Base install of FreeBSD

From freebsd.xn--wesstrm-f1a.se

Jump to: navigation, search

Contents

Overview

This guide will walk you through the steps necessary to install FreeBSD the manual way. I prefer this method over FreeBSD's default menu based SYSINSTALL because it's much quicker and you have full control of what's going on. SYSINSTALL also has a few minor quirks which won't bother us now. The only drawback is that you need the DVD install media which contains both the installation files and a live filesystem to work from.

Instructions

Preparing your computer

Before you begin with the actual installation of FreeBSD you should make a few alterations to your computer's BIOS configuration. You should consult your computer's manual on how to enter the BIOS configuration but usually you press DEL or F2 during boot. These are the things you should change:

  • Reset all settings to factory defaults. There's usually an option for this on the main BIOS configuration screen. This will disable any overclocking and save you from trouble further on.
  • Make sure your DVD-ROM is configured as a bootable device before your harddrive in the boot menu. Alternatively you can choose to boot from the DVD during startup by pressing ESC on most computers.
  • Correct the CMOS clock and adjust it to show UTC instead of your local time. This will help you have your logs time stamped in a consistent way regardless of timezone or daylight savings time.
  • Disable any hardware you won't be using in your router - like onboard audio, parallel, USB and firewire ports. This will free up system resources and also minimize the driver complexity, leading to a more stable system. Leave any serial ports enabled though since they are useful for console access and controlling an UPS.

Now insert your FreeBSD DVD in your DVD-ROM drive, save your BIOS settings and reboot your computer.

Enter the live filesystem

The FreeBSD bootloader.
If you successfully booted from the DVD, you will be greeted with the screen at right. Simply wait 10 seconds or press Enter and the computer will continue to boot.

Select your country on the following screen and then your keyboard layout.

Select the Fixit option and then option 2 on the following screen - Use the "live" filesystem CDROM/DVD. You are now in a command shell where you will perform the actual installation.

Check date and time

Check that the date and time is correct.

Fixit# date
Sun Jun 21 12:53:16 UTC 2009

Note that the output is displayed in UTC and not your local time and it should match the time you entered in your BIOS configuration previously. If it doesn't match, you should reboot the computer and correct it again before proceeding

Identify the harddrives and erase them

Now, let's have a look at what harddrives are present in your computer. You can use atacontrol for that.

Fixit# atacontrol list
ATA channel 2:
    Master:      no device present
    Slave:       no device present
ATA channel 3:
    Master:      no device present
    Slave:       no device present
ATA channel 4:
    Master: acd0 <PIONEER DVD-RW DVR-106D/1.08> ATA/ATAPI revision 5
    Slave:       no device present
ATA channel 5:
    Master: ad10 <Maxtor 7Y250M0/YAR51EW0> Unknown SATA revision
    Slave:       no device present
ATA channel 6:
    Master: ad12 <Maxtor 7Y250M0/YAR51HW0> SATA revision 1.x
    Slave:       no device present
ATA channel 7:
    Master:      no device present
    Slave:       no device present
ATA channel 8:
    Master:      no device present
    Slave:       no device present

This output is from a fairly modern computer and shows all IDE/SATA interfaces and what's attached to them. A DVD-RW drive called acd0 and two harddrives called ad10 and ad12 respectively. Your output most likely contains a different number of interfaces and drives but it should give you a picture of what's available. You won't see any SCSI devices here though. You need a different command for that and I don't cover it in this guide.

Warning: The drives in your computer should be dedicated to FreeBSD so make sure you don't have any data on them you will need later on, because it will be destroyed if you continue with the instructions below.

In the example here, I will use the names of the harddrives from my own computer, but you must of course replace them with whatever your harddrives are called. You should clear the first megabyte or so of each harddrive so that they look completely empty to FreeBSD. dd is a very powerful command that gives you direct low level access to your harddrives (or any character device for that matter) and it's perfect to use for this.

Fixit# dd if=/dev/zero of=/dev/ad10 bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes transferred in 0.101631 secs (10317465 bytes/sec)

The command above reads 1 MiB of data (bs=1M count=1) from a special device, which sole purpose is to produce a never ending stream of zeroes (/dev/zero), and writes it to the first harddrive (/dev/ad10) starting at the first physical sector (since we didn't specify anything else). This effectively erases any old partitions and makes the harddrive look completely empty. Repeat the same command for any other harddrive in your system that you want to use for FreeBSD.

Create a mirror

Normally you would partition and format your harddrives now but this guide will teach you how to first create a mirror that will keep your system running in case of a harddrive failure. A mirror in FreeBSD is a virtual device that you will use instead of the physical harddrives. Everything you write to this virtual device is written in the background to all the harddrives in your system that you choose to be a part of the mirror. The great thing is that a mirror can consist of any number of drives. If you only have one single harddrive you won't have any failure protection but you can still create the virtual mirror device and add another drive later.

Load the kernel module for gmirror.

Fixit# kldload /dist/boot/kernel/geom_mirror.ko

Use gmirror to create the virtual device and add the first physical harddrive. It should be the harddrive with the lowest number if you have several harddrives installed.

Fixit# gmirror label -v gm0 /dev/ad10
Metadata value stored on /dev/ad10
Done.

A virtual device node called /dev/mirror/gm0 has now been created and from now on you will use it instead of the physical device node /dev/ad10. You can verify it by listing the contents of the folder /dev/mirror.

Fixit# ls /dev/mirror
gm0

Partition and format the harddrive

If you're used to DOS and Windows you probably know the command fdisk which is used to create partitions. Unix usually don't use fdisk type partitions since Unix have its own native BSD partitioning system. Unfortunately, modern PCs don't care much for Unix and many simply refuse to boot if there isn't a standard fdisk partition on your harddrive. To circumvent this problem you will first create an fdisk partition (called a slice in Unix world) and then a BSD partition inside that slice. As mentioned above you will now use the virtual mirror device instead of the physical harddrive.

Fixit# fdisk -BI /dev/mirror/gm0
******* Working on device /dev/mirror/gm0 *******
fdisk: invalid fdisk partition table found
fdisk: Geom not found: "gm0"

Don't worry about the message, everything is fine and you can verify that the slice was created.

Fixit# ls /dev/mirror
gm0 gm0s1

Create a BSD partition within that fdisk slice.

Fixit# bsdlabel -B -w /dev/mirror/gm0s1

Verify that you now have an additional a and c partition.

Fixit# ls /dev/mirror
gm0 gm0s1 gm0s1a gm0s1c

Format the a partition.

Fixit# newfs -U /dev/mirror/gm0s1a
/dev/mirror/gm0s1a: 8189.3MB (16771780 sectors) block size 16384, fragment size
2048
        using 45 cylinder groups of 183.72MB, 11758 blks, 23552 inodes.
        with soft updates
super-block backups (for fsck -b #) at:
 160, 3762720, 752672, 1128928, 1505184, 1881440, 2257696, 2633952, 3010208,
...

Your output will be different depending on the size of your harddrive and the list of super-block backups can be very long.

Install the distribution files

To be able to write to the new filesystem you need to mount it someplace.

Fixit# mount /dev/mirror/gm0s1a /mnt

Now you can simply unpack the bare minimum of installation files you need to boot FreeBSD.

Fixit# cd /dist/7.2-RELEASE/base
Fixit# DESTDIR=/mnt ./install.sh
You are about to extract the base distribution into /mnt - are you SURE
you want to do this over your installed system (y/n)? y

You also need to install the generic kernel.

Fixit# cd /dist/7.2-RELEASE/kernels
Fixit# DESTDIR=/mnt ./install.sh generic

The default kernel directory has to be removed and the newly extracted generic kernel moved into its place.

Fixit# rmdir /mnt/boot/kernel
Fixit# mv /mnt/boot/GENERIC /mnt/boot/kernel

Configuration files

A few configuration files need to be created to make the system boot. A good fullscreen editor to use is ee and for now I will explicitly show you how to invoke the editor but you are expected to remember this by yourself for the upcoming guides. You may of course use another editor if you like.

fstab

fstab contains the list of filesystems FreeBSD should mount at boot. You only have one filesystem in this router but you have to list it there or else your computer won't boot.

Fixit# ee /mnt/etc/fstab

Add the following contents and save the file by pressing ESC, Enter, Enter.

# Device		Mountpoint	FStype	Options		Dump	Pass#
/dev/mirror/gm0s1a	/		ufs	rw,noatime	1	1

loader.conf

The kernel driver for the mirror needs to be loaded at boot.

Fixit# ee /mnt/boot/loader.conf

Add the following line and then save the file using the same procedure as above.

geom_mirror_load="YES"

localtime

Although your CMOS clock is set to UTC you probably want the clock in your router to display local time and it's simple. Have a look in /mnt/usr/share/zoneinfo and its subfolders and select a timezone that fits your location.

Fixit# ls /mnt/usr/share/zoneinfo
Africa/	Australia/	Etc/		MET		WET
America/	CET		Europe/		MST		posixrules
Antarctica/	CST6CDT		Factory		MST7MDT		zone.tab
Arctic/	EET		GMT		PST8PDT
Asia/		EST		HST		Pacific/
Atlantic/	EST5EDT		Indian/		SystemV/
Fixit# ls /mnt/usr/share/zoneinfo/Europe
Amsterdam	Gibraltar	Madrid		Rome		Vatican
Andorra	Guernsey	Malta		Samara		Vienna
Athens		Helsinki	Mariehamn	San_Marino	Vilnius
Belgrade	Isle_of_Man	Minsk		Sarajevo	Volgograd
Berlin		Istanbul	Monaco		Simferopol	Warsaw
Bratislava	Jersey		Moscow		Skopje		Zagreb
Brussels	Kaliningrad	Nicosia		Sofia		Zaporozhye
Bucharest	Kiev		Oslo		Stockholm	Zurich
Budapest	Lisbon		Paris		Tallinn
Chisinau	Ljubljana	Podgorica	Tirane
Copenhagen	London		Prague		Uzhgorod
Dublin		Luxembourg	Riga		Vaduz

Copy it to /mnt/etc/localtime.

Fixit# cp /mnt/usr/share/zoneinfo/Europe/Stockholm /mnt/etc/localtime

rc.conf

This is probably the most important file of them all in a FreeBSD system. rc.conf will, among other things, configure your network at boot and decide what services will be started automatically. It will be referenced in almost every guide.

Fixit# ee /mnt/etc/rc.conf

Add the following contents but don't save the file yet. Read on because you need to alter a few lines.

gateway_enable="YES"
hostname="router.yourdomain"
ifconfig_DEFAULT="DHCP"
ifconfig_fwe0="NOAUTO"
ifconfig_plip0="NOAUTO"
keymap="swedish.iso"
swapfile="/usr/swap0"
sshd_enable="YES"

gateway_enable="YES" will enable the routing service.

hostname="router.yourdomain" will set the system's hostname. router should be replaced by an arbitrary name that uniquely identifies this computer on your LAN and yourdomain should be replaced by the free domain you registered earlier.

ifconfig_DEFAULT="DHCP" will automatically try to configure any available network interface with an IP address. You will tune this in detail after you boot the system for the first time.

ifconfig_fwe0="NOAUTO" will prevent any firewire connection to be configured as a network interface. If you don't have firewire or have disabled it in your BIOS, you can remove this line.

ifconfig_plip0="NOAUTO" will prevent any parallel port to be configured as a network interface. If you don't have a parallel port or have disabled it in your BIOS, you can remove this line.

keymap="swedish.iso" defines your keyboard layout. You should change this to one of the provided keymaps located in /mnt/usr/share/syscons/keymaps.

Fixit# ls /mnt/usr/share/syscons/keymaps

The line in rc.conf should not contain the trailing .kbd present in the filenames. Of course you need to save and exit rc.conf temporarily before you can list the contents of that folder.

swapfile="/usr/swap0" will initialize the swapfile but you need to create it first. The following commands will create a 256MiB swapfile but you can adjust the count value to suit your system.

Fixit# dd if=/dev/zero of=/mnt/usr/swap0 bs=1024k count=256
256+0 records in
256+0 records out
268435456 bytes transferred in 12.205129 secs (21993660 bytes/sec)
Fixit# chmod 0600 /mnt/usr/swap0

sshd_enable="YES" will enable the ssh daemon so you can logon remotely later on.

hosts

The hosts file can be used as local resolver on your LAN. It should at a minimum contain records for the router itself.

Fixit# ee /mnt/etc/hosts

Find the following lines and only replace my.domain with the domain name you registered earlier and then save the file.

::1                     localhost localhost.my.domain
127.0.0.1               localhost localhost.my.domain

Set the root password

Now you need to set the password for the root account. Make this password strong and keep it safe because it allows full access to your router.

Fixit# chroot /mnt /bin/sh
Fixit# passwd root
Changing local password for root
New Password:
Retype New Password:

Reboot the router

Time has come to boot into this system for the first time. If you haven't already done so, you should now hook up your Internet connection to one of your network interfaces and connect the other one to your LAN switch before proceeding.

Type exit twice and you should be back on the menu where you selected to enter the live filesystem earlier. Press TAB to jump to the Cancel option and select it with Enter. Back on the main menu you can use TAB again to jump to Exit install. Enter brings up a confirmation dialogue. Select Yes here, remove the DVD and then press Enter and the computer will boot into your newly installed FreeBSD system.

Post configuration

There are a few more tasks you have to perform before your base install of FreeBSD is ready. After the boot has finished, logon as root and use the password you set earlier.

Add a regular user

Logging on as root remotely is prohibited by default to make it more difficult for hackers to gain access. A regular user account is therefore necessary. Change the Username and Full name below to something you want to call yourself. The default options are fine for most of the questions but make sure you add yourself to the group called wheel or you won't be able to use root commands after login. As always, make your password strong.

Note: Userids and groupnames should always be lower case in Unix. Everything in Unix is case sensitive so start practising now.
router# adduser
Username: pp
Full name: pp
Uid (Leave empty for default): 
Login group [pp]: 
Login group is pp. Invite pp into other groups? []: wheel
Login class [default]: 
Shell (sh csh tcsh nologin) [sh]: 
Home directory [/home/pp]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: 
Use an empty password? (yes/no) [no]: 
Use a random password? (yes/no) [no]: 
Enter password: 
Enter password again: 
Lock out the account after creation? [no]: 
Username   : pp
Password   : *****
Full Name  : pp
Uid        : 1001
Class      : 
Groups     : pp wheel
Home       : /home/pp
Home Mode  : 
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (pp) to the user database.
Add another user? (yes/no): no
Goodbye!

Configure the network

Let's have a look at the network interfaces in your router.

router# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:0c:29:95:5a:b7
	inet 85.226.59.253 netmask 0xfffffe00 broadcast 85.226.59.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:0c:29:95:5a:c1
	inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	inet6 ::1 prefixlen 128 
	inet 127.0.0.1 netmask 0xff000000 

Starting from the bottom, lo0 is your loopback interface. It should always have an IPv4 address of 127.0.0.1/8 and if IPv6 is configured, it should also have ::1 as IP address. plip0 is the parallel port, if you have one. You can safely ignore it. The top two interfaces are the interesting ones because they are the physical interfaces. In your computer they may be called something different though. In FreeBSD, network interfaces are named after the kernel driver they use. Here is a short list of very common network interface cards and their names in FreeBSD.

  • fxp - Intel 100Mbit
  • em - Intel Gigabit
  • rl - RealTek 100Mbit
  • re - Realtek Gigabit
  • bfe, bce, bge - Broadcom
  • msk - Marvell

The number at the end of the interface name is usually a zero but if you have several identical network cards in your computer, that number will simply increase by one for each new card. In the example above there are two Intel Gigabit controllers and you can see that the one called em0 has got an IP address from my ISP. The other interface is connected to my LAN switch and hasn't been able to find an IP address automatically. Make note of your own interface names and which one is connected where, then open /etc/rc.conf in your editor and remove the line ifconfig_DEFAULT="DHCP". Instead, replace it with the following two lines.

ifconfig_em0="DHCP"
ifconfig_em1="inet 192.168.0.1/24"

The first of these lines is the interface connected to your ISP. It should still use DHCP to automatically get an IP address but adjust the interface name to match your own. The second line sets an IPv4 (inet) address on your internal LAN interface. In this example I have chosen a very common address used in various domestic routers - 192.168.0.1 with a subnet mask of 255.255.255.0 (/24). Don't change this unless you know exactly what you're doing. Save the file and exit the editor. To activate the changes, you don't have to reboot the router. It's enough to restart the network service.

router# /etc/rc.d/netif restart
Stopping network:
...

You can verify the IP addresses of your interfaces by simply typing ifconfig again. When you see that your internal interface now has an address, you should add an extra entry to /etc/hosts for it - something similar to this.

192.168.0.1            router router.mydomain

Adjust the IP address, router name and domain name to match your own.

Add more drives to the mirror (optional)

If you have one or more extra identical harddrives in your router, time has now come to add them to the mirror you created earlier, so it will be redundant and protect you when you encounter a harddrive failure (yes, I wrote "when" on purpose). If you have forgotten the names of your harddrives you can show them at any time with atacontrol list. In this router I have a second harddrive called ad12 and I insert it into the existing mirror like this.

router# gmirror insert gm0 /dev/ad12
GEOM_MIRROR: Device gm0: rebuilding provider ad12.

The computer will now copy the content of the first drive to the second and you can check the status with the following command.

router# gmirror status
      Name    Status  Components
mirror/gm0  DEGRADED  ad10
                      ad12 (26%)

The status will show up as DEGRADED while the copy is in progress but everything will work normally while doing so. You should also configure the router to generate daily reports of the RAID status. Add this line to /etc/periodic.conf.

daily_status_gmirror_enable="YES"

When the gmirror status is COMPLETED you should reboot your computer again and check that it boots up without any errors.

router# shutdown -r now

Now you have finished the base install of FreeBSD and are ready to start turning it into an extremely powerful traffic shaping router and firewall.

Unresolved issues

  • When creating the mirror, the default balance algorithm is split. There are several other balance algorithms to choose from but I haven't found any description of their benefits and drawbacks in various situations. If anyone can add some thought to this it would be appreciated.

References

The following web sites deserve credit for contributing knowledge to this guide.

Files and commands

  • /boot/loader.conf - contains commands that should be carried out very early in the boot process
  • /etc/fstab - a list of filesystems that should be automatically mounted at boot
  • /etc/hosts - used to resolve IP addresses of your local LAN computers which are not normally present in DNS
  • /etc/localtime - contains local timezone information, copied from /usr/share/zoneinfo
  • /etc/rc.conf - central configuration of network, hostname and startup services
  • atacontrol - utility to control and configure your ATA interfaces
  • ee - the Easy Editor
  • gmirror - control utility for mirrored devices
Next guide: Connecting to your router
Personal tools