Configure advanced features with pfSense 2.0 (Packt Pub’s new book)

Packt Publishing, the publishers of Learning FreeNAS, are now in the process of publishing pfSense 2 Cookbook.

This book helps users discover the power of pfSense‘s core functionality. It is written by Matt Williamson and is filled with examples of interfaces, firewall rules, NAT port-forwarding, VPN services, etc.

pfSense 2 Cookbook helps readers determine their deployment scenario, their hardware, throughput, andinterface requirements, and to select the right platform version of pfSense. They will be able to configure essential networking services such as DHCP, DNS, Dynamic DNS, and will be able to provide external Remote Desktop Access to an internal machine.

Through this book readers will learn to create multiple WAN interfaces, virtual IPs, a virtual LAN, gateways, and bridged interfaces. They will be able to configure traffic-shaping and Quality of Service (QoS), firewall redundancy with a CARP firewall failover, and external logging with syslog.

Talking about CARP, I came across a very interesting site explaining how to set up a CARO cluster, step-by-step: http://pfsense.basis06.com/download/tutorials/carp/carp-cluster-new.htm. There’s enough material available and howtos explaining how to set this up, but this little demo, is super clear.

When I have read the book, I’ll let you know more about the contents.

More information can be found here: pfSense 2 Cookbook, and a free chapter, dealing with DHCP and DNS, can be downloaded here: pfSense 2 Cookbook – sample chapter.

Available: FreeNAS 8.0-RC4

iXsystems has announced the availability of FreeNAS 8.0-RC4. Barring major bugs this is likely the last release candidate before 8.0-RELEASE.

Beside mostly bug fixes there is one last bit of new functionality, which is GUI replacement of drives in volumes, and a few small pieces, such as the ability to edit powerd settings in the GUI.

Most notable changes in this RC are:

“Snapshot functionality has been added.  There are features to create periodic snapshot jobs, create one time snapshots, clone snapshots (which can then be exported as shares like any other dataset) and rollback to previous snapshot.

VLAN interfaces are fully supported.  VLANs can be created from the GUI or from the CLI menu on the console.

NFS shares can be set to use the full range of maproot and mapall options.  In addition, tuning is available for the NFS service to boost performance past gigE networking speeds.

Users and groups available to the system from any source (local users, LDAP, AD) are now presented anywhere a user or group is specified, whether it’s volume permissions, samba anonymous user, or NFS maproot.

Several functions in System -> advanced were hooked up, a few were deleted. Powerd now works, toggling between the CLI script and a normal login works, the MOTD updates properly, and the serial console works.

The kernel modules to support several RAID controllers were added, as well as the modules to enable mount_smbfs to work from the CLI.”

I’m looking forward to installing and using FreeNAS 8.0-Release. Hopefully we won’t have to wait too long for that one to come out. iXsystems has done a great job so far.

For more information, please refer to Josh’ release announcement: FreeNAS 8.0 RC-4

Finds of the day: Daemon oggcast and howtobsd.com

Whilst serving and checking out a few links today, I came across the following sites that you may be interested in too:

Daemon & Penguin oggcast.

The latest podcast is about GhostBSD 2.0 which was released last week (Released: GhostBSD 2.0):

In episode number 17, I go over a recent install of GhostBSD 2.0 which now has a home on my laptop. It happens to be one of the easiest installs so far. You end up with a fully configured FreeBSD running Gnome as the desktop. The GhostBSD team are doing a great job, so give it a try and you will be up and running in no time (Listen)

II howtobsd.comSimple way to understanding FreeBSD

This site has been around since October 2009 but I only stumbled upon it today. As the name suggests, you can find there many useful commands and howtos, e.g:

  • Create a SVN repository
  • Monitoring FreeBSD servers with Munin
  • Installing Ruby on Rails on FreeBSD
  • freebsd geom mirror howto
  • How to move FreeBSD system from one hdd to another
  • Backup freebsd howto with fsbackup

Available: m0n0wall 1.33

After eleven months of development, version 1.33 of the FreeBSD-based m0n0wall embedded firewall distribution has been released.

Manuel Kasper mentions that m0n0wall 1.33 includes several improvements over previous versions and will probably be the last version based on FreeBSD 6.4.

Some of the changes are:

  • a new image type “generic-pc-serial” has been added; the only difference to generic-pc is that it always uses the serial console
  • added Realtek customized network chip driver to support additional chipsets
  • updated ipfilter to 4.1.33
  • inbound NAT rules can now be added on the LAN interface with the WAN address as a target; this helps with accessing servers on an optional interface from the LAN interface by using m0n0wall’s WAN IP address

Links

Released: GhostBSD 2.0

Last week GhostBSD 2.0 was released

GhostBSD is a free operating system based on FreeBSD that can either be installed or run as Live-CD. Its default graphical environment is GNOME and GhostBSD 2.0 is based on FreeBSD 8.2.

The installer is not a point-and-click GUI but a python script. However, for most people who have used BSD or Linux, the questions are self explanatory.

Some of the changes, additions and features are:

  • support auto mount of USB Devices!
  • new logo
  • bug fixes
  • new live file system
  • improvements to GDM
  • based upon FreeBSD 8.2
  • package installation and management can be done with the new package manager, Bxpkg

Included software packages are:

  • Gnome 2.32
  • Rhythmbox 0.12.8_3
  • Pidgin 2.7.7
  • Firefox 3.6
  • Thunderbird 3.0.11

Prashanth has written a review on Das U-Blog: Review: GhostBSD 2.0

I tried to install GhostBSD 2.0 in VirtualBox but some issue would not allow the installer finish installation.

The GhostBSD Team has also released a new website. Unfortunately, it’s still very bare and contains some bugs and spelling errors. Hopefully this will be dealt with soon.

Let’s see how GhostBSD and PC-BSD 9.0 (Gnome) will square up…

PBI 9.0 re-implemented for Free/PC-BSD

A few days ago I mentioned that Kris Moore would be attending AsiaBSDCon 2011. Due to the changed circumstances in Japan Kris won’t be able to make this presentation now.

However, from his slides on the new PBI 9.0 format you can pretty much figure out what he was going to present. These slides are available in PDF format: The PBI Format re-implemented for Free/PC-BSD.

PBI 9 will be part of the upcoming PC-BSD 9.0 and Kris has written up an article in the lasted BSD Magazine on his progress and what new features we can expect: A quick look at the upcoming PC-BSD 9.

 

Available: FreeNAS 8.0-RC3

Josh Paetzel has announced the third Release Candidate of FreeNAS. A number of bugs have been squashed, problems fixed, and, surprisingly for an RC3, new features added (volume importer in the storage application).

Highlights include

  • a volume importer
  • better AFP support (Apple Filing Protocol)
  • better SMB/CIFS configs based on user input
  • iSCSI support reworked and improved
  • support for 6gbps 3Ware controllers addes
  • HTTPS access for the GUI

More information and details can be found in the release notes.

Links

 

PC-BSD 9-CURRENT testing snapshot

If you have some free time this week and wanting to check out some of the new features of the upcoming PC-BSD 9.0, you can download and test drive the latest snapshot of PC-BSD 9.0.

One of the most interesting features are support of multiple window managers (gnome, kde, fluxbox etc) and the new PBI format.

If you come across any issues or if you have any suggestions, you may report them to the testing mailing list.

Download the PC-BSD 9-CURRENT testing snapshot

pfSense: Build an UTM, and 2.0-RC1 available

smallnetbuilder.com has an article (Build your own UTM with pfSense) showing what you can do with pfSense as Unified Threat Management appliance, esp. with regards to
Intrusion Detection and Prevention, Anti-Virus, Content Filtering, Anti-Spam and Traffic Control.

The concept of Unified Threat Management is straightforward: on the outer reaches of your network perimeter, you install an appliance that stops all possible threats to your network, an über firewall, as it were. The fact of the matter is that UTM hardware is expected to completely overtake separate network protection hardware.

[…]

pfSense can perform all these functions to some extent. To judge how well pfSense meets these UTM requirements, I’ve given a subjective grade to each set of UTM function groups. Once we’ve defined how these functions thwart threats, and how pfSense meets those challenges, we’ll upgrade Cerberus, and see how it performs as a UTM. more

The article concludes with:

With pfSense, this content is largely free – making pfSense, with all of its patchwork flaws, very compelling. The value proposition of pfSense is significant. It is free, open, and no expensive subscriptions are needed to protect your network. Free something is better than nothing.

Chris Buechler has also announced the availability of pfSense 2.0-RC1 (pfSense 2.0-RC1 now available):

Years and many thousands of hours in the making, pfSense 2.0 Release Candidate 1 is now available!

Check it out, test it, and leave feedback on the pfSense forums

Making a software RAID1 under FreeNAS (video)

These two videos show how to set up a software RAID1 under FreeNAS.

If you’re wondering what RAID1 means, RAID1 uses mirroring to write data to for instance two drives. This means that when you write a file or save a video, the file is written to two disks. If one of the disks fails, you simply replace it and rebuild the mirror, i.e. one disk is an exact copy of they other. The tradeoff with this setup is cost. With RAID1, you purchase double the amount of storage space that your data requires.

Video 1


Video 2