{"id":128,"date":"2011-10-02T18:28:33","date_gmt":"2011-10-02T18:28:33","guid":{"rendered":"http:\/\/blog.bachi.net\/?p=128"},"modified":"2014-08-20T11:44:20","modified_gmt":"2014-08-20T11:44:20","slug":"freebsd-gateway","status":"publish","type":"post","link":"https:\/\/blog.bachi.net\/?p=128","title":{"rendered":"FreeBSD Gateway"},"content":{"rendered":"

FreeBSD Handbook: Setting Up the Serial Console<\/a><\/p>\n

Boot Config<\/strong><\/p>\n

\r\n###\r\n### rc.conf Boot Config File\r\n### by Andreas Bachmann\r\n###\r\n\r\n### CONSOLE ####################################################################\r\nfont8x14=\"NO\"\r\nfont8x16=\"swiss-8x16\"\r\nfont8x8=\"swiss-8x8\"\r\ninetd_enable=\"NO\"\r\nkeymap=\"swissgerman.cp850\"\r\n\r\n### NETWORK ####################################################################\r\nhostname=\"gateway.lan.bachi.net\"\r\nifconfig_vr0=\"DHCP\"\r\nifconfig_vr1=\"10.0.0.1 255.0.0.0\"\r\n### ifconfig_vr2=\"10.0.0.5 255.0.0.0\"\r\ngateway_enable=\"YES\"\r\n\r\n### FIREWALL ###################################################################\r\npf_enable=\"YES\"\r\npf_rules=\"\/etc\/pf.conf\"\r\npf_flags=\"\"\r\npflog_enable=\"YES\"\r\npflog_logfile=\"\/var\/log\/pf.log\"\r\npflog_flags=\"\"\r\n\r\n### DAEMONS ####################################################################\r\nsendmail_enable=\"NONE\"\r\n\r\ndhcpd_enable=\"YES\"\r\ndhcpd_ifaces=\"vr1\"\r\n\r\nsshd_enable=\"YES\"\r\n\r\nsnmpd_enable=\"YES\"\r\nsnmpd_flags=\"-a\"\r\nsnmpd_pidfile=\"\/var\/run\/snmpd.pid\"\r\n\r\nntpdate_enable=\"YES\"\r\nntpdate_hosts=\"swisstime.ethz.ch\"\r\n<\/pre>\n
NTP<\/strong><\/p>\n
\r\nserver 0.ch.pool.ntp.org\r\nserver 1.ch.pool.ntp.org\r\nserver 2.ch.pool.ntp.org\r\nserver 3.ch.pool.ntp.org\r\n<\/pre>\n
Kernel Config<\/strong><\/p>\n
\r\n###\r\n### BACHI-NET Kernel Configurations File\r\n### by Andreas Bachmann\r\n###\r\n\r\nmachine     i386\r\ncpu         I586_CPU\r\nident       GATEWAY-CF\r\n\r\n###############################################################################\r\n# CPU OPTIONS\r\noptions     CPU_GEODE\r\ndevice      cpufreq                         # CPU frequency control\r\noptions     HZ=1000                         # Smoother scheduling\r\noptions     FLOWTABLE                       # per-cpu routing cache\r\n\r\n###############################################################################\r\n# SCHEDULING\r\noptions     SCHED_ULE                       # new scheduler\r\noptions     PREEMPTION                      # Preemptive Scheduler\r\n\r\n###############################################################################\r\n# POSIX P1003.1B\r\noptions     P1003_1B_SEMAPHORES             # POSIX-style semaphores\r\noptions     _KPOSIX_PRIORITY_SCHEDULING     # POSIX P1003_1B real-time extensions\r\n\r\n###############################################################################\r\n# PARTITIONING\r\noptions     GEOM_PART_GPT                   # GUID Partition Tables.\r\noptions     GEOM_LABEL                      # Provides labelization\r\n\r\n###############################################################################\r\n# TRUSTEDBSD MAC FRAMEWORK\r\noptions     MAC                             # TrustedBSD MAC Framework\r\n\r\n###############################################################################\r\n# FILE SYSTEM\r\noptions     FFS                             # Berkeley Fast Filesystem\r\noptions     PROCFS                          # Process filesystem (requires PSEUDOFS)\r\noptions     PSEUDOFS                        # Pseudo-filesystem framework\r\noptions     SOFTUPDATES                     # Enable FFS soft updates support\r\noptions     UFS_ACL                         # Support for access control lists\r\noptions     UFS_DIRHASH                     # Improve performance on big directories\r\noptions     UFS_GJOURNAL                    # Enable gjournal-based UFS journaling\r\noptions     MD_ROOT                         # MD is a potential root device\r\n\r\n###############################################################################\r\n# CRYPTO SUBSYSTEM\r\ndevice      crypto                          # core crypto support\r\ndevice      cryptodev                       # \/dev\/crypto for access to h\/w\r\n\r\n###############################################################################\r\n# SECURITY POLICY PARAMETERS\r\noptions     AUDIT                           # Security event auditing\r\n\r\n###############################################################################\r\n# COMPATIBILITY OPTIONS\r\noptions     COMPAT_43                       # Compatible with BSD 4.3 [KEEP THIS!]\r\noptions     COMPAT_FREEBSD4                 # Compatible with FreeBSD4\r\noptions     COMPAT_FREEBSD5                 # Compatible with FreeBSD5\r\noptions     COMPAT_FREEBSD6                 # Compatible with FreeBSD6\r\noptions     COMPAT_FREEBSD7                 # Compatible with FreeBSD7\r\n\r\noptions     SYSVSHM                         # SYSV-style shared memory\r\noptions     SYSVMSG                         # SYSV-style message queues\r\noptions     SYSVSEM                         # SYSV-style semaphores\r\n\r\n###############################################################################\r\n# BUS TYPES\r\ndevice      eisa                            # Extended Industry Standard Architecture (EISA) Bus\r\ndevice      pci                             # Peripheral Computer Interface (PCI) Bus\r\ndevice      uart                            # Universal Asynchronous Receiver\/Transmitter (UART) Bus\r\ndevice      miibus                          # Media Independent Interface (MII) Bus\r\n\r\n###############################################################################\r\n# SYSTEM MANAGEMENT INTERFACE DEVICES\r\ndevice      pmtimer\r\n\r\n###############################################################################\r\n# DISK DEVICES\r\ndevice      md                              # Memory \"disks\"\r\n\r\n###############################################################################\r\n# ATA DEVICES\r\ndevice      ata                             #\r\ndevice      atadisk                         # ATA disk drives\r\ndevice      atapicam                        # emulate ATAPI devices as SCSI ditto via CAM\r\n\r\n###############################################################################\r\n# SCSI OPTIONS AND DEVICES\r\ndevice      scbus                           # Base SCSI Code\r\ndevice      ch                              # SCSI media changers\r\ndevice      da                              # SCSI direct access devices (aka disks)\r\ndevice      sa                              # SCSI tapes\r\ndevice      cd                              # SCSI CD-ROMs\r\ndevice      pass                            # CAM passthrough driver\r\n\r\noptions     SCSI_DELAY=300                  # Delay (in ms) before probing SCSI\r\n\r\n###############################################################################\r\n# NETWORKING OPTIONS AND DEVICES\r\noptions     INET                            # InterNETworking\r\n\r\noptions     NETGRAPH                        # netgraph(4) system\r\n\r\noptions     ALTQ                            # Alternate queuing\r\noptions     ALTQ_CBQ                        # Class Bases Queueing\r\noptions     ALTQ_RED                        # Random Early Detection\r\noptions     ALTQ_RIO                        # RED In\/Out\r\noptions     ALTQ_HFSC                       # Hierarchical Packet Scheduler\r\noptions     ALTQ_CDNR                       # Traffic conditioner\r\noptions     ALTQ_PRIQ                       # Priority Queueing\r\noptions     ALTQ_NOPCC                      # Required for SMP build\r\n\r\ndevice      loop                            # Network loopback\r\ndevice      ether                           # Ethernet support\r\ndevice      bpf                             # Berkeley packet filter\r\ndevice      bridge                          # Network bridge device\r\n\r\ndevice      pf                              # PF OpenBSD packet-filter firewall\r\ndevice      pflog                           # logging support interface for PF\r\n\r\ndevice      vr                              # VIA Rhine, Rhine II\r\n\r\n###############################################################################\r\n# PERIPHERAL DEVICES\r\ndevice      atkbdc                          # AT keyboard controller\r\ndevice      atkbd\r\ndevice      kbdmux                          # keyboard multiplexer\r\ndevice      psm\r\n\r\noptions     KBD_INSTALL_CDEV                # Install a CDEV entry in \/dev\r\n\r\n###############################################################################\r\n# GRAPHIC DEVICES AND OPTIONS\r\ndevice      vga                             # VGA video card driver\r\ndevice      agp                             # support several AGP chipsets\r\ndevice      splash                          # Splash screen and screen saver support\r\n\r\n###############################################################################\r\n# SYSTEM CONSOLE DEVICES AND OPTIONS\r\ndevice      sc                              # syscons console driver\r\n\r\n###############################################################################\r\n# MISCELLANEOUS DEVICES AND OPTIONS\r\ndevice      random                          # Entropy device\r\ndevice      pty                             # Pseudo-ttys (telnet etc)\r\ndevice      snp                             # Snoop device\r\ndevice      firmware                        # firmware assist module\r\n\r\n###############################################################################\r\n# UBS DEVICES AND OPTIONS\r\n\r\ndevice      uhci                            # UHCI controller\r\ndevice      ohci                            # OHCI controller\r\ndevice      ehci                            # EHCI controller\r\ndevice      usb                             # General USB code (mandatory for USB)\r\n\r\ndevice      udbp                            # USB Double Bulk Pipe devices\r\ndevice      uhid                            # Human Interface Device\r\ndevice      ukbd                            # USB keyboard\r\ndevice      ums                             # USB mouse\r\ndevice      ulpt                            # USB printer\r\n<\/pre>\n
Bootloader Config<\/strong><\/p>\n
\r\nconsole=\"comconsole\"\r\n<\/pre>\n
TTY Config<\/strong><\/p>\n
\r\n[...]\r\nconsole none                            unknown off secure\r\n#\r\nttyv0   \"\/usr\/libexec\/getty Pc\"         cons25  off secure\r\n# Virtual terminals\r\nttyv1   \"\/usr\/libexec\/getty Pc\"         cons25  off secure\r\nttyv2   \"\/usr\/libexec\/getty Pc\"         cons25  off  secure\r\nttyv3   \"\/usr\/libexec\/getty Pc\"         cons25  off secure\r\nttyv4   \"\/usr\/libexec\/getty Pc\"         cons25  off secure\r\nttyv5   \"\/usr\/libexec\/getty Pc\"         cons25  off secure\r\nttyv6   \"\/usr\/libexec\/getty Pc\"         cons25  off secure\r\nttyv7   \"\/usr\/libexec\/getty Pc\"         cons25  off secure\r\nttyv8   \"\/usr\/local\/bin\/xdm -nodaemon\"  xterm   off secure\r\n# Serial terminals\r\n# The 'dialup' keyword identifies dialin lines to login, fingerd etc.\r\nttyu0   \"\/usr\/libexec\/getty std.9600\"   vt100   on  secure\r\nttyu1   \"\/usr\/libexec\/getty std.9600\"   dialup  off secure\r\nttyu2   \"\/usr\/libexec\/getty std.9600\"   dialup  off secure\r\nttyu3   \"\/usr\/libexec\/getty std.9600\"   dialup  off secure\r\n# Dumb console\r\ndcons   \"\/usr\/libexec\/getty std.9600\"   vt100   off secure\r\n# Pseudo terminals\r\nttyp0   none                    network\r\n[...]\r\n<\/pre>\n
fstab Config<\/strong><\/p>\n
\r\n# Device                Mountpoint      FStype  Options         Dump    Pass#\r\n\/dev\/ad0s1b             none            swap    sw              0       0\r\n\/dev\/ad0s1a             \/               ufs     rw              1       1\r\n\/dev\/ad0s1d             \/tmp            ufs     rw              2       2\r\n\/dev\/ad0s1f             \/usr            ufs     rw              2       2\r\n\/dev\/ad0s1e             \/var            ufs     rw              2       2\r\n<\/pre>\n
Disk Slices<\/strong><\/p>\n
\r\n[root@gateway \/home\/bachi]# df\r\nFilesystem  1K-blocks   Used   Avail Capacity  Mounted on\r\n\/dev\/ad0s1a    253678  27696  205688    12%    \/\r\ndevfs               1      1       0   100%    \/dev\r\n\/dev\/ad0s1d    253678     12  233372     0%    \/tmp\r\n\/dev\/ad0s1f   2358280 997176 1172442    46%    \/usr\r\n\/dev\/ad0s1e    507630   9778  457242     2%    \/var\r\n\r\n[root@gateway \/home\/bachi]# fdisk\r\n[...]\r\nparameters extracted from in-core disklabel are:\r\ncylinders=7964 heads=16 sectors\/track=63 (1008 blks\/cyl)\r\nMedia sector size is 512\r\nInformation from DOS bootblock is:\r\nThe data for partition 1 is:\r\nsysid 165 (0xa5),(FreeBSD\/NetBSD\/386BSD)\r\n    start 63, size 8016372 (3914 Meg), flag 80 (active)\r\n        beg: cyl 0\/ head 1\/ sector 1;\r\n        end: cyl 498\/ head 254\/ sector 63\r\n[...]\r\n<\/pre>\n
PF Config<\/strong><\/p>\n
\r\nif_inet="vr0"                 # Internet\r\nif_lan="vr1"                  # Intranet\r\ntorrent_client="10.0.0.251"\r\nnet_lan="10.0.0.0\/8"\r\n\r\nusers = "{\r\n    10.0.0.251,\r\n    10.0.0.11,\r\n    10.0.0.249,\r\n    10.0.0.250,\r\n    10.0.0.17\r\n}"\r\n\r\nnat on $if_inet from $net_lan to any -> ($if_inet)\r\n\r\n#rdr on $if_inet proto tcp from any to $if_inet port { 6881, 6882, 8713 } -> $torrent_client\r\n#rdr on $if_inet proto tcp from any to $if_inet port { 4000, 4001, 4002, 4080, 4662, 4666, 9335, 53357, 14890 } -> $torrent_client\r\n#rdr on $if_inet proto tcp from any to $if_inet port { 80, 8080, 443 } -> $torrent_client\r\n#rdr on $if_inet proto tcp from any to $if_inet port { 6000 }  -> $torrent_client\r\n\r\nblock all\r\n\r\npass in on $if_inet all\r\npass in on $if_lan from $users to any\r\npass out all\r\n<\/pre>\n
DHCPD Config<\/strong><\/p>\n
\r\n###\r\n### GATEWAY DHCP Server Configuration\r\n### by Andreas Bachmann\r\n###\r\n\r\nauthoritative;\r\nddns-update-style ad-hoc;\r\n\r\ndefault-lease-time                  600;\r\nmax-lease-time                      7200;\r\n\r\nsubnet 10.0.0.0 netmask 255.0.0.0 {\r\n    option  subnet-mask             255.0.0.0;\r\n    option  broadcast-address       10.255.255.255;\r\n    option  domain-name-servers     195.134.157.20;\r\n    option  routers                 10.0.0.1;\r\n\r\n   range 10.0.0.10 10.0.0.254;\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
FreeBSD Handbook: Setting Up the Serial Console Boot Config ### ### rc.conf Boot Config File ### by Andreas Bachmann ### ### CONSOLE #################################################################### font8x14=”NO” font8x16=”swiss-8×16″ font8x8=”swiss-8×8″ inetd_enable=”NO” keymap=”swissgerman.cp850″ ### NETWORK #################################################################### hostname=”gateway.lan.bachi.net” ifconfig_vr0=”DHCP” ifconfig_vr1=”10.0.0.1 255.0.0.0″ ### ifconfig_vr2=”10.0.0.5 255.0.0.0″ gateway_enable=”YES” ### FIREWALL ################################################################### pf_enable=”YES” pf_rules=”\/etc\/pf.conf” pf_flags=”” pflog_enable=”YES” pflog_logfile=”\/var\/log\/pf.log” pflog_flags=”” ### DAEMONS #################################################################### sendmail_enable=”NONE” dhcpd_enable=”YES” dhcpd_ifaces=”vr1″ sshd_enable=”YES” […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,4],"tags":[],"class_list":["post-128","post","type-post","status-publish","format-standard","hentry","category-embedded","category-freebsd"],"_links":{"self":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=128"}],"version-history":[{"count":9,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/128\/revisions"}],"predecessor-version":[{"id":2774,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/128\/revisions\/2774"}],"wp:attachment":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}