I often forget this command to examine what has been logged by the PF filter.
$ tcpdump -n -e -ttt -r /var/log/pflog
To look at what is being filtered in real-time use the following command instead:
$ tcpdump -n -e -ttt -i pflog0
The FreeBSD operating system.
I often forget this command to examine what has been logged by the PF filter.
$ tcpdump -n -e -ttt -r /var/log/pflog
To look at what is being filtered in real-time use the following command instead:
$ tcpdump -n -e -ttt -i pflog0
I am not entirely certain what the cause of this error is but it is particularly annoying when it happens on a headless system.
I think that the problem is caused by too many keys to choose from during key negotiation, or no key at all. I found this workaround.
ssh -o PubkeyAuthentication=no vince@host
Once a successful login with a password is possible, logout and copy the authentication key to the host…
ssh-copy-id -o PubkeyAuthentication=no vince@host
Then login with ssh again…
ssh vince@host
And ssh should authenticate without using a password.
I use of a lot of old kit in my lab. Some of these machines have very poor ACPI implementations and they often complete their boot displaying an 80×25 character console on monitors that can support much higher resolutions. I have put up with staggered ZFS listings for too long and decided to fix this problem on my FreeBSD hosts.
Modern FreeBSD uses the VT console by default. If a video graphics driver has been installed, it will display a console in a higher resolution if configured.
The configuration below was tested on FreeBSD 13.4-RELEASE-p1 and FreeBSD 14.1-RELEASE-p5 with onboard intel graphics adapter.
Install the graphics driver:
$ sudo pkg install drm-kmod
Run the following command to load the intel graphics driver on boot:
$ sysrc kld_list+=i915kms
Edit /boot/loader.conf adding the following lines to the file:
# VT console hw.vga.textmode=1 hw.vga.acpi_ignore_no_vga=1 kern.vty=vt kern.vt.fb.default_mode="1024x768"
If dmesg reports a good ACPI table, you don’t need to use hw.vga.acpi_ignore_no_vga=1 .
If you are using a screen that cannot display 1024×768, use kern.vt.fb.default_mode=”800×600″ instead.
Reboot the host to see the new console settings are active.
To make a USB serial adapter visible to FreeBSD, add the following to /boot/loader.conf
# USB serial adapter ucom_load="YES"
I noticed today that the FreeBSD ZFS pool that I created on my laptop SSD was not configured for TRIM. TRIM enables the SSD to recover space from previously written to blocks that have since had files deleted. This can help maintain performance of the SSD as it fills with data.
My pool is called zroot, so the command to check the value of the TRIM setting is:
$ zpool get autotrim zroot
The command to switch on automatic TRIM is:
$ zpool set autotrim=on zroot
I have just acquired a used 4-port D-Link fast ethernet PCI board from a seller on eBay. I have been looking for one of these for my ‘new’ firewall for ages and was about to give up.
The firewall is an old crate of a Dell GX240 with PCI slots but it still has plenty of grunt to do what I need without consuming too much power. It’s one of the old Dells that I bought years ago for peanuts that has been upgraded with a 2.6Ghz Celeron.
I have been experienting with a Broadcom crypto accelerator in pfSense and I was about to give up on the GX240 and move up to a newer old machine with PCI-X slots.
The BCM5821 already delivers 24x performance improvent on 2048 bit RSA in the 33Mhz PCI bus and I am intrigued to find out how fast it will go in a 64 bit, 66Mhz slot. Now that I have the D-Link, I will crack on with the original plan and save the PCI-X upgrade for later.
More to follow…