember the "i" key)

Now you want to save this file:

• Enter "the other mode" with ESC if not already there
  
• Press the corresponding key to get a ":". This will give you command mode.
  
• You will now have a : at the bottom of the screen which will await your command.
  
• Write "w" and press enter. Your file will be saved.
  
• Write "q" and press enter. You will exit VI.

Installing FreeBSD 7.0 - Bash

Install bash (If you prefer sh, then you can skip this. But I prefer bash to csh and sh)

• Execute cd /usr/ports/shells/bash
  
• Execute make install clean
  
• Execute chsh

You are now in the VI-editor and you need to perform the task of updating a single line of text. If you're not familiar with VI then you should read this Installing freebsd 7.0 - Using VI

• Move to the line where it says something like: 
  "Shell: /bin/csh"
• Change
  "/bin/csh"
  to
  "/usr/local/bin/bash"
  

Now save and exit. 

You have to logout and login again to get bash.

Installing FreeBSD 7.0 - Base

Following is a series of articles related to my experiences with FreeBSD 7.0 and how to install it. I will focus on how to get the stuff working. I will try to keep each installation in separate blog entries.

I have three Mac OS X Leopard Machines in my network so my focus is to get FreeBSD working with those. Therefore I doubt that I will consider writing a entry about samba for example.

This is what I will try to cover over time:

Base installation (this article)

Remote administration

• Webmin
  
• SSH
  

Gateway features

• Routing 
  
• Firewall
  
• DNS
  
• DHCP
  

File share

• AFP (Apple File Protocol?)
  
• Netatalk (Apple talk)
  
• Howl mDNSRespond
  

Public services

• Appache 2.2
  
• MySQL
  
• FTP
  
• E-mail
  

Authentication and security

• Kerberos (Single sign on) 
  
• OpenLDAP

Point your web browser to this place http://www.freebsd.org/where.html and download FreeBSD 7.0 boot only version for your architecture. For i386 based computers ftp://anonymous@ftp5.se.FreeBSD.org:21/pub/FreeBSD/ISO-IMAGES-i386/7.0/7.0-RELEASE-i386-bootonly.iso. This size of this file is 33.6 MB.

Burn the image to a CD and boot. Finally you will end up in the installation application. 

Choose Express -> Custom

Choose Options

• Do appropriate settings for you. I usually turn off IPv6 and skip PCCARD. 
  
• Press Q to get back
  

Let's initialize the harddrive. Now I have only installed FreeBSD on a single harddrive with nothing else on it. So if you don't want to loose something that you keep on your harddrive - Do not do this!

Choose Partition

• Press A for Automatic 
  
• Press Q to get back
  

When asked to install Boot manager I usually choose "Standard", but if you have a secondary OS on your machine then you would probably want to choose "BootMgr". Again, if you do have something else on your hard drive that you are afraid to wipe out - do not follow my instructions!

Choose Label

• Press A for Automatic
  
• Press Q to get back
  

Choose Distributions

• Minimal
  
• Kern-Developer, the installation program will suggest installing "ports". This is something that you really need, so agree to that.

Note: First make the Minimal selection, then make the Kern-Developer selection. If you do it in the wrong order the Minimal selection will unselect it selfe for some reason. I Don't know if it will install Minimal or not in this condition.

Choose Media

• FTP
  
• Select whatever site is closest to your computer
  

For the last time. When you choose commit, your hard drive will finally be initialized and you will loose anything that you might have stored on it. If you care about anything on your hard drive - Do not proceed!

Choose Commit

• Wait
  

After commit is finished just exit the installation and the computer will reboot.

• Login root, no password

Change password

• Execute: passwd
  
• Enter your password twice
  

Immutable objects

Immutables are very interesting. The problems that immutables address is often neglected. These problems tend to surface later in the development process, when the project is becoming more complex.

Eric Lippert shed some light on this complex subject in a very interesting blog series. Immutability in C# Part One: Kinds of Immutability

Coding management

I had a discussion at work today with a project manager. She used to be a programmer back in the days and she shows both insight and interest in code related issues. Not to mention stubborn until proven wrong (no offence, you know who you are and you may see this post as a follow up on the subject). We had several in depth talks about different subjects in programming philosophy but the one that I want to bring back to surface is the one about coding conventions and project rules.

She told me about a successful project where all programmers got together and decided that they were going to follow a pretty simple convention of how to declare functions and subroutines (this was VB 6 I may say). Everything with informative texts that short and concise should inform anyone reading or calling this particular code what it actually does. Also the most important thing was that the writer was indeed responsible of releasing any allocated resources before return.

The reason that we end up in this discussion was the subject of scrum, which encourage programmers to be creative. Let’s face it, all projects have a couple of kick ass coders, some great coders that are eager to learn from the ass kickers and some coders that destroy the project for the others. Creative destroying programmers can be a mess.

This project was no exception. There was this one guy who didn’t care about documenting, and worst of all, he seldom released any allocated resources. This one guy made the whole project limp, and the moral sank, making all the great programmers unhappy and unproductive.
Now why am I telling this story? Could this problem be solved peacefully? I boldly states that the problem should never exist. It’s all up to the system architect and his/her choices of technology. Let’s analyze these two problems.

The matter of unreleased resources is of course a product of stateful programming (also known as imperative programming). If the environment that these programmers were working in was based on the principles of functional programming, the resources would be released automatically when returning from a function or procedure. They could be more careless with their code, and as a result more productive.

Second the matter of documenting the functions and subroutines. We all know from experience, few programming languages require a couple of informative lines of documentation prior to any major declaration. So how do we ensure that they are there? Eiffel successfully turned documentation into a major advantage to the programmers with their Design by Contract (DbC) principle. Also there are of course other positive side effects when using DbC. Eiffel and its killer DbC is a huge subject so I drop that for now. However using DbC, the compiler can force the programmer to follow the documentation rules.

Let’s get back to the story. In the end they had to let the bad programmer go because the rest of the team was more productive without him. Before you chuckle to yourself about how you dismiss bad code and their creators, you should take a good look in the mirror and ask if you really write such great code yourself. I know, only by looking at code that I wrote an hour ago that I sometimes write totally fucked up code. The reasons may vary, you may be new to programming or you may be tired or you may be in a hurry to deliver for a deadline. Or maybe you just have a hard time to grasp the concepts. It takes time for some programmers to understand the value of good code.

There are a lot of reasons why some programmers write bad code. What I am trying to point out is that you can reduce the bad code, using the right language and environment in the right place. It’s sad that the choice of language and environment is seldom a choice made by someone who understands the production cycle and the impact the wrong tools has on it. But then again, that person could probably not choose the programmers for the task either.

Template metaprogramming

Following up on the subject regarding my last post Generics, another type of metaprogramming I found a interesting Wikipedia article Template metaprogramming. Quoting (as I usually do);

“Template metaprogramming is a metaprogramming technique in which templates are used by a compiler to generate temporary source code, which is merged by the compiler with the rest of the source code and then compiled. The output of these templates include compile-time constants, data structures, and complete functions. The use of templates can be thought of as compile-time execution. The technique is used by a number of languages, the most well-known being C++, but also D, Eiffel, Haskell, ML and XL.”

The article makes it very clear that Templates is a compile time metaprogramming technique. This is something that I have pointed out in my earlier posts about metaprogramming aswell. Also the article compares Templates with Macros but points out that Macros is type unaware whilst Templates is aware of the types in the native language. All this with the exception of Lisp since Lisp Macro language is Lisp itself.

“Some common reasons to use templates is to implement generic programming (avoiding sections of code which are similar except for some minor variations) or to perform automatic compile-time optimization such as doing something once at compile time rather than every time the program is run, for instance having the compiler unroll loops which would otherwise not be.”

Reading this I am thinking, so I can use templates on other stuff than as a placeholder for a unknown type. And truly spoken, only a couple of lines further reading gives me a sweet example of how to use the compiler to pre calculate the factorial value of any given constant. This gives me a whole new view of Templates and what can be accomplished with them. The article goes on and describes another couple of interesting usage patterns for Templates.

Well worth reading!