what is the last freebsd version?

warsoul: freebsd.org/news/newsflash/#2024-08-03:1

b2ag how i upgrade from FreeBSD14.0 to 14.1?

I have no clue. Only used FreeBSD by proxy in OpnSense and TrueNAS 😅

ok thanks

i just find out

im getting this error after doing upgrade from 14.0 to 14.1

what do i need to do here?

still no expert but I would try to edit /etc/pkg/FreeBSD.conf , decide between latest and quarterly (so delete the other line), remove the merge markers and try again

merge are this }

?

"<<<<<<< current version"

=======

>>>>>>> 14.1-RELEASE

ok remove the " on both url

?

no, remove the lines with <=> I pasted and decide which of the two url lines should stay

if you want to avoid this in the future, use the lines in 14.0-RELEASE and make the change to latest in /usr/local/etc/pkg/repos/FreeBSD.conf

14.1-RELEASE*

llua what do i need tho change

?

read the line before i response

delete: <<<<<<< current version, url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", ======= and >>>>>>> 14.1-RELEASE

ok

llua only delete the === & >>>>

llua it worked i think lol

im getting this error now

this is my FreeBSD.conf

lines 14 and 13 or 11 must be deleted

Hi all, I installed freebsd on my x220i today and I've been trying to set up sway. I've followed the documentation so far but when I launch sway none of the text displays correctly

warsoul: the merge markers are the full line, not just the <<<<<<< / ======= / >>>>>>>

can anyone link me a good guide to openvpn in jails?

and apache24

basically i never used jailes before :f

in such case probably starting with a handbook is the way to go: docs.freebsd.org/en/books/handbook/jails

hadret: can you lead me through running apache in a jail?

mane do you want tools or do you want to use the base utils only?

idk

mane which FreeBSD are you on? and what file system are you using?

14 zfs

also i just started a basic classic jail and my networking froze :f

mane no worries. we'll go step by step

thank you

you can use Jailer (jailer.dev) which basically autogenerates the config files; or we can use the base tools, but things will be done manually

> choose your options

lets do this mainually

(I feel like a game from the 70s, like Zork)

good. let's create a Jail template, so you can use it multiple time

i've created a basic classic jail but when i started it my networking instantly froze and i had to reboot

start with creating a dataset for your jails; zfs create -o mountpoint=/usr/local/jail zroot/jails ; change path and pool as needed

mane are you on bare metal (laptop, desktop, bare metal server) or on a virtual instance ?

i'm doing that on my vps :f

yeah, then we'll make sure you don't loose connection :) single IP I assume?

yeah

single ip

let me know if the dataset is created

it is

then you can start creating a template; zfs create zroot/jails/14.0-RELEASE

or 14.1, if you're on that

created

then, we'll "install" the base system, but we will not boot it

ok

we'll start by fetching base

ok

how?

so like this: download.freebsd.org/releases/amd64/14.1-RELEASE/base.txz

if you're on arm, use arm64; or change version number as needed

got it

after the base is installed, we will extract it; tar xvf base.txz -C /usr/local/jails/14.1-RELEASE

s/installed/fetched

lol

ok got it

great! let's snapshot it so we can use it

zfs snap zroot/jails/14.1-RELEASE@base

i use 14.0

I hope you also fetched the correct base.txz, right?

i did

good

ok i got the snapshot

now can create a new thick jail

ok

zfs send zroot/jails/14.0-RELEASE@base | zfs recv zroot/jails/www0

this will make a replica of the base as www0

or choose your jail name as you want

ok i want it for apache so far

done

www0 it is

great!

now we need to choose; do you want VNET jails (it's own network stack); or old-school jails

I recommend VNET jails, they are more... host-like

but takes longer to configure

maybe i should use an automated tool instead :f

hahaha, maybe you should, but I recommend this manual way for the first time, just for you to understand the process

it's too much work and there will be trouble while upgrading freebsd

ok

[root@vlepy ~]# zfs send zroot/jails/14.0-RELEASE@base | zfs recv zroot/jails/www0

actually, when upgrading it will not matter at all, luckily!

thats what i did last

nice! okay since you want apache, it's better to use VNET jails

now we'll create a bridge interface, a switch

ok

also i have lunch in around 30 minutes

i can't skip it

oh we're done in 5 minutes

here's a switch config; sysrc cloned_interfaces="bridge0"

cloned_interfaces: lo1 -> bridge0

i had already a cloned interface

and here's it's address config; sysrc ifconfig_bridge0="inet 10.0.0.1/24"

ok done

[root@vlepy ~]# sysrc ifconfig_bridge0="inet 10.0.0.1/24"

ifconfig_bridge0: -> inet 10.0.0.1/24

actually, my bad, to make sure it always works, let's use this: ifconfig_bridge0="inet 10.0.0.1/24 up"

after that, we can start the switch! service netif start bridge0

if all is done right, then you will have `bridge0` interface when you look with `ifconfig`

if all is good, we can config the jail

-su: netif: command not found

it's `service netif start bridge0`

it works!

great! let's configure the jail

service jail enable

and finally, here's the config template

done

(does bsd.to still work? where can I paste)

paste.debian.net

maybe it's not bsd but it's a pretty good pastebi n

thanks!

here it is

save it in `/etc/jail.conf.d/www0.conf`

it basically creates an epair interface ; attaches the interface to bridge0; attached the other end of the interface to the jail; and boots

after you have the config there just run ; service jail start www0

hopefully all went fine!

what about host.hostname var in the config?

why is it "${name}.bsd.am"

you can do www0.yourhostname

well because bsd.am is mine

and I use jail name as subdomain

:P

ok

:q

the log file is a console log, if something fails at boot time, you can have a look at /var/log/jail-jailname.log

if all is done, you should have a jail! `jls` will show the jail

jail: www0: /sbin/ifconfig lo0 127.0.0.1 up: failed

that's the first command; I wonder if the jail path is not correct?

i think it's correct

# ls /usr/local/jails/

14.0-RELEASE 14.1-RELEASE containers media templates www0

path = "/usr/local/jails/${name}";

looks pretty correct

what about: ls /usr/local/jails/www0

nothing in there

zfs send/recv has been failed then; weird!

zfs list | grep base

nothing

snapshot failed?

if so the silently

then*

zfs list | grep 14.0

zroot/ROOT/14.0-RELEASE-p6_2024-08-05_131333 8K 20.1G 4.94G /

zroot/ROOT/14.0-RELEASE-p8_2024-08-05_132802 8K 20.1G 7.16G /

zroot/jails/14.0-RELEASE 96K 20.1G 96K /usr/local/jails/14.0-RELEASE

hah!

ls /usr/local/jails/14.0-RELEASE ?

nothing

whaaaa; extraction failed?

that would make sense!

this got me worried now

mane that means either the download failed (of the base.txz) or the extraction failed

everything else seems right

mane I'm having lunch time too in a bit; meet after lunch?

so what should i do now?

mane make sure it's extracted? there's a way for that

i wont have much time afte lunch but ok , just tell me whether it's sufficient to just redownload and re-extract data

mane yes it would be

mane and then re-follow the steps!

mane and ping me here if needed!

antranigv: are you back?

never left ;p

:D

i've wgeted wromg base system

[root@vlepy ~]# zfs snap zroot/jails/14.0-RELEASE@base

cannot open 'zroot/jails/14.0-RELEASE': dataset does not exist

antranigv: ^

[root@vlepy ~]# service jail start www0

Starting jails: cannot start jail "www0":

ifconfig: interface epair10 already exists

jail: www0: ifconfig epair10 create up: failed

[root@vlepy ~]# service jail start www0

Starting jails: www0.

antranigv: ok i got it started

what now

back

okay

mane let's see what you have now; jls name ; ifconfig -l ; zfs list -t all | grep 14.0

[root@vlepy ~]# jls

JID IP Address Hostname Path

2 www0.vlepy.com /usr/local/jails/www0

[root@vlepy ~]# ifconfig -l ; zfs list -t all | grep 14.0

vtnet0 lo0 lo1 pflog0 tun0 bridge0 epair10a

zroot/ROOT/14.0-RELEASE-p6_2024-08-05_131333 8K 18.8G 4.94G /

zroot/ROOT/14.0-RELEASE-p8_2024-08-05_132802 8K 18.8G 7.16G /

zroot/jails/14.0-RELEASE 433M 18.8G 433M /usr/local/jails/14.0-RELEASE

zroot/jails/14.0-RELEASE@base 0B - 433M -

looks like

everythign is runngin

good job

thanks :D

what now?

mane try doing `jexec -l www0`

and you should be in the jails!

s/jails/jail

jexec: execlp: /usr/local/bin/bash: No such file or directory

oh

in that case

jexec www0 /bin/sh

yea got it

now this covers the jail itself, now if you want inet access, we will need to configure basic NAT

jail has no internet access

by the way, everything is covered in these two blog posts: antranigv.am/posts/2020/06/vnet-jail-howto ; antranigv.am/posts/2021/04/2021-04-20-07-02

now we'll do basic NAT

mane are you running any firewall right now?

yeah

pf

pf? ipfw?

good

just add this then

nat pass on vtnet0 inet from 10.0.0.0/24 to any -> vtnet0:0

and finally `service pf reload`

works :D

what now?

keep typing, i'll have a quick lunch

mane go back to the jail and try to... ping something?

idk; now you have a jail, it works, I guess you can `pkg install nginx` now

or apache, I think

oh you might want to make it accessible from outside, right?

rdr pass on vtnet0 inet proto tcp from any to vtnet0:0 port 80 -> 10.0.0.10

you get the idea

Yeah

I get it thank you a lot :D

You’re awesome :D

sure; anytime :)

<33

antranigv: dns is not resolving on the jail

mane `echo nameserver 9.9.9.9 >> /etc/resolv.conf` in the jail

i got it it's not working

it's not resolving

# echo 'nameserver 208.67.222.222' > /etc/resolv.conf

# ping google.com

and nothign

ping: Unknown host

weird

ping 10.0.0.1 works, right?

if so, then can you share your host's pf.conf in a pastebin?

ping 8.8.8.8 works as well

antranigv: vlepy.com/~wsky/pf.conf

change to this

set skip on { lo0, bridge0, epair }

# ping google.comq

ping: Unknown host

mane you did reload pf, right?

can you ping IPs? like 208.67.222.222 ?

# ping google.com

ping: UDP connect: No route to host

huh a route issue! weird I thought I fixed that in the jail conf. my bad!

64 bytes from 208.67.222.222: icmp_seq=0 ttl=60 time=3.708 ms

oh that works!

nice!

antranigv: works

:D

antranigv: you're awesome!!

:D

thanks you so much :D

anytime!

/7/7

err

mane reboot the vm, just make sure all works fine *after* a reboot.

well gonna configure firewall and apache on the jail

it's bootstraping pkg right now

since the jail is *behind* the host, you can just configure things on host's pf

and for apache, a simple install, enable and start should do it

when you add the rdr, the jail's apache should be reachable from the outside world as well.

one more thing

the nat is very slow

i had this before on openvpn

mane common issue with vtnet interfaces

what should i do then?

mane try doing this: ifconfig vtnet0 -rxcsum -txcsum

your connection will be lost for a second and then it will be back

and the nat issue should be fixed

you're a wizard :D

how would i add the option at boot time?

more like a Jedi, but sure :P

mane oh yes; sysrc ifconfig_vtnet0+=" -rxcsum -txcsum"

thanks you :-)

Performing sanity check on apache24 configuration:

[Sat Aug 10 11:00:50.921580 2024] [:crit] [pid 70819] (2)No such file or directory: AH00141: Could not initialize rand

om number generator

Starting apache24.

antranigv:

idk about htis one

I haven't used apache in 10 years, but I think that's just a warning? I'm not sure

it didn't start huh?

service apache status ?

it failed to start

in the jail, what happens if you do `ls /dev` ?

# ls /dev

null

ah

okay in that case

exit the jail and stop it; service jail stop www0

also, how will i configure the jailed apache to serve sites on various domains

and then let's add this into the jail.conf.d/www0.conf file: mount.devfs;

add that right below persist;

and then start the jail: service jail start www0

maybe we can add other things too?

nah devfs should be enough

One sec

wors antranigv

now what about domains?

mane right; that's outside of the scope of jails; basically you should point the domains to your server

and then configure apache to use virtual hosts

for each domain

also your firewall port redirection directives didnt work

antranigv: i got that working bt without jails ^^"

mane I don't think I saw it in your config; can you check or send the latest pf.conf?

mane oh then you get the idea!

basically all we did is create a jail, and then move all traffic of port 80 to the jail

yeah but the vm is isolated from the network

(well, it didn't work, let's check, lol)

it would be better if it didn't work behind nat

but used same interface as the host

can we use same ip on the vm as the host?\

that would be, impossible, with one IP

for example, say your VM is 1.2.3.4

well if you have another IP, you can set it to the jail, say 1.2.3.5

otherwise you either have to do port redirection, or you have to... run web server on the host

ok i'll do the vm for openvpn then

and xonotic

what's xonotic?

an fps game like quake :D

mane that's cool! instlaling now

we wont play today

but we can tomorrow

god that's a big game

I hope the zip file has the mac version

can you give me a working redirection rule?

antranigv:

yes, lemme check my server

i will switch xontic to a jail asap

rdr pass on vtnet0 inet proto tcp from any to vtnet0:0 port 80 -> 10.0.0.10

do the same for other ports, such as 443

and when you create a xontic jail, do for it too

put this right *after* nat

[root@vlepy ~]# pfctl -f /etc/pf.conf

/etc/pf.conf:18: syntax error

pfctl: Syntax error in config file: pf rules not loaded

ok i got it working derp

was my fault, i've placed it on a wrong part of the file

thanks

antranigv: ok works great :D

lol

nice

antranigv: feel free to join my xonotic server vlepy.com :)

i will go nww, if i'll be able to work tomorrow for sure i will come again

mane: does xonotic server run on freebsd?

Yes, it even comes from the repository (-:

nimaje what should i delete?

hello fam

im getting this error now

pastebin.com/uSY3jL7c

this is my FreeBSD.conf

warsoul: to avoid merge conflicts in the future I suggest overriding stuff via /usr/local/etc/pkg/repos/FreeBSD.conf instead (but no idea why it couldn't merge correctly for you, afaik it should do a three-way merge)

check against the default version of that file to fix yours cgit.freebsd.org/src/tree/usr.sbin/pkg/FreeBSD.conf.quarterly

nimaje

fixed i erased 14.1-RELEASE

thank you

when im not using computer in a few minutes monitor will go black how can i change that?

antranigv: can I pass only one device from devfs to the VMware?

To the vm

mane what? o.O

Autocorrection

Can I pass only /dev/tun0 to the jail instead entire devfs

Because I want to make another jail just for openvpn

mane It seems we are trying to to the same thing at the same time. :) I didn't figure it out yet, I'm using tailscale.

I've got it running but with vnet

mane: you can add an entry to /etc/devfs.rules and then start the jail with that ruleset using the devfs.ruleset parameter

What entry?

i think i saw an example somewhere recently - let me check

Ok

i think that is also what i've done in the past, though i can't remember and not sure if i did the exact same thing

Thanks :3

Do we count jails starting with 0 or 1?

i think 1

not sure if you want tun* or just tun there actually

tun0 is enough

When will the openvpn bug be fixed in 14.0?

Or will it be only fixed in 14.1

warsoul: in X11 environment, or otherwise? Desktop environment installed? etc... more inforamtion will probably help aothers answer your question, hopefully.

is it possible to mount exfat in freebsd without fuse ?

is it be possible to do a fresh install of freebsd from within an already created root-on-zfs installation? (to retain non-freebsd filesystems in the pool)

my /tmp got corrupted

is there a way to rebuild it?

i had to clear an inode and fsck to recover the root file system

df: /tmp: Bad file descriptor

ufs I'm assuming?

yes

is /tmp on / or separate file system?

it's on /

can you mv it to a tmp.BAD , mkdir /tmp ; chmod 1777 /tmp ? sounds like your root is still broken

so maybe do a backup and then try surgery

assuming you aren't using tmpfs for tmp too

hard to tell without precise details though

i might have to do a backup

# mv /tmp /tmp.BAD

panic: Bad effnlink fip 0xfffff8013c9d3280, fdp 0xfffff80003a19640, tdp 0xfffff80003a19640

what happened was the serial console was connected to a serial terminal server. the serial terminal sercver would reboot during power failures and send charactes in the form of it's menu text throufgh the console and that ended up doing some bad stuff while root was logged in

did you already try fsck?

yeah, i had to repair an inode in fsdb

kevans