I've been running FreeBSD as the OS of choice on these servers since version 1999, beginning with the 4.x versions. By the way, I started off with book The complete FreeBSD, 3rd edition by Greg Lehey, which is great reading. Looks like the current 4th edition is published by O'Reilly.
My base infrastructure (firewall, Samba, CUPS, etc) consists of two Compaq Deskpro systems, with 96 MB RAM and a Pentium III 200 MHz processor.
Having two of these systems typically leaves one in a state which can hardly be described as in production, but that's the reason there are two of them :-)
Update: one of these machines finally fell apart, so only one server is running - which is my contribution to green IT and keeping my energy bill under control (did I mention the spotlights we have in most parts of our house?).
To keep up with current OS developments (and if only to run smartmontools, after a couple of hard disk crashes), I decided to upgrade from 4.7 to 5.3.
Compaq systems usually have a service partition with diagnostics software. With 4.7, the FreeBSD boot manager was still able to recognize (and load1) the FreeBSD partition. Now with 5.3, I had to get rid of the service partition (after realising I never really needed it anyways), since the boot manager wouldn't load FreeBSD (but the service partition).
The standard video mode of 24x80 may be increased for better readibilty of console output.
Put the following line into configuration file /boot/loader.conf
vesa_load="YES"
Set the resolution (as above) in /etc/rc.conf:
allscreens_flags="132x43"
font8x14="cp850-8x14"
font8x16="cp850-8x16"
font8x8="/usr/share/syscons/fonts/cp850-8x8.fnt"
Some DSL modems (like my Fritz!Box Fon) do not negotiate the connection speed correctly if the network interface card is set to auto sensing.
In FreeBSD, use ifconfig -m rl0 to list the supported media types (your interface may also be xl0).
Since DSL typically uses only up to 3 MBit/s, 10baseT is sufficient: ifconfig rl0 media 10baseT/UTP.
This setting can be made permanent by adding the line ifconfig_rl0="media 10baseT/UTP" to your /etc/rc.conf file.
Keeping up-to-date (at least on security) with FreeBSD usually requires download of source deltas and recompiling all changed packages. Alternatives both for the FreeBSD kernel as well as packages are listed here:
portinstall
Basically, there are two options to authenticate with client certificates - either Apache with SSL support or Squid.
Web links:
By default (in the bash shell), the delete key produces ~ instead of deleting the character to the right (under the cursor, acutally). See FreeBSD > How to customized Home, Del, Insert keys for BASH shell for a fine solution.
newsyslog, configuration in /etc/newsyslog.conf. Specify
Run out of cron in /etc/crontab. By default, it runs once per hour.
Show system status information: systat -vmstat
The character set for users is set in /etc/login.conf (e.g., for German):
german:German Users Accounts:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:\
:tc=default:
The use of such a character set definition is set in /etc/master.passwd (invoked by vipw) individually for each account:
wimmer:$1$2abcdefg$Chijklmn3.:1001:20:german:0:0:Peter Kai Wimmer:/home/wimmer:/usr/local/bin/bash
In case a printer on the parallel port is not recognised, try putting the printer into polling mode: lptcontrol -p -d /dev/lpt0
If printouts take really long, the interrupt threshold should be increased: hw.intr_storm_threshold=2000 in /etc/sysctl.conf
Beware: As of Oct. 2006, do not update to CUPS v1.2 on FREEBSD, since it breaks the whole printing system. And going back to an older software version in FREEBSD is a pain.
Some network services (e.g., ntop) only listen on their IPv6 interface by default. This may be verified with sockstat:
# sockstat
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
www httpd 49809 16 tcp4 *:443 *:*
www httpd 49809 17 tcp4 *:80 *:*
nobody ntop 47832 0 tcp6 *:3000 *:*
Use sysctl net.inet6.ip6.v6only=0 to change this behaviour temporarily,
or add
net.inet6.ip6.v6only=0
to /etc/sysctl.conf to make it permanent: