Back to home
Scraps for freebsd Several small things i have been looking for and found after some trial and error(s).
The scraps below work at least on freebsd 11.1 (and up probably).
Autologin Autologin is easy to accomplish in freebsd.
Why? One idea is to have a machine as a kiosk machine that automatically logs in, starts X and starts a browser.
Add a user for autologin (NOT root!), or select one. Here we use 'user' but it can be any other user that has a login shell:
systemfile changes
#edit /etc/gettytab

-- at the bottom type:

user|Autologin console:\
	:ht:np:sp#115200:al=user

-- save the file

#edit /etc/ttys

-- look for the line starting with : ttyv0 and change it to:

ttyv0 "/usr/libexec/getty user" xterm on secure

-- save it
	
Now, when you reboot the machine, it will autologin with the user 'user'.
Multiple routing tables It is possible to have more than one single routetable on a freebsd machine. This can come in handy when you have more than one connection to a server that don't load balance in the normal way..
With these route tables, the server can reply on the correct route to any request.
The way to do this is using a custom kernel and the PF firewall.

Step 1: Rebuild the kernel with the option ROUTETABLES set to a non-zero value. This will be how many routetables the kernel will support.
Custom kernel build
#cd /usr/src/sys/i386/conf
#cp GENERIC ROUTER
#echo option ROUTETABLES=6 >> ROUTER
#cd /usr/src
#make kernel
#install kernel
#reboot

Step 2: Tell PF that there's more than one routetable.
pf.conf changes
(examples made for this purpose!)
#cat /etc/pf.conf | grep rtable
pass in log on tun0 inet proto icmp from any to (tun0) icmp-type rtable 0
pass in log on tun1 inet proto icmp from any to (tun1) icmp-type rtable 1
pass in log on tun0 inet proto tcp from any to (tun0) port ssh rtable 0
pass in log on tun1 inet proto tcp from any to (tun1) port ssh rtable 1
pass in log on em0 inet proto tcp from em0:network to (em0) port 22 rtable 0

Step 3:Disable the SH clientin your rc.conf.
startup changes rc.conf
(examples made for this purpose!)
#cat /etc/rc.conf | grep ssh
sshd_enable="YES" # This is now handled by /etc/rc.local

Step 4:create /etc/rc.local.
rc.local file
(examples made for this purpose!)
#cat /etc/rc.local
#
# /etc/rc.local
#

# Build my alternate routing tables
/usr/sbin/setfib 0 /sbin/route add default 20.0.0.1
/usr/sbin/setfib 1 /sbin/route add default 30.0.0.1

# Start SSH daemons for each interface
/usr/sbin/setfib 0 /usr/sbin/sshd -f /etc/ssh/sshd_config.lan
/usr/sbin/setfib 0 /usr/sbin/sshd -f /etc/ssh/sshd_config.tun0
/usr/sbin/setfib 1 /usr/sbin/sshd -f /etc/ssh/sshd_config.tun1


And with that, you now have multiple routes on 1 machine.
Loadbalancing ethernet ports Sometimes we want a machine to have more than one link, using it as a loadbalanced interface or just as failover.
In freebsd there's an option called netgraph with which we can do this without the need to have a switch capable of link agregation (LACP in hp procurves for instance)
The advantage of this one is that the network interfaces do not have to be the same speed!

To accomplish this, create a file called /etc/rc.local and add the following commands to it. In the example, we have 3 xl interfaces of which we make xl0 the primary interface.
setting up netgraph loadbalancing
kldload netgraph
kldload ng_ether
kldload ng_one2many
kldload ng_socket
ifconfig xl0 up
ifconfig xl1 up
ifconfig xl2 up
ngctl mkpeer xl0: one2many upper one
ngctl connect xl0: xl0:upper lower many0
ngctl connect xl1: xl0:upper lower many1
ngctl connect xl2: xl0:upper lower many2
ngctl msg xl1: setpromisc 1
ngctl msg xl1: setautosrc 0
ngctl msg xl2: setpromisc 1
ngctl msg xl2: setautosrc 0
ngctl msg xl0:upper setconfig "{ xmitAlg=1 failAlg=1 enabledLinks=[ 1 1 1 1 1 1 ] }"
ifconfig xl0 192.168.100.1/24
	

As you can see, the ip address of the machine is assigned to the primary interface xl0.

Check out ngctl for options and status during use.

To make it persistent accross reboots, just add the above commands to the file /etc/rc.local and don't configure any interfaces in /etc/rc.conf.
Link failover and load balance A bit more advanced is link agregation, LACP in short. This allows links to fail and still have all traffic to keep flowing over the remaining links. This is done automatically by LACP.
It does however need to have all ethernet ports to be capable of the same speed!
Setting it up on the Freebsd side is pretty simple. Asuming we have 2 ports: xl0 and xl1, both at 1G:
LACP setup
#ifconfig xl0 up
#ifconfig xl1 up
#ifconfig lagg0 create
#ifconfig lagg0 up lagproto lacp laggport xl0 laggport xl1 192.168.1.1/24
	
With that, you have a lagg0 interface with the ip address the machine is using. MAke sure that there's no ip address assigned to any of the real ports!
To check if things are ok:
check settings
# ifconfig lagg0
lagg0: flags=8843 metric 0 mtu 1500
        options=8
        ether 00:05:5d:71:8d:b8
        inet 192.168.1.1 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect
        status: active
        laggproto lacp
        laggport: xl1 flags=1c
        laggport: xl0 flags=1c
      

Failover
For failover, it is only needed to change 'lagproto lacp' to 'lagproto failover'. The listing will look different:
check failover
# ifconfig lagg0
lagg0: flags=8843 metric 0 mtu 1500
        options=8
        ether 00:05:5d:71:8d:b8
        inet 192.168.1.1 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect
        status: active
        laggproto failover
        laggport: xl1 flags=0<>
        laggport: xl0 flags=5
      

Making it persistent
To make sure that the lagg is created at boot, the configuration has to be set in /etc/rc.conf as follows:
/etc/rc.conf changes
ifconfig_xl0="up"
ifconfig_xl1="up"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto lacp laggport xl0 laggport xl1 192.168.1.1/24"
      
Ofcourse, you can change lagproto lacp to lagproto failover if you want a failover link.
Wifi link failover As stated before, usually, a lacp failover needs 2 interfaces of the same speed. But there's a way around it for creating a failover using a wifi card.
Specially for a laptop a failover link over wifi is nice! The connection will prefer cabled ethernet, but when that fails automatically move to the wifi connection.
We have to keep in mind that the MAC address on the wifi should not be changed to the MAC address of the ethernet connection, most SOHO wifi routers can't handle this.
So instead, we make sure the MAC address of the ethernet connection is used.

First, get the MAC address of the wifi card (wlan0 is our wifi connection):
getting MAC address
ifconfig wlan0
wlan0: flags=8843 metric 0 mtu 1500
	ether b8:ee:65:5b:32:59
	groups: wlan
	ssid Bbox-A3BD2403 channel 6 (2437 MHz 11g ht/20) bssid 00:37:b7:56:4b:60
	regdomain ETSI country FR indoor ecm authmode WPA2/802.11i privacy ON
	deftxkey UNDEF AES-CCM 2:128-bit txpower 30 bmiss 7 scanvalid 60
	protmode CTS ampdulimit 64k ampdudensity 8 shortgi -stbctx stbcrx
	-ldpc wme burst roaming MANUAL
	media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
	status: associated
	nd6 options=29
      

From this information you can see the MAC address on the second line: ether xx:xx:xx:xx:xx:xx. Make a not of the address.
Next, we assign that address to the ethernet interface and configure our failover:
setting it up
ifconfig xl0 ether b8:ee:65:5b:32:59
ifconfig wlan0 create wlandev ath0 country NL ssid my_wifi up
ifconfig xl0 up
ifconfig lagg0 create
ifconfig lagg0 up lagproto failover laggport xl0 laggport wlan0

(check if things look ok)
ifconfig lagg0
lagg0: flags=8843 metric 0 mtu 1500
        options=8
        ether b8:ee:65:5b:32:59
        laggproto failover lagghash l2,l3,l4
        laggport: xl0 flags=5
        laggport: wlan0 flags=0<>
        groups: lagg
        media: Ethernet autoselect
        status: active		

(get an ip address using dhcp)
dhclient lagg0
	

Note the order of adding interfaces to the lagg0. the first interface added will become the master interface, the second will be the failover.

Again, to make this persistent over reboots, add the right configuration to /etc/rc.conf:
rc.conf changes
ifconfig_re0="ether b8:ee:65:5b:32:59"
wlans_ath0="wlan0"
ifconfig_wlan0="WPA"
create_args_wlan0="country NL"
cloned_interfaces="lagg0"
ifconfig_lagg0="up laggproto failover laggport xl0 laggport wlan0 DHCP"
Note that the setup of the wifi security, wpa passwords etc. is as usual:
/etc/wpa_supplicant.conf
network={
	ssid="myssid"
	psk="mypsk"
}