Date: Wed, 21 Jun 2017 09:23:11 +0200 From: Peter Ludikovsky <peter@ludikovsky.name> To: Jim Ohlstein <jim@mailman-hosting.com> Cc: freebsd-questions@freebsd.org Subject: Re: New User, new server Message-ID: <a3524a5e-0c01-9054-08ef-b3ea10696b32@ludikovsky.name> In-Reply-To: <e78c3da2-2b85-4b2b-ef3e-396b59208e72@mailman-hosting.com> References: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> <e78c3da2-2b85-4b2b-ef3e-396b59208e72@mailman-hosting.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GVBMAgf6IIMvrG0DrwcrpVaWqus8iRQwA Content-Type: multipart/mixed; boundary="9Hc5in9wj9SqvA8AbLxjHBpA0ebr7DrlJ"; protected-headers="v1" From: Peter Ludikovsky <peter@ludikovsky.name> To: Jim Ohlstein <jim@mailman-hosting.com> Cc: freebsd-questions@freebsd.org Message-ID: <a3524a5e-0c01-9054-08ef-b3ea10696b32@ludikovsky.name> Subject: Re: New User, new server References: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> <e78c3da2-2b85-4b2b-ef3e-396b59208e72@mailman-hosting.com> In-Reply-To: <e78c3da2-2b85-4b2b-ef3e-396b59208e72@mailman-hosting.com> --9Hc5in9wj9SqvA8AbLxjHBpA0ebr7DrlJ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, Thanks for the pointers so far! On 06/20/2017 05:22 PM, Jim Ohlstein wrote: >> 1) The new machine comes with a 128G SSD, in addition to the 2 4T >> HDDs from the older server. I'd like to set up ZFS root, with a slice >> of the SSD as ZIL and L2ARC, and the root mirrored across the SSD and >> the 2 HDDs. Does this make sense, and if so what would be the ideal >> slice layout? Or should I just use the whole SSD as ZIL/L2ARC? >=20 > I wouldn't mirror anything across an SSD and a magnetic drive (or two).= > Pick either the SSD or the drives. >=20 > ZIL/L2ARC may be overkill on a home system unless it's frequently > accessed by multiple users, but if you insist on having both on one SSD= , > make them the only things on the drive, and keep everything else on the= > 4TB drives. It's best to have ZIL and L2ARC on different, dedicated > devices, but your hardware eliminates that possibility. >=20 The idea here was that since the machine came with an SSD pre-installed, I might as well try and use it. But the installation probably won't use the whole disk, even if I want the system to be on redundant disks too, not just the data. But oh well, I'm sure I can find other use for it. >> 2) Moving data from the old machine. Can I run zfs send/receive to >> get the ZFS on Linux datasets onto FreeBSD, or do I need to (r)sync? >=20 > It _should_ work, but rsync will work. I'll spin up 2 VMs and just try it. Since it's only 3 datasets that would have been moved that way (/home, Webserver data, Fileserver data) there's not much of a problem either way. >> 3) Firewalling: PF, IPFW, or IPFilter? The machine will be behind an >> ISP provided router, but I'm paranoid enough to want an additional >> firewall on that machine, and one that plays nice with fail2ban at >> that. >=20 > Unless you're running services that expect outside connections (say if > this is a file server), it won't matter. In fact, it really doesn't > matter anyway. Pick one, learn it, use it. I use PF. I've used the othe= r > two also. PF includes functionality for port redirection and NAT. I hav= e > no idea about fail2ban. I use PF tables and the expiretable utility. Fileserver for internal use only, an Nextcloud instance for the family photos/videos/calendars/contacts, a Bitcoin node, and a Torrent client for various OSS images. Regards, /peter --9Hc5in9wj9SqvA8AbLxjHBpA0ebr7DrlJ-- --GVBMAgf6IIMvrG0DrwcrpVaWqus8iRQwA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdBQJZSh7fFhxwZXRlckBsdWRpa292c2t5Lm5hbWUACgkQz7o2Dmlu 3JmQdQ/5AaRezIHf580uKCXNA7vfFUvuZDgk8MpQEfdiJXLNqpT2zwJYQihg8OlE nJwuhPNuawfMCPpM3NtmYl2FAT+/Sy7vpLm0dticO55YCcv/72m9H1zAJR1szqOL NC8HIyr+xzl6NwloDtpJ/dFlJK3uOglfVhwg/MaJ1QPHlkx1AygPnd0tsYij2hUm VKvKx8xEqK8VsffPJ2z+XDZW4hzDkg3Mro5YpWR4DxR5wiFXqzPQMocI9nWnrNqN 2y1+rmhtMxAwEahD8H8rRw81iq1DDnA4Xb/sqkW5cu5no4jEF1uI3LnhERriFMmk iN6LaBxNHSj/3Pc1J7mQhQ68KNHZavPdizZdcg5/mI3dJPNPA0bq4o7UcQhJAp0V j7JQgOsQi8vXB51+5UCA7W19tLOA3rm6Ipw50QSqmHkNtCrikBL5hncS6jv/nXbi g/lsWUq8ERPQKPwU0aMgwQySKmIw6abUhUWl1MSpStjk6bsfsLC+n5IDjkVOELAZ fukafGKbNdr1skhH7s9QptGiT4sLlnF6BS/EX2b1nkQeI7atNJ6G0GSaNMEI9RCN 70eOQvCw17+gYfeqvaK5jlBhvbQeIdTYULSF+lsFk7KTd6QvINOYLbeDbh+8gH1t UHk8yQB5pPKX1pdJQLgTkoJKTPzl65xyxURTvJeQimj5CnwgjjY= =/C5e -----END PGP SIGNATURE----- --GVBMAgf6IIMvrG0DrwcrpVaWqus8iRQwA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a3524a5e-0c01-9054-08ef-b3ea10696b32>