Raspberry Pi running FreeBSD as a NAT and Samba server

The Four Lakes Amateur Radio Club has been using a Raspberry Pi 1B+ for a couple of years as our DHCP/Samba/NAT server for events like ARRL Field Day.

As I had a spare RPi 2 sitting around, I decided to see if I could use FreeBSD on that device instead, instead of Debian based Raspbian.

I am using the FreeBSD 11.1-RELEASE image for the the OS, the instructions on the FreeBSD website were easy to use to get the image transferred to an SD card. Once we were booted up and running, using the ethernet port for network connectivity, I installed the wpa_supplicant package, I probably could have skipped this step and used the wpa_supplicant installation in the base system.

I had to update /boot/loader.conf

legal.realtek.license_ack=1
if_urtwn_load="YES"
wlan_wep_load="YES"wlan_ccmp_load="YES"
wlan_tkip_load="YES"

Additions to /etc/rc.conf

ntpd_enable="YES"
ntp_sync_on_start="YES"
wlans_urtwn0="wlan0"
ifconfig_wlan0="WPA SYNCDHCP"

The ntp additions are due to the RPi not having a Real Time Clock, these settings force the RPi to update the time from network clocks at boot time.

Create the /usr/local/etc/wpa_supplicant.conf file

ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=1
fast_reauth=1
country=US
device_name=fpi
network={
    ssid="SECRET"
    proto=WPA
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP WEP104 WEP40
    psk=SUPER_SECRET
}

And then reboot to have all of the changes take effect.

Once we were up and running on WiFi, I reconfigured the ethernet port for a static IP by changing the configuration in /etc/rc.conf from

ifconfig_ue0="DHCP"

to

ifconfig_ue0="inet 10.0.0.1 netmask 255.255.255.0"

Then I installed dnsmasq and samba.

pkg install dnsmasq
pkg install samba48

/usr/local/etc/dnsmasq.conf

domain-needed
bogus-priv
no-resolv
server=1.1.1.1
interface=ue0
expand-hosts
domain=local
dhcp-range=10.0.0.10,10.0.0.50,6h
dhcp-option=3,10.0.0.1
dhcp-leasefile=/usr/local/var/lib/misc/dnsmasq.leases

/usr/local/etc/smb4.conf

[global]
    workgroup = WORKGROUP
    server string = Samba Server Version %v
    netbios name = fpi
    wins support = yes
    security = user
    passdb backend = tdbsam
    map to guest = Bad User
    log file = /var/log/samba4/log.%m
    log level = 3

[fd]
    comment = Field Day
    create mask = 0664
    directory mask = 0775
    force group = nobody
    force user = nobody
    guest ok = yes
    path = /home/fd
    read only = no

And added to /etc/rc.conf again

dnsmasq_enable="YES"
samba_server_enable="YES"
winbindd_enable="YES"

The directory where we will be sharing files from is /home/fd, so we need to create it and set permissions.

mkdir /home/fd
chown nobody:nobody /home/fd
chmod 775 /home/fd

Now for the NAT portion, since I used to run an OpenBSD firewall for my home network, I decided to use pf instead of ipfw.

So we need to make some more changes to /etc/rc.conf

pf_enable="YES"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
gateway_enable="YES"

And create /etc/pf.conf

ext_if='wlan0'
int_if='ue0'
localnet = $int_if:network
nat on $ext_if from $localnet to any -> ($ext_if)

Yes, there should probably be more rules here to restrict access and ports.

Now it's time for another reboot and everything should be working.