Date: Tue, 20 Jun 2017 11:22:44 -0400 From: Jim Ohlstein <jim@mailman-hosting.com> To: Peter Ludikovsky <peter@ludikovsky.name> Cc: freebsd-questions@freebsd.org Subject: Re: New User, new server Message-ID: <e78c3da2-2b85-4b2b-ef3e-396b59208e72@mailman-hosting.com> In-Reply-To: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> References: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On 06/20/2017 10:33 AM, Peter Ludikovsky wrote: > Hello, > > I recently acquired a former office tower to replace my old home > server (Debian 8), itself an even older office tower. As it's my > primary storage location for images and documents I want something > stable, and I want to try something besides Linux, so I'm going for > FreeBSD 11-RELEASE. Which brings a few questions: Good choice! > > 1) The new machine comes with a 128G SSD, in addition to the 2 4T > HDDs from the older server. I'd like to set up ZFS root, with a slice > of the SSD as ZIL and L2ARC, and the root mirrored across the SSD and > the 2 HDDs. Does this make sense, and if so what would be the ideal > slice layout? Or should I just use the whole SSD as ZIL/L2ARC? I wouldn't mirror anything across an SSD and a magnetic drive (or two). Pick either the SSD or the drives. ZIL/L2ARC may be overkill on a home system unless it's frequently accessed by multiple users, but if you insist on having both on one SSD, make them the only things on the drive, and keep everything else on the 4TB drives. It's best to have ZIL and L2ARC on different, dedicated devices, but your hardware eliminates that possibility. > > 1.1) Can I start this setup with just the SSD an one HDD, as to keep > the old server alive until everything is migrated? It's very easy to add to ZFS if you plan to mirror. You can add a striped drive, but the results won't be as good as if you create the zpool as striped. > > 2) Moving data from the old machine. Can I run zfs send/receive to > get the ZFS on Linux datasets onto FreeBSD, or do I need to (r)sync? It _should_ work, but rsync will work. > > 3) Firewalling: PF, IPFW, or IPFilter? The machine will be behind an > ISP provided router, but I'm paranoid enough to want an additional > firewall on that machine, and one that plays nice with fail2ban at > that. Unless you're running services that expect outside connections (say if this is a file server), it won't matter. In fact, it really doesn't matter anyway. Pick one, learn it, use it. I use PF. I've used the other two also. PF includes functionality for port redirection and NAT. I have no idea about fail2ban. I use PF tables and the expiretable utility. > > 4) As far as I understand it the host plays gateway for jails. Does > that mean that any firewalling is done there too? If so, is any > special configuration required besides enabling IP forwarding? (NAT, > …) Yes. PF (at least) applies all rules to all packets. I'd assume the others do as well. > > 5) Currently all services on the machine run together. With FreeBSD > I'd like to jail them. Is there an easy way to convert, or will I be > creating jails for the services & shovel the data over as if it's a > fresh install? You'll have to create the jails manually and move your data. The ezjail utility, among others, makes this easy. Creating a cloned loopback for your jails allows them to communicate with each other while being isolated from the outside. > > Any pointers are appreciated. I'm in no hurry (old machine ain't > dying yet), and I'd rather do it slow & clean than fast & dirty. > -- Jim Ohlstein Profesional Mailman Hosting https://mailman-hosting.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e78c3da2-2b85-4b2b-ef3e-396b59208e72>