MikeL's FreeBSD howto - 12.4 install

MikeL's FreeBSD howto - 12.4 install

20221220
A week or so ago, I did a freebsd-update and pkg upgrade on my 12.1 system. I then tried freebsd-update -upgrade to 13.1. Somewhere in there, I managed to kill it. Someone please remind again why I think I love FreeBSD?

I had problems where ld-elf.so.1 gave some bizarre errors. I tried copying an old one from my twin 12.1 system, but that didn't help. I tried flashing USB memory stick to 13.1 and installing from that, still no good.

In the end, I gave up 13.1, and reinstalled 12.1, reflashing/booting the USB memory stick. I managed to get a running system again, then tried freebsd-update path to upgrade to 12.2, with the intent to go to 12.3 then 12.4. Once again, problems, problems, problems.

I then reflashed the memory stick to 12.4, and boot/installed from that. BTW: all of these times I preserved the existing disk configuration. This has me now running 12.4-RELEASE successfully, yay! Note that 12.4 EOL is 31-Dec-2023, and 14.1 is scheduled for July 2023. I'll plan on skipping 13 entirely.

Things to note:

ntpdate will be deprecated. Change your rc.conf to
ntpdate="NO"
ntpd="YES" (you should already have this)
ntpd_sync_on_start="YES"
Also note that you'll see an error on boot 0.freebsd.pool.ntp.org: name does not resolve
Edit your /etc/rc.ntpd and change the line with this - simply drop the "0.freebsd." portion leaving just "pool.ntp.org".
I had some trouble figuring out the firewall, and so I added all the following to rc.conf
firewall_enable="YES"
firewall_type="SIMPLE"
firewall_simple_oif="bce0"
firewall_simple_onet="[my ip]"
firewall_simple_iif="bce1"
firewall_simple_inet="192.168.0.1/24"
firewall_logging="YES"
firewall_nat_enable="NO"
firewall_nat64_enable="NO"
firewall_nptv6_enable="NO"
for more info on the possible values, see /etc/defaults/rc.conf

I had a heckuva time getting ssh to work. I thought the firewall was blocking it. I did

ipfw disable
      firewall

which blocked everything, it defaults to block everything! I did sh /etc/rc.firewall OPEN. I could see it doing the "SIMPLE" rule. I commented this out in rc.conf and I still got "SIMPLE", so I changed to "OPEN" - looks like you can't provide it at command line. This allowed it to work, so I knew it was the firewall.

I eventually found that I had fat-fingered the sshd_flags="-o UseBlacklist=yes" options to sshd in rc.conf -- man did I feel like an idiot! Just doing a ps ax | grep sshd would have helped me figure that out.

However, I didn't know this had fixed it, as I was trying via 'putty' on in in-house client -- INTERNAL NETWORK "192.168.0.x". When I suddenly had the brilliant idea to try from my external co-lo'd twin server, that worked fine. Interesting though, ftp from in-house client DID work. I had not brought up the internal network in rc.conf.