Computer/FreeBSD の変更点

追加された行はこの色です。
削除された行はこの色です。
Computer/FreeBSD へ行く。
Computer/FreeBSD の差分を削除
#author("2026-04-16T00:27:28+00:00","hhh","hhh")
#author("2026-05-14T06:31:14+00:00","hhh","hhh")
&size(24){&color(olive){''FreeBSD''};};
#topicpath
#ls2
#contents
#br

- http://www.freebsd.org/

- FreeBSD UTF-8化
- http://www.bugbearr.jp/?FreeBSD%2FUTF-8%E5%8C%96

- CIDR
- https://www.softel.co.jp/labs/tools/network/


*** 一行コメント [#a7df4b23]

//#comment(below,noname)
- ifconfig em0 media 100baseTx mediaopt full-duplex --  &new{2017-05-01 (月) 09:57:16};
- CPANはwww/p5-libwww --  &new{2016-07-25 (月) 21:47:23};

- /usr/local/bin/rsync -av --iconv=UTF-8,EUC-JP-MS --delete aaa:from bbb:to --  &new{2015-03-26 (木) 17:23:39};
- 引越しのmountには-o async,noatimeを渡すと転送が捗ります --  &new{2012-06-08 (金) 11:03:04};
- インストール後にboot selectorをインストールするには，# boot0cfg -B /dev/ada0 --  &new{2011-10-01 (土) 14:54:47};
- NTFSを日本語で # mount_ntfs -o ro -CEUC-JP /dev/ada1s2 /mnt --  &new{2011-07-28 (木) 22:30:26};
- setxkbmap -option "ctrl:swapcaps" --  &new{2010-09-26 (日) 10:35:52};
- emacsを立ち上げてM-x view-fileするとROでファイルが眺められる。 --  &new{2010-06-09 (水) 13:47:59};
-slogin -Y enables trusted X11 forwarding. --  &new{2009-11-01 (日) 20:48:55};
-xdletaはbinary diff --  &new{2005-09-13 16:38:13 (Tue)};
-chown -h hoge:hoge pon でシンボリックリンクの所有者変更 --  &new{2005-07-08 15:54:34 (Fri)};
-cp -d hoge でシンボリックリンクをシンボリックリンクのままコピー -- &new{2005-07-04 18:26:11 (Mon)};

- FreeBSD .DS_Store掃除
 # find /opt -name .DS_Store -print -delete

- 指定時刻シャットダウン
 # shutdown -p 2509151100
 Shutdown at Mon Sep 15 11:00:00 2025.

*** Let's Encrypt [#h2cf6001]

- https://letsencrypt.org/

- FreeBSD 12とApache 2.4とcertbotでLet's Encrypt!
- https://decomo.info/wiki/freebsd/apache/freebsd_12_apache24_certbot
- https://decomo.info/wiki/freebsd/apache/freebsd_13_apache24_certbot
- https://certbot.eff.org/instructions?ws=apache&os=freebsd

- In order to automatically renew the certificates, add this line to /etc/periodic.conf:
  weekly_certbot_enable="YES"
- More config details in the certbot periodic script:
 /usr/local/etc/periodic/weekly/500.certbot-3.8

- VirtualHost環境でLet’s Encryptを導入
- https://hp.ofuton.org/305/

- Let's Encryptを利用してApache 2.4サーバをHTTPS化する
- https://qiita.com/ariaki/items/5680cb6da6223844af4e

- certbot
 # pkg install py311-certbot-apache
 # certbot certonly --webroot -w /usr/local/www/apache24/data -d dataz.dyndns.info
 Successfully received certificate.
 Certificate is saved at: /usr/local/etc/letsencrypt/live/dataz.dyndns.info/fullchain.pem
 Key is saved at:         /usr/local/etc/letsencrypt/live/dataz.dyndns.info/privkey.pem

- Let’s Encryptの証明書をRSA方式で更新。
- https://manualmaton.com/2023/05/28/lets-encrypt%E3%81%AE%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%82%92rsa%E6%96%B9%E5%BC%8F%E3%81%A7%E6%9B%B4%E6%96%B0%E3%80%82/

- certbot
 # certbot certonly --webroot -w /usr/local/www/apache24/data -d dataz.dyndns.info --key-type rsa


*** coreutils [#qf26d1cb]

- pkg
 pkg install coreutils

- 1年以内に更新されたフィイルをディレクトリ構造を保ってコピー
 find mora -mtime -365 -type f -print0 | xargs -0 gcp --parents -t /home/hasebe/mora

*** pukiwiki-1.5.4 [#z99f351a]

- mod_php80
-- install
 # pkg install gcc php80-session
 # cd /usr/ports/www/mod_php80
 # sh
 # export CC=/usr/local/bin/gcc
 # make install clean
 # pkg lock mod_php80
 # pkg info -D mod_php80
-- https://forums.freebsd.org/threads/apache24-with-mod_php82-wont-start-up.86779/page-2

- php-fpm
-- mod_php80 -> php-fpm
 # pkg delete mod_php80 php80-session php80
 # pkg install php81-session
-- /etc/rc.conf
 php_fpm_enable="YES"
-- /usr/local/etc/php-fpm.d/www.conf
 listen = 127.0.0.1:9000
-- /usr/local/etc/apache24/httpd.conf
 LoadModule proxy_module libexec/apache24/mod_proxy.so
 LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
 
 <FilesMatch "\.php$">
   SetHandler proxy:fcgi://127.0.0.1:9000
 </FilesMatch>
-- start
 # /usr/local/etc/rc.d/php-fpm start
 # apachectl gfraceful

*** rsync [#j87d2826]

- iconv
 # cd /usr/ports/converters/libiconv/
 # make config
 [x] ENCODINGS
 [x] PATCHES

- rsync
 # ce /usr/ports/net/rsync/
 # make config
 [x] ICONV
 (*) FLAGS

- /usr/local/bin/rsync -av --iconv=UTF-8,EUC-JP-MS --delete aaa:from bbb:to
- lock
 pkg lock rsync
 pkg lock libiconv


*** SoftEther VPN [#g04cb34d]

- http://ja.softether.org/

- run
 # vpnserver/vpnserver start
// # vpnbridge/vpnbridge start
 # vpncmd/vpncmd

- vpncmd
 > ServerPasswordSet
 > UserCreate
 > UserPasswordSet
 > BridgeCreate
 > IPsecEnable

- http://ytsrvlog.blogspot.jp/2014/04/softethervpn-2.html

- ports
 To run softether vpn client from startup, add
 softether_client_enable="YES" in your rc.conf.
 
 To run softether vpn server from startup, add
  softether_server_enable="YES" in your rc.conf.
 
 To run softether vpn bridge from startup, add
 softether_bridge_enable="YES" in your rc.conf. 
 
 Initial and further configuration of all softether services can be
 done either by using a Windows client to connect to the running
 services or by vpncmd from command line.
 
 Please note client and bridge functionality is not fully
 supported on FreeBSD right now.
 
 When removing SoftEther VPN without the desire to reinstall, please
 ensure to remove the directory /var/db/softether as well.
 

*** samba4 [#la944902]

- rc.conf
 #samba_enable="YES"
 samba_server_enable="YES"

- smb.conf
 # cp /usr/local/etc/smb.conf /usr/local/etc/smb4.conf

- いったんstart/stop
 # /usr/local/etc/rc.d/samba_server start
 # /usr/local/etc/rc.d/samba_server stop

- ユーザ移行
 # cp /usr/local/etc/samba/* /var/db/samba4/private

- wsdd
 # pkg install py39-wsdd
-- /etc/rc.local
 wsdd_enable="YES"
-- Windows 10はNetBIOSをツカわず、Web Service Discoveryのみになった。
-- SMBクライアントがブラウジングリストに表示されない。

*** コンソール [#g3947393]

- vtを有効化
-- /boot/loader.conf
 hw.vga.textmode=0
 kern.vty=vt

- sc
-- モードの確認
 # vidcontrol -i mode
-- 手動設定
 # vidcontrol MODE_291
-- /etc/rc.conf
 allscreens_flags="MODE_291"

*** avahi [#ebe62c3c]

- dbus
 # cd /usr/ports/devel/dbus
 # make config
 - X11
 # make install clean

- avahi
 # cd /usr/ports/net/avahi
 # make config
 - AUTOIPD
 - GTK
 # make install clean
 # vi /usr/local/etc/avahi/avahi-daemon.conf
 host-name
 domain-name
 # vi /etc/nsswitch.conf
 hosts: files mdns dns

- mdns
 # portmaster dns/nss_mdns



*** screen [#ve1f719a]


- .screen
 escape ^T^T
 vbell off
 startup_message off
 defscrollback 1000
 defhstatus "^En:^Et"

-- [[screenのススメ:http://www.dekaino.net/screen/]]
|~shortcut|~command|
|c-t S|split|
|c-t TAB|switch between split screens|
|c-t X|remove|
|c-t c-[|copy|
|c-t c-]|paste|
|SPACE|set start and end point in copy mode|
#br

-.bashrc
 export PS1='\h\$ '

-.emacs
 (setq inhibit-startup-message t)
 (setq display-time-24hr-format t)
 (display-time)
 (setq column-number-mode t)
 (global-set-key "\M-g" 'goto-line)
 (set-input-mode nil nil t) ;// -nwのときaltをmetaに
 ;(tool-bar-mode 0) ; // -nwのときエラーになる todo


*** pf [#vd4675bb]

- packet filteringはラストマッチングルールで、デフォルトはpass

- rc.conf
 pf_enable="YES"
 gateway_enable="YES"

- /etc/pf.conf
-- 変数定義
 ext_if="xl0"
 int_if="fxp0"
 internal_net="192.168.0.0/24"
-- トラフィック成形
 scrub in all
 scrub out all random-id max-mss 1414
-- NAT
 nat on $ext_if from $internal_net to any -> ($ext_if)
-- ポートフォワード
 rdr on $ext_if proto tcp from any to port 1234 -> $gbx port 1234
-- UPnP
 rdr-anchor "miniupnpd"
 anchor "miniupnpd"
 pass out on $int_if from any to 239.0.0.0/8 keep state
 pass in on $int_if from any to 239.0.0.0/8 keep state
-- SMB
 block on $ext_if proto {tcp, udp} from any to any port {137, 138, 139, 445}


*** mpd [#x0b879bf]

- mpd5
 startup:
         
 default:
         load pppoe_client
         
 pppoe_client:
         create bundle static B1
 
         set iface route default
         set iface enable tcpmssfix
         
         create link static L1 pppoe
 
         set link action bundle B1
         set link no acfcomp protocomp
         set link disable pap
         set link accept chap
         set link max-redial 0
         set link mtu 1454
         set link mru 1454
         set link keep-alive 10 60
 
         set auth authname xxx
 
         set ipcp yes vjcomp
         set ipcp ranges 0.0.0.0/0 0.0.0.0/0
 
         set pppoe iface fxp0
         set pppoe service ""
 
         open

*** WLAN STA [#qe5ab091]

- /etc/rc.local
 ifconfig wlan0 create wlandev ath0 mode 11a country J5
 wpa_supplicant -B -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf
 sleep 4
 dhclient wlan0

または

- /etc/rc.conf
 wlans_ath0="wlan0"
 ifconfig_wlan0="WPA DHCP"
 ifconfig_wlan0_ipv6="inet6 accept_rtadv"

- /etc/wpa_supplicant.conf
 ctrl_interface=/var/run/wpa_supplicant
 network={
   ssid="AirPort5"
   psk="1234123412345"
 }


*** WLAN AP [#j1128eec]

- manual
 # ifconfig wlan0 create wlandev ath0 wlanmode hostap mode 11na country J5
 # ifconfig bridge0 create addm wlan0 addm fxp0 up

- /etc/hostapd.conf
 nterface=wlan0
 driver=bsd
 ctrl_interface=/var/run/hostapd
 ctrl_interface_group=wheel
 ssid=aaa
 country_code=JP
 #ieee80211d=1
 hw_mode=a
 #channel=13
 auth_algs=1
 #wme_enabled=1
 wpa=2
 wpa_passphrase=1111111111111
 wpa_key_mgmt=WPA-PSK
 wpa_pairwise=CCMP

- /etc/rc.conf
 create_args_wlan0="wlanmode hostap mode 11na country J5"
 wlans_ath0="wlan0"
 ifconfig_wlan0="channel 3:ht/40"
 hostapd_enable="YES"
 cloned_interfaces="bridge0"
 ifconfig_bridge0="addm wlan0 addm fxp0 up"

*** WLAN monitor [#x6588084]

- manual
 # ifconfig wlan0 create wlandev ath0 wlanmode monitor mode 11a country J5

- tcpdump
 # ifconfig wlan0 channel 36
 # tcpdump -i wlan0 -y IEEE802_11_RADIO -e
 # tcpdump -i wlan0 -I -e

*** vtund Ethernet bridge [#q02230dd]

-loader.conf
 if_bridge_load="YES"
 if_tap_load="YES

-サーバ側 vtund.conf
 options {
   port 5000;            # Listen on this port.
   bindaddr { iface vr0; };
 
   # Syslog facility
   syslog        daemon;
 
   # Path to various programs
   ppp           /usr/sbin/pppd;            
   ifconfig      /sbin/ifconfig;
   route         /sbin/route;
   firewall      /sbin/ipchains;
   ip            /sbin/ip;
 }
 
 # Default session options 
 default {
   compress no;          # Compression is off by default
   speed 0;              # By default maximum speed, NO shaping
 }
 
 # Ethernet example. Session 'lion'.
 lion {
   passwd  aaaaaa;       # Password
   type  ether;          # Ethernet tunnel
   device tap0;          # Device tap0 
   proto udp;            # UDP protocol
   compress  lzo:1;      # LZO compression level 1 
   encrypt  yes;         # Encryption
   stat  yes;            # Log connection statistic 
   keepalive yes;        # Keep connection alive
   up {  
         ifconfig "%% 192.168.0.2 netmask 0xffffff00";
         ifconfig "bridge0 create";
         ifconfig "bridge0 addm tap0 addm fxp0 up";
   };
 
   down {
         ifconfig "bridge0 deletem tap0 deletem fxp0";
         ifconfig "bridge0 down destroy";
         ifconfig "%% delete down"; 
   };
 }

 
- クライアント側 vtund.conf
 options {
   port 5000;            # Connect to this port.
   timeout 60;           # General timeout
 
   # Path to various programs
   ppp           /usr/sbin/pppd;
   ifconfig      /sbin/ifconfig;
   route         /sbin/route;
   firewall      /sbin/ipchains;
   ip            /sbin/ip;
 }
 
 # Ethernet example. Session 'lion'.
 lion {
   passwd  aaaaaa;       # Password
   type  ether;          # Ethernet tunnel
   device tap0;          # Device tap1
   up {
         ifconfig "%% 192.168.100.253 netmask 0xffffff00";
         ifconfig "bridge0 create";
         ifconfig "bridge0 addm tap0 addm fxp0 up";
   };
   down {
         ifconfig "bridge0 deletem tap0 deletem fxp0";
         ifconfig "bridge0 destroy";
         ifconfig "%% delete down";
   };




*** 録音 [#w86022f0]

- wavrec
 #!/bin/sh
 mixer =rec line rec 25
 wavrec -s 48000 -M -t 900 RJ-`date "+%Y-%m-%d"`.wav