PC-BSD 9.0-RC2 now Available

As most of you will be aware, PC-BSD 9.0-RC2 became available about a week ago.

There is an issue with upgrading from RC1 to RC2, but it’s easily fixed. This is due to some changes in KDE which also affects the look and feel. So if you have the bandwidth, it’s probably best to download a new ISO instead of upgrading.

 

FreeBSD 9.0-RC2 Available (Official)

It is now official: FreeBSD 9.0-RC2 is available for download.

The second of the Release Candidate builds for the 9.0-RELEASE release cycle is now available. Since this is the first release of a brand new branch I cross-post the announcements on both -current and -stable.
But just so you know most of the developers active in head and stable/9 pay more attention to the -current mailing list. If you notice problems you can report them through the normal Gnats PR system or on the -current mailing list.

The 9.0-RELEASE cycle can be tracked at wiki.freebsd.org/Releng/9.0TODO.

For update details, MD5 checsums and FTP locationts, check out the announcement: FreeBSD 9.0-RC2 Available.

Happy testing.

BHyVe – a Native FreeBSD Hypervisor

How to install and help test FreeBSD’s exciting new BHyVe hypervisor

Michael Dexter has published a tutorial on CFT on FreeBSD‘s upcoming type 2 hypervisor known as BHyVe. The article is an easy to follow tutorial showing how to configure, build and boot a hypervisor capable host and guest system. BHyVe currently only supports modern Intel’s x86 virtualization hardware & the project itself is still currently under early development.

FreeBSD is very much lacking virtualization features (not counting jails) and the BHyVe project is excellent news for FreeBSD!

“Neel Natu and Peter Grehan unveiled BHyVe (PDF), the “BSD HyperVisor” (incl. Audio) for FreeBSD at BSDCan 2011 and kindly helped me get it up and running. I invite you to do the same and explore the many possibilities of this up and coming alternative to Linux KVM. Because BHyVe relies primarily on the Virtual Machine Manager vmm.ko kernel module, it should be portable to other BSD’s and even other operating systems. BHyVe guest virtual machines run modified FreeBSD kernels at this time and there are many opportunities to remove this limitation. Be aware that BHyVe is under active development and should be considered experimental.”

Full article and howto: Hands-on BHyVe.

Thanks to Fernando and Krzysztof for the heads up.

Links

Writing FreeBSD kernel modules

Writing a FreeBSD kernel module. Many may think this is a difficult task, but if you know the basics of programming and have some knowledge of and experience with FreeBSD, it may not be as difficult as it sounds.

Jared Barneck has put together an easy to follow guide showing the basics of writing a “hello world” module: How to write a FreeBSD Kernel Module

Follow Jared’s steps and check out some of the online resources he’s linked to, and you’re ready to go.

Happy programming.

pfSense private cloud, and pfSense jobs

Ray has been testing and playing around with pfSense for a month, and has decided he’s going to set up a private cloud: pfSense + 1 Public IP = Home Cloud.

Now that I’ve ben running pfSense for a problem-free month it’s time to start using it for more than cool charts and graphs. My first goal is to be able to make multiple servers available from the internet. I’ve got Windows Home Server v1 and Windows Home Server 2011 servers running and ready to go. Once those are going I’ll want to add my development web server to the mix so I can do development and testing from outside the home. I’ve spent some time testing various options and I’ve settled on a solution that I think will work. At least all the individual pieces work, time to see if they fit together.

The main obstacle for me is that I have one public IP which needs to address the various internal servers. Those internal servers run the same services on the same ports. The nature of NAT port forwarding is all traffic coming into the WAN connection for a port gets forwarded to the same computer. I can’t parse port 80 (http/web) traffic and make a decision where it needs to go. This is the major obstacle. Another minor issue is that my public IP is dynamic and can change whenever Comcast wants to change it. (Although when I want it to change it’s surprisingly hard to do).

Another requirement is that I use my own domain, and not just a subdomain of some DDNS provider.

Full post: pfSense +1  public ip = home Cloud

pfSense Jobs

If you’re interested in pfSense freelance jobs, have a look here: https://www.elance.com/r/jobs/q-pFsense. There’s one job at the moment.

pfSense, 7 years young. Congratulations

pfSense is Seven

The pfSense  (which stands for…) project exists 7 years this week, well, that is the age of the pfSense domain. I’m sure the project existed long before that in Chris Buechler, the project founder’s head.

Congratulations to Chris and his team for the great job they’re doing and all the work they’ve done so far. According to some update stats there are currently ca. 100,000 known live pfSense installs.

pfSense and PBI’s

Some say that PC-BSD‘s PBI package format is not needed in addition to other *BSD ways of installing software, and that it’s “un-UNIX”. I think it’s a very user-friendly, point-and-click way for installing software, and advanced users don’t need to use it.

It’s great to see that not only FreeNAS, the NAS O/S, but also pfSense will be supporting PBI packages in the future:

Moving packages to PBIs – the package system in 2.1 will switch to using the PBI package system, originally from PC-BSD, though also used by some on stock FreeBSD installs. The benefit of using PBIs is each package has all its dependencies included in the package, which eliminates the dependency messes that can happen currently, such as one package requiring a certain version of a dependent package but another requiring a different version, uninstallation of one package stomping on another package by uninstalling a dependency it requires, uninstallation of a package breaking the base system by deleting things it uses (though we already work around that one automatically), easing clean uninstall of packages, amongst other benefits. This will be a great improvement in the package system for 2.1. (source)

If you’re looking for a feature rich (BSD) firewall, why not consider pfSense?

Some thoughts on UNIX and testing Opera on FreeBSD

Ruarí Ødegaard, who works for Opera, has put a post up with some of his thoughts on FreeBSD and Opera on FreeBSD: Some thoughts on UNIX and testing Opera on FreeBSD.

So I was actually quite excited last week when the new FreeBSD 9 RC 1 was released. Unlike with new releases of some of the Linux distros, I don’t usually have late night fears that Opera will get broken by some new major change or other. p

FreeBSD has a deserved reputation for being reliable and robust and not rushing change for its own sake. Nonetheless with any OS upgrade there is always the chance that we will have to make changes to accommodate, so with the release of RC1 I figured now was as good a time as any to give it a spin.

Installing FreeBSD with the new BSDInstall went without problems and so was running Opera.

Opera is a fast and full-featured Internet browser that includes pop-up blocking, tabbed browsing, integrated searches, and advanced functions like E-mail program, RSS Newsfeeds and IRC chat. You can install Opera on FreeBSD from /usr/pors/www/opera.

Ruari’s post: Some thoughts on UNIX and testing Opera on FreeBSD

Thanks to Mark B for emailing the link.

Thanks

(updated) Network Security monitoring using FreeBSD (Richard Bejtlich)

Richard Bejtlich as a security expert with a lot of experience on FreeBSD. This video is about network security monitoring using FreeBSD:

“I’ve been using FreeBSD as my preferred platform for Network Security Monitoring (NSM) since 2000. In this presentation I’ll discuss my latest thinking on using FreeBSD to identify normal, suspicious, and malicious traffic in enterprise networks. FreeBSD is a powerful platform for network traffic inspection and log analysis, and I’ll share a few ways I use it in production environments.”


 

Embedded Monowall Installation (video)

This tutorial will guide you through copying the m0n0wall image to a compact flash card and the initial configuration of the m0n0wall on the ALIX embedded board. I will be using a VPN accelerator card since I will have about 10 IPsec tunnels actively running at one time. I would only recommend using the VPN accelerator card if you plan on maintaining several VPN tunnels at one time, otherwise it is overkill.