The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Moving from Linux to FreeBSD 4.2
Author: Jason Lee 
Date:   23-01-01 23:18

So, a few years back I used FreeBSD 3.x for a few months as my main devel platform, but swutched to Linux for whatever reason.
Now, years later and after just getting sick of having to deal unstable Linux releases, I decided to look back into BSD. SO, I downloaded 4.2, burned it on a cd, and proceded to install it over my home Linux box. That box was responsible for ip masquerading, imap, smtp, dns, samba, and web (apache/php). The hardware consisted of a 10GB hd, abit (BP6?) dual celeron/400mhz, 128 mb ram. I thought it would a snap. So I backed up my necessary files and went at it. And to my surprise, after messing around w/it all weekend, I could not get it to work. I had various probs that bummed me out:

1. SMP support. Had to recompile the kernel (which I dont mind doing - cept this entailed make word... ugh).

2. Kept getting stupid arp messages that said ethernet card is assigned such and such address but it is really listening on this card.. Further reading said this would not damage anything and might result in being hooked up to a hub.. I have 2 nics; 1 for my internet ip and one for my local 192.16.8.0 network...

3. Sometimes, especially towards the last install tries, sshd wouldn't allow me to connect. even from the local machine..

4. Had to go back and re-compile kernel to get ip forwarding to work. and this was also a pain, cuz it's not too clear how to use ipfw & natd in the situation i'm in - forwarding between 2 nic's, not using a ppp dial up adapter. most docs only listed the ppp solution.. ugh.

That's about as far as I got. After that, I just got so pissed off, I re-installed Linux to get my network back up. I was pissed mostly cuz after reading a lot of BSD, I *really* wanted to get it up and running!!

If anyone has any suggestions on how I can address these 4 things (maybe specific links; and i know about the SMP docs, so that's not necessary), then it would be greatly appreciated.

All I'm looking for is something fast and rock solid. FreeBSD seems to totally be it, but it just sucks for me that it's seems like such a pain in the ass to get it running on my machine. Maybe it's my hardware, but I doubt it.

Thanks

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: holymoly 
Date:   24-01-01 00:48

I guess I was in a similar situation - I just switched my network servers to fbsd from linux and am actually in the process of migrating some linux desktops to fbsd. I tried 4.2 RELEASE but there were so many f*cking bugs in it I switched to 4.1.1 RELEASE and have been happy and bug-free since.

Regarding the arp message problem - I have no clue. You probably already did this, but can you confirm both interfaces are up using 'ifconfig -a'? this link might help http://www.mostgraveconcern.com/freebsd/ipfw.html

Regarding the ssh problem - is sshd running on the server? Do you have client keys installed on the server so it will accept connections from those clients? Again, this link might help http://www.mostgraveconcern.com/freebsd/ssh.html

And there are tons of usefule tutorials at http://www.mostgraveconcern.com/freebsd/ if you need more help.

Anyway, I am very happy I made the switch to fbsd from linux. My cable nat/firewall server is up 24/7 and requires much less maintenance than when I had linux running. I don't have to worry about recompiling the next "kernel of the week" or having to fix the next linux security exploit-of-the-day (i.e. ramen worm) just to keep up. the ipfw firewall is more robust and stateful compared with ipchains (although there are claims that iptables in 2.4.0 can be stateful but there seem to be stability problems with it). don't get me wrong linux has an admirable development cycle but if you want something reliable that you just configure and leave it alone then fbsd fits the bill. I really have more peace of mind running fbsd than linux.

And if that isn't enough to convince you take a look at these stats and think again about running linux as your server exposed to the internet http://www.attrition.org/mirror/attrition/os-graphs.html#PIE

And here's more helpful links if you're interested http://www.instinct.org/~pgl/freebsd-links.html

Good luck may the daemon be with you.

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: Jamie Walker 
Date:   24-01-01 01:54

holymoly wrote:

> And if that isn't enough to convince you take a look at these
> stats and think again about running linux as your server
> exposed to the internet
> http://www.attrition.org/mirror/attrition/os-graphs.html#PIE

I've recently replaced Linux on one of my machines with 4.2-STABLE and am very happy with it, nevertheless the above is meaningless FUD without putting the number of actual servers in context. I suspect that for better or worse, Linux is installed at a larger number of sites than BSD, hence you would expect a greater number of defacements.

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: Dan Langille 
Date:   24-01-01 02:41

Jason Lee wrote:

> 1. SMP support. Had to recompile the kernel (which I dont
> mind doing - cept this entailed make word... ugh).

Yes, SMP is not compiled into the kernel by default. Most
people don't have multiple processors. And no, it doesn't
mean you have to make world. Only the kernel. Mind you,
the handbook can be confusing on this issue. We're working
on that.

see http://freebsd.org/handbook/ for custom kernel.

> 2. Kept getting stupid arp messages that said ethernet card
> is assigned such and such address but it is really listening
> on this card.. Further reading said this would not damage
> anything and might result in being hooked up to a hub.. I
> have 2 nics; 1 for my internet ip and one for my local
> 192.16.8.0 network...

Sounds like both the IP addresses were wrong or you had a
loop in your network.

> 3. Sometimes, especially towards the last install tries, sshd
> wouldn't allow me to connect. even from the local machine..

That sounds like a user problem.

> 4. Had to go back and re-compile kernel to get ip forwarding
> to work. and this was also a pain, cuz it's not too clear how

You don't have to compile the kernel to get IP forwarding. It's
an /etc/rc.conf option. see /etc/defaults/rc.conf

> to use ipfw & natd in the situation i'm in - forwarding
> between 2 nic's, not using a ppp dial up adapter. most docs
> only listed the ppp solution.. ugh.

ipfw does require a kernel mod.

> That's about as far as I got. After that, I just got so
> pissed off, I re-installed Linux to get my network back up. I
> was pissed mostly cuz after reading a lot of BSD, I *really*
> wanted to get it up and running!!

Sorry you gave up so soon. If you'd sought help earlier, perhaps
your experience would have better.

> If anyone has any suggestions on how I can address these 4
> things (maybe specific links; and i know about the SMP docs,
> so that's not necessary), then it would be greatly appreciated.

Perhaps you could get onto IRC, undernet FreeBSD and ask a
specific question.

> All I'm looking for is something fast and rock solid. FreeBSD
> seems to totally be it, but it just sucks for me that it's
> seems like such a pain in the ass to get it running on my
> machine. Maybe it's my hardware, but I doubt it.

Sound like you had a bad run.

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: elmer FUD 
Date:   24-01-01 04:10

>> the ipfw firewall is more robust and stateful compared with ipchains

Obviously you haven't heard the news about how ipfw can be BYPASSED by remote intruders http://www.bsdtoday.com/2001/January/Security393.html

What was that you mentioned about "peace of mind" with FreeBSD?

>> And if that isn't enough to convince you take a look at these stats and think again about running linux as your server exposed to the internet http://www.attrition.org/mirror/attrition/os-graphs.html#PIE

Either you are incredibly gullible or you are not someone skilled at critical thinking. Although those "statistics" are suggestive, you really need to look at the numbers in terms of rates, for example number of defacements per 100 linux servers or number of defacements per 100 BSD servers. Knowing the common denominator (per 100 servers) would lead to much more meaningful interpretation. It is a mystery why attrition.org does not express those statistics in terms of such rates. Perhaps if such a valid comparison were made, the differences would not be so sensational.

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: Daniel Schrock 
Date:   24-01-01 04:35

some advice for the next try:

try ipfilter and ipnat instead of ipfw and natd.
it is far easier to use and configure...

forget about smp until the rest of your system is good to go...one proc vs 2 proc for a few days won't make much of a difference...except in compile time...

if using nat, don't forget about adding option IPDIVERT to the kernel conf...
natd/IPnat won't work without it...

make sure sshd is running and that you created a key for yourself (ssh-keygen)
i suggest using OpenSSH, but that is just personal preference....
--also, don't forget that root won't be able to make an incoming connection...you need to connect as a reg user then su if you need to perform a root function....

i'm sorry if i'm repeating things you may already know... frustration sucks though so hopefully this help... it took me 6 reinstalls to get my system right...now, after running for a year and a half...id like to do it one more time...but not positive if i will do that or not...

its been a while since i used ipfilter and ipnat, but i would be more than happy to give you a hand or send you my confs so you have something to work from and compare

feel free to email me d_jabATanonymous-daemon.org

good luck and don't let it get you down...BSD is wonderful...just a little tricky sometimes...

welcome to the darkside

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: JM 
Date:   24-01-01 10:33

elmer FUD wrote:
>
> >> the ipfw firewall is more robust and stateful compared
> with ipchains
>
> Obviously you haven't heard the news about how ipfw can be
> BYPASSED by remote intruders
> http://www.bsdtoday.com/2001/January/Security393.html

Obviously you haven't heard the news about how ipfw can be patched:

<a href="http://docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+current/freebsd-security-notifications">
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+current/freebsd-security-notifications</a>

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: Jason Lee 
Date:   24-01-01 23:09

First off, thanks to everyone. These are definitely some good ideas and I have a few replies to some of the comments:

SMP - Yeah, I guess I should just do it later. However, on the note of not needing make world; from my point, there was confusion on the docs since it said (something to the effect) that if i was upgrading kernel code, do the 'make buildkernel' and 'make installkernel' - something like that. but lower on the page it said if i'm not updrading, do the typice make, make deps, make install... i dunno, next time i'll write down the errors, since i know how important it is to be accurate..

SSHD: i've installed this a few times on linux and while i had some weird issues (mostly dealing with redhat version crypto libs), none where it wouldn't let me connect like this. just gave a time out error... and i even tried it w/sshd -d (or q, whatever does local console logging) and i could see the successful negotiation of the keys and such, but then it would just hang. point being, i'll just have to try again. and i appreciate the comments about this since it'll give me new avenues to explore..

IP's: well, again, i think this issue is probably reading. however, on one install i added interface ip's in rc.conf and for others, i did it thru the visual install screens. so i'm not sure (yet) how many places there are to enter ip info, still new to some of the whole config file structure. So as far as the arp messages go, maybe there is a loop since i'm on the same hub. however, this still isn't really clear.

So again, thanks for the help and security notices.what i might end up doing is getting a seperate machine up with similar features as my main machine and see how that goes. however, I won't totally know unless i build 2 other seperate newtorks at home or when i hook it back up to my real ip. so thanks again..

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: Jamie Walker 
Date:   25-01-01 00:31

elmer FUD wrote:

> Obviously you haven't heard the news about how ipfw can be
> BYPASSED by remote intruders
> http://www.bsdtoday.com/2001/January/Security393.html
>
> What was that you mentioned about "peace of mind" with FreeBSD?

Yep, read it. I'm not using FreeBSD as my firewall (it wouldn't install on the 486 I borrowed so I had to use Linux instead) but if I had been, looking at the correction date on the advisory I'd already be patched for it. My machine does a cvsup weekly and the most recent one was well past the correction date.

Now that you mention it, yes, I would call that peace of mind.

Reply To This Message
 
 SSH
Author: David DeTinne 
Date:   25-01-01 22:14

My two cents worth,


The gentlemen who have the say so regarding FreeBSD have locked down the default config files for ssh. I always have a hard time with ssh out the gate but it is
usually my DNS that is causing the problems.

But that holds true for most of my problems, Sendmail, etc.

Dave

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: me 
Date:   12-02-01 08:02

On 386- 486 models of intel/amd pc's I find that NetBSD is a much smoother install of the BSD's. Of course I have never had any problems with P-100 class machines and up with any BSD. If you want to install BSD on your telephone then I would definitely recommend NetBSD :)

Reply To This Message
 
 Re: Moving from Linux to FreeBSD 4.2
Author: Jamie Walker 
Date:   15-02-01 07:55

me wrote:

> On 386- 486 models of intel/amd pc's I find that NetBSD is a
> much smoother install of the BSD's. Of course I have never
> had any problems with P-100 class machines and up with any
> BSD. If you want to install BSD on your telephone then I
> would definitely recommend NetBSD :)

The gateway box is running OpenBSD now. Installing it wasn't as easy as installing Linux on the box, but it's much easier to admin now that I've got it up and running.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org