Installing FreeBSD
-
- Select Region.
- Select Standart Installation.
- Use all drive for FreeBSD.
- Create Disklabel, on my installation use 80GB of harddisk, and here my disk label
- / 512MB
- swap 1GB
- /tmp 1GB
- /usr 4GB
- /var 2GB
- /home 1GB
- /cache (all the rest off harddisk space).
- Select Distribution - 6. Kern-Developer Full binaries and doc, kernel source only.
- When dialog box appears, select no to install ports.
- Exit.
- Select Distribution Media - CD
- Confirmation Installation - YES, wait until finish.
- After that, there is a question and always answer with NO, except for time zone and root password.
- Reboot.
Install FreeBSD from CD-ROM, and follow this step :
After Installation
- Setting Up Networking
- Edit the /etc/rc.conf
defaultrouter="192.168.2.1" #Gateway ISP
gateway_enable="YES" #opsi mesin sebagai gateway client
hostname="NoFee" #Nama Mesin
sshd_enable="YES"
ifconfig_rl0="inet 192.168.2.103 netmask 255.255.255.0"
- Edit the /etc/resolv.conf, enter with your DNS server
- Edit the /etc/ssh/sshd_config
Port 22 # You can change this.
LoginGraceTime 10m
PermitRootLogin yes
MaxAuthTries 2
PrintMotd yes
UseDNS no
- Update to Stable with CVS
- First you need to install packages
pkg_add -r cvsup-without-gui
- Create file : /root/cvs-suplife. Insert with this :
*default host=cvsup.freebsd.or.id #change this address with your local freebsd mirror.
*default base=/usr
*default prefix=/usr
*default release=cvs
*default delete use-rel-suffix
*default tag=RELENG_6
*default compress
src-all
ports-all tag=.
- Then run :
/usr/local/bin/cvsup -g -L2 cvs-supfile.
- The system will download all source and port with the lastest. In here is depend with your connection.
- Build kernel for patching pf with altq.
- Follow this instruction
cd /usr/src/sys/i386/conf
cp GENERIC /etc/NoFee
ln -s /etc/NoFee
- Edit /etc/NoFee.
machine i386
cpu I586_CPU
cpu I686_CPU
ident NoFee
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options SCHED_4BSD # 4BSD scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.
#options SMP # this option for multi proccessor.
options ALTQ
options ALTQ_CBQ # Class Bases Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build
options SHMMAX=33554432
options SHMSEG=256
options SHMMNI=512
options SEMMNS=2048
options SEMMNU=256
options SEMMAP=256
options SHMALL=16384 # max amount of shared memory (pages)
options MSGMNB=16384 # max # of bytes in a queue
options MSGMNI=96 # number of message queue identifiers
options MSGSEG=4096 # number of message segments
options MSGSSZ=128 # size of a message segment
options MSGTQL=4096 # max messages in system
device apic # I/O APIC
# Bus support.
device eisa
device pci
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# SCSI Controllers
device ahb # EISA AHA1742 family
device ahc # AHA2940 and onboard AIC7xxx devices
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
device ahd # AHA39320/29320 and onboard AIC79xx devices
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
device amd # AMD 53C974 (Tekram DC-390(T))
device isp # Qlogic family
device mpt # LSI-Logic MPT-Fusion
device sym # NCR/Symbios Logic (newer chipsets + those of `ncr')
device adv # Advansys SCSI adapters
device adw # Advansys wide SCSI adapters
device aha # Adaptec 154x SCSI adapters
device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
device bt # Buslogic/Mylex MultiMaster SCSI adapters
device ncv # NCR 53C500
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
# RAID controllers interfaced to the SCSI subsystem
device amr # AMI MegaRAID
device arcmsr # Areca SATA II RAID
device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
device ciss # Compaq Smart RAID 5*
device dpt # DPT Smartcache III, IV - See NOTES for options
device hptmv # Highpoint RocketRAID 182x
device rr232x # Highpoint RocketRAID 232x
device iir # Intel Integrated RAID
device ips # IBM (Adaptec) ServeRAID
# RAID controllers
device aac # Adaptec FSA RAID
device aacp # SCSI passthrough for aac (requires CAM)
device ida # Compaq Smart RAID
device mfi # LSI MegaRAID SAS
device mlx # Mylex DAC960 family
device pst # Promise Supertrak SX6000
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
device agp # support several AGP chipsets
device pmtimer
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device rl # RealTek 8129/8139
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device vr # VIA Rhine, Rhine II
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device bpf # Berkeley packet filter
- Patching kernel.
cd /usr/src
make buildworld; make buildkernel KERNCONF=NoFee; make installkernel KERNCONF=NoFee
If using dual proccessor :
make -j4 buildworld; make -j4 buildkernel KERNCONF=NoFee; make installkernel KERNCONF=NoFee{/xtype_code}
- Reboot, then select 4 when the boot menu appear.
fsck -p
mount -u /
mount -a -t ufs
swapon -a
cd /usr/src
mergemaster -p
make installworld
mergemaster
Reboot.
- Add additional Packages.
I use this package for my server.
pkg_add -r bash; pkg_add -r pftop; pkg_add -r trafshow; pkg_add -r ifstat; pkg_add -r wget; pkg_add -r mc; pkg_add -r ntp; pkg_add -r net-snmp; pkg_add -r tcptrack
- Configuration.
- Change to bash. {xtypo_code}chsh -s bash; rehash; bash
- Make user on group wheel can sudo, type visudo, then uncomment for wheel
# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL
# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
- Editing /etc/rc.conf
defaultrouter="192.168.2.1" #ISP Gateway
gateway_enable="YES"
hostname="NoFee" #Machine Name
sshd_enable="YES"
ifconfig_rl0="inet 192.168.2.103 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 10.10.10.100 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0"
named_enable="YES"
update_motd="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
clear_tmp_enable="YES"
syslogd_flags="-ss"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
snmpd_enable="YES"
snmpd_flags="-a"
snmpd_pidfile="/var/run/snmpd.pid"
snmpd_conffile="/usr/local/share/snmp/snmpd.conf"
ntpdate_enable="YES"
ntpdate_hosts="pool.ntp.org"
- Editing /etc/sysctl.conf
net.inet.tcp.recvspace=186880
net.inet.tcp.sendspace=186880
net.inet.udp.recvspace=186880
- Editing /boot/loader.conf
autoboot_delay="1"
kern.maxusers=0
kern.maxfiles=32768
kern.maxproc=16384
kern.ipc.maxsockets=16384
kern.ipc.maxsockbuf=1048576
kern.ipc.somaxconn=16384
kern.ipc.nmbclusters=65536
- Setting up Named.
First you need copy or move the original named.conf.
cp /etc/namedb/named.conf /etc/namedb/named.conf.orig
Edit /etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 192.168.0.1; };
forwarders { 127.0.0.1; 202.152.0.2; };
allow-recursion { 127.0.0.1; 192.168.0.1/24; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
Then create localhost.rev
sh /etc/namedb/make-localhost => fill with 127.0.0.1
- Editing /etc/resolv.conf
nameserver 127.0.0.1
- Setting up SNMP
- Installing squid
- Download from squid-cache.org ; in here i used 2.6, after download, extract the source.
- Under directory source of squid, configure before you make squid.
./configure '--enable-http-violations' '--sysconfdir=/etc/squid' '--enable-removal-policies=lru,heap' \
'--enable-storeio=diskd,ufs,aufs' '--enable-delay-pools' '--disable-cache-digests' '--disable-wccp' \
'--disable-wccpv2' '--enable-underscores' '--enable-pf-transparent' '--enable-ipf-transparent' \
'--disable-follow-x-forwarded-for' '--enable-large-cache-files' '--enable-default-languages=English' \
'--enable-err-languages=English' '--disable-ssl' '--disable-ident-lookups' '--disable-hostname-checks' \
'--disable-htcp' '--enable-icp' '--enable-poll' '--with-large-files' '--with-maxfd=16384'
make && make install clean
- Now you can edit /etc/pf.conf, after that reboot the system and test your machine.
Thanks.
Trackback(0)
 |
TrackBack URI for this entry
Subscribe to this comment's feed
Show/Hide comment form
