• Recently Written

  • How to change IP address or setup new ip address to existing NIC in FreeBSD
  • How to add multiple IP to a single NIC in FreeBSD
  • FreeBSD India Forums Launched
  • Installing a Proxy Server on FreeBSD - Privoxy
  • Setting Up VPN on FreeBSD using “mpd”
  • Errors with mounting Directory using smbfs in FreeBSD with apache
  • Using Portupgrade in FreeBSD
  • Using portupgrade inside jails with readonly ports mounted
  • Multiple Ip’s on FreeBSD 6.1-p3 jail
  • Using portsnap to update ports

• Categories

  • Apache
  • Firewall
    • IPFW
  • General
  • Networking
  • News
  • Other OS
  • Ports
  • Security
  • Security Advisories
  • Tutorials

• Archives

  • June 2007
  • May 2007
  • July 2006

• Admin

  • Register
  • Login
  • Wordpress
  • XHTML

• Search

Setting up proxy on a FreeBSD server is very easy and helps to create a secure environment for your network, and also allows your whole network to access internet using a single internet connection.
Privoxy is a good proxy server. It’s very easy to use and worked well.

Installation
# cd /usr/ports/www/privoxy
# make install clean
# rehash

The configuration file is /usr/local/etc/privoxy/config, there is one line which must be changed:
listen-address 192.168.0.1:8119
The IP should be changed to your server’s internal LAN IP address. Also, it’s better to use a non-default port number for security reasons.

1) Install “mpd” from ports:

cd /usr/ports/net/mpd
make install

2) Once it’s done edit the sample configuration file in /usr/local/etc/mpd:

cd /usr/local/etc/mpd
vi (or your favourite editor) mpd.conf

3) Add this to your mpd.conf:

default:
load pptp1

pptp1:
new -i ng0 pptp1 pptp1
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
set iface enable tcpmssfix
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 192.168.1.1/32 192.168.1.51/32
set ipcp dns 192.168.1.1
set ipcp nbns 192.168.1.1 192.168.1.8
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless

Change the ip to suite your needs.

The ‘ipcp dns’ line is to specify what DNS servers the client should use. The ‘ipcp nbns’ line is to specify what WINS (Netbios NS) servers the client should use. You can remove that line if you do not have a WINS server to use. The address assigned to the server (1922.168.1.1 in this case) can be assigned multiple times if you want to allow more than one client to connect at a time. You only need to specify different addresses for the clients (192.168.1.51 in this case).

4) Now edit mpd.links and add this in it:

pptp1:
set link type pptp
set pptp enable incoming
set pptp disable originate

5) Now edit mpd.secret to add user/passwords pair in it:

user “password”
user2 “password2″

etc…

6) Now secure the password file:

chmod 600 mpd.secret

7) Start MPD:

/usr/local/sbin/mpd -b

8) If you have any trouble run it without -b option as -b option is for  running it in background or as deamon:

Now you should have a VPN server for Windows clients that supports MPPE (Microsoft Point-to-Point Encryption), but not MPPC (Compression), because the compression libraries are not open source and are not included with ‘mpd’.

If you want to allow more than one connection at a time, all you need to do is copy the lines in the mpd.conf and mpd.links files and change the identifier from ‘pptp1′ to ‘pptp2′ and so on.

9) Starting mpd at boot:

Just add /usr/local/sbin/mpd -b to /etc/rc.local

When trying to serve a directory mounted with mount_smbfs on FreeBSD with the Apache 2.0.x server, large files (over 100K or so) won’t transfer correctly. To fix this problem use the EnableSendfile off directive within your Global, Directory or VirtualHost config.

The ports are mounted with mount_nullfs.

M=”/sbin/mount_nullfs -o rdonly /jailsata/PORTS/ports ”
$M /afs1/JAIL/Somejail1/usr/ports

In all jails there is a /etc/make.conf with in it
# jail
WRKDIRPREFIX = /var/tmp
PORTS_INDEX = /var/tmp/INDEX
DISTDIR = /var/tmp/distfiles
This make the ports work inside the jail with the ports collection mounted readonly.

Edit /usr/local/etc/pkgtools.conf
Use this setting;

module PkgConfig
ENV[’PORTSDIR’] ||= ‘/usr/ports’
ENV[’PORTS_INDEX’] ||= ENV[’PORTS_DBDIR’] + ‘/INDEX’
ENV[’PORTS_DBDIR’] ||= ‘/var/ports/db’
ENV[’PKG_DBDIR’] ||= ‘/var/db/pkg’
# a lot lower in the file!
#ENV[’PACKAGES’] ||= ENV[’PORTSDIR’] + ‘/packages’
#ENV[’PKG_PATH’] ||= ENV[’PACKAGES’] + ‘/All’
ENV[’PKG_BACKUP_DIR’] ||= ENV[’PKG_PATH’]

And make the dir with mkdir -p /var/ports/db

There is a patch available, not official though, so use it at your own risk:

http://people.freebsd.org/~pjd/patches/jail_2006012001.patch

for more details please visit:

http://blog.cg.nu/?cat=5

If you have freebsd 4.x or lower, you need to first install portsnap from ports.

If you have freebsd 5.x or above, portsnap comes with the base, so you don’t need to install it.

If you are using portsnap for the first type

type

portsnap fetch extract update

then after whenever you want to run portsnapt just issue the following command:

portsnap update.