Installing FreeBSD on PCEngines APU1C4

Step 1) Download FreeBSD and prepare a memory stick

I used a 16GB USB memory stick, and my Windows desktop to prepare the stick. Download your desired FreeBSD image (memstick), decompress it, and write it to the USB. On Windows, I use Rufus to write the image. On Linux or FreeBSD, dd or Etcher works fine.

Now reboot your desktop/laptop from the USB stick to activate the serial console. Drop to the shell, and mount the filesystem read-write:

# mount -rw /

Now we’re going to enable the serial console in the loader configuration, and set it to 115200 baud (as that’s what the APU’s serial console is already up till the FreeBSD boot loader takes over, so may as well keep it the same):

# cat > /boot/loader.conf

Now do shutdown -r now and unplug the USB once the filesystems are synced.

Step 2) Connect the serial cable and boot the APU.

Connect your serial cable to your PC and the APU. Open up PuTTY or minicom, point it at your serial port, 115200 baud, 8-N-1 for the other settings (usually the default).

Put the USB stick into the USB port on the APU, and on mine I had to leave the SD card out to get it to boot from the USB.

Power on the APU, and watch your serial console. When prompted, press F12, then 1 to boot from the USB, and the FreeBSD loader should appear.

Step 3) Install FreeBSD

Select vt100, and install as normal (albeit, very slowly). I chose UFS, with one giant partition. I let the system create a swap partition, but I suspect I will not be using it and will likely disable it for reliability reasons. I initially used an 8GB SDHC “Class 4” card, Dick Smith branded, and I thought write performance seemed a bit slow. I swapped it out with a 16GB MicroSD (via an adapter) and found write performance much quicker.

After installation, open a live shell on the new environment, and again apply the serial console:

# cat > /boot/loader.conf

Now you can reboot the device and begin configuration.

Step 4) Configure the base system

First, I disabled swap by commenting out the swap line in /etc/fstab.

Next, configure the appropriate interface (re0 was configured for LAN access at install time) to be DHCP (for broadband access), enable packet forwarding, and disable crash dumps:

cat >> /etc/rc.conf
ifconfig_re0="inet netmask"

At this point, with a simple ruleset for pf, the system can route to the internet if clients have suitable IP addresses statically configured:

cat > /etc/pf.conf

scrub in on $wan all fragment reassemble

nat on $wan from $lan:network to any ->($wan)

#block all
pass from { lo0, $lan:network } to any keep state

I’ll tighten the ruleset up (and add aditional anchors and so on) later.

Load the rules to test:

# kldload pf
# pfctl -e -f /etc/pf.conf

If they work and don’t lock you out, then configure pf to start at boot time:

# echo 'pf_enable="YES"' >> /etc/rc.conf

Next up, Internal DNS resolution!