Since my computer will be home for the summer I know my "pops" will need to use his computer and get on the net. I use FreeBSD and he uses Win2k. We have one internet connection and I need to access my box when I am away from home.
This is my first attempt to actually implement NAT. I have read Securing BSD 4.6 doc when I first installed 4.9 so I'll will refer to it while I setup this box to do my Network Address Translation.
I have a Linksys, EtherFast 10/100 Auto-Sensing 5-Port hub at my disposal to connect the other machines to the net.
The document I used to setup my FBSD box was written by Marty Schlacter, entitled "How to Build a FreeBSD-STABLE Firewall with IPFILTER". I found this document very helpful in regards to getting started with a new install and securing my boxen.
Skipping right #11. of the documentation listed above, titled: Create your IPFILTER and IPNAT rulesets
In this case tl0 is my outside interface connected to my ISP and fxp0 will be my inside interface which will connect to the hub and provide access to the rest of the machines.
My ipf.rules are as follows:
-----------------------------
#################################################################
# Outside Interface |tl0| Compaq Netelligent 10/100
#################################################################
#----------------------------------------------------------------
# Allow out all TCP, UDP, and ICMP traffic & keep state on it
# so that it's allowed back in.
#
# If you wanted to do egress filtering...here's where you'd do it.
# You'd change the lines below so that rather than allowing out any
# arbitrary TCP connection, it would only allow out mail, pop3, and http
# connections (for example). So, the first line, below, would be
# replaced with:
# pass out quick on tl0 proto tcp from any to any port = 25 keep state
# pass out quick on tl0 proto tcp from any to any port = 110 keep state
# pass out quick on tl0 proto tcp from any to any port = 80 keep state
# ...and then do the same for the remaining lines so that you allow
# only specified protocols/ports 'out' of your network
#----------------------------------------------------------------
pass out quick on tl0 proto tcp from any to any keep state
pass out quick on tl0 proto udp from any to any keep state
pass out quick on tl0 proto icmp from any to any keep state
block out quick on tl0 all
# -----------------------------------------------------------------------
# Block all inbound traffic from non-routable or reserved address spaces
# -----------------------------------------------------------------------
block in log quick on tl0 from 192.168.0.0/16 to any #RFC 1918 private IP
block in log quick on tl0 from 172.16.0.0/12 to any #RFC 1918 private IP
block in log quick on tl0 from 10.0.0.0/8 to any #RFC 1918 private IP
block in log quick on tl0 from 127.0.0.0/8 to any #loopback
block in log quick on tl0 from 0.0.0.0/8 to any #loopback
block in log quick on tl0 from 169.254.0.0/16 to any #DHCP auto-config
block in log quick on tl0 from 192.0.2.0/24 to any #reserved for doc's
block in log quick on tl0 from 204.152.64.0/23 to any #Sun cluster interconnect
block in quick on tl0 from 224.0.0.0/3 to any #Class D & E multicast
#----------------------------------------------------------------
# Allow bootp traffic in from your ISP's DHCP server only.
#----------------------------------------------------------------
pass in quick on tl0 proto udp from 0.0.0.0/32 to any port = 68 keep state
#----------------------------------------------------------------
# If you wanted to set up a web server or mail server on your box
# (which is outside the scope of this howto), or allow another system
# on the Internet to externally SSH into your firewall, you'd want to
# uncomment the following lines and modify as appropriate. If you
# have other services running that you need to allow external access
# to, just add more lines using these as examples.
#
# If the services are on a box on your internal network (rather than
# the firewall itself), you'll have to add both the filter listed below,
# plus a redirect rule in your /etc/ipnat.rules file.
#----------------------------------------------------------------
pass in quick on tl0 proto tcp from any to any port = 2121 flags S keep state keep frags
pass in quick on tl0 proto tcp from any to any port = 2222 flags S keep state keep frags
pass in quick on tl0 proto tcp from any to any port = 25 flags S keep state keep frags
pass in quick on tl0 proto tcp from any to any port = 80 flags S keep state keep frags
pass in quick on tl0 proto tcp from any to any port = 1977 flags S keep state keep frags
# pass in quick on tl0 proto tcp from X.X.X.X/32 to any port = 22 flags S keep state keep fra
gs
#----------------------------------------------------------------
# Block and log all remaining traffic coming into the firewall
# - Block TCP with a RST (to make it appear as if the service
# isn't listening)
# - Block UDP with an ICMP Port Unreachable (to make it appear
# as if the service isn't listening)
# - Block all remaining traffic the good 'ol fashioned way
#----------------------------------------------------------------
block return-rst in log quick on tl0 proto tcp from any to any
block return-icmp-as-dest(port-unr) in log quick on tl0 proto udp from any to any
block in log quick on tl0 all
#################################################################
# Inside Interface |fxp0| Intel EtherExpress 10/100
#################################################################
#----------------------------------------------------------------
# Allow out all TCP, UDP, and ICMP traffic & keep state
#----------------------------------------------------------------
pass out quick on fxp0 proto tcp from any to any keep state
pass out quick on fxp0 proto udp from any to any keep state
pass out quick on fxp0 proto icmp from any to any keep state
block out quick on fxp0 all
#----------------------------------------------------------------
# Allow in all TCP, UDP, and ICMP traffic & keep state
#----------------------------------------------------------------
pass in quick on fxp0 proto tcp from any to any keep state
pass in quick on fxp0 proto udp from any to any keep state
pass in quick on fxp0 proto icmp from any to any keep state
block in quick on fxp0 all
#################################################################
# Loopback Interface
#################################################################
#----------------------------------------------------------------
# Allow everything to/from your loopback interface so you
# can ping yourself (e.g. ping localhost)
#----------------------------------------------------------------
pass in quick on lo0 all
pass out quick on lo0 all
ipnat.rules will allow the inside interfaces to get information from internet by maping the inside interface to the outside interface tl0.
---------------------------------------------------------------------
# --------------------------------------------------------------------
# Do 'normal' IP address translation. This line will take all packets
# going out on your external NIC (tl0) that have a source address coming
# from your internal network (192.168.1.0), and translate it to whatever
# IP address your external NIC happens to have at that time
# --------------------------------------------------------------------
map tl0 192.168.1.0/24 -> 0/32
# --------------------------------------------------------------------
# If you have a system on your internal network that needs to be
# 'reachable' by external systems on the internet, you'll need a rule
# similar to the one below. This one takes all inbound http traffic
# (TCP port 80) that hits the firewall's external interface (ed0) and
# redirects it to port 80 on the 192.168.1.50 system on the internal network.
# Simply uncomment the rule, change the IP address and port number so that
# it does what you need. Remember that you have to enable the corresponding
# inbound filter in your /etc/ipf.rules file, too.
#
# --------------------------------------------------------------------
# rdr tl0 0.0.0.0/0 port 80 -> 192.168.1.50 port 80 tcp
Changes made to /etc/rc.conf:
----------------------------------
################## Basic Network Configuration File ##################
################## Inside Lan Network Configuration #############
ifconfig_fxp0="inet 192.168.1.1 netmask 255.255.255.0"
# defaultrouter="192.168.203.1"
# hostname="fxp0.inside-interface.com"
################## Inside Lan Network Configuration #############
# This makes sure that my inside interface fxp0 is recongnized as a
# network interface
# network_interfaces="fxp0 tl0 lo0"
ifconfig_tl0="DHCP"
hostname="arwuah.no-ip.com"
ntpdate_flags="clock.linuxshell.net"
ntpdate_enable="YES"
nfs_client_enable="YES"
nfs_reserved_port_only="YES"
sshd_enable="YES"
sshd_flags="-4"
ipfilter_enable="YES"
ipfilter_flags=""
ipmon_enable="YES"
ipmon_flags="-Dsvn"
ipnat_enable="YES"
icmp_drop_redirects="YES"
################## Basic System Configuration ##################
font8x8="/usr/share/syscons/fonts/iso07-8x8.fnt"
allscreens_flags="132x43"
keymap="us.pc-ctrl"
keyrate="fast"
kern_securelevel_enable="NO"
linux_enable="YES"
mousechar_start="3"
saver="fire"
scrnmap="NO"
usbd_enable="YES"
update_motd="NO"
moused_enable="NO"
moused_flags="-z 4 5"
moused_port="/dev/psm0"
moused_type="auto"
syslogd_flags="-ss"
##############################################################
### Mail Transfer Agent (MTA) options ######################
##############################################################
mta_start_script="/etc/rc.sendmail"
sendmail_enable="YES" # Run the sendmail inbound daemon (YES/NO/NONE).
sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission
sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO).
sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only)
sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m" # Flags for sendmail_msp_queue daemon.
# Enable named
named_enable="YES"
Changes made to /etc/sysctl.conf:
----------------------------------
# $FreeBSD: src/etc/sysctl.conf,v 1.1.2.3 2002/04/15 00:44:13 dougb Exp $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#
# Allow normal users to mount filesystems
vfs.usermount=1
# Disallow the viewing of other users processes
kern.ps_showallprocs=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.link.ether.bridge=1
net.link.ether.bridge_cfg="`ifconfig -l`"
# For vmware
kern.ipc.shm_allow_removed=1
Ok, now I need to setup a dhcp server incase more computers get added to the internal network. This way is one plugs an ethernet plug to the hub they shoudl automatically get an ip-addy.
I went over to bsdvault.net and fould a short little article, "Setting up a DHCP Server on FreeBSD 4.2.".
All I did was head over to /usr/ports/net/isc-dhcp3-server and ran the following commands:
$> make && make install
The current version as of this writing is: 3.0.1.r12
After installing I copied /usr/local/etc/dhcp.conf.sample to /usr/local/etc/dhcpd.conf and changed it to my liking.
The following were also added to /etc/rc.conf:
-----------------------------------------------
dhcpd_enable="YES"
dhcpd_flags="" # command option(s)
dhcpd_conf="/usr/local/etc/dhcpd.conf" # configuration file
dhcpd_ifaces="fxp0"
To allow for dhcpd log messages to be send to a different file I added the following to /etc/syslog.conf:
-----------------------------------------------------------------------
local7.* /var/log/dhcpd_logs
Saturday, May 22, 2004
My Slackware days
I was just on google and typed winful to see what it would come up with and low and behold I get a listing of posts I made when I was using slackware. This in 2001 when I made a post to alt.os.linux.slackware from my linux box asking how to clear and restore a terminal back to normal if it turned to garbage.
The response I received which works in bash/Bourne Again shell is to
echo -e '017', which clears everything. To distort the screen again echo -e '016'. The above commands are to "Switch Out" and "Switch In" in ASCII. I later figured that my terminal could also be cleared by simply typing "reset" at the terminal.
The response I received which works in bash/Bourne Again shell is to
echo -e '017', which clears everything. To distort the screen again echo -e '016'. The above commands are to "Switch Out" and "Switch In" in ASCII. I later figured that my terminal could also be cleared by simply typing "reset" at the terminal.
Lame Industries - Hybird 1 & 2, the rest maybe later
Ok. I am here at lameindustries. I read over the sites content and spoke with some folks on #lameindustries then decided to signup for an account.
After I signed up I passed level1/Hybrid1 with a breeze. It was a simple point and click cgi expolit.
Level 2 pass, xxx was in a secret folder. I would have found it faster but I did not have sound on my machine at the time of the level. Because of this I did not think to follow the path/music. Nonetheless, it was just as simple as level1/Hybrid1
After I signed up I passed level1/Hybrid1 with a breeze. It was a simple point and click cgi expolit.
Level 2 pass, xxx was in a secret folder. I would have found it faster but I did not have sound on my machine at the time of the level. Because of this I did not think to follow the path/music. Nonetheless, it was just as simple as level1/Hybrid1
Really "heated" right about now
I am feeling really heated right about now. I thought I could just shake the whole situation off and not deal about it, but the more I think about I feel unfairly treated.
I just received an email from one of the companies I interviewed with for an internship this past Tuesday, May 18th. It was not really the fact I did not get the intern but how I received a denial letter dated the day I had the interview. So what was the point for the interview if it was know before hand I was not to be considered given I qualified?
It could not be I did not qualify. This company came to my school for a career fair in which I watch other CS Majors just hand in their resumes and walked away. For my resume, the representative seemed more than interested in my resume and I quote, they said mine was one of the better resumes they look at whole at the fair. Mind you, this career fair was in late March. After waiting a few weeks and not hearing anything I phoned the lady who took my resume at the fair to follow up. It was said my resume was not yet forwarded and would be done as soon as possible. It was said they were still waiting to see if they were going to hire summer interns as it was not done for sometime now. Yet after a few more weeks, I thought of making another follow up call but did not want to seem like a pest so I did not call. Here is where thinks get interesting now that I think about it.
Came mid/late April someone from the CS department lands a full-time position at this company and the funny thing about this is that the interview was conducted over the phone. But see, this person knew someone at the company. How fascinating? From this I figured the company was not going to call me back. I mean I spoke with the two representatives for nearly 30mins while at the career fair. They were interested in my resume so apparently they were interested in me right? So, why even bother and be a pest?
Early May, while looking for other companies and luckily finding one to intern with I get a call from this company. This time from someone different, who said my resume was forwarded, but not from whom it was forwarded from. After hearing this message on my cell inbox, I must admit I was very excited. This was just before my Digital final; I remember it as clear as day. I ran to the lab to use the phone, but no one answered so I left a message. Low and behold I was contacted within the next three business days. We setup an interview for the 18th of May and I started preparing for possible interview questions in my head. After my final I jotted down some questions and pondered the rest while doing more research on the company by visiting their website.
As always, I arrive at my interviews early. For every interview I had this summer, two to count, I arrived an hour early and this interview was no different. I was an hour early before my interview and just waited around before my time. The people seemed really nice and it was interesting to note how my first interviewer was given a speech on open source and was impressed about the essay I wrote about the same topic when my freshman in school ended.
It just pisses me oof when I think about how I was being interviewed on the 18th and the damn denial notice was sent out on the 18th. This is the same day. To me it feels like they were not interested from the start or maybe they were, but when they saw me at the company I probably was not what they wanted. It could have been my attire, my mother never lets me leave the house a mess and neither would my girlfriend. She saw me before I left. Even my professors can attest to me wearing a suit or shirt & tie to classes on several occasions. I dressed for this occasion.
I highly doubt that it was a qualification issue. Besides, this was for an internship and not the purpose of a full-time position, at least not yet. My academics cover the position I was brought in for, Programmer Analyst. And, my interest and personal projects cover most of what I would have done as an intern.
I could keep going down the list. One more thing that tops it off is this: The denial letter says "If a suitable opening does occur in the near future, you will receive every possible consideration."
Let's think about this one. I would be a fool to believe the above is true. For one and one reason only, if a suitable opening does occur in the future and I was not selected for this internship opportunity which allows for (free labor + a change to get familiar with staff and the company or even runny errands), why would I even be highly considered in the future? What stopped them from highly considering me now? Fascinating…
After all this I sent this company (those involved with the interview) a thank you letter for their time and consideration a day after the interview and even after receiving the denial letter I sent a thank you to the source of the denial letter.
Everyone I told this to said "not me!”. So tell me, who said "it does not pay to be nice?"
I just received an email from one of the companies I interviewed with for an internship this past Tuesday, May 18th. It was not really the fact I did not get the intern but how I received a denial letter dated the day I had the interview. So what was the point for the interview if it was know before hand I was not to be considered given I qualified?
It could not be I did not qualify. This company came to my school for a career fair in which I watch other CS Majors just hand in their resumes and walked away. For my resume, the representative seemed more than interested in my resume and I quote, they said mine was one of the better resumes they look at whole at the fair. Mind you, this career fair was in late March. After waiting a few weeks and not hearing anything I phoned the lady who took my resume at the fair to follow up. It was said my resume was not yet forwarded and would be done as soon as possible. It was said they were still waiting to see if they were going to hire summer interns as it was not done for sometime now. Yet after a few more weeks, I thought of making another follow up call but did not want to seem like a pest so I did not call. Here is where thinks get interesting now that I think about it.
Came mid/late April someone from the CS department lands a full-time position at this company and the funny thing about this is that the interview was conducted over the phone. But see, this person knew someone at the company. How fascinating? From this I figured the company was not going to call me back. I mean I spoke with the two representatives for nearly 30mins while at the career fair. They were interested in my resume so apparently they were interested in me right? So, why even bother and be a pest?
Early May, while looking for other companies and luckily finding one to intern with I get a call from this company. This time from someone different, who said my resume was forwarded, but not from whom it was forwarded from. After hearing this message on my cell inbox, I must admit I was very excited. This was just before my Digital final; I remember it as clear as day. I ran to the lab to use the phone, but no one answered so I left a message. Low and behold I was contacted within the next three business days. We setup an interview for the 18th of May and I started preparing for possible interview questions in my head. After my final I jotted down some questions and pondered the rest while doing more research on the company by visiting their website.
As always, I arrive at my interviews early. For every interview I had this summer, two to count, I arrived an hour early and this interview was no different. I was an hour early before my interview and just waited around before my time. The people seemed really nice and it was interesting to note how my first interviewer was given a speech on open source and was impressed about the essay I wrote about the same topic when my freshman in school ended.
It just pisses me oof when I think about how I was being interviewed on the 18th and the damn denial notice was sent out on the 18th. This is the same day. To me it feels like they were not interested from the start or maybe they were, but when they saw me at the company I probably was not what they wanted. It could have been my attire, my mother never lets me leave the house a mess and neither would my girlfriend. She saw me before I left. Even my professors can attest to me wearing a suit or shirt & tie to classes on several occasions. I dressed for this occasion.
I highly doubt that it was a qualification issue. Besides, this was for an internship and not the purpose of a full-time position, at least not yet. My academics cover the position I was brought in for, Programmer Analyst. And, my interest and personal projects cover most of what I would have done as an intern.
I could keep going down the list. One more thing that tops it off is this: The denial letter says "If a suitable opening does occur in the near future, you will receive every possible consideration."
Let's think about this one. I would be a fool to believe the above is true. For one and one reason only, if a suitable opening does occur in the future and I was not selected for this internship opportunity which allows for (free labor + a change to get familiar with staff and the company or even runny errands), why would I even be highly considered in the future? What stopped them from highly considering me now? Fascinating…
After all this I sent this company (those involved with the interview) a thank you letter for their time and consideration a day after the interview and even after receiving the denial letter I sent a thank you to the source of the denial letter.
Everyone I told this to said "not me!”. So tell me, who said "it does not pay to be nice?"
``Making the world'' your own
This is a good site to read for system documentation. Since it is getting late I'll leave the URL to read up on at a later time. http://home.san.rr.com/freebsd/upgrade.html#TOC-548
Friday, May 21, 2004
"war-gamin"
Just registered my nick on irc.pulltheplug.com when I was on #vortex and I also registered the same nick while on eureka.rootxero.org (lameindustries)
Custom Kernel (SIDEKICK)
My Custom Kernel
machine i386
cpu I686_CPU
ident SIDEKICK
maxusers 0
options VFS_AIO
#
options IPFILTER
#
options IPFILTER_LOG
#
options IPFILTER_DEFAULT_BLOCK
options MATH_EMULATE #Support for x87 emulation
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options MFS #Memory Filesystem
options MD_ROOT #MD is a potential root device
options NFS #Network Filesystem
options NFS_ROOT #NFS usable as root device, NFS required
options MSDOSFS #MSDOS Filesystem
options NTFS #NTFS Filesystem
options NWFS #NetWare Filesystem
options NCP #NetWare Core Protocol
options CD9660 #ISO 9660 Filesystem
options CD9660_ROOT #CD-ROM usable as root, CD9660 required
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM # Rate limit bad replies
options KBD_INSTALL_CDEV # Install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options USER_LDT # Allow user-level control of i386 ldt
options SC_DISABLE_REBOOT # Disable reboot key sequence
options MAXDSIZ="(256*1024*1024)"
options MAXSSIZ="(256*1024*1024)"
options DFLDSIZ="(256*1024*1024)"
# To make an SMP kernel, the next two are needed
options SMP # Symmetric MultiProcessor Kernel
options APIC_IO # Symmetric (APIC) I/O
# To support HyperThreading, HTT is needed in addition to SMP and APIC_IO
# options HTT # HyperThreading Technology
device isa
device eisa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
device fd1 at fdc0 drive 1
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don't use the above line for fdc0 but the following one:
#device fdc0
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering
# SCSI Controllers
device ahc # AHA2940 and onboard AIC7xxx devices
device ahd # AHA39320/29320 and onboard AIC79xx devices
options SYM_SETUP_LP_PROBE_MAP=0x40
# Allow ncr to attach legacy NCR devices when
# both sym and ncr are configured
device adv0 at isa?
device adw
device bt0 at isa?
device aha0 at isa?
device aic0 at isa?
device ncv # NCR 53C500
device nsp # Workbit Ninja SCSI-3
device stg # TMC 18C30/18C50
# SCSI peripherals
device scbus # SCSI bus (required)
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
# RAID controllers interfaced to the SCSI subsystem
device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
device dpt # DPT Smartcache - See LINT for options!
device iir # Intel Integrated RAID
device mly # Mylex AcceleRAID/eXtremeRAID
device ciss # Compaq SmartRAID 5* series
# RAID controllers
device aac # Adaptec FSA RAID, Dell PERC2/PERC3
#device aacp # SCSI passthrough for aac (requires CAM)
device ida # Compaq Smart RAID
device amr # AMI MegaRAID
device mlx # Mylex DAC960 family
device twe # 3ware Escalade
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
options VESA
# splash screen/screen saver
pseudo-device splash
# Devices to use for snooping on shells
pseudo-device snp 7
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
# Enable this and PCVT_SIDEKICK for pcvt vt220 compatible console driver
#device vt0 at isa?
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
device apm0 at nexus? disable flags 0x20 # Advanced Power Management
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? disable port IO_COM3 irq 5
device sio3 at isa? disable port IO_COM4 irq 9
# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device tl # Texas Instruments ThunderLAN
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs.
# 'device ed' requires 'device miibus'
device ed0 at isa? disable port 0x280 irq 10 iomem 0xd8000
device ex
device ep
device fe0 at isa? disable port 0x300
# Xircom Ethernet
device xe
# PRISM I IEEE 802.11b wireless NIC.
device awi
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attachment needed
# and resources will always be dynamically assigned by the pccard code.
device wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those parameters here.
device an
# The probe order of these is presently determined by i386/isa/isa_compat.c.
device ie0 at isa? disable port 0x300 irq 10 iomem 0xd0000
#device le0 at isa? disable port 0x300 irq 5 iomem 0xd0000
device lnc0 at isa? disable port 0x280 irq 10 drq 0
device cs0 at isa? disable port 0x300
device sn0 at isa? disable port 0x300 irq 10
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device sl 1 # Kernel SLIP
pseudo-device ppp 1 # Kernel PPP
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
pseudo-device gif # IPv6 and IPv4 tunneling
pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
device uscanner # Scanners
device urio # Diamond Rio MP3 Player
# FireWire support
device firewire # FireWire bus code
device sbp # SCSI over FireWire (Requires scbus and da)
device fwe # Ethernet over FireWire (non-standard!)
# Sound
device pcm
# For Creative Labs SoundBlaster
device sbc
device sbc0 at isa? port 0x220 irq 5 drq 1 flags 0x15
# DRM options:
# mgadrm: AGP Matrox G200, G400, G450, G550
# tdfxdrm: 3dfx Voodoo 3/4/5 and Banshee
# r128drm: ATI Rage 128
# radeondrm: ATI Radeon up to 9000/9100
# DRM_DEBUG: include debug printfs, very slow
#
# mga requires AGP in the kernel, and it is recommended
# for AGP r128 and radeon cards.
# device mgadrm
# device "r128drm"
# device tdfxdrm
# options DRM_DEBUG
device radeondrm
machine i386
cpu I686_CPU
ident SIDEKICK
maxusers 0
options VFS_AIO
#
options IPFILTER
#
options IPFILTER_LOG
#
options IPFILTER_DEFAULT_BLOCK
options MATH_EMULATE #Support for x87 emulation
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options MFS #Memory Filesystem
options MD_ROOT #MD is a potential root device
options NFS #Network Filesystem
options NFS_ROOT #NFS usable as root device, NFS required
options MSDOSFS #MSDOS Filesystem
options NTFS #NTFS Filesystem
options NWFS #NetWare Filesystem
options NCP #NetWare Core Protocol
options CD9660 #ISO 9660 Filesystem
options CD9660_ROOT #CD-ROM usable as root, CD9660 required
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM # Rate limit bad replies
options KBD_INSTALL_CDEV # Install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options USER_LDT # Allow user-level control of i386 ldt
options SC_DISABLE_REBOOT # Disable reboot key sequence
options MAXDSIZ="(256*1024*1024)"
options MAXSSIZ="(256*1024*1024)"
options DFLDSIZ="(256*1024*1024)"
# To make an SMP kernel, the next two are needed
options SMP # Symmetric MultiProcessor Kernel
options APIC_IO # Symmetric (APIC) I/O
# To support HyperThreading, HTT is needed in addition to SMP and APIC_IO
# options HTT # HyperThreading Technology
device isa
device eisa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
device fd1 at fdc0 drive 1
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don't use the above line for fdc0 but the following one:
#device fdc0
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering
# SCSI Controllers
device ahc # AHA2940 and onboard AIC7xxx devices
device ahd # AHA39320/29320 and onboard AIC79xx devices
options SYM_SETUP_LP_PROBE_MAP=0x40
# Allow ncr to attach legacy NCR devices when
# both sym and ncr are configured
device adv0 at isa?
device adw
device bt0 at isa?
device aha0 at isa?
device aic0 at isa?
device ncv # NCR 53C500
device nsp # Workbit Ninja SCSI-3
device stg # TMC 18C30/18C50
# SCSI peripherals
device scbus # SCSI bus (required)
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
# RAID controllers interfaced to the SCSI subsystem
device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
device dpt # DPT Smartcache - See LINT for options!
device iir # Intel Integrated RAID
device mly # Mylex AcceleRAID/eXtremeRAID
device ciss # Compaq SmartRAID 5* series
# RAID controllers
device aac # Adaptec FSA RAID, Dell PERC2/PERC3
#device aacp # SCSI passthrough for aac (requires CAM)
device ida # Compaq Smart RAID
device amr # AMI MegaRAID
device mlx # Mylex DAC960 family
device twe # 3ware Escalade
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
options VESA
# splash screen/screen saver
pseudo-device splash
# Devices to use for snooping on shells
pseudo-device snp 7
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
# Enable this and PCVT_SIDEKICK for pcvt vt220 compatible console driver
#device vt0 at isa?
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
device apm0 at nexus? disable flags 0x20 # Advanced Power Management
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? disable port IO_COM3 irq 5
device sio3 at isa? disable port IO_COM4 irq 9
# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device tl # Texas Instruments ThunderLAN
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs.
# 'device ed' requires 'device miibus'
device ed0 at isa? disable port 0x280 irq 10 iomem 0xd8000
device ex
device ep
device fe0 at isa? disable port 0x300
# Xircom Ethernet
device xe
# PRISM I IEEE 802.11b wireless NIC.
device awi
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attachment needed
# and resources will always be dynamically assigned by the pccard code.
device wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those parameters here.
device an
# The probe order of these is presently determined by i386/isa/isa_compat.c.
device ie0 at isa? disable port 0x300 irq 10 iomem 0xd0000
#device le0 at isa? disable port 0x300 irq 5 iomem 0xd0000
device lnc0 at isa? disable port 0x280 irq 10 drq 0
device cs0 at isa? disable port 0x300
device sn0 at isa? disable port 0x300 irq 10
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device sl 1 # Kernel SLIP
pseudo-device ppp 1 # Kernel PPP
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
pseudo-device gif # IPv6 and IPv4 tunneling
pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
device uscanner # Scanners
device urio # Diamond Rio MP3 Player
# FireWire support
device firewire # FireWire bus code
device sbp # SCSI over FireWire (Requires scbus and da)
device fwe # Ethernet over FireWire (non-standard!)
# Sound
device pcm
# For Creative Labs SoundBlaster
device sbc
device sbc0 at isa? port 0x220 irq 5 drq 1 flags 0x15
# DRM options:
# mgadrm: AGP Matrox G200, G400, G450, G550
# tdfxdrm: 3dfx Voodoo 3/4/5 and Banshee
# r128drm: ATI Rage 128
# radeondrm: ATI Radeon up to 9000/9100
# DRM_DEBUG: include debug printfs, very slow
#
# mga requires AGP in the kernel, and it is recommended
# for AGP r128 and radeon cards.
# device mgadrm
# device "r128drm"
# device tdfxdrm
# options DRM_DEBUG
device radeondrm
Pulltheplug.com
I was just on hackerslab.org and followed the link to pulltheplug.com. Pulltheplug.com like hackerslab.org also provides war-games for users to better learn computer security through hands on experience.
This is my first time at pulltheplug.com so I have to start from the beginnig. This seems a little more involved than hackerslab.org being that you have to figure out the login and pass to even continue. It is not given right off like hackerslab.org.
This is my first time at pulltheplug.com so I have to start from the beginnig. This seems a little more involved than hackerslab.org being that you have to figure out the login and pass to even continue. It is not given right off like hackerslab.org.
Thursday, May 20, 2004
Getting Started, it has been a while
It has been some time now since I created this blog and yet I have not written anything.
I take it that my FreeBSD system is not going to last too long so I need to start moving faster and document my system setup, just in case my Harddrives "kick the bucket." I have made many modifications to the system since I installed FreeBSD 4.9-Release a week after it came out. I know pretty soon I may be upgrading to the 5.0-Release once it becomes stable, but for now lets get to documentating and backing up important system configuration files.
System Information
I have a custom build machine that houses the following components inside of a Antec PLUS1080AMG Metallic Gray SOHO file server.
RAM: Real Memory = 536870912 (524288K bytes), aka 512MB.
Hard Drives:
I/O Media:
System Tuning
I take it that my FreeBSD system is not going to last too long so I need to start moving faster and document my system setup, just in case my Harddrives "kick the bucket." I have made many modifications to the system since I installed FreeBSD 4.9-Release a week after it came out. I know pretty soon I may be upgrading to the 5.0-Release once it becomes stable, but for now lets get to documentating and backing up important system configuration files.
System Information
I have a custom build machine that houses the following components inside of a Antec PLUS1080AMG Metallic Gray SOHO file server.
RAM: Real Memory = 536870912 (524288K bytes), aka 512MB.
Hard Drives:
- ad0: 57241MB
[116301/16/63] at ata0-master UDMA33 - ad1: 114473MB
[232581/16/63] at ata0-slave UDMA33 - ad6: 76319MB
[155061/16/63] at ata3-master UDMA100
I/O Media:
- acd0: DVD-ROM
- acd1: CD-RW
- sbc1: Sound Card
- fdc0: Floppy
System Tuning
- Partitioning
I have one hard drive that I dedicate espicially to FreeBSD, and here is the modified output from fstab and mount:
Device | Mountpoint | Size |
/dev/ad6s1b | none | |
/dev/ad6s1h | none | |
/dev/ad6s1a | / | 500 Megabytes |
/dev/ad6s1d | /home | 4.0 Gigabytes |
/dev/ad6s1f | /tmp | 200 Megabytes |
/dev/ad6s1g | /usr | 33 Gigabytes |
/dev/ad6s1e | /var | 400 Megabytes |
/dev/ad6s2e | /storage | 34 Gigabytes |
Subscribe to:
Posts (Atom)
Blog Archive
-
►
2006
(2)
- ► 07/02 - 07/09 (2)
-
►
2005
(19)
- ► 12/04 - 12/11 (2)
- ► 11/13 - 11/20 (1)
- ► 11/06 - 11/13 (2)
- ► 07/17 - 07/24 (1)
- ► 05/22 - 05/29 (1)
- ► 04/17 - 04/24 (4)
- ► 04/03 - 04/10 (1)
- ► 03/27 - 04/03 (3)
- ► 03/20 - 03/27 (1)
- ► 03/06 - 03/13 (1)
- ► 02/27 - 03/06 (1)
- ► 02/06 - 02/13 (1)
-
▼
2004
(47)
- ► 11/28 - 12/05 (1)
- ► 10/31 - 11/07 (1)
- ► 10/17 - 10/24 (2)
- ► 09/19 - 09/26 (4)
- ► 09/12 - 09/19 (2)
- ► 09/05 - 09/12 (1)
- ► 08/29 - 09/05 (1)
- ► 08/22 - 08/29 (6)
- ► 08/15 - 08/22 (1)
- ► 08/08 - 08/15 (3)
- ► 08/01 - 08/08 (6)
- ► 07/25 - 08/01 (7)
- ► 05/23 - 05/30 (3)