the kazame notepad

Seems I’m a little late to the game today, but after arriving at work and seeing that IPv6 was available on the network that one of my FreeBSD boxen happens to sit on, I wanted to give this a try.  If nothing else, I wanted to see that elusive dancing turtle.

Fortunately, in FreeBSD 7.1 and higher, all the pieces you need to connect to an IPv6 network are already there, they just need to be turned on.  Enabling IPv6 support is simple, just add the following line to your /etc/rc.conf:

ipv6_enable="YES"

If your host has other network interfaces that are not on an IPv6-enabled network, or not connected at all, it wouldn’t be a bad idea to explicitly define which interfaces IPv6 should run on.  To do so, include this in /etc/rc.conf as well:

## 'em0' is the device ID of the NIC you want IPv6 running on
ipv6_network_interfaces="em0"

After adding that, restart the machine and feel the magic.  If the routers on the network you are connected to are configured to support IPv6 traffic, you should be able to run “ifconfig” from the shell, and see two “inet6″ addresses listed.  The one starting with “fe80::” is the link-local address, which is analogous to auto-configured IPv4 addresses that begin with “169.254…”   You can run a ping6 to check outbound connectivity:

haruhi# ping6 www.kame.net
PING6(56=40+8+8 bytes) <your IPv6 address> --> 2001:200:dff:fff1:216:3eff:feb1:44d7
16 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7, icmp_seq=0 hlim=49 time=205.078 ms
16 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7, icmp_seq=1 hlim=49 time=204.910 ms
16 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7, icmp_seq=2 hlim=49 time=204.736 ms
^C

If you have a custom IPFW firewall script set up, you may find that you still have no IPv6 connectivity.  This is because your firewall is blocking search responses from the default router on the local network.  So before you reboot, be sure to add a few lines to your ipfw rules file:

## IPv6 stuff
ipfw -q add 30 deny ip6 from any to ::1
ipfw -q add 31 deny ip6 from ::1 to any
ipfw -q add 32 allow ipv6-icmp from :: to ff02::/16
ipfw -q add 33 allow ipv6-icmp from fe80::/10 to fe80::/10
ipfw -q add 34 allow ipv6-icmp from fe80::/10 to ff02::/16
# ipfw -q add 35 allow ipv6-icmp from any to me6 ip6 in

Of course, if you have “ipfw -q add” assigned to a variable in your script, by all means use your variable instead.  Lines 30 and 31 prevent the loopback interface from interacting with real networks, and 32-34 allow icmp traffic from multicast or link-local networks (which will allow your machine to receive search responses when it looks for a default router.)  35 allows any inbound IPv6 icmp traffic, which if you already allow icmp traffic from anywhere via IPv4 (pings and the like), then feel free to leave this line uncommented.

Update: A friend of mine pointed out that since I’ve got full IPv6 connectivity, I may as well be using IPv6 DNS servers as well.  Setting them is trivial — just switch out your IPv4 entries in /etc/resolv.conf for IPv6 addresses.  I found the IPv6 addresses of our onsite DNS servers with the dig command, but the OpenDNS servers will work just the same.  Just add the following:

## OpenDNS IPv6 addresses
nameserver 2620:0:ccc::2
nameserver 2620:0:ccd::2

If you want, leave the IPv4 servers in there at the end of the file as a fallback, but this shouldn’t be necessary — the above configuration can resolve IPv4 addresses just fine.  Save the changes, and you should be all set.  If you use nslookup or dig to look a hostname up, you should see one of your IPv6 nameserver addresses in the “SERVER” section of the response.

Much of the time, log files on your system are periodically archived and/or emptied out by the daemons or background processes that create them.  Unfortunately, not everything works that way…and after a few months (or days, if you’re particularly unlucky!) you’ll see disk usage creeping up on your /var partition, or elsewhere logs hide on your system.

Deleting and recreating log files can be a pain, since it is necessary to re-set the proper owner, group and access permissions on the file after you re-create it.  Fortunately, there’s a convenient shortcut, just execute the following command on your overgrown log file:

# cat /dev/null > /var/log/large.logfile

Clearing out the log file in this method will leave you with a zero-length file that still has its original ownership and permissions attributes.  The “>” redirector is key, as the single “>” tells your shell to replace the existing contents of your file with what you are redirecting to it, which in this case is nothing but an end-of-file marker.

Assuming you are running a server at home, which is the general angle this blog tends to go for, you (and your server) have probably had to weather your share of power outages.  Fortunately, small battery-backup units can be had relatively cheaply, and are capable of keeping a simple server up and running for at least a few minutes, which for a home server is usually all you need.  By the way, if you don’t already have a UPS for your server, I highly recommend picking one up.  500VA to 750VA units made by companies such as APC and CyberPower can be had at most computer and office supply stores for under $70.  You may also consider asking around at work, as these devices are commonly discarded once their internal batteries have worn out, even though the batteries are easily replaced, and can be purchased from brick-and-mortar retailers like BatteriesPlus, or from any of a pile of companies online (I bought a few from AtBatt.com, and they seemed reasonable.)  Hint hint, BatteriesPlus will recycle your old, dead UPS battery, and Best Buy stores usually seem to have a battery recycling box in the front somewhere as well.

Once you actually have your UPS though, it’s important for the computer and UPS to be able to communicate back and forth.  Assuming the power *does* go out, the UPS isn’t going to be able to keep your server alive forever.  A quick blip or surge or sag in the power is no big deal, but as minutes turn into hours, your UPS battery will eventually throw in the towel.

Fortunately, there’s an app for that.  Apcupsd is a background daemon that periodically checks the UPS status, waiting for the power to go out.  Once the power does go out, apcupsd keeps an eye on the amount of time the UPS expects to be able to run before giving up, and safely shuts down the server before the UPS runs out of juice.  Apcupsd can also retrieve information from the UPS during normal, power-ok circumstances, such as the mains voltage, battery charge percentage, and (depending on your UPS model) other statistics such as UPS temperature and load percentage. (more…)

It’s been a couple of years since I’ve done anything with the CUPS software, but I can recall it being a pain to configure. In fact, it is apparently such a complicated piece of software that it comes with its own built-in webserver and web-based configuration interface! In the interest of simplicity, I like to keep my web-based configuration interfaces all in one place (or not at all, even…)

All of that aside, let’s think about what CUPS is for a moment.  The overview page on the CUPS website explains that CUPS “converts the page descriptions produced by your application … into something your printer can understand” then sends it along to your printer.  This is a pretty important feature to have, assuming you’re printing from a machine that doesn’t already have its own printer definitions, like a Linux box.  But, assuming you’re printing from the typical workhorse desktop that most people use at their desks daily, you’re probably going to be printing from some flavor of Windows or the Mac OS.  Both of these OSes already have very advanced print processor mechanisms built in, along with very complete driver support for just about any printer you can lay your hands on.

(more…)

I must admit, I was pretty amazed when I stumbled across m0n0wall back in 2006 and discovered how easy its developers had made it to take an armful of marginally useful computer equipment and turn it into a feature-filled powerhouse of a router.  Granted, people have been building their own PC-based routers on top of Linux distributions like Debian and Slackware since this side of forever.  That said, however, I’m of the opinion that there just isn’t enough time in a given day to sit down and dig through a mess of conf files so I can give the roommate’s new Xbox a static DHCP assignment and give it permission to punch holes in my firewall with uPNP.  In the home environment, a router is very much an appliance; it is designed for a fairly specific purpose, and the functionality it provides doesn’t really change much over time.  Also, like most other appliances, after getting it all set up you just want to put it in a corner and leave it to it’s own devices (doh ho ho…) as it unobtrusively does what it’s supposed to do.

pfSense lets you throw a couple of network adapters in a regular PC and do just that, all while giving you an extraordinarily rich feature set compared to the typical home/small office fare.  While some consumer routers seem to be flaky, full of firmware bugs and prone to overheating, pfSense (and its parent software, m0n0wall) is built on FreeBSD, and is as stable as the hardware you run it on.  Granted, setup isn’t quite as simple as pulling a new Linksys out of a box, and you’ll have to provide your own network switch, but the flexibility and functionality you gain makes it well worth the effort.

(more…)

Okay, so you’ve decided that it’s about time that you put together a home server to store your multimedia on, back up your documents to, serve your photo albums from, or what have you.  If you’re already on this site, I’m guessing that you have at least a passing interest in using FreeBSD, and that being the case I’m sure you just can’t wait to dive head-first into a pile of .conf files large enough to hide a small boat with.  Unfortunately, before all of that fun can commence, you’re going to need something to install this mess on.

Jokes aside, I think this may be one of the most enjoyable parts of the process — picking out all the neat hardware bits that will combine to form your server.  If you have decided to build with new parts, paying for said parts is an unfortunate side-effect of that fun.  There is, of course, always the option of picking up a second-hand computer for cheap or free from a friend, the classifieds, work, a dumpster, or wherever else.  I have a soft spot for re-purposing used, discarded or neglected hardware, so I’m going to start with the latter option.

(Please note that this article assumes you have a passing familiarity with how a typical PC is assembled.  There’s not all that much to it, though.)

(more…)

All right, so for awhile here (a few years, probably?) I’ve been meaning to put a site together with all the bits and pieces of information and notes I’ve amassed over the years of using FreeBSD to run a personal server at home (and at the office, and perhaps eventually in my car.)  I’ve gotten more than a couple of questions here and there, and I think it’s about time I stop procrastinating and do this thing.  I hope to start with the basics of putting things together, and fill in/update things as I go along.