tutorial freebsd

8/4/2019 Tutorial Freebsd

1/27

INSTALLING FREEBSD

Whether you booted from CDROM, USB stick or floppy, the boot process will then get to theFreeBSD boot loader menu:

Figure 2-1. FreeBSD Boot Loader Menu

Either wait ten seconds, or press Enter .

After the procedure of device probing, you will see Figure 2-3 . Use the arrow key to choose acountry, region, or group. Then press Enter , it will set your country easily.

Figure 2-3. Selecting Country Menu
http://d/kuliah%20elektro/bakti%20lab/book.html%23CONFIG-COUNTRYhttp://d/kuliah%20elektro/bakti%20lab/book.html%23CONFIG-COUNTRYhttp://d/kuliah%20elektro/bakti%20lab/book.html%23CONFIG-COUNTRYhttp://d/kuliah%20elektro/bakti%20lab/book.html%23CONFIG-COUNTRY


2/27

If you selected United States as country, the standard American keyboard map will be used, if a different country is chosen the following menu will be displayed. Use the arrow keys tochoose the correct keyboard map and press Enter .

Figure 2-4. Selecting Keyboard Menu

After the country selecting, the sysinstall main menu will display.

2.5 Introducing Sysinstall

The sysinstall utility is the installation application provided by the FreeBSD Project. It isconsole based and is divided into a number of menus and screens that you can use toconfigure and control the installation process.

The sysinstall menu system is controlled by the arrow keys, Enter , Tab , Space , and otherkeys. A detailed description of these keys and what they do is contained in sysinstall 's usageinformation.

To review this information, ensure that the Usage entry is highlighted and that the [Select]button is selected, as shown in Figure 2-5 , then press Enter .

The instructions for using the menu system will be displayed. After reviewing them, pressEnter to return to the Main Menu.

Figure 2-5. Selecting Usage from Sysinstall Main Menu
http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-MAIN3http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-MAIN3http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-MAIN3http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-MAIN3


3/27

2.5.2 Selecting the Keymap Menu

To change the keyboard mapping, use the arrow keys to select Keymap from the menu andpress Enter . This is only required if you are using a non-standard or non-US keyboard.

Figure 2-8. Sysinstall Main Menu


4/27

A different keyboard mapping may be chosen by selecting the menu item using up/downarrow keys and pressing Space . Pressing Space again will unselect the item. When finished,choose the [ OK ] using the arrow keys and press Enter .

Only a partial list is shown in this screen representation. Selecting [ Cancel ] by pressing Tab will use the default keymap and return to the Main Install Menu.

Figure 2-9. Sysinstall Keymap Menu


5/27

2.5.3 Installation Options Screen

Select Options and press Enter .

Figure 2-10. Sysinstall Main Menu

Figure 2-11. Sysinstall Options


6/27

The default values are usually fine for most users and do not need to be changed. The releasename will vary according to the version being installed.

The description of the selected item will appear at the bottom of the screen highlighted inblue. Notice that one of the options is Use Defaults to reset all values to startup defaults.

Press F1 to read the help screen about the various options.

Pressing Q will return to the Main Install menu.

2.5.4 Begin a Standard Installation

The Standard installation is the option recommended for those new to UNIX or FreeBSD. Usethe arrow keys to select Standard and then press Enter to start the installation.

Figure 2-12. Begin Standard Installation


7/27

2.6 Allocating Disk Space

Your first task is to allocate disk space for FreeBSD, and label that space so that sysinstall can prepare it. In order to do this you need to know how FreeBSD expects to find informationon the disk.

2.6.1 BIOS Drive Numbering

Before you install and configure FreeBSD on your system, there is an important subject thatyou should be aware of, especially if you have multiple hard drives.

In a PC running a BIOS-dependent operating system such as MS-DOS orMicrosoft Windows, the BIOS is able to abstract the normal disk drive order, and theoperating system goes along with the change. This allows the user to boot from a disk driveother than the so- called primary master. This is especially convenient for some users whohave found that the simplest and cheapest way to keep a system backup is to buy an identicalsecond hard drive, and perform routine copies of the first drive to the second drive usingGhost or XCOPY . Then, if the first drive fails, or is attacked by a virus, or is scribbledupon by an operating system defect, he can easily recover by instructing the BIOS to logicallyswap the drives. It is like switching the cables on the drives, but without having to open thecase.

More expensive systems with SCSI controllers often include BIOS extensions which allowthe SCSI drives to be re-ordered in a similar fashion for up to seven drives.


8/27

A user who is accustomed to taking advantage of these features may become surprised whenthe results with FreeBSD are not as expected. FreeBSD does not use the BIOS, and does notknow the logical BIOS drive mapping. This can lead to very perplexing situations,especially when drives are physically identical in geometry, and have also been made as dataclones of one another.

When using FreeBSD, always restore the BIOS to natural drive numbering before installingFreeBSD, and then leave it that way. If you need to switch drives around, then do so, but do itthe hard way, and open the case and move the jumpers and cables.

2.6.2 Creating Slices Using FDisk

Note: No changes you make at this point will be written to the disk. If you think you havemade a mistake and want to start again you can use the menus to exit sysinstall and try againor press U to use the Undo option. If you get confused and can not see how to exit you canalways turn your computer off.

After choosing to begin a standard installation in sysinstall you will be shown this message:

MessageIn the next menu, you will need to set up a DOS-style ("fdisk")partitioning scheme for your hard disk. If you simply wish to devoteall disk space to FreeBSD (overwriting anything else that might be onthe disk(s) selected) then use the (A)ll command to select the defaultpartitioning scheme followed by a (Q)uit. If you wish to allocate onlyfree space to FreeBSD, move to a partition marked "unused" and use the(C)reate command.

[ OK ]

[ Press enter or space ]

Press Enter as instructed. You will then be shown a list of all the hard drives that the kernelfound when it carried out the device probes. Figure 2-13 shows an example from a systemwith two IDE disks. They have been called ad0 and ad2 .

Figure 2-13. Select Drive for FDisk
http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK-DRIVE1http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK-DRIVE1http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK-DRIVE1http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK-DRIVE1


9/27

You might be wondering why ad1 is not listed here. Why has it been missed?

Consider what would happen if you had two IDE hard disks, one as the master on the firstIDE controller, and one as the master on the second IDE controller. If FreeBSD numberedthese as it found them, as ad0 and ad1 then everything would work.

But if you then added a third disk, as the slave device on the first IDE controller, it would nowbe ad1 , and the previous ad1 would become ad2 . Because device names (such as ad1s1a ) areused to find filesystems, you may suddenly discover that some of your filesystems no longerappear correctly, and you would need to change your FreeBSD configuration.

To work around this, the kernel can be configured to name IDE disks based on where theyare, and not the order in which they were found. With this scheme the master disk on thesecond IDE controller will always be ad2 , even if there are no ad0 or ad1 devices.

This configuration is the default for the FreeBSD kernel, which is why this display shows ad0 and ad2 . The machine on which this screenshot was taken had IDE disks on both masterchannels of the IDE controllers, and no disks on the slave channels.

You should select the disk on which you want to install FreeBSD, and then press [ OK ].FDisk will start, with a display similar to that shown in Figure 2-14 .

The FDisk display is broken into three sections.

The first section, covering the first two lines of the display, shows details about the currentlyselected disk, including its FreeBSD name, the disk geometry, and the total size of the disk.

The second section shows the slices that are currently on the disk, where they start and end,how large they are, the name FreeBSD gives them, and their description and sub-type. This
http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK1http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK1http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK1http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK1


10/27

example shows two small unused slices, which are artifacts of disk layout schemes on the PC.It also shows one large FAT slice, which almost certainly appears as C: in MS-DOS / Windows, and an extended slice, which may contain other drive letters for MS-DOS / Windows.

The third section shows the commands that are available in FDisk .

Figure 2-14. Typical Fdisk Partitions before Editing

What you do now will depend on how you want to slice up your disk.

If you want to use FreeBSD for the entire disk (which will delete all the other data on this disk when you confirm that you want sysinstall to continue later in the installation process) thenyou can press A , which corresponds to the Use Entire Disk option. The existing slices will beremoved, and replaced with a small area flagged as unused (again, an artifact of PC disk layout), and then one large slice for FreeBSD. If you do this, then you should select the newlycreated FreeBSD slice using the arrow keys, and press S to mark the slice as being bootable.The screen will then look very similar to Figure 2-15 . Note the A in the Flags column, whichindicates that this slice is active , and will be booted from.

If you will be deleting an existing slice to make space for FreeBSD then you should select theslice using the arrow keys, and then press D . You can then press C , and be prompted for sizeof slice you want to create. Enter the appropriate figure and press Enter . The default value inthis box represents the largest possible slice you can make, which could be the largestcontiguous block of unallocated space or the size of the entire hard disk.

If you have already made space for FreeBSD (perhaps by using a tool such asPartitionMagic ) then you can press C to create a new slice. Again, you will be prompted forthe size of slice you would like to create.
http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK2http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK2http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK2http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-FDISK2


11/27

Figure 2-15. Fdisk Partition Using Entire Disk

When finished, press Q . Your changes will be saved in sysinstall , but will not yet be writtento disk.

2.6.3 Install a Boot Manager

You now have the option to install a boot manager. In general, you should choose to installthe FreeBSD boot manager if:

You have more than one drive, and have installed FreeBSD onto a drive other than thefirst one.

You have installed FreeBSD alongside another operating system on the same disk, andyou want to choose whether to start FreeBSD or the other operating system when youstart the computer.

If FreeBSD is going to be the only operating system on this machine, installed on the firsthard disk, then the Standard boot manager will suffice. Choose None if you are using a third-party boot manager capable of booting FreeBSD.

Make your choice and press Enter .

Figure 2-16. Sysinstall Boot Manager Menu


12/27

The help screen, reached by pressing F1 , discusses the problems that can be encounteredwhen trying to share the hard disk between operating systems.

Figure 2-18. Sysinstall Disklabel Editor

Disklabel can automatically create partitions for you and assign them default sizes. Thedefault sizes are calculated with the help of an internal partition sizing algorithm based on the


13/27

disk size. Try this now, by Pressing A. You will see a display similar to that shown in Figure2-19 . Depending on the size of the disk you are using, the defaults may or may not beappropriate. This does not matter, as you do not have to accept the defaults.

Note: The default partitioning assigns the /tmp directory its own partition instead of beingpart of the / partition. This helps avoid filling the / partition with temporary files.

Figure 2-19. Sysinstall Disklabel Editor with Auto Defaults

2.7 Choosing What to Install

2.7.1 Select the Distribution Set

Deciding which distribution set to install will depend largely on the intended use of thesystem and the amount of disk space available. The predefined options range from installing

the smallest possible configuration to everything. Those who are new to UNIX and/orFreeBSD should almost certainly select one of these canned options. Customizing adistribution set is typically for the more experienced user.

Press F1 for more information on the distribution set options and what they contain. Whenfinished reviewing the help, pressing Enter will return to the Select Distributions Menu.

If a graphical user interface is desired then the configuration of the X server and selection of adefault desktop must be done after the installation of FreeBSD. More information regardingthe installation and configuration of a X server can be found in Chapter 5 .

If compiling a custom kernel is anticipated, select an option which includes the source code.For more information on why a custom kernel should be built or how to build a customkernel, see Chapter 8 .
http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-LABEL2http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-LABEL2http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-LABEL2http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-LABEL2http://d/kuliah%20elektro/bakti%20lab/book.html%23X11http://d/kuliah%20elektro/bakti%20lab/book.html%23X11http://d/kuliah%20elektro/bakti%20lab/book.html%23X11http://d/kuliah%20elektro/bakti%20lab/book.html%23KERNELCONFIGhttp://d/kuliah%20elektro/bakti%20lab/book.html%23KERNELCONFIGhttp://d/kuliah%20elektro/bakti%20lab/book.html%23KERNELCONFIGhttp://d/kuliah%20elektro/bakti%20lab/book.html%23KERNELCONFIGhttp://d/kuliah%20elektro/bakti%20lab/book.html%23X11http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-LABEL2http://d/kuliah%20elektro/bakti%20lab/book.html%23SYSINSTALL-LABEL2


14/27

Obviously, the most versatile system is one that includes everything. If there is adequate disk space, select All as shown in Figure 2-25 by using the arrow keys and press Enter . If there isa concern about disk space consider using an option that is more suitable for the situation. Donot fret over the perfect choice, as other distributions can be added after installation.

Figure 2-25. Choose Distributions

2.7.2 Installing the Ports Collection

After selecting the desired distribution, an opportunity to install the FreeBSD Ports Collectionis presented. The ports collection is an easy and convenient way to install software. The PortsCollection does not contain the source code necessary to compile the software. Instead, it is acollection of files which automates the downloading, compiling and installation of third-partysoftware packages. Chapter 4 discusses how to use the ports collection.

The installation program does not check to see if you have adequate space. Select this optiononly if you have adequate hard disk space. As of FreeBSD 8.2, the FreeBSD Ports Collectiontakes up about 417 MB of disk space. You can safely assume a larger value for more recentversions of FreeBSD.

User Confirmation RequestedWould you like to install the FreeBSD ports collection?

This will give you ready access to over 20,000 ported software packages,at a cost of around 417 MB of disk space when "clean" and possibly much

more than that if a lot of the distribution tarballs are loaded(unless you have the extra CDs from a FreeBSD CD/DVD distributionavailable and can mount it on /cdrom, in which case this is far lessof a problem).
http://d/kuliah%20elektro/bakti%20lab/book.html%23DISTRIBUTION-SET1http://d/kuliah%20elektro/bakti%20lab/book.html%23DISTRIBUTION-SET1http://d/kuliah%20elektro/bakti%20lab/book.html%23DISTRIBUTION-SET1http://d/kuliah%20elektro/bakti%20lab/book.html%23PORTShttp://d/kuliah%20elektro/bakti%20lab/book.html%23PORTShttp://d/kuliah%20elektro/bakti%20lab/book.html%23PORTShttp://d/kuliah%20elektro/bakti%20lab/book.html%23PORTShttp://d/kuliah%20elektro/bakti%20lab/book.html%23DISTRIBUTION-SET1


15/27

The Ports Collection is a very valuable resource and well worth havingon your /usr partition, so it is advisable to say Yes to this option.

For more information on the Ports Collection & the latest ports,visit:

http://www.FreeBSD.org/ports

[ Yes ] No

Select [ Yes ] with the arrow keys to install the Ports Collection or [ No ] to skip this option.Press Enter to continue. The Choose Distributions menu will redisplay.

Figure 2-26. Confirm Distributions

If satisfied with the options, select Exit with the arrow keys, ensure that [ OK ] is highlighted,and pressing Enter to continue.

2.8 Choosing Your Installation Media

If Installing from a CDROM or DVD, use the arrow keys to highlight Install from a FreeBSDCD/DVD. Ensure that [ OK ] is highlighted, then press Enter to proceed with the installation.

For other methods of installation, select the appropriate option and follow the instructions.

Press F1 to display the Online Help for installation media. Press Enter to return to the mediaselection menu.

Figure 2-27. Choose Installation Media


16/27

2.9 Committing to the Installation

The installation can now proceed if desired. This is also the last chance for aborting theinstallation to prevent changes to the hard drive.

User Confirmation RequestedLast Chance! Are you SURE you want to continue the installation?

If you're running this on a disk with data you wish to save then WESTRONGLY ENCOURAGE YOU TO MAKE PROPER BACKUPS before proceeding!

We can take no responsibility for lost disk contents!

[ Yes ] No

Select [ Yes ] and press Enter to proceed.

The installation time will vary according to the distribution chosen, installation media, and thespeed of the computer. There will be a series of messages displayed indicating the status.

The installation is complete when the following message is displayed:

Message

Congratulations! You now have FreeBSD installed on your system.

We will now move on to the final configuration questions.For any option you do not wish to configure, simply select No.

If you wish to re-enter this utility after the system is up, you may


17/27

do so by typing: /usr/sbin/sysinstall.

[ OK ]

[ Press enter or space ]

Press Enter to proceed with post-installation configurations.

Selecting [ No ] and pressing Enter will abort the installation so no changes will be made toyour system. The following message will appear:

MessageInstallation complete with some errors. You may wish to scrollthrough the debugging messages on VTY1 with the scroll-lock feature.You can also choose "No" at the next prompt and go back into theinstallation menus to retry whichever operations have failed.

[ OK ]

This message is generated because nothing was installed. Pressing Enter will return to theMain Installation Menu to exit the installation.

IP ForwardingFrom the sysinstall we had configured on installation, we have enabled this feature. But forensure the configuration, we can check the configuration files by typing:# ee /etc/rc.confEnsure that the file has the following lines.gateway_enable = YES.

Network Address Translation (NAT)To enable firewall and NAT support at boot time, the following must be in /etc/rc.conf :

gateway_enable="YES"firewall_enable="YES"firewall_type="OPEN"natd_enable="YES"natd_interface=" fxp0 "natd_flags=""

Sets up the machine to act as a gateway. Running sysctlnet.inet.ip.forwarding=1 would have the same effect.

Enables the firewall rules in /etc/rc.firewall at boot.

This specifies a predefined firewall ruleset that allows anything in. See/etc/rc.firewall for additional types.

Indicates which interface to forward packets through (the interface connected to theInternet).

Any additional configuration options passed to natd(8) on boot.
http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8


18/27

Having the previous options defined in /etc/rc.conf would run natd -interface fxp0 atboot. This can also be run manually.

Note: It is also possible to use a configuration file for natd(8) when there are too manyoptions to pass. In this case, the configuration file must be defined by adding the followingline to /etc/rc.conf :

natd_flags="-f /etc/natd.conf"

The /etc/natd.conf file will contain a list of configuration options, one per line. Forexample the next section case would use the following file:

redirect_port tcp 192.168.0.2:6667 6667redirect_port tcp 192.168.0.3:80 80

For more information about the configuration file, consult the natd(8) manual page about the-f option.

Each machine and interface behind the LAN should be assigned IP address numbers in theprivate network space as defined by RFC 1918 and have a default gateway of the natd machine's internal IP address.

For example, client A and B behind the LAN have IP addresses of 192.168.0.2 and192.168.0.3 , while the natd machine's LAN interface has an IP address of 192.168.0.1 .Client A and B's default gateway must be set to that of the natd machine, 192.168.0.1 . Thenatd machine's external, or Internet interface does not require any special modification fornatd(8) to work.

Static Routing

The above example is perfect for configuring a static route on a running system. However,one problem is that the routing information will not persist if you reboot your FreeBSDmachine. The way to handle the addition of a static route is to put it in your /etc/rc.conf file:

# Add Internal Net 2 as a static routestatic_routes="internalnet2"route_internalnet2="-net 192.168.2.0/24 192.168.1.2"

The static_routes configuration variable is a list of strings separated by a space. Eachstring references to a route name. In our above example we only have one string instatic_routes . This string is internalnet2 . We then add a configuration variable calledroute_ internalnet2 where we put all of the configuration parameters we would give to theroute (8) command. For our example above we would have used the command:

# route add -net 192.168.2.0/24 192.168.1.2

so we need "-net 192.168.2.0/24 192.168.1.2" .
http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8ftp://ftp.isi.edu/in-notes/rfc1918.txtftp://ftp.isi.edu/in-notes/rfc1918.txtftp://ftp.isi.edu/in-notes/rfc1918.txthttp://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=route&sektion=8http://www.freebsd.org/cgi/man.cgi?query=route&sektion=8http://www.freebsd.org/cgi/man.cgi?query=route&sektion=8http://www.freebsd.org/cgi/man.cgi?query=route&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8ftp://ftp.isi.edu/in-notes/rfc1918.txthttp://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8


19/27

As said above, we can have more than one string in static_routes . This allows us to createmultiple static routes. The following lines shows an example of adding static routes for the192.168.0.0/24 and 192.168.1.0/24 networks on an imaginary router:

static_routes="net1 net2"route_net1="-net 192.168.0.0/24 192.168.0.1"route_net2="-net 192.168.1.0/24 192.168.1.1"

Configuring the DHCP Server

dhcpd.conf is comprised of declarations regarding subnets and hosts, and is perhaps mosteasily explained using an example :

option domain-name "example.com";option domain-name-servers 192.168.4.100;option subnet-mask 255.255.255.0;

default-lease-time 3600;max-lease-time 86400;ddns-update-style none;

subnet 192.168.4.0 netmask 255.255.255.0 {range 192.168.4.129 192.168.4.254;option routers 192.168.4.1;

}

host mailhost {hardware ethernet 02:03:04:05:06:07;fixed-address mailhost.example.com;

}

This option specifies the domain that will be provided to clients as the default searchdomain. See resolv.conf(5) for more information on what this means.

This option specifies a comma separated list of DNS servers that the client should use.

The netmask that will be provided to clients.

A client may request a specific length of time that a lease will be valid. Otherwise theserver will assign a lease with this expiry value (in seconds).

This is the maximum length of time that the server will lease for. Should a clientrequest a longer lease, a lease will be issued, although it will only be valid for max-lease-time seconds.

This option specifies whether the DHCP server should attempt to update DNS when alease is accepted or released. In the ISC implementation, this option is required .

This denotes which IP addresses should be used in the pool reserved for allocating toclients. IP addresses between, and including, the ones stated are handed out to clients.

Declares the default gateway that will be provided to clients.

The hardware MAC address of a host (so that the DHCP server can recognize a hostwhen it makes a request).
http://www.freebsd.org/cgi/man.cgi?query=resolv.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=resolv.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=resolv.conf&sektion=5http://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://www.freebsd.org/cgi/man.cgi?query=resolv.conf&sektion=5


20/27

Specifies that the host should always be given the same IP address. Note that using ahostname is correct here, since the DHCP server will resolve the hostname itself before returning the lease information.

Once you have finished writing your dhcpd.conf , you should enable the DHCP server in

/etc/rc.conf , i.e. by adding:

dhcpd_enable="YES"dhcpd_ifaces="dc0"

Replace the dc0 interface name with the interface (or interfaces, separated by whitespace) thatyour DHCP server should listen on for DHCP client requests.

Then, you can proceed to start the server by issuing the following command:

# /usr/local/etc/rc.d/isc-dhcpd start

Should you need to make changes to the configuration of your server in the future, it isimportant to note that sending a SIGHUP signal to dhcpd does not result in the configurationbeing reloaded, as it does with most daemons. You will need to send a SIGTERM signal to stopthe process, and then restart it using the command above.

Proxy Server

The installI wanted to install a proxy/cache product to help with the slow dialup connection and toBLOCK some web sites.

So I installed the Squid port (note this is an older version squid23 is the latest port). SeeInstalling a port without installing the ports or Installing all the ports for more informationabout installing a port. But in short, you do this:

cd /usr/ports/www/squid21make install

The cacheYou need to build the Cache directory first. The default is 100MB so if you don't have that

much room, or want more, modify /usr/local/etc/squid/squid.conf appropriatelyThe the '-z' option is used to build the cache

# /usr/local/sbin/squid -z

I got this message back - Permission denied

09:09:29| Creating Swap Directories FATAL: Failed to makeswap directory /usr/local/squid/cache/00: (13) Permission denied SquidCache (Version 2.1.PATCH2):Terminated abnormally. CPU Usage: 0.022seconds Maximum Resident Size: 1000 KB Page faults with physical

i/o: 0

After some search on the mailing list archives I found this solution:
http://www.freebsddiary.org/portwithoutports.phphttp://www.freebsddiary.org/portwithoutports.phphttp://www.freebsddiary.org/allports.phphttp://www.freebsddiary.org/allports.phphttp://www.freebsddiary.org/allports.phphttp://www.freebsd.org/search/search.html#mailinglistshttp://www.freebsd.org/search/search.html#mailinglistshttp://www.freebsd.org/search/search.html#mailinglistshttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://www.freebsd.org/search/search.html#mailinglistshttp://www.freebsddiary.org/allports.phphttp://www.freebsddiary.org/portwithoutports.php


21/27

> a. There is no space left on drive.> b. You have no /usr/local/squid/logs/ directory created before. (squid does> not create it itself. Create one manually)> c. Your /usr/local/squid/logs/cache.log is owned by root. You should> change it like this. "chown nobody.nogroup /usr/local/squid/logs/cache.log">

> Note that all of the files in ../log and ../cache directories must be owned> like that too.

I then checked for the directories and they where there, but the owner was root. so:

# chown nobody.nogroup /usr/local/squid/logs mygateway# chown nobody.nogroup /usr/local/squid/cache

So now I tried to build the cache again:

# /usr/local/sbin/squid -z2000/05/09 09:14:32| Creating Swap Directories

This time it worked!

TestingStart the squid in Debug/Test mode and try your WIN98 client Browser. Be sure add theproxy name and port 3128 to the options/connection section [ed. note: I have remove the datefrom the following extract to ensure the lines fit without scrolling).mygateway# /usr/local/sbin/squid -NCd1

09:30:54| Starting Squid Cache version 2.1.PATCH2 for i386--freebsd3.2...09:30:54| Process ID 1026

09:30:54| With 1064 file descriptors available09:30:54| Performing DNS Tests...09:30:54| Successful DNS name lookup tests...09:30:54| helperOpenServers: Starting 5 'dnsserver' processes09:30:54| Unlinkd pipe opened on FD 1309:30:54| Swap maxSize 102400 KB, estimated 7876 objects09:30:54| Target number of buckets: 15709:30:54| Using 8192 Store buckets, replacement runs every 10 seconds09:30:54| Max Mem size: 8192 KB09:30:54| Max Swap size: 102400 KB09:30:54| Rebuilding storage in Cache Dir #0 (DIRTY)09:30:54| Loaded Icons.09:30:54| Accepting HTTP connections on port 3128, FD 35.

09:30:54| Accepting ICP messages on port 3130, FD 36.09:30:54| Ready to serve requests.09:30:54| storeRebuildFromDirectory: DIR #0 done!09:32:10| Finished rebuilding storage disk.09:32:10| 0 Entries read from previous logfile.09:32:10| 0 Entries scanned from swap files.09:32:10| 0 Invalid entries.09:32:10| 0 With invalid flags.09:32:10| 0 Objects loaded.09:32:10| 0 Objects expired.09:32:10| 0 Objects cancelled.09:32:10| 0 Duplicate URLs purged.09:32:10| 0 Swapfile clashes avoided.

09:32:10| Took 76 seconds ( 0.0 objects/sec).09:32:10| Beginning Validation Procedure09:32:10| storeLateRelease: released 0 objects09:32:11| Completed Validation Procedure


22/27

09:32:11| Validated 0 Entries09:32:11| store_swap_size = 21k09:32:31| parseHttpRequest: Unsupported method 'PROPFIND'09:32:31| clientReadRequest: FD 14 Invalid Request^C

(Type Control C - to exit the squid)

09:33:44| Preparing for shutdown after 8 requests09:33:44| Waiting 0 seconds for active connections to finish09:33:44| FD 35 Closing HTTP connection09:33:45| Shutting down...09:33:45| FD 36 Closing ICP connection09:33:45| Closing unlinkd pipe on FD 1309:33:45| storeDirWriteCleanLogs: Starting...09:33:45| Finished. Wrote 0 entries.09:33:45| Took 0 seconds ( 0.0 entries/sec).

I modifed /usr/local/etc/squid/squid.conf

I added these lines right above the http_access deny all

# Add this to the squid.conf (ACL section)#acl ourhosts src 10.1.0.0/255.255.0.0http_access allow ourhosts#http_access deny all

Then I start squid again and try the browser, it WORKED!

# /usr/local/sbin/squid -NCd1

FreeBSD Firewall Configuration

FreeBSD makes it very easy to set up a rule-based packet filtering firewall. You can protect just one host, or an entire network. You can easily add Network Address Translation too, sothat you can connect up your whole internal network via only one IP address from the outside.

There are three parts to this.

1. First, you have to make a few changes to your kernel. This isn't as hard as it sounds.

Su to root, cd /usr/src/sys/i386/conf, and copy GENERIC to a new file. Let's call itACME. This will be your new kernel config. Here are the changes you need to make:

2. *** GENERIC Sun Apr 27 20:41:46 20033. --- ACME Sun May 9 12:47:24 20044. ***************5. *** 22,29 ****6. cpu I486_CPU7. cpu I586_CPU8. cpu I686_CPU9. ! ident GENERIC10. maxusers 011. 12. #makeoptions DEBUG=-g #Build kernel with gdb(1)

debug symbols13. 14. --- 22,40 ----15. cpu I486_CPU


23/27

16. cpu I586_CPU17. cpu I686_CPU18. ! ident ACME19. maxusers 020. +21. + # Enable ipfw.22. + options IPFIREWALL23. + options IPFIREWALL_VERBOSE24. +25. + # Enable ip6fw too.26. + options IPV6FIREWALL27. + options IPV6FIREWALL_VERBOSE28. +29. + # Enable NAT.30. + options IPDIVERT31. 32. #makeoptions DEBUG=-g #Build kernel with gdb(1)

debug symbols33.

In other words, change the ident and add the firewall options. Adding theIPV6FIREWALL options to the kernel doesn't actually enable IPv6; to do that, youhave to add ipv6_enable="YES" to your /etc/rc.conf. However, if you have IPv6enabled and you are setting up an IPv4 firewall, you must enable the IPv6 firewall aswell. If you were to set up a v4 firewall and not a v6 firewall, all v6 packets would beallowed through, which would be bad.

After setting up the config, build and install the new kernel:

# /usr/sbin/config ACME # cd ../../compile/ ACME # make depend# make# make install

34. Second, edit /etc/rc.conf and add these defines to the end:35. # Enable ipfw.36. firewall_enable="YES"37. firewall_type=" type " # see rc.firewall for what goes

here38. firewall_quiet="NO"39. 40. # Enable ip6fw.41. ipv6_firewall_enable="YES"

42.

ipv6_firewall_type=" type " # see rc.firewall6 for what goeshere43. ipv6_firewall_quiet="NO"

The firewall types should be "client" to secure a single stand-alone machine, or"simple" for a gateway guarding an internal network.

If you want to do Network Address Translation, add these defines too:

# Enable natd.natd_enable="YES"natd_interface=" fxp0 " # your public network

interfacenatd_flags="-m" # preserve port numbersif possible


24/27

44. Third, you have to make a few edits in rc.firewall and rc.firewall6. The commentsthere explain what is needed, it's real easy. Look for the section with rules for yourfirewall type, either "client" or "simple". At the beginning of the section there will be afew defines for your IP numbers, network interfaces, etc.; fill these in.

That's it, for a starter setup anyway. Reboot and you should be up and running.

Configuring the cron Utility

One of the most useful utilities in FreeBSD is cron(8) . The cron utility runs in thebackground and constantly checks the /etc/crontab file. The cron utility also checks the/var/cron/tabs directory, in search of new crontab files. These crontab files storeinformation about specific functions which cron is supposed to perform at certain times.

The cron utility uses two different types of configuration files, the system crontab and usercrontabs. The only difference between these two formats is the sixth field. In the system

crontab, the sixth field is the name of a user for the command to run as. This gives the systemcrontab the ability to run commands as any user. In a user crontab, the sixth field is thecommand to run, and all commands run as the user who created the crontab; this is animportant security feature.

Note: User crontabs allow individual users to schedule tasks without the need for root privileges. Commands in a user's crontab run with the permissions of the user who owns thecrontab.

The root user can have a user crontab just like any other user. This one is different from/etc/crontab (the system crontab). Because of the system crontab, there is usually no needto create a user crontab for root .

Let us take a look at the /etc/crontab file (the system crontab):

# /etc/crontab - root's crontab for FreeBSD## $FreeBSD: src/etc/crontab,v 1.32 2002/11/22 16:13:39 tom Exp $##SHELL=/bin/shPATH=/etc:/bin:/sbin:/usr/bin:/usr/sbinHOME=/var/log###minute hour mday month wday who command##*/5 * * * * root /usr/libexec/atrun

Like most FreeBSD configuration files, the # character represents a comment. Acomment can be placed in the file as a reminder of what and why a desired action isperformed. Comments cannot be on the same line as a command or else they will beinterpreted as part of the command; they must be on a new line. Blank lines are

ignored.
http://www.freebsd.org/cgi/man.cgi?query=cron&sektion=8http://www.freebsd.org/cgi/man.cgi?query=cron&sektion=8http://www.freebsd.org/cgi/man.cgi?query=cron&sektion=8http://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://www.freebsd.org/cgi/man.cgi?query=cron&sektion=8


25/27

First, the environment must be defined. The equals ( =) character is used to define anyenvironment settings, as with this example where it is used for the SHELL, PATH , andHOMEoptions. If the shell line is omitted, cron will use the default, which is sh . If thePATH variable is omitted, no default will be used and file locations will need to beabsolute. If HOMEis omitted, cron will use the invoking users home directory.

This line defines a total of seven fields. Listed here are the values minute , hour , mday ,month , wday , who , and command . These are almost all self explanatory. minute is thetime in minutes the command will be run. hour is similar to the minute option, just inhours. mday stands for day of the month. month is similar to hour and minute , as itdesignates the month. The wday option stands for day of the week. All these fieldsmust be numeric values, and follow the twenty-four hour clock. The who field isspecial, and only exists in the /etc/crontab file. This field specifies which user thecommand should be run as. When a user installs his or her crontab file, they will nothave this option. Finally, the command option is listed. This is the last field, sonaturally it should designate the command to be executed.

This last line will define the values discussed above. Notice here we have a */5 listing, followed by several more * characters. These * characters mean first -last,and can be interpreted as every time. So, judging by this line, it is apparent that theatrun command is to be invoked by root every five minutes regardless of what dayor month it is. For more information on the atrun command, see the atrun(8) manualpage.

Commands can have any number of flags passed to them; however, commands whichextend to multiple lines need to be broken with the backslash \ continuationcharacter.

This is the basic setup for every crontab file, although there is one thing different about thisone. Field number six, where we specified the username, only exists in the system/etc/crontab file. This field should be omitted for individual user crontab files.

Network Time Protocol

NTP is configured by the /etc/ntp.conf file in the format described in ntp.conf(5) . Here is asimple example:

server ntplocal.example.com preferserver timeserver.example.orgserver ntp2a.example.net

driftfile /var/db/ntp.drift

The server option specifies which servers are to be used, with one server listed on each line.If a server is specified with the prefer argument, as with ntplocal.example.com , thatserver is preferred over other servers. A response from a preferred server will be discarded if it differs significantly from other servers' responses, otherwise it will be used without anyconsideration to other responses. The prefer argument is normally used for NTP servers thatare known to be highly accurate, such as those with special time monitoring hardware.

The driftfile option specifies which file is used to store the system clock's frequencyoffset. The ntpd(8) program uses this to automatically compensate for the clock's natural drift,
http://www.freebsd.org/cgi/man.cgi?query=atrun&sektion=8http://www.freebsd.org/cgi/man.cgi?query=atrun&sektion=8http://www.freebsd.org/cgi/man.cgi?query=atrun&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://d/kuliah%20elektro/bakti%20lab/book.htmlhttp://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=atrun&sektion=8


26/27

allowing it to maintain a reasonably correct setting even if it is cut off from all external timesources for a period of time.

The driftfile option specifies which file is used to store information about previousresponses from the NTP servers you are using. This file contains internal information forNTP. It should not be modified by any other process.

29.10.3.3 Controlling Access to Your Server

By default, your NTP server will be accessible to all hosts on the Internet. The restrict option in /etc/ntp.conf allows you to control which machines can access your server.

If you want to deny all machines from accessing your NTP server, add the following line to/etc/ntp.conf :

restrict default ignore

Note: This will also prevent access from your server to any servers listed in your localconfiguration. If you need to synchronise your NTP server with an external NTP server youshould allow the specific server. See the ntp.conf(5) manual for more information.

If you only want to allow machines within your own network to synchronize their clocks withyour server, but ensure they are not allowed to configure the server or used as peers tosynchronize against, add

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

instead, where 192.168.1.0 is an IP address on your network and 255.255.255.0 is yournetwork's netmask.

/etc/ntp.conf can contain multiple restrict options. For more details, see the AccessControl Support subsection of ntp.conf(5) .

29.10.4 Running the NTP Server

To ensure the NTP server is started at boot time, add the line ntpd_enable="YES" to/etc/rc.conf . If you wish to pass additional flags to ntpd(8) , edit the ntpd_flags parameterin /etc/rc.conf .

To start the server without rebooting your machine, run ntpd being sure to specify anyadditional parameters from ntpd_flags in /etc/rc.conf . For example:

# ntpd -p /var/run/ntpd.pid

SSH
http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntpd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5http://www.freebsd.org/cgi/man.cgi?query=ntp.conf&sektion=5


27/27

The sshd is an option presented during a Standard install of FreeBSD. To see if sshd isenabled, check the rc.conf file for:

sshd_enable="YES"

This will load sshd (8) , the daemon program for OpenSSH , the next time your system

initializes. Alternatively, it is possible to use /etc/rc.d/sshd rc(8) script to start OpenSSH :

/etc/rc.d/sshd start

File Transfer Protocol (FTP

Configuration

Alternatively, ftpd can also be started as a stand-alone server. In this case, it is sufficient to

set the appropriate variable in /etc/rc.conf :ftpd_enable="YES"

After setting the above variable, the stand-alone server will be started at the next reboot, or itcan be started manually by executing the following command as root :

# /etc/rc.d/ftpd start

You can now log on to your FTP server by typing:

% ftp localhost
http://www.freebsd.org/cgi/man.cgi?query=sshd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=sshd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=sshd&sektion=8http://www.freebsd.org/cgi/man.cgi?query=rc&sektion=8http://www.freebsd.org/cgi/man.cgi?query=rc&sektion=8http://www.freebsd.org/cgi/man.cgi?query=rc&sektion=8http://www.freebsd.org/cgi/man.cgi?query=rc&sektion=8http://www.freebsd.org/cgi/man.cgi?query=sshd&sektion=8

tutorial freebsd

Documents