Typed stuff: March 2008

Wednesday, March 19, 2008

Installing FreeBSD 7.0 - DHCP and DNS with dnsmasq

DHCP and DNS with dnsmasq

See to it that you are root
Execute: cd /usr/ports/dns/dnsmasq
Execute: make install clean
Execute: ee /etc/rc.conf
Add row: dnsmasq_enable="YES"
Exit editor with ESC, A, A
Execute: cd /usr/local/etc/
Execute: cp dnsmasq.conf.example dnsmasq.conf
Execute: ee dnsmasq.conf

This is the cofiguration file for dnsmasq. Lets walk though the most important settings.

Uncomment line "interface=" and put the name of your interface that is facing towards your LAN as the value. In my case this line looks like this "interface=re0" because my network card that is called re0 has IP 192.168.0.1 assigned to it.

If you have only one network card and it has both an internal and external IP assigned to it then you can use the "listen-address" alternative. But I don't use it and will not include it here.

Uncomment line "expand-hosts". This will make it easier to access computers within the domain. For example you have a computer called foo on domain example.com. Normally you would have to request foo.example.com, but since you're using the expand-hosts option you only need to request foo.

Uncomment line "domain=" and assign your domain to it. This will automatically name your local computers with the fully qualified name. Example when you hook up your computer named foo, and your domain is example.com the name of the computer will be foo.example.com. But since you're using expand-hosts you won't notice the difference from any other computer in the network.

Uncomment line "dhcp-range=" and put any IP-range in there. I use "dhcp-range=192.168.0.150,192.168.0.250,12h".

Find line "dhcp-host", if you want computers in your network to always retrieve a certain IP then setup that computers MAC address with that special IP. This makes it more easy to address port redirects in the firewall.

Take note of line "#dhcp-option=42,0.0.0.0", it's important if you want to use kerberos authentication in the future.

Uncomment line "dhcp-authoritative". BUT ONLY IF THIS IS THE ONLY DHCP-SERVER ON THE NETWORK. Also take care that the "interface=" alternatively "listen-address=" options is setup correctly. Otherwise you might bring down any other DHCP-service.

Now, dnsmasq assumes that the machine running dnsmasq is the gateway. Either you must configure the DHCP settings in dnsmasq to provide an alternative IP or you have to setup ipnat. I want this machine to route my traffic so I want to configure ipnat. Remeber when we made our custom kernel? Look at that entry again and also read this http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html Network Address Translation.

Still root?
Execute: cd /etc
Execute: ee rc.conf
Add lines:
gateway_enable="YES" # Enable as LAN gateway
natd_enable="YES" # Enable NAT deamon
natd_interface="vr0" # Change vr0 to whatever interface you have facing your ISP
natd_flags="" # Flags, if you use -f /etc/

Now reboot!

Friday, March 14, 2008

Installing FreeBSD 7.0 - Apache 2.2 MySQL 5.1

Installing Apache 2.2 and MySQL

See to it that you are root
Execute: cd /usr/ports/www/apache22
Execute: make install clean
Choose any options that you like for Apache
Execute: ee /etc/rc.conf
Add the following line to rc.conf
apache22_enable="YES"

Ok, now you've got Apache 2.2 installed. Let's install MySQL 5.1.

Make sure that you're still root
Execute: cd /usr/ports/databases/mysql51-server
Execute: make install clean
Execute: ee /etc/rc.conf
Add the following line to rc.conf
mysql_enable="YES"

Now reboot!

Ok, so try and access the website by punch in the IP of your server in a browser somewhere. "It works!" Cool!

For MySQL i recommend downloading MySQL GUI Tools. Hook MySQL Administrator to your server. This will probably not work because you haven't set your password yet. Also your MySQL server isn't configured for remote connections.

Make this work was a bit of a problem, and it took it's time. I didn't make notes of what I actually did to make it work :|. However I think that I started out by setting the password and then I logged on to webmin.

Setting password:

Fire up the terminal and login as root
mysqladmin -u root password newpassword

Apparently there is a "safer way" to do this. Follow this link if you are concerned Installing and configuring mySQL2.

Configure:

Login to webmin
Unfold "Servers"
Clicked MySQL Database Server (However the module doesn't work)
Click the "Module Config" at the top left corner
Find "MySQL configuration file" and change the current value to "/var/db/mysql/my.cnf"
Click "Save"

I make reservations for the possibility that you may need to change the location to all the commands. If that's the case, they're all placed in "/usr/local/bin/". But if all is correct you should now be able to configure MySQL from webmin. What you need to do is set up the ability for remote connections.

Back to the main menu of MySQL in webmin
Click "User Permissions"
Click "Create new user"
Choose username, my choice was developer
Set a password
Either you can set a fixed IP or you can put wildcards in it I put 192.168.0.% which means that I can access MySQL from any machine on my LAN.

Now you might want to configure the webmin Apache module to work with your FreeBSD installation of Apache22. I actually don't remember the exact variables that i changed but basically it's the paths. Most of them point to something/apache/something which you should change to something/apache22/something.

Thursday, March 13, 2008

Installing FreeBSD 7.0 - Apple shares

Ok so you want your FreeBSD machine to share files with Apple machines.

Assuming that you have recompiled your kernel with option NETATALK you can go on and install the netatalk deamon.

Execute: cd /usr/ports/net/netatalk
Execute: su and enter password
Execute: make install clean
Execute: cd /usr/ports/net/howl
Execute: make install clean
Execute: ee /etc/rc.conf
Add lines:

slpd_enable="YES" # Promotes services on network
netatalk_enable="YES" # Enable netatalk
atalkd_enable="YES" # Deamon
cnid_metad_enable="YES" # No idea
afpd_enable="YES" # Apple File Protocol deamon

# This is a part of howl
mdnsresponder_enable="YES"
mdnsresponder_flags="-f /usr/local/etc/mDNSResponder.conf"

Exit editor: Press ESC, then A and then A
Execute: ee /usr/local/etc/mDNSResponder.conf
Add lines:

MyServerName _afpovertcp._tcp local. 548
MyServerName _ssh._tcp Servers. 548

It's important that everything is separated with tabs in this file. It's also very important that there is a empty line at the end of the file.

The first line see to it that your macs will find the shared file folders on the network. The second line will promote ssh login.

Now we want something to share! I created a folder in /usr that I call netshare. If you want to follow my example do this:

See to it that you still have root access
Execute: mkdir /usr/netshare
Execute: ee /usr/local/etc/AppleVolumes.default
Scroll to bottom of file

You will probably have a ~ on the last line. This means that the authenticated users home folder is shared. If you don't like that, just remove the ~. Anyway, we want to share our common /usr/netshare folder. I also decided that only users belonging to group shares should have access to this folder. This is why I choose to install webmin so go ahead and create a new group.

Web browser: your webminaccess (mine is https://192.168.0.1:10000)
Login
Unfold System and click "Users and Groups"
Scroll down to "Local Groups" and click "Create a new group"
I called my group shares, you can call it whatever you like
Add members to the group, I added my self and root
Click "Create"

Back to the AppleVolumes.default file and add a line:

/usr/netshare netshare allow:@shares

First part is of course the path to the shared folder. Second the display name of the share. Third the rights to this share. When defining right to groups you use @ as prefix. Say that you want the mygroup group and myuser to have access then you would write allow:myuser, @mygroup.

You can learn more about it here AppleVolumes.default

Save your file!

Finally you need to update the rights to the actual folder. Since I'm not a unix person from the beginning I'm taking the sneak way around chmod and chown and I use webmin instead.

Login to webmin
Unfold the "Others" item and click "File Manager"
A java applet wan't need your permission to run, just accept and you will end up in a nice looking gui application.
Click usr in the left tree and select netshare in the right listing
Click the "info" icon in the toolbar
In the "Permissions" area click Read, Write, List on Group. I personally deselected any rights for "Other".
In the "Ownership" area change group to shares or whatever group you like
In the "Apply changes to" dropdown choose "This directory and all it's subdirectories"
Click "Save" button in the bottom

Reboot your machine!

Your FreeBSD machine should automatically show in Finder on all your OS X machines on the network. It should display your home folder and the netshare folder.

Wednesday, March 12, 2008

Installing FreeBSD 7.0 - Custom Kernel

Most users need a custom kernel because the many features of FreeBSD originates from functionality in the kernel. But how to do it? Basically, a custom kernel is all about configuring and then recompiling. It's quite easy actually.

In this blog I will not talk about hints. That might come in a later blog.

Also I will take the opportunity to promote the FreeBSD handbook. I really suggest that you learn how to use it because it is really simple. It's not hard with a lot of unnecessary text, but very straight on. I suggest that you always go and read the handbook before google any problem you might have. I usually solved my problems the other way around, which gave me more problems since those blogs were about older versions of the kernel and so forth. The subject that is interesting for you to read about today is Configuring the FreeBSD kernel.

Make sure you have root access, preferably by logging in as regular user and:

Execute: su (and enter password)
Execute: cd /usr/src/sys/i386/conf (You might want to change i386 for your particular architecture.)
Execute: mkdir /root/kernels (This will create a directory in your root home folder)
Execute: cp GENERIC /root/kernels/MYKERNEL (where you change MYKERNEL to whatever you like, usually your machine name)
Execute: ln -s /root/kernels/MYKERNEL (this creates a symbolic link from the actual file in your /root/kernels directory into the /usr/src/sys/i386/conf directory)

Now you have the basics setup. What we just did was making a copy of the GENERIC kernel configuration into your root home folder. Then we linked that file up into the conf folder. The reason why we did this is actually so that we can delete the /usr/src folder if we like, without being afraid that we loose our custom kernel configuration.

Lets edit the configuration file with the ee editor, we have had enough of VI for now:

Execute: ee /root/kernels/MYKERNEL

If you scroll through the file you might notice that at the beginning it's all about options, then further down we have devices. Notice on the second line from the top, it sais "GENERIC" and a short description. Change that to whatever you like. It doesn't have any functional meaning but it just feels right to do it.

CPU optimization

Find three lines that looks like this cpu
I486_CPU cpu
I586_CPU cpu
I686_CPU
Comment out any line that doesn't match your CPU. (My CPU is a Pentium 4 2.8 GHz HyperThreading. So I comment out I486 and I586 and keep I686)

Kernel identification, I'm not sure what this is good for. But it feels right to update.

Find the line that begins with "ident"
Change GENERIC to MYKERNEL (or whatever you called it before)

I like to turn off debugging aswell. I'm not sure if it has any effect on the FreeBSD Kernel but it usually do have a positive performance effect on other software så I suggest that you comment out debugging.

Find line makeoptions DEBUG=-g and comment it out

Now lets see what we might want to add to the kernel.

options NETATALK # AppleTalk, because I like Apple so mouch
options IPFILTER # Enable statefull Firewall
# Note: The IPF can be enabled
# as a loadable module in rc.conf
# with ipfilter_enable="YES"

If you are looking for other options, then I suggest that you take a look inside /usr/src/sys/i386/conf/NOTES because this file has the list of all options available for the kernel.

Now perhaps you want to optimize your kernel. Scroll through all the device rows in the file and comment out any device not available for your system. Remember that some of the devices is not optional. Example the miibus device is a must have if your NIC is one of those that is dependent upon that device. Both of my NIC:s is. Just read the comments and you will be fine.

Now that you have your own kernel configuration just hit ESC and press A to Exit ee and A again to Save and Exit.

Execute: cd /usr/src/
Execute: make buildkernel KERNCONF=MYKERNEL
Wait for it...
Wait for it...
Wait for it...

Now you might have experienced either a complete compilation or you have a compiler error. If you have a error then you have probably left a device that is dependent of a device that you have removed. Try from the error message to understand what devices it's about and then figure out if you should remove or add a device to the kernel.

If everything is fine then you

Execute: make installkernel KERNCONF=MYKERNEL

Okay, your kernel is now installed and will be used next time you reboot!

Tuesday, March 11, 2008

Installing FreeBSD 7.0 - Webmin

Install webmin

Execute cd /usr/ports/sysutils/webmin
Execute make install clean
Execute cd /usr/local/lib/webmin
Execute ./setup.sh

You will have to answer some questions.

Where should logging be placed
What port number should webmin bind to
What username and password
Should SSL be used
Maby some other stuff

Default answers to any of these is good enough. I prefer using SSL.

Execute: ee /etc/rc.conf
Now add a line at the bottom that say: webmin_enable="YES"

Press ESC and chose alternative A to quit and another A to perform saving before quitting.

Reboot your machine

Execute reboot

Now when you startup you have sshd and webmin enabled which in my case means that I can continue my configuration from the comfort of my MacBook.

Updating webmin

With web browser point to https://machine-IP:webminportnr
Enter credentials
Unfold Webmin in the left menu
Click "upgrade webmin" (the upwards pointy icon)
Make sure that the "Latest version from www.webmin.com" option is selected and click "Upgrade webmin"
Take a break
If there are any modules that needs upgrading, you will be informed about that. Personally I always chose to upgrade those too.

Adding a user from webmin

Unfold System in the left menu
Click "Users and groups"
Somewhere around the top there should be a link called "Create a new user." Click it.
Enter whatever username you like
Enter whatever Real Name you like
(if you like) Choose /usr/local/bin/bash in the Shell option
Select "Normal password" and enter a password in the textbox
In the "Group Membership" area click option "Existing group" and enter "wheel" in the textbox.
Let everything else be as set by default
Press the "Create" button down at the bottom.

Now you can start a remote SSH session to your FreeBSD machine from
any other machine on your network.

Installing FreeBSD 7.0 - SSH, sudo

Install sshd for remote login

Execute: sysinstall
Chose configure -> Networking
Select sshd
Exit installation

Install sudo for gaining root access:

Execute: cd /usr/ports/security/sudo
Execute: make install clean
Execute: visudo

This opens up the dreaded VI. If you don't know how to use VI read this: Installing freebsd 7.0 - Using VI. In the editor you look for a line quite far down in the file. It looks like this:

# %wheel ALL=(ALL) SETENV: ALL

And there is another one that looks like this:

# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL

The first one allows any user that belongs to the wheel group to gain root privileges by typing either sudo before any command or execute su to become root.

The second line does the same thing, but requires no password when using the sudo action.

You need to choose whichever option you like the most (I prefer the secure alternative that requires password, even if it is annoying sometimes). Then uncomment that line - that means remove the bracket at the beginning of the line.

You should know enough to get around in VI by now. But I'll take it step by step anyway. Simply stand on the bracket character and press delete when in "the other mode".

Now press the corresponding key for character ":". This gives you a command line at the bottom of the screen. Now write a "w" on the command line and press enter. The file is saved and you can exit with ":" and command "q".

Installing FreeBSD 7.0 - Using VI

Creating new file:

Execute: cd ~/ (walk to your home folder)
Execute: vi testing

You are now in the VI-editor.

First: If you for some reason think that you have destroyed the file that you are editing and just want to quit as fast as possible without saving anything, do this:

Press: ESC
Press: corresponding key for character ":"
Write: q! and press enter

This will exit VI without saving.

Vi works in three modes. Edit mode, strange mode and command mode. The strange mode is what mode VI starts with.

Be careful, you can do harmful stuff in all modes. When you are in strange mode you can do the following:

Press "i" to enter edit mode
Press ":" to enter command mode

When in edit or command mode you can always press ESC to return to strange mode.

Sometimes when you update text in edit mode, your changes doesn't seem to appear. Press left or right arrow key, and the text will be updated if any changes were made.

In strange mode (remember the ESC-key) you can use the Delete key. Which I find impossible to use in edit mode.

Adding new text will easily be performed in edit mode (remember the "i" key)

Now you want to save this file:

Enter "the other mode" with ESC if not already there
Press the corresponding key to get a ":". This will give you command mode.
You will now have a : at the bottom of the screen which will await your command.
Write "w" and press enter. Your file will be saved.
Write "q" and press enter. You will exit VI.

Installing FreeBSD 7.0 - Bash

Install bash (If you prefer sh, then you can skip this. But I prefer bash to csh and sh)

Execute cd /usr/ports/shells/bash
Execute make install clean
Execute chsh

You are now in the VI-editor and you need to perform the task of updating a single line of text. If you're not familiar with VI then you should read this Installing freebsd 7.0 - Using VI

Move to the line where it says something like:
"Shell: /bin/csh"
Change
"/bin/csh"
to
"/usr/local/bin/bash"

Now save and exit.

You have to logout and login again to get bash.

Installing FreeBSD 7.0 - Base

Following is a series of articles related to my experiences with FreeBSD 7.0 and how to install it. I will focus on how to get the stuff working. I will try to keep each installation in separate blog entries.

I have three Mac OS X Leopard Machines in my network so my focus is to get FreeBSD working with those. Therefore I doubt that I will consider writing a entry about samba for example.

This is what I will try to cover over time:

Base installation (this article)

Remote administration

Webmin
SSH

Gateway features

Routing
Firewall
DNS
DHCP

File share

AFP (Apple File Protocol?)
Netatalk (Apple talk)
Howl mDNSRespond

Public services

Appache 2.2
MySQL
FTP
E-mail

Authentication and security

Kerberos (Single sign on)
OpenLDAP

Point your web browser to this place http://www.freebsd.org/where.html and download FreeBSD 7.0 boot only version for your architecture. For i386 based computers ftp://anonymous@ftp5.se.FreeBSD.org:21/pub/FreeBSD/ISO-IMAGES-i386/7.0/7.0-RELEASE-i386-bootonly.iso. This size of this file is 33.6 MB.

Burn the image to a CD and boot. Finally you will end up in the installation application.

Choose Express -> Custom

Choose Options

Do appropriate settings for you. I usually turn off IPv6 and skip PCCARD.
Press Q to get back

Let's initialize the harddrive. Now I have only installed FreeBSD on a single harddrive with nothing else on it. So if you don't want to loose something that you keep on your harddrive - Do not do this!

Choose Partition

Press A for Automatic
Press Q to get back

When asked to install Boot manager I usually choose "Standard", but if you have a secondary OS on your machine then you would probably want to choose "BootMgr". Again, if you do have something else on your hard drive that you are afraid to wipe out - do not follow my instructions!

Choose Label

Press A for Automatic
Press Q to get back

Choose Distributions

Minimal
Kern-Developer, the installation program will suggest installing "ports". This is something that you really need, so agree to that.

Note: First make the Minimal selection, then make the Kern-Developer selection. If you do it in the wrong order the Minimal selection will unselect it selfe for some reason. I Don't know if it will install Minimal or not in this condition.

Choose Media

FTP
Select whatever site is closest to your computer

For the last time. When you choose commit, your hard drive will finally be initialized and you will loose anything that you might have stored on it. If you care about anything on your hard drive - Do not proceed!

Choose Commit

Wait

After commit is finished just exit the installation and the computer will reboot.

Change password

Execute: passwd
Enter your password twice