FreeBSD

FreeBSD created by Nate Williams, Jordan Hubbard, and Rod Grimes, is an open-source Unix-like operating system derived from BSD. It is widely used for various applications including servers, networking, and storage solutions. Its permissive license and strong performance make it a popular choice in both commercial and open-source projects.

• Latest Version: 14.1
• Previous Version: 14.0
• Release Cycle: 6 to ~12 months
• Primary Focus: Flexibility

Objectives of this document

Get an overview of FreeBSD, starting with version 13.3:

• Configuring network
• Installing nginx
• Configuring the firewall
• Updating the system
• Upgrading the system to 14.1

Context

• Virtual Machine Setup: MS Hyper-V ...What?! 😅
• Resources: 10GB storage, 1GB RAM
• Network Configuration:
  • NETWORK: 192.168.1.0/24
  • GATEWAY: 192.168.1.1
  • DNS: 8.8.8.8, 8.8.4.4

Installation release (13.3)

ISO: https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.3/FreeBSD-13.3-RELEASE-amd64-bootonly.iso (380 MB)

Installation Note

• Installer: bsdinstall, a Bourne shell script, the source code is available at https://github.com/freebsd/freebsd-src/tree/main/usr.sbin/bsdinstall

• Network Interface: hn0, configured via DHCP, no IPv6

• Hostname: freebsd.local

• Disk Layout: da0, auto (ZFS)

• Root: password set

• SSH: Enabled

Shutdown the box

Type:halt -p

Configuring the network

You can interactively use the magic command:bsdconfig networking

The hostname

Apply the new name (freebsd.lab.local):hostname freebsd.lab.local

Keep it at reboot:sysrc hostname="freebsd.lab.local"

For a Static IP Address (IP: 192.168.1.26)

Set the static IP address:sysrc ifconfig_hn0="inet 192.168.1.26/24"

Set the gateway:sysrc defaultrouter="192.168.1.1"

Resolving DNS, change the file /etc/resolv.conf:nameserver 8.8.8.8
nameserver 8.8.4.4
lookup file bind

Restart the network stack to apply the changes:service netif restart
service routing restart

DHCP Configuration:

Set the interface to use DHCP:sysrc ifconfig_hn0="DHCP"

Don't use old default router option:sysrc defaultrouter="NO"

Restart the network stack to apply the changes:service netif restart
service routing restart


Check the network interface and default route:resolvconf -i
route show default
ping -4 -c 2 yahoo.fr

If the default route is not set correctly, run:dhclient hn0

Don't forget to change your /etc/hosts file.

Finally, check the result with: ifconfig hn0

You can also check your Internet connection with:ping yahoo.fr

Adding a User

You can interactively use the magic commands bsdconfig useradd or adduser

The hard way:

To add a user named admin:pw user add -m -n admin

Allow admin to use su for administration:pw group mod wheel -m admin

Assign a password to admin:passwd admin

Check the results with: id admin

You can now use ssh to administrate the box remotely:ssh admin@IP_ADDRESS

Sudo?

FreeBSD does not include sudo or doas by default.

Before being able to do that, you need get root access using the command su, then update your pkg database and upgrade all installed packages:pkg update && pkg upgrade

Finally install sudo pkg install sudo or if you prefer to use doas pkg install doas.

Alternatively, you can use the built-in su, for example su root -c "ipfstat -io".

Installing nginx

Let's install nginx:pkg install nginx

The configuration file is here: /usr/local/etc/nginx/nginx.conf

No need to tune it. It is enough for our test.

By default the root web directory is /usr/local/www/nginx.

Configuring Daemons

Enable nginx at startup:sysrc nginx_enable=YES

Start nginx: service nginx start

Creating an HTML File

cd /usr/local/www/nginx
mv index.html index.html.backup
echo '<h1>It works!</h1>' > index.html

You can now browse the test page from another computer by navigating to http://<IP_ADDRESS>.

Configuring the Firewall

FreeBSD has three firewalls built into the base system: PF, IPFW, and IPFILTER, also known as IPF

We will use PF: sysrc pf_enable=yes

Logging support for PF is provided by pflog(4): sysrc pflog_enable=yes

Change the file /etc/pf.conf (allow only ping/ssh/www from anywhere):ext_if='hn0'
set skip on lo
block log all
pass in on $ext_if inet proto icmp all icmp-type echoreq
pass in on $ext_if inet proto tcp from any to any port {ssh, www}
pass out

Let's enable PF!service pf start
# You will lost your ssh connection

Updating the System

From a 13.3 release, you can see the patches at https: //www.freebsd.org/releases/13.3R/errata.

You can also check for available updates:freebsd-update updatesready

Fetch the available updates: freebsd-update fetch

Install the fetched updates: freebsd-update install

You can then check your version using: freebsd-version

Update your binary packages: pkg upgrade

Upgrading FreeBSD

To upgrade from version 13.3 to 14.1:freebsd-update fetch
freebsd-update install
freebsd-update -r 14.1-RELEASE upgrade

Follow the steps (merge files if necessary, then run /usr/sbin/freebsd-update install.

Please reboot and run:/usr/sbin/freebsd-update install
pkg bootstrap -f
pkg-static install -f pkg
pkg update
pkg upgrade
reboot

Then, you can check your version using freebsd-version.

Disk usage (sample)

Type: df -hThe results:Filesystem Size Used Avail Capacity Mounted on
zroot/ROOT/default 6.0G 2.9G 3.2G 47% /
devfs 1.0K 0B 1.0K 0% /dev
zroot/tmp 3.2G 96K 3.2G 0% /tmp
zroot/var/log 3.2G 564K 3.2G 0% /var/log
zroot 3.2G 96K 3.2G 0% /zroot
zroot/usr/home 3.2G 128K 3.2G 0% /usr/home
zroot/usr/ports 3.2G 96K 3.2G 0% /usr/ports
zroot/usr/src 3.2G 96K 3.2G 0% /usr/src
zroot/var/audit 3.2G 96K 3.2G 0% /var/audit
zroot/var/crash 3.2G 96K 3.2G 0% /var/crash
zroot/var/mail 3.2G 96K 3.2G 0% /var/mail
zroot/var/tmp 3.2G 104K 3.2G 0% /var/tmp

What else?

The kernel: sysctl kern.bootfile (generally → /boot/kernel/kernel)

Hypervisor: bhyve(8)

Default MTA: DMA (DragonFly Mail Agent)

Pros vs. Cons

Pros

• Community size
• Wide usage
• Jails
• ZFS

Cons

• Learning curve