Home arrow Configure arrow FreeBSD Production Server
FreeBSD Production Server PDF
Saturday, 10 March 2007

This tutorial is about building a FreeBSD Production Server. This will cover any type of server, like router,firewall, web server, email server, proxy server, file server or a FreeBSD server used in any purpose. We will not cover here howto install a particular service, topic that is covered in other tutorials on FreeBSDOnline.com.

Step 1. Download FreeBSD ISO, burn and Install it.

Download FreeBSD ISO Disk 1 (for example FreeBSD 6.2) from ftp.freebsd.org, burn and install it choosing Developer.

Sugestion for Partition Layout (must be added here).

Step 2. Upgrade your FreeBSD source files and ports to latest version

FreeBSD ISO that you've installed is the latest Release. In order to have latest patches and drivers you need to cvsup (upgrade using cvs system which is used by FreeBSD Developers) to latest stable sources.

Add cvsup utility that will cvsup your FreeBSD sources:

 pkg_add -r cvsup-without-gui

cvsup is yout network distribution package utility for CVS repositories.

You can copy a cvs-supfile from examples installed on your FreeBSD system:

cp /usr/share/examples/cvsup/cvs-supfile /home/admin/cvs-supfile

Or you can create a new file with the following content:

# ------------- cvs-supfile --------------
*default host=cvsup12.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default delete use-rel-suffix
*default tag=RELENG_8_2
*default compress
ports-all tag=.
# ------------ end cvs-supfile ----------

Then launch cvsup:

 cvsup -L2 cvs-supfile

or you can use csup which is in base:

 csup -L2 cvs-supfile

Step 3. Recompile FreeBSD with specific cpu settings

To see informations about CPU

 dmesg | head -15

Edit /etc/make.conf and add:
# CPUTYPE?=  k8                # for athlon64, i386
# CPYTYPE?= athlon64        # for athlon64, amd64

Go to dir where you have config file for your kernel and edit it

  cd /usr/src/sys/i386/conf
  edit SERVER

My Kernel Config file look like this:
# --------------SERVER config file ------------------------------
machine         i386
cpu             I586_CPU
cpu             I686_CPU
ident           ROUTER

options         SMP
options         SCHED_4BSD              # 4BSD scheduler
options         PREEMPTION              # Enable kernel thread preemption
options         INET                    # InterNETworking
#options        INET6                   # IPv6 communications protocols
options         FFS                     # Berkeley Fast Filesystem
options         SOFTUPDATES             # Enable FFS soft updates support
options         UFS_ACL                 # Support for access control lists
options         UFS_DIRHASH             # Improve performance on big directories
options         MD_ROOT                 # MD is a potential root device
#options        NFSCLIENT               # Network Filesystem Client
#options        NFSSERVER               # Network Filesystem Server
#options        NFS_ROOT                # NFS usable as /, requires NFSCLIENT
#options        MSDOSFS                 # MSDOS Filesystem
options         CD9660                  # ISO 9660 Filesystem
options         PROCFS                  # Process filesystem (requires PSEUDOFS)
options         PSEUDOFS                # Pseudo-filesystem framework
options         GEOM_GPT                # GUID Partition Tables.
options         COMPAT_43               # Compatible with BSD 4.3 [KEEP THIS!]
options         COMPAT_FREEBSD4         # Compatible with FreeBSD4
options         COMPAT_FREEBSD5         # Compatible with FreeBSD5
options         SCSI_DELAY=5000         # Delay (in ms) before probing SCSI
options         KTRACE                  # ktrace(1) support
options         SYSVSHM                 # SYSV-style shared memory
options         SYSVMSG                 # SYSV-style message queues
options         SYSVSEM                 # SYSV-style semaphores
options         _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
options         ADAPTIVE_GIANT          # Giant mutex is adaptive.

# [...............  other drivers from GENERIC .............]

#Firewall and NAT
options         IPFIREWALL
options         IPDIVERT
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         DUMMYNET
options         IPFIREWALL_FORWARD

options HZ=1000

options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ

# support for pf firewall
device mem
device pf
device pflog
device pfsync

options SHMSEG=16
options SHMMNI=32
options SHMMAX=2097152
options SHMALL=4096
options MAXFILES=8192
# ---------------- END SERVER kernel config file ------------------------

Rebuild your FreeBSD kernel and world:

 cd /
 mergemaster -pai
 cd /usr/src
 make -j2 buildworld
 make -j2 buildkernel KERNCONF=SERVER
 make installkernel KERNCONF=SERVER
 cd /
 mergemaster -ai

After that do a reboot, then install world:

 cd /usr/src
 make installworld

Last Updated ( Monday, 13 February 2012 )

Other BSD Systems





Best BSD firewall?