From owner-freebsd-questions@freebsd.org  Wed Jun 21 02:51:24 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2726DA7511
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 21 Jun 2017 02:51:24 +0000 (UTC)
 (envelope-from dpchrist@holgerdanske.com)
Received: from holgerdanske.com (holgerdanske.com [184.105.128.27])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.he.net",
 Issuer "Starfield Secure Certificate Authority - G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8A4677CCE5
 for <freebsd-questions@freebsd.org>; Wed, 21 Jun 2017 02:51:24 +0000 (UTC)
 (envelope-from dpchrist@holgerdanske.com)
Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA
 (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD)
 (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN)
 for <freebsd-questions@freebsd.org>; Tue, 20 Jun 2017 19:51:17 -0700
Subject: Re: New User, new server
To: freebsd-questions@freebsd.org
References: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name>
From: David Christensen <dpchrist@holgerdanske.com>
Message-ID: <b3aa7350-9528-25dd-9c88-67604928699f@holgerdanske.com>
Date: Tue, 20 Jun 2017 19:51:16 -0700
User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101
 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2017 02:51:24 -0000

On 06/20/17 07:33, Peter Ludikovsky wrote:
> I recently acquired a former office tower to replace my old home server
> (Debian 8), itself an even older office tower. As it's my primary
> storage location for images and documents I want something stable, and I
> want to try something besides Linux, so I'm going for FreeBSD
> 11-RELEASE. Which brings a few questions:
>
> 1) The new machine comes with a 128G SSD, in addition to the 2 4T HDDs
> from the older server. I'd like to set up ZFS root, with a slice of the
> SSD as ZIL and L2ARC, and the root mirrored across the SSD and the 2
> HDDs. Does this make sense, and if so what would be the ideal slice
> layout? Or should I just use the whole SSD as ZIL/L2ARC?
>
> 1.1) Can I start this setup with just the SSD an one HDD, as to keep the
> old server alive until everything is migrated?

I have several computers in my SOHO network, Pentium 4 and newer, 
running various versions of Windows, Debian, and FreeBSD.  I use mobile 
racks and put one OS on each system disk (using MBR partitioning) to 
facilitate migration and imaging.  My preferred system disk size is 16 
GB; SSD's when available, but Debian will run off USB flash drives. 
Once a system is installed, updated, configured, and operating, I 
sometimes move the image to another device (SSD, HDD, USB flash drive; 
16 GB or larger).


I would put FreeBSD on the 128 GB SSD using the FreeBSD 11.0 RELEASE 
installer, select "Auto (ZFS)" for partitioning, and navigate the 
options to end up with a ZFS boot partition, an encrypted swap 
partition, and an encrypted ZFS root partition.  (The installer will use 
100% of the drive.  If you are savvy enough, you can shell out during 
installation and label, slice, partition, create GEOM devices, create 
ZFS pools, etc., of whatever size and configuration you desire.)


I would leave the existing HDD's in your old server and get new drives 
for the new server.  Two large SATA NAS drives in a ZFS mirror should be 
ideal for a SOHO file server.  Make sure you have "enough" RAM, and a 
CPU with AES-NI if you use encryption.


(At one point, my Intel Core i7-2600S machine had 8 GB RAM, ZFS on 
Linux, and two mirrored encrypted 3 TB 7200 RPM desktop SATA drives.  It 
was very fast locally, and could easily saturate it's Gigabit network 
connection.)


> 2) Moving data from the old machine. Can I run zfs send/receive to get
> the ZFS on Linux datasets onto FreeBSD, or do I need to (r)sync?

As others have said: likely so, but test.


> 3) Firewalling: PF, IPFW, or IPFilter? The machine will be behind an ISP
> provided router, but I'm paranoid enough to want an additional firewall
> on that machine, and one that plays nice with fail2ban at that.

I use an old P4 machine with IPCop between my AT&T residential gateway 
an my LAN:

http://www.ipcop.org/


For host firewalling, I use Firewall Builder:

http://fwbuilder.sourceforge.net/


David