Base install of FreeBSD
This guide will walk you through the steps necessary to install FreeBSD the manual way. I prefer this method over FreeBSD's default menu based SYSINSTALL because it's much quicker and you have full control of what's going on. SYSINSTALL also has a few minor quirks which won't bother us now. The only drawback is that you need the DVD install media which contains both the installation files and a live filesystem to work from.
Preparing your computer
Before you begin with the actual installation of FreeBSD you should make a few alterations to your computer's BIOS configuration. You should consult your computer's manual on how to enter the BIOS configuration but usually you press DEL or F2 during boot. These are the things you should change:
- Reset all settings to factory defaults. There's usually an option for this on the main BIOS configuration screen. This will disable any overclocking and save you from trouble further on.
- Make sure your DVD-ROM is configured as a bootable device before your harddrive in the boot menu. Alternatively you can choose to boot from the DVD during startup by pressing ESC on most computers.
- Correct the CMOS clock and adjust it to show UTC instead of your local time. This will help you have your logs time stamped in a consistent way regardless of timezone or daylight savings time.
- Disable any hardware you won't be using in your router - like onboard audio, parallel, USB and firewire ports. This will free up system resources and also minimize the driver complexity, leading to a more stable system. Leave any serial ports enabled though since they are useful for console access and controlling an UPS.
Now insert your FreeBSD DVD in your DVD-ROM drive, save your BIOS settings and reboot your computer.
Enter the live filesystem
Select your country on the following screen and then your keyboard layout.
Select the Fixit option and then option 2 on the following screen - Use the "live" filesystem CDROM/DVD. You are now in a command shell where you will perform the actual installation.
Check date and time
Check that the date and time is correct.
Fixit# date Sun Jun 21 12:53:16 UTC 2009
Note that the output is displayed in UTC and not your local time and it should match the time you entered in your BIOS configuration previously. If it doesn't match, you should reboot the computer and correct it again before proceeding
Identify the harddrives and erase them
Now, let's have a look at what harddrives are present in your computer. You can use atacontrol for that.
Fixit# atacontrol list ATA channel 2: Master: no device present Slave: no device present ATA channel 3: Master: no device present Slave: no device present ATA channel 4: Master: acd0 <PIONEER DVD-RW DVR-106D/1.08> ATA/ATAPI revision 5 Slave: no device present ATA channel 5: Master: ad10 <Maxtor 7Y250M0/YAR51EW0> Unknown SATA revision Slave: no device present ATA channel 6: Master: ad12 <Maxtor 7Y250M0/YAR51HW0> SATA revision 1.x Slave: no device present ATA channel 7: Master: no device present Slave: no device present ATA channel 8: Master: no device present Slave: no device present
This output is from a fairly modern computer and shows all IDE/SATA interfaces and what's attached to them. A DVD-RW drive called acd0 and two harddrives called ad10 and ad12 respectively. Your output most likely contains a different number of interfaces and drives but it should give you a picture of what's available. You won't see any SCSI devices here though. You need a different command for that and I don't cover it in this guide.
In the example here, I will use the names of the harddrives from my own computer, but you must of course replace them with whatever your harddrives are called. You should clear the first megabyte or so of each harddrive so that they look completely empty to FreeBSD. dd is a very powerful command that gives you direct low level access to your harddrives (or any character device for that matter) and it's perfect to use for this.
Fixit# dd if=/dev/zero of=/dev/ad10 bs=1M count=1 1+0 records in 1+0 records out 1048576 bytes transferred in 0.101631 secs (10317465 bytes/sec)
The command above reads 1 MiB of data (bs=1M count=1) from a special device, which sole purpose is to produce a never ending stream of zeroes (/dev/zero), and writes it to the first harddrive (/dev/ad10) starting at the first physical sector (since we didn't specify anything else). This effectively erases any old partitions and makes the harddrive look completely empty. Repeat the same command for any other harddrive in your system that you want to use for FreeBSD.
Create a mirror
Normally you would partition and format your harddrives now but this guide will teach you how to first create a mirror that will keep your system running in case of a harddrive failure. A mirror in FreeBSD is a virtual device that you will use instead of the physical harddrives. Everything you write to this virtual device is written in the background to all the harddrives in your system that you choose to be a part of the mirror. The great thing is that a mirror can consist of any number of drives. If you only have one single harddrive you won't have any failure protection but you can still create the virtual mirror device and add another drive later.
Load the kernel module for gmirror.
Fixit# kldload /dist/boot/kernel/geom_mirror.ko
Use gmirror to create the virtual device and add the first physical harddrive. It should be the harddrive with the lowest number if you have several harddrives installed.
Fixit# gmirror label -v gm0 /dev/ad10 Metadata value stored on /dev/ad10 Done.
A virtual device node called /dev/mirror/gm0 has now been created and from now on you will use it instead of the physical device node /dev/ad10. You can verify it by listing the contents of the folder /dev/mirror.
Fixit# ls /dev/mirror gm0
Partition and format the harddrive
If you're used to DOS and Windows you probably know the command fdisk which is used to create partitions. Unix usually don't use fdisk type partitions since Unix have its own native BSD partitioning system. Unfortunately, modern PCs don't care much for Unix and many simply refuse to boot if there isn't a standard fdisk partition on your harddrive. To circumvent this problem you will first create an fdisk partition (called a slice in Unix world) and then a BSD partition inside that slice. As mentioned above you will now use the virtual mirror device instead of the physical harddrive.
Fixit# fdisk -BI /dev/mirror/gm0 ******* Working on device /dev/mirror/gm0 ******* fdisk: invalid fdisk partition table found fdisk: Geom not found: "gm0"
Don't worry about the message, everything is fine and you can verify that the slice was created.
Fixit# ls /dev/mirror gm0 gm0s1
Create a BSD partition within that fdisk slice.
Fixit# bsdlabel -B -w /dev/mirror/gm0s1
Verify that you now have an additional a and c partition.
Fixit# ls /dev/mirror gm0 gm0s1 gm0s1a gm0s1c
Format the a partition.
Fixit# newfs -U /dev/mirror/gm0s1a /dev/mirror/gm0s1a: 8189.3MB (16771780 sectors) block size 16384, fragment size 2048 using 45 cylinder groups of 183.72MB, 11758 blks, 23552 inodes. with soft updates super-block backups (for fsck -b #) at: 160, 3762720, 752672, 1128928, 1505184, 1881440, 2257696, 2633952, 3010208, ...
Your output will be different depending on the size of your harddrive and the list of super-block backups can be very long.
Install the distribution files
To be able to write to the new filesystem you need to mount it someplace.
Fixit# mount /dev/mirror/gm0s1a /mnt
Now you can simply unpack the bare minimum of installation files you need to boot FreeBSD.
Fixit# cd /dist/7.2-RELEASE/base Fixit# DESTDIR=/mnt ./install.sh You are about to extract the base distribution into /mnt - are you SURE you want to do this over your installed system (y/n)? y
You also need to install the generic kernel.
Fixit# cd /dist/7.2-RELEASE/kernels Fixit# DESTDIR=/mnt ./install.sh generic
The default kernel directory has to be removed and the newly extracted generic kernel moved into its place.
Fixit# rmdir /mnt/boot/kernel Fixit# mv /mnt/boot/GENERIC /mnt/boot/kernel
A few configuration files need to be created to make the system boot. A good fullscreen editor to use is ee and for now I will explicitly show you how to invoke the editor but you are expected to remember this by yourself for the upcoming guides. You may of course use another editor if you like.
fstab contains the list of filesystems FreeBSD should mount at boot. You only have one filesystem in this router but you have to list it there or else your computer won't boot.
Fixit# ee /mnt/etc/fstab
Add the following contents and save the file by pressing ESC, Enter, Enter.
# Device Mountpoint FStype Options Dump Pass# /dev/mirror/gm0s1a / ufs rw,noatime 1 1
The kernel driver for the mirror needs to be loaded at boot.
Fixit# ee /mnt/boot/loader.conf
Add the following line and then save the file using the same procedure as above.
Although your CMOS clock is set to UTC you probably want the clock in your router to display local time and it's simple. Have a look in /mnt/usr/share/zoneinfo and its subfolders and select a timezone that fits your location.
Fixit# ls /mnt/usr/share/zoneinfo Africa/ Australia/ Etc/ MET WET America/ CET Europe/ MST posixrules Antarctica/ CST6CDT Factory MST7MDT zone.tab Arctic/ EET GMT PST8PDT Asia/ EST HST Pacific/ Atlantic/ EST5EDT Indian/ SystemV/
Fixit# ls /mnt/usr/share/zoneinfo/Europe Amsterdam Gibraltar Madrid Rome Vatican Andorra Guernsey Malta Samara Vienna Athens Helsinki Mariehamn San_Marino Vilnius Belgrade Isle_of_Man Minsk Sarajevo Volgograd Berlin Istanbul Monaco Simferopol Warsaw Bratislava Jersey Moscow Skopje Zagreb Brussels Kaliningrad Nicosia Sofia Zaporozhye Bucharest Kiev Oslo Stockholm Zurich Budapest Lisbon Paris Tallinn Chisinau Ljubljana Podgorica Tirane Copenhagen London Prague Uzhgorod Dublin Luxembourg Riga Vaduz
Copy it to /mnt/etc/localtime.
Fixit# cp /mnt/usr/share/zoneinfo/Europe/Stockholm /mnt/etc/localtime
This is probably the most important file of them all in a FreeBSD system. rc.conf will, among other things, configure your network at boot and decide what services will be started automatically. It will be referenced in almost every guide.
Fixit# ee /mnt/etc/rc.conf
Add the following contents but don't save the file yet. Read on because you need to alter a few lines.
gateway_enable="YES" hostname="router.yourdomain" ifconfig_DEFAULT="DHCP" ifconfig_fwe0="NOAUTO" ifconfig_plip0="NOAUTO" keymap="swedish.iso" swapfile="/usr/swap0" sshd_enable="YES"
gateway_enable="YES" will enable the routing service.
hostname="router.yourdomain" will set the system's hostname. router should be replaced by an arbitrary name that uniquely identifies this computer on your LAN and yourdomain should be replaced by the free domain you registered earlier.
ifconfig_DEFAULT="DHCP" will automatically try to configure any available network interface with an IP address. You will tune this in detail after you boot the system for the first time.
ifconfig_fwe0="NOAUTO" will prevent any firewire connection to be configured as a network interface. If you don't have firewire or have disabled it in your BIOS, you can remove this line.
ifconfig_plip0="NOAUTO" will prevent any parallel port to be configured as a network interface. If you don't have a parallel port or have disabled it in your BIOS, you can remove this line.
keymap="swedish.iso" defines your keyboard layout. You should change this to one of the provided keymaps located in /mnt/usr/share/syscons/keymaps.
Fixit# ls /mnt/usr/share/syscons/keymaps
The line in rc.conf should not contain the trailing .kbd present in the filenames. Of course you need to save and exit rc.conf temporarily before you can list the contents of that folder.
swapfile="/usr/swap0" will initialize the swapfile but you need to create it first. The following commands will create a 256MiB swapfile but you can adjust the count value to suit your system.
Fixit# dd if=/dev/zero of=/mnt/usr/swap0 bs=1024k count=256 256+0 records in 256+0 records out 268435456 bytes transferred in 12.205129 secs (21993660 bytes/sec) Fixit# chmod 0600 /mnt/usr/swap0
sshd_enable="YES" will enable the ssh daemon so you can logon remotely later on.
The hosts file can be used as local resolver on your LAN. It should at a minimum contain records for the router itself.
Fixit# ee /mnt/etc/hosts
Find the following lines and only replace my.domain with the domain name you registered earlier and then save the file.
::1 localhost localhost.my.domain 127.0.0.1 localhost localhost.my.domain
Set the root password
Now you need to set the password for the root account. Make this password strong and keep it safe because it allows full access to your router.
Fixit# chroot /mnt /bin/sh Fixit# passwd root Changing local password for root New Password: Retype New Password:
Reboot the router
Time has come to boot into this system for the first time. If you haven't already done so, you should now hook up your Internet connection to one of your network interfaces and connect the other one to your LAN switch before proceeding.
Type exit twice and you should be back on the menu where you selected to enter the live filesystem earlier. Press TAB to jump to the Cancel option and select it with Enter. Back on the main menu you can use TAB again to jump to Exit install. Enter brings up a confirmation dialogue. Select Yes here, remove the DVD and then press Enter and the computer will boot into your newly installed FreeBSD system.
There are a few more tasks you have to perform before your base install of FreeBSD is ready. After the boot has finished, logon as root and use the password you set earlier.
Add a regular user
Logging on as root remotely is prohibited by default to make it more difficult for hackers to gain access. A regular user account is therefore necessary. Change the Username and Full name below to something you want to call yourself. The default options are fine for most of the questions but make sure you add yourself to the group called wheel or you won't be able to use root commands after login. As always, make your password strong.
router# adduser Username: pp Full name: pp Uid (Leave empty for default): Login group [pp]: Login group is pp. Invite pp into other groups? : wheel Login class [default]: Shell (sh csh tcsh nologin) [sh]: Home directory [/home/pp]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : pp Password : ***** Full Name : pp Uid : 1001 Class : Groups : pp wheel Home : /home/pp Home Mode : Shell : /bin/sh Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (pp) to the user database. Add another user? (yes/no): no Goodbye!
Configure the network
Let's have a look at the network interfaces in your router.
router# ifconfig em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:0c:29:95:5a:b7 inet 22.214.171.124 netmask 0xfffffe00 broadcast 126.96.36.199 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:0c:29:95:5a:c1 inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000
Starting from the bottom, lo0 is your loopback interface. It should always have an IPv4 address of 127.0.0.1/8 and if IPv6 is configured, it should also have ::1 as IP address. plip0 is the parallel port, if you have one. You can safely ignore it. The top two interfaces are the interesting ones because they are the physical interfaces. In your computer they may be called something different though. In FreeBSD, network interfaces are named after the kernel driver they use. Here is a short list of very common network interface cards and their names in FreeBSD.
- fxp - Intel 100Mbit
- em - Intel Gigabit
- rl - RealTek 100Mbit
- re - Realtek Gigabit
- bfe, bce, bge - Broadcom
- msk - Marvell
The number at the end of the interface name is usually a zero but if you have several identical network cards in your computer, that number will simply increase by one for each new card. In the example above there are two Intel Gigabit controllers and you can see that the one called em0 has got an IP address from my ISP. The other interface is connected to my LAN switch and hasn't been able to find an IP address automatically. Make note of your own interface names and which one is connected where, then open /etc/rc.conf in your editor and remove the line ifconfig_DEFAULT="DHCP". Instead, replace it with the following two lines.
ifconfig_em0="DHCP" ifconfig_em1="inet 192.168.0.1/24"
The first of these lines is the interface connected to your ISP. It should still use DHCP to automatically get an IP address but adjust the interface name to match your own. The second line sets an IPv4 (inet) address on your internal LAN interface. In this example I have chosen a very common address used in various domestic routers - 192.168.0.1 with a subnet mask of 255.255.255.0 (/24). Don't change this unless you know exactly what you're doing. Save the file and exit the editor. To activate the changes, you don't have to reboot the router. It's enough to restart the network service.
router# /etc/rc.d/netif restart Stopping network: ...
You can verify the IP addresses of your interfaces by simply typing ifconfig again. When you see that your internal interface now has an address, you should add an extra entry to /etc/hosts for it - something similar to this.
192.168.0.1 router router.mydomain
Adjust the IP address, router name and domain name to match your own.
Add more drives to the mirror (optional)
If you have one or more extra identical harddrives in your router, time has now come to add them to the mirror you created earlier, so it will be redundant and protect you when you encounter a harddrive failure (yes, I wrote "when" on purpose). If you have forgotten the names of your harddrives you can show them at any time with atacontrol list. In this router I have a second harddrive called ad12 and I insert it into the existing mirror like this.
router# gmirror insert gm0 /dev/ad12 GEOM_MIRROR: Device gm0: rebuilding provider ad12.
The computer will now copy the content of the first drive to the second and you can check the status with the following command.
router# gmirror status Name Status Components mirror/gm0 DEGRADED ad10 ad12 (26%)
The status will show up as DEGRADED while the copy is in progress but everything will work normally while doing so. You should also configure the router to generate daily reports of the RAID status. Add this line to /etc/periodic.conf.
When the gmirror status is COMPLETED you should reboot your computer again and check that it boots up without any errors.
router# shutdown -r now
Now you have finished the base install of FreeBSD and are ready to start turning it into an extremely powerful traffic shaping router and firewall.
- When creating the mirror, the default balance algorithm is split. There are several other balance algorithms to choose from but I haven't found any description of their benefits and drawbacks in various situations. If anyone can add some thought to this it would be appreciated.
The following web sites deserve credit for contributing knowledge to this guide.
Files and commands
- /boot/loader.conf - contains commands that should be carried out very early in the boot process
- /etc/fstab - a list of filesystems that should be automatically mounted at boot
- /etc/hosts - used to resolve IP addresses of your local LAN computers which are not normally present in DNS
- /etc/localtime - contains local timezone information, copied from /usr/share/zoneinfo
- /etc/rc.conf - central configuration of network, hostname and startup services
- atacontrol - utility to control and configure your ATA interfaces
- ee - the Easy Editor
- gmirror - control utility for mirrored devices