Lars Sommer, lasg@lasg.dk, 2007-09-06Updated to FreeBSD 7.2, 2009-08-26DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. Please note: Cacti do not have memory/free scripts for FreeBSD. You can eitherhack in the linux scripts, or look at the Cacti website, at the add-on scripts. Install these ports:net-mgmt/cactiNO NOT THIS: net/cactid Messages from the ports: If you update cacti, open a login page, an updating processwill start automatically.

Lars Sommer, lasg@lasg.dk, 2007-09-24DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. Install the main port on the monitoring host:sysutils/munin-main And the node package on all nodes which should be monitored:(Often including on the monitoring host)sysutils/munin-node Good documented config in:/usr/local/etc/munin/munin.conf/usr/local/etc/munin/munin-node.conf Enable in /etc/rc.conf:munin_node_enable=”YES” Add in httpd.conf:Alias /munin “/usr/local/www/munin/” Order Deny,AllowDeny from allAllow from localhost 127.0.0.1 No perhaps not this one…:Insert this in the crontabs:*/5 * * * * root /usr/local/bin/munin-cron –force-root 2>&1 > /dev/null

Lars Sommer, lasg@lasg.dk, v.1 2008-03-08DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. Install this port:irc/unreal With these options:HUBNOSPOOFSSLIPV6 Add to rc.conf:unrealircd_enable=”YES” Copy my unreal.conf Create a SSL cert.

Lars Sommer, lasg@lasg.dk, v.2, 2008-03-08DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. Installation: Install this port:irc/bitlbee With these options:RECODE Insert in /etc/services:bitlbee 6668/tcp Insert in /etc/inet.confbitlbee stream tcp nowait lasg /usr/local/sbin/bitlbee bitlbee cd /usr/local/etc/bitlbee/cp bitlbee.conf.orig bitlbee.confvi bitlbee.conf Set:AuthMode = ClosedAuthPassword = mysecretpw For proxy, this can be used in bitlbee.conf;Proxy = http://wwwproxy.kom.aau.dk:3128 Remember to backup your.nicks.accounts chown lasg /usr/local/etc/bitlbee

Making a caching adblocking or tranparent local web proxyLars Sommer, lasg@lasg.dkLast updated: 2010-03-06 This will result in a chain like:LAN – Junkbuster – Squid – pf – Internet Installation:Install this port:www/squidEnable transparent proxying with PF: SQUID_PF Initialize Squid swap directories by running squid -z once. Install this port:www/junkbuster Eventually these two for statistics:Does not exist anymore 11-04-19 www/squidclientswww/calamaris Add to rc.conf:squid_enable=”YES”junkbuster_enable=”YES” /usr/local/etc/squid/squid.conf is a HUGE file.If NOT using it in a transparent pf mode nothing needs to be changed. If using it in a transparent pf mode, the following changes must be applied to squid.conf:http_port 127.0.0.1:3128 transparentHmm: The following does not seem to be needed:http_access deny to_localhostacl our_networks src 10.6.6.0/24http_access allow our_networksvisible_hostname…

Last updated: 2010-04-17Lars Sommer, lasg@lasg.dk Without any plugins, I maintain a small text file of blocked domains and regex’ed URLs. Install the Squid webproxy as described in another note. In /usr/local/etc/squid/squid.conf, add:acl denied_domains dstdomain “/usr/local/etc/squid/denied_domains.acl”acl filetypes urlpath_regex -i “/usr/local/etc/squid/denied_filetypes.acl”acl url_ads url_regex “/usr/local/etc/squid/denied_ads.acl”http_access deny url_adshttp_access deny filetypeshttp_access deny denied_domainshttp_access allow localnethttp_access deny all If inserting all this explicit in the end of the file e.g.,then remember to comment out these earlier in the file:http_access allow localnethttp_access deny all Make the ACL files. Examples are:cat denied_domains.acl.evilsite.com.tradedoubler.com cat denied_filetypes.acl.(exe)$.(dll)$ cat denied_ads.acl/adv/..gif$ /[Aa]ds/..gif$/[Aa]d[Pp]ix//[Aa]d[Ss]erver/[Aa][Dd]/..[GgJj][IiPp][FfGg]$ /[Bb]annerads/ /adbanner..[GgJj][IiPp][FfGg]$/images/ad//reklame//RealMedia/ads/.*^http://www.submit-it.*^http://www.eads.*^http://ads.^http://ad.^http://ads02.^http://adaver.. ^http://adforce. adbot.com /ads/..gif.*_ad..*cgi Reload squid configuration:squid -k reconfigure I got a large +7000 line domain block file from MISSING

Lars Sommer, lasg@lasg.dk Makes it possible to use FreeBSD as a file server for multiple Apple OSXclients via the Apple File Share protocol. Install the ports:net/howlnet/netatalk Not used?:net/mDNSResponder Configuring netatalk: netatalk gives the file server, and multiple other services via the afs protocol. Edit the file describing the actual shares on the server:vi /usr/local/etc/AppleVolumes.default Add your shares to it. On one server I have the following:~ “Lars home directory”/mnt/tolv.data1/TimeMachine_backups/ “Time Machine backup”/mnt/tolv.data1/ “Tolv Data 1”/mnt/tolv.data2/ “Tolv Data 2” The first part is the path to the folder on the server.The second part is a freely chosen name, which is seen on the client. Edit the configuration file for netatalks afp daemon:vi /usr/local/etc/afpd.conf…