PXEBoot Setup

• Mount the FreeBSD install CD.

  mount /cdrom
  

• Copy all the contents of the FreeBSD install CD to /usr/tftpboot

  cp -R /cdrom /usr/tftpboot
  

Setup TFTP Server

Add or edit a line in /etc/inetd.conf to the following

tftp   dgram  udp   wait  root  /usr/libexec/tftpd  tftpd -s /usr/tftpboot

Install DHCP server

• Install the isc-dhcp3-server port.

  cd /usr/ports/net/isc-dhcp3-server/
  make && make install
  

Create a dhcpd.conf in /usr/local/etc, adjust the following example to fit your network

ddns-update-style none;
option broadcast-address 192.168.10.255;
option domain-name-servers 192.168.10.254;
option domain-name "simerson.net";
option routers 192.168.10.254;
option subnet-mask 255.255.255.0;
server-name "pxe-gw";
server-identifier 192.168.10.105;
next-server 192.168.10.105;
default-lease-time -1;

subnet 192.168.10.0 netmask 255.255.255.0 { 
    range 192.168.10.32 192.168.10.99;
    option root-path "192.168.10.105:/usr/tftpboot";
    filename "/boot/pxeboot";
}

The most important lines in the above example are

• This line identifies the TFTP server to the client.

  next-server 192.168.10.105;
  

• This line identifies the NFS server, and the NFS export the FreeBSD kernel should mount as "/". You typically do not need to specifiy the server's IP address if it is the same server listed as next-server.

  option root-path "192.168.10.105:/usr/tftpboot";
  

• This is the pxeboot kernel location relative to the TFTP server root (in this case /usr/tftpboot)

  filename "/boot/pxeboot";
  

Create a NFS Share

Edit /etc/exports

 /usr/tftpboot -alldirs -network 192.168.10.0 -mask 255.255.255.0

Restart the NFS daemons

/etc/rc.d/nfs restart

Start inetd

/etc/rc.d/inetd start

Start dhcpd

/usr/local/etc/rc.d/isc-dhcpd start

Your system should now be able to PXE boot from this server. Ensure that your system's BIOS is set to boot from its network card.

Once Booted

Login using the username root with no password.

Sysinstall Part 1

• Run

  sysinstall
  

  • Select Custom
    • Select partition
      
      • Use the D key to delete all existing partitions.
      • Use the A key to create one partition that uses the entire disk.
      • Use the S key to set the partition bootable.
      • Use the W key to write changes. Acknowledge the message.
      • Use the Q key to quit the FDISK Editor.
    • On the next screen select BootMgr.
    • Select OK to continue.
    • Select Cancel
  • Select Exit Install

Warning: Do not use sysinstall's BSDLabel editor, it will attempt to mount the labels to the root of the install enviroment, effectively unmounting the NFS root and freezing the system.

BSDLabel

• Run

  bsdlabel -w /dev/ad4s1
  

  This writes a standard label to the partition.

• Next run

  bsdlabel -e /dev/ad4s1
  

  Note: If you need to use a different editor set the EDITOR enviroment variable to whatever editor you like.

When you start you will only see an "a" and "c" label created. Here you are creating labels. "a:" typically is the root label of your system, and "b:" is the swap label. Do not edit "c:". For the size of a label you can use G for gigabytes, M for megabytes, and K for kilobytes after the number. You can just enter a number for size in which case it will be interperted as number of blocks. On the last label you can specifiy "*" for size and it will occupy the rest of the availale space. For offset keep whatever the standard label created for "a:". For the rest of the labels you can use a "*" to have bsdlabel calculate the value. For fstype enter 4.2BSD for all the data labels, and swap for the swap label. Use the standard labels setting for fsize, bsize, and bps/cpg for the "a:" label. For the rest of the labels you can just enter a "*" for these three settings and BSDLabel again will calculate the values for you.

#       size        offset      fstype      [fsize  bsize   bps/cpg]
a:      4G          16          4.2BSD      2048    16384   28528 
b:      512M        *           swap        *       *       *
c:      72292437    0           unused      0       0       # "raw" part, don't edit
d:      1G          *           4.2BSD      *       *       * 
e:      2G          *           4.2BSD      *       *       * 
f:      *           *           4.2BSD      *       *       *

Newfs

Format the new labels, use the -o flag to optimize the format for space instead of time ( change the device name to what your system is uses for its hard drive )

newfs -o space /dev/ad4s1a

Add the -U flag for soft updates for the rest of the labels

newfs -o space -U /dev/ad4s1d  
newfs -o space -U /dev/ad4s1e  
newfs -o space -U /dev/ad4s1f

Mount

Turn on swap on the swap label.

swapon /dev/ad4s1b

Label a is the root of the system so mount it first to /mnt

mount /dev/ad4s1a /mnt

Make the folders for the following mount points.

mkdir /mnt/tmp
mkdir /mnt/var
mkdir /mnt/usr

Mount the rest of the labels.

mount /dev/ad4s1d /mnt/tmp
mount /dev/ad4s1e /mnt/var
mount /dev/ad4s1f /mnt/usr

Sysinstall Part 2

Run

sysinstall

The following is very important, if you forget this step sysinstall will try to install to / and will unmount the NFS mount, and the install enviroment will freeze.

• Select Options

  • Edit Install Root. Set it to "/mnt" (where we mounted the root label)
  • Exit the options menu

• Next select Distributions. You can select any distributions you wish. I reccommend doing a minimal install, then going into custom and adding man pages and catman pages. As well if you want to recompile your kernel later on go to src and select base and sys.

• Select Media

  • Select Filesystem and enter "/" when asked. This works because we have the installation CD mounted as the root partition of the install environment over NFS.
  • Select Commit, sysinstall will then start installing FreeBSD to /mnt
  • Once completed select Exit. Sysinstall cannot do any of the post install configuration quite yet.

Once back to the command line run

chroot /mnt

This brings you into your installed environment, so sysinstall can do its normal post-install configuration.

Sysinstall Part 3

Run

sysinstall

• Goto configure
  • Select root password, set your system's root password here.
  • Select user management to add one or more users.
  • Select Time Zone to set your system's timezone.
  • Select Mouse, if you want to enable the mouse daemon.
  • Select Networking
    • Select Interfaces to configure your network interfaces.
      Warning: When asked if you want to bring the interface up, say no. If you do and this is the interface that is currently communicating to the NFS server your install enviroment will freeze.
    • Select Gateway to set your network gateway
    • Select Ntpdate if you want to enable the use of ntpdate at boot.
    • Select sshd to enable the ssh daemon.
    • Select Exit to continue
  • Select Exit
• Select Exit Install

Edit fstab.

ee /etc/fstab

Creating something similar to the following. Specifiy the device and its corrisponding mount point.

#Device         Mountpoint      FSType  Options Dump    Pass
/dev/ad4s1a     /               ufs     rw      1       1
/dev/ad4s1b     none            swap    sw      0       0
/dev/ad4s1d     /tmp            ufs     rw      2       2
/dev/ad4s1e     /var            ufs     rw      2       2
/dev/ad4s1f     /usr            ufs     rw      2       2

Even though the kernel was copied to /mnt/boot it wasn't installed into the default location /boot/kernel. Run:

rm -rf /boot/kernel

Depending on if you have SMP system or not sysinstall will have install the SMP kernel or the GENERIC kernel. Move the corrisponding kernel folder to /boot/kernel.

mv /boot/SMP /boot/kernel

or

mv /boot/GENERIC /boot/kernel

Reboot

That should be everything. Run the reboot command, and ensure you do not PXEBoot again otherwise you will boot back into the install enviroment. Boot off the correct hard drive.

References

http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pxe

options TCP_RESTRICT_RST

This option limits the number of RST TCP packets FreeBSD will make. Port scanners will typically look for RST packets for closed ports. Limiting the number or responses can slow down port scans. Also this can be used to protect from denial of service attacks. To enable this option add to your rc.conf:
tcp_restrict_rst="YES"
Note: it looks like the TCP_RESTRICT_RST option isn't valid anymore. It seems its a default behavior.

options IPSTEALTH

When doing routing with a FreeBSD server, this option turns on stealth forwarding. Essentially it hides itself from traceroutes. The idea being that it simple does not respond to a traceroute ICMP packet. From my understanding it forwards the packet without adding to the hop count, so when the next hop responds it looks to the user that it is next in line.

options ACCEPT_FILTER_DATA

options ACCEPT_FILTER_HTTP

The idea behind these two options is ease load on Apache or other applications that implement support for accept filters. FreeBSD will delay an accept() from being handed off to an Apache child until, in the case of the HTTP filter, a HTTP request is made. This lets Apache children receive the connection when data is ready, instead of waiting for the connection to be setup and then have data be sent. This will speed up processing for very busy webservers. Find more info at apache.org.

options ICMP_BANDLIM

This option limits the number of error responses FreeBSD will make for ICMP packets. This is to protect against ICMP denial of service attacks.
Note: it looks like the ICMP_BANDLIM option isn't valid anymore. It seems its a default behavior.

options DUMMYNET

Dummynet is used for a few reasons. One is to do bandwidth limiting and queuing (true packet rate limiting) with ipfw. You can also use it for simulating packet loss or delay on a network. Read more at dummynet.com.

options DEVICE_POLLING

options HZ=1000

If your network adapters supports device polling, that is have the kernel poll the network adapter directly for new data instead of using a slower IRQ for polling, enable these two options. Check the man page for your given driver to see if device polling is supported. This may raise CPU utilization a small amount, but should result in a small gain in network performance. Set HZ to the rate in which you want the kernel to poll the driver. Higher number means slower polling and slower network performance, but less CPU utilization. Lower number means faster polling and slightly higher network performance, but more CPU utilization. 1000 Hz has worked well for me on heavy traffic servers.

options QUOTA

Enable disk quota support. This lets you give shell users or system users a set amount of disk space. Don't forget to add "userquota" and/or "groupquota" in /etc/fstab for the partition you want to enable quotas on. Also add to your rc.conf:
quota_enable="YES"
check_quotas="YES"

options IPDIVERT

Enable this option if you want to use natd for network address translation. Check the natd man page or the FreeBSD Handbook for more information.

options IPFIREWALL

Enable this option to compile IPFW into the kernel. NATD will require this.

options IPFIREWALL_VERBOSE

Enable this option if you want IPFW to log to /var/log/security by default. You still need to add log to a given IPFW rule.

options IPFIREWALL_VERBOSE_LIMIT=20

Enable this option and set it equal the number that you want IPFW to stop logging an individual rule. In other words after a rule has made, in the above example 20, log entries do not log that rule anymore. This is to protect again log flooding.