Come for the stories. Stay for the (mostly) FreeBSD content.
I came to FreeBSD in a round about way.
For years, I have intended to create a place on the internet to record my thoughts and projects. I have a problem, however; a serious case of NIH1. Five years ago, to learn AWS I wrote my own markdown to SSG system complete with photo integration. I made it fairly far along until life intervened and I never finished. So, no webite, no blog.
Soon after, our home’s router was dragging down the network. We had infrequent outages, which I later isolated to DNS failures2. We needed a router upgrade, but what to choose? On the subreddits3 I followed the most popular self-hosted variant was pfsense running in VM in VMWare. I didn’t know how to run either of these. Perfect, more to learn. After dragging my feet for another year I was finally ready to try this expert level configuration only to find that VMWare was purchased and its community edition was desupported and closed. Reddit was filled with posts recommending Proxmox running pfSense in a virtual machine. So, I bought a Protectli (6 NICs, I have plans), loaded up Proxmox and tested it out. Didn’t like it one bit.
Then, I learned that pfsense was built atop FreeBSD. After that, everything changed.
I recall first hearing about FreeBSD in 1996 from a friend who worked at Yahoo; they had based their infrastructure on it at that time. My university introduced me to Unix. This was before there was a World Wide Web, before there was a regular email network and when the internet was also known as DARPAnet and all of the coding I did was in BASIC and Pascal. I had used Unix those years, when I worked at NASA and at my first startup before anyone knew what a startup was.
FreeBSD feels like those early Unix days. After playing with it for a couple of months, I decided “Who needs pfsense? I’ll build my own router in pf (packet filter)” and set about learning that. NIH. I loaded FreeBSD on a Raspberry Pi 4b to bring with me while I traveled. Running pf directly on the host system risks lockout and as I didn’t know own a KVM or even know what one was, lockout meant reimagining the SD card and starting over. To reduce lockout, I taught myself about jails and ran a mini version of the VMWare/pfsense setup I learned about earlier. It was a blast and then once again life got in the way and another project lingered.
Before I stopped a year ago I had a massive pf.conf file with external tables and anchors. All to lock down my tiny home network. I worked in computer security development for startups and large corporations. I often joked I was professionally paranoid. For better or for worse, my network must be locked down. My Cisco router was tighter than many corporate networks, and pf had to match it or better or I couldn’t trust it.
I’m almost ready to get back to hacking on what will become my new router. I have a few more distractions to deal with before I do that, though. One was setting up this site.
For me, writing is as important as reading. Years ago, during my son’s freshman year high school Back to School Night one teacher wrote on the classroom whiteboard: WWIOTFOWWT.
We Write In Order To Figure Out What We Think
Over the past six years that I’ve been thinking about building my own router/gateway and building my own home lab. During that time I’ve accumulated a backlog of ~100 projects. I need to stop reading r/self-hosted, to be honest. Still, I want to get through as many as I can. And, I want to use FreeBSD to do it. If I have a choice, the choice will be FreeBSD. Second Tier options are podman or a jailed Linuxulaor. Third Tier option is to run Linux in a VM.
This blog running in AWS was one of those projects. Blog deployed? Check!
- codeedog