Written by Derrick Lewis and last updated on 11/14/2004 - [ freebsd ]

The purpose of this guide is to provide the reader with enough knowledge to configure FreeBSD with a basic NAT/Firewall setup, allowing you to share your internet connection between all your computers with only one IP address, and to protect your network from hackers. This is not intended to be an exhaustive guide, merely a reasonably in depth introduction to get you off on the right foot as painlessly as possible. You will have to modify this guide somewhat to match your particular network configuration. Here are the settings I use for this guide: xl0 - External (internet facing) interface. Change to suit your configuration. xl1 - Internal (inside network) interface. Change to suit your configuration. 192.168.0.0/16 - Internal network address space/netmask. Change to suit your configuration. 0.0.0.0/32 - Generic internet address space/netmask. Leave this alone, unless you really know what you're doing.

Written by Derrick Lewis and last updated on 01/14/2004 - [ freebsd ]

This is the first part of a series on the DJBDNS package. The entire series will cover setting up and using the major components of the DJBDNS package: dnscache, tinydns (the authoritative DNS server, and axfrdns (for zone transfers)). DJBDNS is a replacement package for BIND, written by Dan Bernstein, who brought us qmail. Why would you want to use DJBDNS when BIND is the defacto standard on the Internet? Security and efficiency. DJBJDNS package is essentially hack-proof. To this day there have been no vulnerabilities found in the DJBDNS package itself. Also, DJBDNS uses a fraction of the memory and processing power of BIND, and operates at several times the speed of BIND. Another great reason to use DJBDNS is the separation of the components of the DNS system into separate programs, allowing you to run only what you need, not the all or none approach taken by BIND. This, the first part of this series, will discuss using dnscache to allow the computers behind your FreeBSD firewall/router to access DNS data quickly and efficiently. A DNS cache acts as middleman between the computers on your internal network and the outside DNS servers. It also helps streamline your network by storing up to 1 megabyte (a lot) of queries in memory so that repeated queries for one domain aren't sent out over the Internet, only the first. Cutting this load on the Internet is also one thing you can do to be a good Internet citizen.

Written by Derrick Lewis and last updated on 12/01/2003 - [ freebsd ]

Security is one of the most important things in administrating any sort of computer system. FreeBSD is certainly much more secure than Windows and other popular computer systems; however, most security problems lie within the user and other running software on the system than the OS itself. This guide will give a few hints and examples to make it a fair bit harder to violate your system.

Written by Derrick Lewis and last updated on 10/04/2006 - [ freebsd ]

Want to speed up your system a bit as well as reduce boot time and resource usage? Or compile extra features into your kernel? The best way to do that is to compile your own custom kernel yourself. It is much simpler than you would think, ESPECIALLY if you've ever tried it in Linux. ;)