Traffic Shaping with pfSense and HFSC (video)

This screencast demonstrates the use of a pfSense device for traffic shaping on a typical home network, with the goals of minimizing latency and maximizing throughput. In particular, we use a three-tier queue configuration where a parent speedboost queue on each interface contains leaf queues that catch all the traffic. The speedboost queues use HFSC’s non-linear service curve to match the behavior of the comcast speedboost. The leaf queues are configured to partition the available bandwidth, and automatically allow ‘borrowing’ when there is no contention.

Section links:

  • Installation / Setup: 3min:01sec
  • Monitoring: 6min:30sec
  • Traffic Shaping: 15min:34sec

Some handy FreeBSD howto’s

Below we have some useful howto’s and tutorials collected over the last few weeks



New PC-BSD development snapshot – 2012/06/22

Yet it seems there is no official announcment for this snapshot, but you can find on PC-BSD mirrors page a new release !

It’s the release of the 2012-06-22, there is no changelog/readme so I can’t tell what’s new exactly in, but I’m sure there is a lot of bug fixes !

You can get the iso/usb images by choosing a mirror on this page :

There is a lot of work done from the PC-BSD 9.0 release ! The installer is now easier and cleaner, the AppCafé has been modifed too, and each new snapshot include the latest userland and kernel.

New FreeBSD Foundation funded project: Capsicum improvements

The FreeBSD Foundation has announced that Pawel Jakub Dawidek has been awarded a grant to develop a comprehensive userspace framework for writing Capsicum-based applications, building on the kernel features originally developed by the University of Cambridge and Google Research. Pawel was rewarded grants previously for the HAST and auditdistd projects.

This framework will include a Capsicum runtime linker and component library providing sandboxed versions of key higher-level system libraries. Components will both be sandboxed, improving resistance to vulnerabilities, and also easily available for delegation to sandboxed applications, such as the Chromium web browser. The prototype libcapsicum developed by Cambridge will be analyzed and updated based on lessons learned in implementing Capsicumised software packages, such as hastd and auditdistd. Funding for this project will be provided by the FreeBSD Foundation matched 100% by the Google Open Source Program Office, in support of open source technology transition of Capsicum.

“A continuing challenge in security is to find solutions that not only fix the problems but also can be applied to existing technologies: attractive though the notion is, we are not going to persuade the world to rewrite everything! This is why we at Google are pleased and excited to support the continuing development of Capsicum, which radically improves the security of UNIX based systems whilst allowing a continuous migration path from today’s mechanisms to tomorrow’s,”

said Ben Laurie, Google Senior Staff Software Engineer.

“I’m very excited to be able to work on Capsicum. Some of my software is already using Capsicum, so I’m fully aware of the great potential of this framework. This technology is so much superior than the current attempts to provide sandboxing using tools like chroot(2) or unprivileged user credentials. No matter how corny it sounds, I strongly believe Capsicum can make the Internet a safer place.”

said Pawel.

This project will conclude in August, 2012

MaheshaBSD Server Edition – document sharing server

Juraj from the MaheshaBSD Project has announced the MaheshaBSD Server Edition.

The objective of MaheshaBSD Server is to provide users and small businesses/institutions a way to operate the simplest and least demanding FTP/WWW server for the purpose of sharing documents (information). MaheshaBSD Server can be used both for an in-house document sharing or over the internet.

MaheshaBSD Server Edition comes as a USB image and its purpose is to show Windows users the flexibility of running FreeBSD off a USB flash drive.

It immediately supports quotas; and also a possibility to redirect a NTFS drive via mount_nullfs to MaheshaBSD Server, so that users can just simply copy any file to my easy to use FTP/WWW server, as you can see on the picture attached in this email (not many BSD LiveCD’s support writing to NTFS drives unfortunately).

Some of the features included (taken from the Documentation):

  • Portability – with a straightforward FTP/WWW server running off the USB flash drive it is much easier to come up with such a flash drive to any computer available on your in-house (or home) network (LAN) than to disassemble your computer and put the hard drive to another computer where an operating system is already running;
  • No need to purchase expensive licenses for an operating system because MaheshaBSD Server is itself an operating system (FreeBSD);
  • Immediate possibility to use this server – users without any knowledge of Unix can use easy to use free programs such as WinSCP (a Windows GUI application for copying data via SFTP) – they will just copy files into MaheshaBSD Server’s FTP/WWW directory and they will be immediately displayed in a browser;
  • By setting up IP Forwarding on ports 21 (FTP), 22 (SSH), 80 (HTTP) in your router settings you will have an instant possibility to operate a public Internet FTP/WWW server;
  • Security – as long as your FTP (or WWW) server is not running in Windows as a separate program, the environment where certain cleverer individuals may  always find a way to steal your sensitive data (in case you choose a Windows FTP/web server software with unreported security holes), you will be in a great advantage as regards security;
  • A possibility to mount NTFS/FAT32 disks/flash drives/USB hard drives and use them as a place for FTP/WWW data storage. Both editions – MaheshaBSD and MaheshaBSD Server – can easily mount NTFS disks for write access, a feature not available in many BSD LiveCD distributions;
  • Remote Admin.

The full MaheshaBSD Server Edition documentation can be read here (pdf).

MaheshaBSD Server Edition is free for personal use and businesses are required to buy a  $200 license.

We have not been able to test the Server Edition yet, but a $200 license is quite a fee for a document server licens. It would be interesting to see how MaheshaBSD Server Edition compares with FreeNAS 8.2. We may do a comparison a some point in the future.