Archives for posts with tag: freebsd


Excellent laptop for having a wireless chip which is compatible with stock Debian and FreeBSD installation! This is one of the first hardware I have come across where the OS detected the wireless chip during installation.

Next, I used UEFI based dual boot installation and had to manually add the Debian entry in the BIOS setup. FreeBSD EFI partition got detected out of the box, sweet!

The hardware list from lspci on Debian:

00:00.0 Host bridge: Intel Corporation Broadwell-U Host Bridge -OPI (rev 09)
00:02.0 VGA compatible controller: Intel Corporation Broadwell-U Integrated Graphics (rev 09)
00:03.0 Audio device: Intel Corporation Broadwell-U Audio Controller (rev 09)
00:04.0 Signal processing controller: Intel Corporation Broadwell-U Camarillo Device (rev 09)
00:14.0 USB controller: Intel Corporation Wildcat Point-LP USB xHCI Controller (rev 03)
00:16.0 Communication controller: Intel Corporation Wildcat Point-LP MEI Controller #1 (rev 03)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection (3) I218-LM (rev 03)
00:1b.0 Audio device: Intel Corporation Wildcat Point-LP High Definition Audio Controller (rev 03)
00:1c.0 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #1 (rev e3)
00:1c.3 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #4 (rev e3)
00:1c.4 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #5 (rev e3)
00:1d.0 USB controller: Intel Corporation Wildcat Point-LP USB EHCI Controller (rev 03)
00:1f.0 ISA bridge: Intel Corporation Wildcat Point-LP LPC Controller (rev 03)
00:1f.2 SATA controller: Intel Corporation Wildcat Point-LP SATA Controller [AHCI Mode] (rev 03)
00:1f.3 SMBus: Intel Corporation Wildcat Point-LP SMBus Controller (rev 03)
01:00.0 SD Host controller: O2 Micro, Inc. SD/MMC Card Reader Controller (rev 01)
02:00.0 Network controller: Qualcomm Atheros QCA9565 / AR9565 Wireless Network Adapter (rev 01)


On Debian everything works fine, but you might want to remove the intel xorg driver(xserver-xorg-video-intel), as that is for hardware older than 2007, with the old driver installed the graphics were not that smooth and the CPU utilization increased.

Other than this I was unable to suspend to RAM when HT was disabled. Enabling HT in BIOS would solve this.

On FreeBSD, the integrated GPU is not yet supported :(, so just command line for now).

Will consider Dell again for my computing.

While many speak of web servers like Apache or NginX, I wanted to try out lighttpd, I disliked the way NginX Inc is releasing its product, which is Open Core. I prefer something which is completely Libre.

The aim is to deploy Zerobin with whatever PHP version was available on FreeBSD 11. The installation of zerobin itself is simple, we just have to extract the package in the document root of the web server.

Install the required packages:

# pkg install php70 lighttpd

You might want to install php7-gd package in case you are using the gd module.

Once installed, configure lighttpd, there are a few quirks of lighttpd to make it work.

In file /usr/local/etc/lighttpd/lighttpd.conf

Disable IPv6.

server.use-ipv6 = “disable”

If you don’t disable IPv6 when your node is not using it, you will get error messages like “protocol not supported”.

Next, bind the webserver to listen on server IP address and change the server root value if you want to change the default.

server.bind = “”

We will be using fastcgi module of lighttpd, enable that by un-commenting the entry from /usr/local/etc/lighttpd/modules.conf:

include “conf.d/fastcgi.conf”

Next, enable the lighttpd FastCGI module to point to php-cgi binary, edit the file /usr/local/etc/lighttpd/conf.d/fastcgi.conf, uncomment the block starting from “fastcgi.server =”, also change the value of “bin-path” directive as we will be making changes related to the value here.

fastcgi.server = ( “.php” =>
( “php-local” =>
“socket” => socket_dir + “/php-fastcgi-1.socket”,
“bin-path” => server_root + “/bin/php-cgi”,
“max-procs” => 1,
“broken-scriptfilename” => “enable”,
( “php-tcp” =>
“host” => “”,
“port” => 9999,
“check-local” => “disable”,
“broken-scriptfilename” => “enable”,

( “php-num-procs” =>
“socket” => socket_dir + “/php-fastcgi-2.socket”,
“bin-path” => server_root + “/bin/php-cgi”,
“bin-environment” => (
“max-procs” => 5,
“broken-scriptfilename” => “enable”,

If you have not changed the value of “bin-path”  like above or according to the value of “var.server_root” (in /usr/local/etc/lighttpd/lighttpd.conf)  , you will see following errors during lighttpd startup in the file /var/log/lighttpd/error.log:

2016-10-20 19:35:13: (log.c.216) server started
2016-10-20 19:35:13: (mod_fastcgi.c.1133) the fastcgi-backend /usr/local/www/data/us
r/local/bin/php-cgi failed to start:
2016-10-20 19:35:13: (mod_fastcgi.c.1137) child exited with status 2 /usr/local/www/
2016-10-20 19:35:13: (mod_fastcgi.c.1140) If you’re trying to run your app as a Fast
CGI backend, make sure you’re using the FastCGI-enabled version.\nIf this is PHP on
Gentoo, add ‘fastcgi’ to the USE flags.

You see that the path the configuration takes is by appending the value to server_root value, which is wrong.

For my configuration to work I had to have set ‘var.server_root = “/usr/local” ‘.

Once the above config changes are done, untar the zerobin package in the document root, which is by default set to ‘/usr/local/www/data’, and change the owner and group to ‘www’.

chown -R www:www /usr/local/www/data



Install Redmine, Apache, MySQL, and the passenger module(rubygem-passenger).

# pkg install redmine apache24 mysql56-server mysql56-client rubygem-passenger

Things to note about locations where we will place files and edit them:

Installation directory of Redmine:


Redmine Config directory:


Apache virtualhost directory:


Next start MySQL :

# service mysql-server onestart

Create the necessary DB, user for Redmine and grant privileges:

CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'my_password';
GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';

In the above commands change the password, database name, and user name for your setup.

DB Data load:

Load DB dump data from taken from old Redmine instance to the new as root user:

# mysql -u REDMINE_USER -p < DB_DUMP_FILENAME_here.sql

You might need to add the line “USE REDMINE_DB_NAME;” to the .sql file, like for the above one “USE redmine;” to the top of the .sql dump file as the script might not have statement to select what DB to populate.

Redmine configuration:

Copy old database.yaml file and change adapter type to ‘mysql2’ from ‘mysql’, under config directory of Redmine.
Copy the old configuration.yaml file under config directory of Redmine.
Copy the attachments directory(named files) from old installation to new installation directory.

After above ran follow below guide to upgrade the DB schema, generate new session token, etc.

Apache virtual hosts configuration:

I followed the message posted when the passenger module got installed.

Copy the following under a any file ending with extension .conf, like redmine.conf under Apache Includes directory:

#Redirect all http requests to https

<VirtualHost *:80>
        Redirect /   <= Replace with FQDN or the IP address of your server/service.

#Enable server to listen on TCP port 443
Listen 443

<VirtualHost *:443>

        #Load SSL module and enable SSL using certificates
        LoadModule ssl_module libexec/apache24/
        SSLEngine on
        SSLCertificateFile "/usr/local/etc/apache24/FQDN_NAME.crt"
        SSLCertificateKeyFile "/usr/local/etc/apache24/FQDN_NAME.key"

        #Load Passenger module and point to Ruby and Gems
        LoadModule passenger_module /usr/local/lib/ruby/gems/2.2/gems/passenger-5.0.28/buildout/apache2/mod_passenger.s
        PassengerRoot /usr/local/lib/ruby/gems/2.2/gems/passenger-5.0.28
        PassengerRuby /usr/local/bin/ruby22

    # This is the passenger config
    RailsEnv production
    PassengerDefaultUser www
    DocumentRoot /usr/local/www/redmine/public/
    <Directory "/usr/local/www/redmine/public/">
        Allow from all
        Options -MultiViews
        Require all granted

Finally run the mysql_secure_installation script to disable remote root user login.
Start Apache process and add it and MySQL services in /etc/rc.conf file to start at boot time:

service apache24 onestart

sysrc mysql_enable="YES"
sysrc apache24_enable="YES

This will ensure that Redmine starts up during boot, when Apache and MySQL are running.

I faced an issue where the email notifications were not working, for this check the configuration.yaml file for issues with the Redmine wiki, in my case the file from previous installation had incorrect settings.

You want to download an application/game package for your FreeBSD PC, without internet it is hard on *BSD or, GNU/Linux unless you have the software on discs.

This made me to resolve to write a basic shell script to download a package and its dependencies for a FreeBSD 10 machine. As this is the OS I am using day to day.

However, when I started dwelling deeper I noticed FreeBSD’s pkg already had it covered!  🙂

You need following:

  1. A FreeBSD PC which is connected to internet, the architecture must match that of the target where you want to install the packages.
  2. pkg installed on this internet machine running FreeBSD.
  3. root privileges on this machine
  4.  A storage medium to transfer packages from this machine to another.


With above ready you can then use the following command to download a package and its dependencies.

# mkdir /root/off-pac

# pkg fetch   -d -o  /root/off-pac   vlc

Updating FreeBSD repository catalogue…
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following packages will be fetched:

New packages to be FETCHED:




libdvbpsi-1.2.0 (0.09% of 118 MiB: 104 KiB)
opus-1.1.1_1 (0.20% of 118 MiB: 243 KiB)

The process will require 118 MiB more space.
118 MiB to be downloaded.

Proceed with fetching packages? [y/N]:

That is it!

This will download all packages necessary to install vlc. Now you  need to transfer the directory /root/off-pac to your storage medium and install the application on your FreeBSD PC which is not connected to internet.

This is easier than I was expecting, I wonder what I can do for Debian similarly.

Update[10 March 2016]:

There is a gotcha which I had not covered as I had not faced it ;), the default FreeBSD repository is pointed to the quarterly release branch, that is applications are updated once in three months or so.

But as the RELEASE disc comes with a fixed package set, using applications from the quarterly can cause issues, especially with the dependencies. It is better to stick to the RELEASE repository.

In my example I had tried this on FreeBSD RELEASE 10.2, but some of the libraries were old by the time I started downloading packages from the official quarterly repository.

This is simple to solve as pkg in FreeBSD supports configuring and use of multiple repositories.

How to configure this:

Find out the release URI for the FreeBSD version you want packages for by visiting

In my case the OS was 64 bit and RELEASE 10.2, so I noted the following URI:

Copy the default pkg repository at /etc/pkg/FreeBSD.conf config to /usr/local/etc/pkg/repos/r102.conf

I choose r102.conf, it could be any arbitrary name. But must end with .conf! Choose something meaningful 🙂

cp /etc/pkg/FreeBSD.conf /usr/local/etc/pkg/repos/r102.conf

Now edit the r102.conf file replace the url variable and it would look something like this:

r102: {
url: “pkg+${ABI}/release_2“,
enabled: true,
signature_type: “fingerprints”,
fingerprints: “/usr/share/keys/pkg”,
mirror_type: “srv”

Refresh the repository cache:

pkg update

You can now install applications from this repository:

pkg install-r r102 vlc

Now to fetch packages from this repository, use the -r switch, like:

pkg fetch   -d -o  /root/off-pac  -r r102  vlc

What this does is it downloads vlc from the repository configured in r102. The packages downloaded like this should be compatible with the libraries you might have installed using the RELEASE disc.

Continuing with the previous blog where we learned how to create a Jail on FreeBSD 10 without internet, here we will see two ways to provide internet access to the Jail one using PF(employing the NAT feature) and another where we piggy back a host interface(FreeBSD aliases the interface).


First the easy one(without NAT):

This is easy, while creating a Jail just use the host network interface and select an available IP from the same subnet as the host is on. Following is a logical representation of our setup.

Logical diagram of what we will achieve.

To start with, first determine the interface you want to use:


Sample output:

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 08:00:27:57:37:49
inet6 fe80::a00:27ff:fe57:3749%em0 prefixlen 64 scopeid 0x1
inet netmask 0xffffff00 broadcast

ether 08:00:27:63:4f:4b
inet netmask 0xffffff00 broadcast
inet netmask 0xffffffff broadcast vhid 1
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

On my PC em0 is the interface I would like to place my jail, as that is connected to internet.

So create a jail like:

# ezjail-admin create YOUR-jail-name ‘em0|

By default ping is disabled on Jails, try using telnet to connect to one of the public websites.

In the following example I am sending a GET request on on TCP:80(http) from the Jail, after getting its IP address:

# ezjail-admin console your-jail-name

Jail shell> host has address mail is handled by 10

Jail shell> telnet 80
Connected to
Escape character is ‘^]’.
<title>302 Found</title>
<p>The document has moved <a href=””>here</a&gt;.</p>
<address>Apache/2.4.7 Server at Port 80</address>
Connection closed by foreign host.

It works! 🙂

You can now install applications from internet and further configure the Jail, but first add a nameserver by creating a new /etc/resolv.conf 😉


We can extend on this method to attach multiple IP addresses of different networks to the jail.


Let say you want to use both em0 and em1 with different IP addresses:

ezjail-admin create YOUR-jail-name ‘em0|,em1|

This attaches two new IP address to the respective interfaces and the Jail becomes accessible from both subnets(,

The above methods works if you have spare IP addresses, what if you have limited IP addresses and/or you want to isolate the Jails on a separate subnet?

Well that is when NAT comes into picture.

Read more about it at wikipedia =>

Internet connectivity for Jails with NAT(using PF):

NAT is useful when you want to isolate the jails/hosts completely on a private subnet.
And/or, you have limited public IP addresses and want to share it among different Jails.

By following this guide you will achieve something like below:







In the above diagram the Jails are restricted to subnet, they cannot reach other networks on their own. In order to reach internet(or other subnets) we NAT the outgoing connection using the host as the gateway, which causes the outgoing connections to appear as originating from the host. For hosts on subnets 10. and 192. if a jail contacts them then the connection appears to come and respectively which is not their actual IP address!

First we need to prepare the host to act as a gateway and as router which NATs the connections(firewall/packet filtering is optional).

Enable the host system to act as a gateway:

# sysctl net.inet.ip.forwarding=1

To forward IPv6 traffic, use:

# sysctl net.inet6.ip6.forwarding=1

To enable these settings at system boot(and make them permanent), add the following to /etc/rc.conf:

gateway_enable=”YES” #for ipv4
ipv6_gateway_enable=”YES” #for ipv6

Now we create a cloned interface which the jails will user and later enable NAT using PF.

Clone the loopback interface on which the jails will communicate:

In /etc/rc.conf add:


Then on the host:

# service netif cloneup

If no error is shown then lo1 is created, if you would like to confirm, run ifconfig on host.

Next create a jail with this new interface and an IP address:

# ezjail-admin create your-jail ‘lo1|

Start the Jail:

# ezjail-admin onestart your-jail

If no errors are shown, your-jail is running attached to lo1, check using ifconfig:

lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet netmask 0xffffffff

However, this jail cannot reach internet, the final step is to enable NAT. I am using PF here as it is very easy to configure, configuring IPFW for NAT with stateful filtering is hard.

To enable PF add following in /etc/rc.conf:


There are bunch of other things you can enable, refer the manual for these, I am trying to keep this how to simple. 😉

Next run:

# service pf start

By default PF reads the filtering rules and configuration from /etc/pf.conf. We will be making the bare minimum changes required for NAT here.

For my environment I had to add following in /etc/pf.conf:

#Declare the interfaces, Public IP, private subnet,
EXT_IF0 = “em0”
EXT_IF1 = “em1″

nat pass on $EXT_IF1 from $NET_JAIL to any -> $LAN_IP
nat pass on $EXT_IF0 from $NET_JAIL to any -> $IP_PUB

#### end of pf.conf ####

To make it easy to make further changes we first declare the interfaces, IP addresses the host is on($IP_PUB, $LAN_IP) and the network jails are on(NET_JAIL), you can limit NET_JAIL to a single Jail IP by using /32 as the routing prefix, like

Next we have written the NAT rules, which direct PF to NAT(and pass) any packet arriving from jail network($NET_JAIL) on either of interfaces($EXT_IF0, $EXT_IF1) depending upon the destination to either the LAN($LAN_IP) or the internet($IP_PUB). PF maintains the state of the connections and the reply packets are routed back to the jails appropriately.

Done! The network diagram looks something like this:


Refer the PF manual if you want to use more advanced features. Enjoy jailing the daemons!

There are a few compelling reasons why I switched from Debian/Ubuntu to FreeBSD 10.x. This was written after using FreeBSD 10.1 for more than 3 months, and is now on my production PC/workstation.


Debian stable comes with a large tested repository with regular security updates, but a bit old software, same case is with Ubuntu LTS the software starts getting a little old. FreeBSD on the other hand packages (credit volunteers) the most recent software possible, the current number of packages on FreeBSD stands around ~24k, which is comparable to Debian. Debian splits every application into binaries, documentation, *-devel so the number looks bigger on Debian/Ubuntu.


One of the reason to use Debian over Ubuntu and any other GNU/Linux distribution is its stability. You deploy an application and it runs without much maintenance, FreeBSD is also know for its stability. So its a tie.


Now this is where FreeBSD stands out, with an impressive manual which covers most necessary things a user might require. The other projects which can compete are Arch and Gentoo. Debian falls short here.

Package management:

Debian is known for its  package manager apt-get/aptitude(dpkg), Arch’s new pacman is also a good contender. FreeBSD was lacking one until version 9 or 10 when it started including pkg. This is another reason which made me try FreeBSD, or, I was reluctant to use a distribution where the primary way to install applications was compiling them from source. pkg is good enough with room for improvement, behaves like apt-get but with a single command like yum. No more apt-cache, apt-get,dpkg for different things, makes my life simple.

Enterprise Features:

Some of the features like BSD jails, zfs, boot environment really impressed me. Why? Because I have seen enterprise Unix/Linux teams struggle with virtualization, storage management with VMware, KVM, veritas volume manager, etc Then I saw how Solaris 10 solved it with zones, ZFS, and boot environments.

This made me wonder how do CentOS/Debian stack up?

For containers – we have Linux containers(LXC) but they are not as robust as OpenVZ containers, but OpenVZ is not supported in the mainline kernel, you have to install a custom vzkernel. Some kernel space applications don’t work with a modified kernel and modifying the default setup voids warranty! You don’t get support if you are not using the stock kernel.

GNU/Linux still does not have a default go to container virtualization, I don’t consider Docker here, as its just LXC with enhancements(at the time of writing), it also follows a different path, I prefer the Unix way. There are no plans to include OpenVZ support into the mainline kernel.

On Storage front GNU/Linux has ZFS on Linux(zol) but it is not native yet, still under development and missing features. Btrfs is new, struggles with performance. I wonder why does not Oracle license ZFS on a bi/tri license like Mozilla, instead of developing yet another file system.

What about LVM? – Why do you need another layer of management when the file systems acts as both filesystem, vloume manager ?  Use ZFS!

Both FreeBSD and Solaris have boot environment support. This makes it easy to upgrade your production servers and switch back if you face any issues with the new environment. Updating servers is fun!

GNU/Linux equivalent is not robust yet.

Other goodies:

There are some other reasons to choose FreeBSD, like managing services with rc.conf, compare this with CentOS 6 where you use chkconfig, on Debian update-rc.d. CentOS chkconfig is pretty easy to get used to but Debian’s update-rc.d feels like it is still under development.

Unlike GNU/Linux which uses SysV init, there are no run levels in FreeBSD, only user modes like single, multi and other states like reboot, halt. I still could not understand the rationale behind run levels and why do we need them.


Debian is known for its stability, large repository of applications. However it does fall short in other spheres.

Arch and Gentoo though having good documentation, large software application support, still fall behind in areas like package management, stability and ease of use, like the core repository of Arch is not large enough, the security advisory support is not reliable and things tend to break. Gentoo expects you to compile. I can’t, and I prefer to use package mangers.

FreeBSD becomes a good alternative in such comparison. However, FreeBSD still needs to improve on drivers and laptop support(FreeBSD cannot be at fault, vendors!), and it will, as the user base increases, it can come on par with any GNU/Linux distribution. I have seen how Ubuntu evolved release after release and how it improved.

Personally, I am getting old and just need a cozy comfortable environment and consistent way of managing things, FreeBSD provides that.

Think I have got something right/wrong? Comment below with references and links. If you are a new user to FLOSS world, I recommend starting with something easier like PC-BSD or GhostBSD. If you prefer GNU/Linux try Linux Mint. If you are an experienced user, try running FreeBSD on a spare machine or in a virtual machine(for example using Oracle VirtualBox).