Running a FreeBSD server with jails

[wlanboy]

how about running your own xmpp server on freebsd? thanks and your tutorials really helped me alot.

I use ejabberd - would that be enough?

 

[juan]

I use ejabberd - would that be enough?

that's perfect, if you can include which port to open also on pf. thanks a lot!

 

[wlanboy]

that's perfect, if you can include which port to open also on pf. thanks a lot!

1. Change to ports dir und build it


cd /usr/ports/net-im/ejabberd
make install

2. Change the config to what you need


nano /usr/local/etc/ejabberd/ejabberd.cfg

3. Start server and check status


/usr/local/sbin/ejabberdctl start
/usr/local/sbin/ejabberdctl status

4. Add admin user


/usr/local/sbin/ejabberdctl register [admin name] [domain] [password]

5. Autostart ejabberd


echo 'ejabberd_enable="YES"' >> /etc/rc.conf

6. Open three ports in pf for ejabberd


5222: client to server
5269: server to server
5280: http admin interface

Also:

nano /etc/pf.conf

tcp_pass = "{ 5222 5269 5280 }"
pass in on $external_if proto tcp from any to any port $tcp_pass flags

 

[peterw]

Can you add information about installing a dns server on freebsd?

 

[blergh]

@peterw,

It would be the exact same as running/doing it on Linux, use something like powerdns and voilá

 

[NodeworksIX]

Thanks so much for this great tutorial.  I used to admin FreeBSD back in the 4.x days and haven't touched it since 5.x -- this gave me a little something to play with to get familiar with it again.  Quite a few things have changed... mostly for the better!

 

[wlanboy]

Quite a few things have changed... mostly for the better!

That was my first impression too.

I enjoy my FreeBSD server and want to encourage others to give FreeBSD a break.

 

[peterw]

Things changed in FreeBSD 10. Why do they removed pkg_add? Any replacement known?

 

[bauhaus]

Things changed in FreeBSD 10. Why do they removed pkg_add? Any replacement known?

Try pkg or pkgng, not quite sure wich one is.

 

[wlanboy]

Things changed in FreeBSD 10. Why do they removed pkg_add? Any replacement known?

It is not part of the images - don't know why - but you can install it.

Try pkg or pkgng, not quite sure wich one is.

Correct:


pkg
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]:

After that pkg_add is available again.

 

[peterw]

It is not part of the images - don't know why - but you can install it.

I was lost because I did  not know how to install pkg_add without pkg_add. I should have called pkg to see what happens. Thank you.

 

[vRozenSch00n]

@wlanboy A little bit off topic, I need your help. I'd like to install a USB broadband CDMA modem for my PC-BSD, but the USB device is recognized as a CD/DVD. I tried Mr. Google but I can't find a tutorial. At the moment, the only way I can connect to the internet from my PC-BSD is through a router that has a connection to the internet. Could you please make a tutorial on this? Thanks.

 

[wlanboy]

Could you please make a tutorial on this? Thanks.

I may first add some words and - if needed - add a tutorial later.

This is a common problem of USB modems that use Zero-CD to make the installation of drivers simple for windows users.

The device itself does add a second usb device (virtual cd) which is "flipped" if the driver is allready installed.

My modem is detected as umass0 (or ugen0 for older models).

FreeBSD 10 does have most drivers on board so add them:


nano /boot/loader.conf

u3g_load="YES"
umass_load="YES"

Then use "kldstat" to reload all modules - or simply restart the pc.

Then you are able to list all usb devices (the ones BSD knows):


usbdevs -v

port 1 addr 3: full speed, power 100 mA, config 1, USB MMC Storage(0x1000),
Qualcomm, Incorporated(0x05c6), rev 0.00

We need two ids: vendor = 0x05c6 and product = 0×1000.

Now we have to check for some additional information for the SCSI device:


camcontrol devlist

<ZCOPTION HSDPA Modem 3.00> at scbus8 target 0 lun 0 (pass0,cd0)

No we have to create a config file to pass this device (like the windows driver does):


nano /etc/devd/usbmodem.conf

Content:


attach 100 {
match "device-name" "umass[0-9]+";
match "vendor" "0x05c6";
match "product" "0x1000";
match "devclass" "0x00";
action "sleep 3; /sbin/camcontrol cmd `/sbin/camcontrol devlist | /usr/bin/grep Option | /usr/bin/awk '{match($10, /pass[0-9]+/); print substr($10, RSTART, RLENGTH) }'` -c '01 00 00 00 00 00' -i 1 i1 > /dev/null";
};

The action part is the one that needs some cutting.

The command should be:


camcontrol cmd cd0 -c "01 00 00 00 00 00" -i 1 i1

Now we have to restart the dev daemon:


/etc/rc.d/devd restart
Stopping devd.
Starting devd.

Afterwards the real usb device (modem) pops up.

Simple solution:

• Google for "disable zero-cd [modeln ame] at command"
• Use windows to disable the zero-cd
• Use the modem without any hassle

 

[vRozenSch00n]

@wlanboy thanks a lot I'll try your directive and I'll post the result later.

 

[wlanboy]

If someone is running FreeBSD on his laptop this command is the easiest way to check the battery status:


sysctl hw.acpi.battery

Output:


hw.acpi.battery.life: 100
hw.acpi.battery.time: -1
hw.acpi.battery.state: 0
hw.acpi.battery.units: 1
hw.acpi.battery.info_expire: 5

Quite easy to parse this and send notifications.

 

[andrewm659]

How would you configure it if you wanted each jail to have a routable interface on the same network as the host?  This is where i'm getting confused.

If someone is running FreeBSD on his laptop this command is the easiest way to check the battery status:


sysctl hw.acpi.battery

Output:


hw.acpi.battery.life: 100
hw.acpi.battery.time: -1
hw.acpi.battery.state: 0
hw.acpi.battery.units: 1
hw.acpi.battery.info_expire: 5

Quite easy to parse this and send notifications.

 

[wlanboy]

How would you configure it if you wanted each jail to have a routable interface on the same network as the host?  This is where i'm getting confused.

Define a free IP address to your jail.

You can add the device to the IP address:


ip4.addr = re0|192.168.11.20/24;

Another option would be to define the interface:

export jail_web_interface="re1"

 

[andrewm659]

ok, would re1 be my virtual interface? 

root@monitoring01:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 00:0c:29:d1:a2:fb
        inet 10.150.1.90 netmask 0xffffff00 broadcast 10.150.1.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo10: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 10.150.1.201 netmask 0xffffff00
        inet 10.150.1.202 netmask 0xffffff00
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@monitoring01:~ #
 

 

[wlanboy]

ok, would re1 be my virtual interface? 

Why not?

 

[andrewm659]

Well from your previous post it looks like re1 would be physical interface....or would it?  I mean it could really be either.  So my thought process says to add it like you would to a virtual hosted apache instance.  Where you apply the IP address to the virtual host and continue to use the mgmt IP to get into the main server.  Am I right in this being the way I want to go?  Is there something I need to do to the routing on the local server?  I am still new to FreeBSD.  I like it.  it forces me to learn. 

Thanks in advance!