Network Administration with FreeBSD 7 Building, securing, and maintaining networks with the FreeBSD operating system Babak Farrokhi BIRMINGHAM - MUMBAI Network Administration with FreeBSD 7 Copyright © 2008 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: April 2008 Production Reference: 1070408 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847192-64-6 www.packtpub.com Cover Image by Nilesh Mohite ([email protected]) Credits Author Project Coordinator Babak Farrokhi Abhijeet Deobhakta Reviewer Indexer Roman Bogorodskiy Hemangini Bari Acquisition Editor Proofreader Rashmi Phadnis Nina Hasso Technical Editor Production Coordinator Della Pradeep Aparna Bhagat Editorial Team Leader Cover Work Mithil Kulkarni Aparna Bhagat Project Manager Abhijeet Deobhakta About the Author Babak Farrokhi is an experienced UNIX system administrator and Network Engineer who worked for 12 years in the IT industry in carrier-level network service providers. He discovered FreeBSD around 1997 and since then he has been using it on a daily basis. He is also an experienced Solaris administrator and has extensive experience in TCP/IP networks. In his spare time, he contributes to the open source community and develops his skills to keep himself in the cutting edge. You may contact Babak at [email protected] and his personal website at http://farrokhi.net/ I would like to thank my wife, Hana, for being the source of inspiration in my life. Without her support and patience I could not finish this project. Next I'd like to thank the Technical Reviewer of the book, Roman Bogorodskiy ([email protected]) for his thorough review, great suggestions, and excellent notes that helped me to come up with the chapters even better. I also want to thank PACKT and everyone I worked with, Priyanka Baruah,Abhijeet Deobhakta, Rashmi Phadnis, Patricia Weir, Della Pradeep and others for their patience and cooperation. Without their help I could not turn my scattered notes into a professional looking book. About the Reviewer Roman Bogorodskiy lives in Russia, Saratov. He is a student of the Mechanics and Mathematics faculty at the Saratov State University. At the time of writing, he was working on a diploma project. He is working as a Software Engineer in the one of the biggest ISPs of his hometown. He takes part in various open source projects and got his FreeBSD commit bit back in 2005. Table of Contents Preface 1 Chapter 1: System Configuration—Disks 7 Partition Layout and Sizes 7 Swap 9 Adding More Swap Space 10 Swap Encryption 12 Softupdates 12 Snapshots 13 Quotas 15 Assigning Quotas 16 File System Backup 18 Dump and Restore 18 The tar, cpio, and pax Utilities 22 Snapshots 23 RAID-GEOM Framework 24 RAID0—Striping 24 RAID1—Mirroring 26 Disk Concatenation 27 Summary 28 Chapter 2: System Configuration—Keeping it Updated 29 CVSup—Synchronizing the Source Code 30 Tracking –STABLE 31 Tracking –CURRENT 33 Ports Collection 34 Tracking Ports 34 Portsnap 35 Security Advisories 36 VuXML—Vulnerability Database 37 Table of Contents CVS Branch Tag 37 Customizing and Rebuilding Kernel 38 Rebuilding World 40 Binary Update 42 Recovering from a Dead Kernel 43 Summary 45 Chapter 3: System Configuration—Software Package Management 47 Ports and Packages 48 The Legacy Method 48 Software Directories 49 Packages 49 Ports 51 Package Management Tools 55 Portupgrade 56 portinstall 56 pkg_deinstall 57 portversion 58 pkg_which 59 portsclean 59 Portmaster 60 Summary 60 Chapter 4: System Configuration—System Management 63 Process Management and Control 63 Processes and Daemons 64 Getting Information about Running Processes—ps, top, and pgrep 65 Sending Signals to Running Processes—kill, killall, and pkill 67 Prioritizing Running Processes—nice and renice 68 Resource Management and Control 69 System Resource Monitoring Tools—vmstat, iostat, pstat, and systat 69 Process Accounting 72 Summary 73 Chapter 5: System Configuration—Jails 75 Concept 75 Introduction 76 Setting Up a Jail 77 Configuring the Host System 78 Starting the Jail 80 Automatic Startup 81 Shutting Down Jails 82 Managing Jails 82 [ ii ] Table of Contents. Jail Security 84 Jail Limitations 85 Summary 85 Chapter 6: System Configuration—Tuning Performance 87 Tweaking Kernel Variables using SYSCTL 88 Kernel 89 SMP 91 Disk 92 File limits 92 I/O Performance 92 RAID 93 Network 94 TCP Delayed ACK 94 RFC 1323 Extensions 95 TCP Listen Queue Size 95 TCP Buffer Space 95 Network Interface Polling 96 The /etc/make.conf file 97 CPUTYPE 97 CFLAGS and COPTFLAGS 98 The /boot/loader.conf file 98 Summary 99 Chapter 7: Network Configuration—Basics 101 Ifconfig Utility 101 Configuring IP Address 106 Configuring Layer2 Address 107 Configuring IPX 107 Configuring AppleTalk 108 Configuring Secondary (alias) IP Addresses 109 Configuring Media Options 110 Configuring VLANs 112 Advanced ifconfig Options 113 Hardware Offloading 114 Promiscuous Mode 115 MTU 116 ARP 116 Static ARP 117 Monitor Mode 118 Configuring Fast EtherChannel 118 Default Routing 119 Name Resolution 120 [ iii ]