2013

FreeBSD jails on non-routable IP addresses

One of my goals with the server I’m setting up is putting non-public services into jails with non-routable IP addresses. Today, I’ve been working on getting PostgreSQL into a jail. The problem I have been grappling with is not putting PostgreSQL into a jail but routing. It took me a while to figure out where …

FreeBSD jails on non-routable IP addresses Read More »

dhcpd: Forward map FAILED: REFUSED

If you see this: Dec 28 12:48:07 toiler dhcpd: Forward map from dent.unixathome.org to 10.55.0.60 FAILED: REFUSED Perhaps you forgot to unfreeze a domain. In my case: rndc unfreeze 1.8.10.in-addr.arpa. For more info, see this blog post on dynamic dns.

Accessing FreeBSD Jails over OpenVPN

With this new server, I am taking a new approach. Each jail will have at least three IP addresses: The public IP4 address, used by internet facing services (e.g. http or https) The public IPv6 address, similar to the above A VPN address, used for system administration and private services (e.g. nrpe) In this article, …

Accessing FreeBSD Jails over OpenVPN Read More »

Bootstrapping a new FreeBSD jail host as an Ansible node

A few days I configured a new server to be an Ansible node. This will allow my Ansible configuration tool to configure and install software. Installing Ansible and getting it running is not covered by the post. All I show here is how I got a remote server ready to be configured by Ansible. The …

Bootstrapping a new FreeBSD jail host as an Ansible node Read More »

zuul

This is zuul, the server I’ve been setting up to be a new jail host. I like to store away this type of documentation, in case I need it later. The partitions: The ZFS file systems: The ada0 drive details: And ada1 drive details: And finally, dmesg:

Bootstrapping / installing pkg on FreeBSD unattended and without answering Yes

Sometimes you want to do things alone. Or rather, without intervention. Unattended. Bootstrapping the pkgng package management tool is one of those things. From the pkgng documentation, “FreeBSD 9.1 and later includes a bootstrap utility which can be used to download and install pkgng, along with its manual pages”. Let me show you how that …

Bootstrapping / installing pkg on FreeBSD unattended and without answering Yes Read More »

running OpenVPN as something other than nobody:nobody

I am a big fan of OpenVPN. I’ve been using it since 2008. It’s been extremely reliable and stable. Out of the box, at least on FreeBSD, it runs as nobody:nobody (not really, but that’s how most people configure it). I can’t point to am immediate security issue with this situation. However, I’d prefer it …

running OpenVPN as something other than nobody:nobody Read More »

Scroll to Top