FreeBSD UFS Snapshot

Creating a simple file to show how it works:

~# echo “test 1″ > /tmp/test.txt

Setting a directory where will be save the snapshot:

~# mkdir /tmp/.snap

Creating the snapshot:

~# mount -u -o snapshot /tmp/.snap/snap_1 /tmp
~# ls -l /tmp/.snap/snap_1

Changing the content of file:

~# echo “test 2″ > /tmp/test.txt
~# ls -l /tmp/test.txt

Mounting the Snapshot:

~# mdconfig -a -t vnode -u 1
~# mount -o ro /dev/md1 /mnt/
~# ls -l /mnt/test.txt /tmp/test.txt

Showing the content of files:

~# cat /mnt/test.txt /tmp/test.txt
test 1
test 2

Finalizing:

~# umount /mnt
~# mdconfig -d -u 1
~# rm /tmp/.snap/snap_1

Yes, It really works!

Working With Jail On FreeBSD

We can use Jail to make virtual environment as virtual mail server and/or virtual web server.

Well, lets make it works…


We need create the environment:

~# mkdir /jail/jail01

Compiling the binary of the base system:

~# cd /usr/src
~# make buildworld

installing the binaries:

~# make installworld DESTDIR=”/jail/jail01″

Configure “/etc/rc.conf”:

jail_enable=”YES”
jail_list=”jail01″
jail_jail01_rootdir=”/jail/jail01″
jail_jail01_hostname=”jail01.domain”
jail_jail01_ip=”192.168.1.100″
jail_jail01_interface=”fxp0″
jail_jail01_exec_start=”/bin/sh /etc/rc”
jail_jail01_exec_stop=”/bin/sh /etc/rc.shutdown”
jail_jail01_devfs_enable=”YES”
jail_jail01_fdescfs_enable=”YES”
jail_jail01_procfs_enable=”YES”
jail_jail01_mount_enable=”YES”
jail_jail01_devfs_ruleset=”ruleset_name”
jail_jail01_flags=”-l -U root”

Starting the jail manually:

~# jail /jail/jail01 jail01.domain 192.168.1.100 /bin/sh /bin/rc

If all occour well a shell will be started from jail.


can also start the jail using…

~# /etc/rc.d/jail start jail01

stopping…

~# /etc/rc.d/jail stop jail01

Well I think is it.

Working with GEOM

[ original font: http://www.fug.com.br/content/view/119/60/ ]

What’s GEOM? Is a framework where it works between kernel and disks, and it manage the input and output data on disks. It’s on level of kernel and act as a manager interface of data on disks to kernel, thus the GEOM is transparent to file system.

The GEOM manipulate geometry, RAID and protection, using until criptografy on the disks.

Functions:

GELI – To cryptography data using AES, Blowfish or 3DES. [see geli(8)]

GCONCAT – To concat disks in raw mode building a big disk. [see gconcat(8)]

GSTRIP – To concat disks in balanced mode building a big disk. [see gstrip(8)]

GMIRROR – Creating a mirror to other disk or slice. [see gmirror(8)]

GRAID3 – Building a RAID in mode 3 using “n” disks to concat and 1 to spare disk (parity bit). [see graid3(8)]

GSHSEC – Share the secret with other disk, without some these disks it doesn’t work. [see gshsec(8)]

GGATEC and GGATED – share devices into the network. [see ggatec(8) and ggated(8)]

[NOT COMPLETED]

Transparent Firewall With Redundant Bridge

Creating a transparent firewall with redundant bridge using bridge+pf+pfsync

were used OpenBSD 4.2 on test

Using 4 network interfaces:

fxp0 = internal net
fxp1 (bridge0) = input traffic general
fxp2 (bridge0) = output traffic general
fxp3 = PFSync

MACHINE 1

Configuring the internal net interface:

# vi /etc/hostname.fxp0
inet 172.16.0.1 255.255.255.0 172.16.0.255 description “Internal Link”

Configuring the bridge (input/output) interface:

# vi /etc/hostname.fxp1
media 100baseTX mediaopt full-duplex
up

# vi /etc/hostname.fxp2
media 100baseTX mediaopt full-duplex
up

# vi /etc/bridgename.bridge0
add fxp1
add fxp2
up

Doing the same on another machine changing only the ips:

MACHINE 2

Configuring the internal net interface:

# vi /etc/hostname.fxp0
inet 172.16.0.2 255.255.255.0 172.16.0.255 description “Internal Link”

Configuring the bridge (input/output) interface:

# vi /etc/hostname.fxp1
media 100baseTX mediaopt full-duplex
up

# vi /etc/hostname.fxp2
media 100baseTX mediaopt full-duplex
up

# vi /etc/bridgename.bridge0
add fxp1
add fxp2
up