Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

Setting up a FreeBSD Server on Hetzner, Part 5: PHP, SSI, SSL, Redirects

In this blog post we describe the procedure to configure nginx on a FreeBSD VM to use PHP, SSI (Server Side Includes), SSL, and redirects.

We will configure the following server blocks: (SSL) (301 permanent redirect to

What we want our website to look like

Our final website should look like this: notice the valid SSL cert, the PHP-supplied image and IP address, and the Server Side Includes (the black boxes)

What our website actually looks like

No redirects, no SSL, no SSI, no PHP

Server Side Includes

We edit nginx.conf (see final version here):

sudo -E vim /usr/local/etc/nginx/nginx.conf

We add the following line to the http stanza:

ssi on;

We save the file and restart nginx:

sudo /usr/local/etc/rc.d/nginx restart

We view the website in our browser to make sure that the SSIs have been honored (in this case, a navbar at the top with home and about links).

Read more »

Setting up a FreeBSD Server on Hetzner, Part 4: nginx

In this blog post we describe the procedure to install nginx on a FreeBSD VM.

Install nginx

Let’s ssh into the machine and install nginx:

ssh -A sudo pkg_add -r nginx

Like homebrew, FreeBSD typically installs optional applications under /usr/local.

Read more »

Your Server has "participated in a very large-scale attack"

In this blog post we configure an NTP (network time protocol) server on a FreeBSD-based Hetzner virtual machine and register it with the NTP Pool Project. This is the third installment of a series of blog posts.

The “very large-scale attack”

On Thursday, Feb 20, 2014 I received the following email from Hetzner, my ISP:

Subject: Abuse Message [AbuseID:0EE497:1B]: AbuseNormal: Exploitable NTP server used for an attack:

Dear Brian Cunnie,

A public NTP server on your network, running on IP address and UDP port 123, participated in a very large-scale attack against a customer of ours today, generating UDP responses to spoofed “monlist” requests that claimed to be from the attack target.

Read more »

Setting up a FreeBSD Server on Hetzner, Part 2: DNS Nameserver

[Editor’s note: This is the second post in a multi-part series covering the process of setting up a FreeBSD virtual server in the German Hetzner Cloud. The first blog post is here and reviews the base install and ssh configuration.]

We will now configure the DNS server as a secondary NS (nameserver) for the domain

Read more »

Troubleshooting IPv6 Firewall Rulesets Using tcpdump and pflog

This blog post discusses the procedure we followed when troubleshooting a connectivity issue with a firewall (it was not responding to pings even though it should have been). Specifically, we used tcpdump (a packet sniffer) and pflog (a firewall logger specific to the BSD-based pf firewall).

Read more »

Setting up a FreeBSD Server on Hetzner, Part 1: Base Install and ssh

This blog post covers the procedure to configure a FreeBSD virtual machine located in a Hetzner (a German ISP) datacenter:

install a baseline of packages (git sudo bash vim rsync) place /etc under revision control (git) create a non-root user lock down ssh (keys only)

This blog post does not cover the initial FreeBSD installation; that’s covered quite adequately here: (except for the IPv6 portion, which didn’t appear to work properly, so I configured the IPv6 differently (see below for details)).

Read more »

How I Grabbed 18 Quintillion IP Addresses from Comcast and They Didn't Even Care

Before I go further, let me be clear: these were IPv6 addresses, not IPv4. I only have 1 IPv4 address, and that’s all that Comcast is going to give me. But on the IPv6 side, I am rolling in addresses.

This blog post describes how to modify a FreeBSD-based firewall to allow internal machines to acquire IPv6 addresses and communicate with the Internet over IPv6.

Read more »

A Barebones pf IPv6 Firewall Ruleset

“My ISP is deploying IPv6, and I want to use it, but I don’t know what my firewall rulesets should look like.”

In this blog post, we discuss a basic set of IPv6 rules which will allow the firewall to route IPv6 traffic from internal machines while protecting those same machines from hostile probes. 

Read more »

Configuring FreeBSD 9.1 as a Native IPv6 DHCP Client


ISPs are now offering native IPv6 to their customers, which begs the question, “how do I configure my machine to use IPv6?” This blog post describes the steps to configure a FreeBSD 9.1 machine as an IPv6 DHCP client on the Comcast network.

Read more »

Using resolvconf.conf to Tweak resolv.conf


FreeBSD 9.1, when a DHCP client, uses resolvconf to construct /etc/resolv.conf (which defines the DNS nameservers to query); however, this may be undesired behavior, especially when already running a local nameserver—The local nameserver will be ignored; the local domain won’t be searched; the reverse-lookups for RFC 1918 networks (e.g.

Read more »