From owner-freebsd-questions@freebsd.org Wed Jun 21 07:23:36 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4A58D88838 for ; Wed, 21 Jun 2017 07:23:36 +0000 (UTC) (envelope-from peter@ludikovsky.name) Received: from ludikovsky.name (ludikovsky.name [IPv6:2a03:f80:ed15:158:255:212:178:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 752728372A for ; Wed, 21 Jun 2017 07:23:35 +0000 (UTC) (envelope-from peter@ludikovsky.name) Received: from [0.0.0.0] (tor-exit.csail.mit.edu [128.52.128.105]) by ludikovsky.name (Postfix) with ESMTPSA id 23AA24055; Wed, 21 Jun 2017 07:23:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ludikovsky.name; s=mail; t=1498029812; bh=oh5lqMienROnO39NGu00NTAU2J7OYZwCzJxKRIeg+Sw=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=dgPM/opRzZC/ew9jOxmvuPb/BrEs1ynXo9cGXAHJkuXiI4tMMNROOXGSjVToD+a7Y YKbVn4bzjRmTWpb/GKXMSFbqkdZfXiRFqwaGLI/cPkaggo71+iBK5RWQ8Mbabmdu09 af9R2GUjdOUXw1cG83ifKRnZC0CB8b0+/lNv9elE= Subject: Re: New User, new server To: Jim Ohlstein Cc: freebsd-questions@freebsd.org References: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> From: Peter Ludikovsky Message-ID: Date: Wed, 21 Jun 2017 09:23:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GVBMAgf6IIMvrG0DrwcrpVaWqus8iRQwA" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2017 07:23:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GVBMAgf6IIMvrG0DrwcrpVaWqus8iRQwA Content-Type: multipart/mixed; boundary="9Hc5in9wj9SqvA8AbLxjHBpA0ebr7DrlJ"; protected-headers="v1" From: Peter Ludikovsky To: Jim Ohlstein Cc: freebsd-questions@freebsd.org Message-ID: Subject: Re: New User, new server References: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> In-Reply-To: --9Hc5in9wj9SqvA8AbLxjHBpA0ebr7DrlJ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, Thanks for the pointers so far! On 06/20/2017 05:22 PM, Jim Ohlstein wrote: >> 1) The new machine comes with a 128G SSD, in addition to the 2 4T >> HDDs from the older server. I'd like to set up ZFS root, with a slice >> of the SSD as ZIL and L2ARC, and the root mirrored across the SSD and >> the 2 HDDs. Does this make sense, and if so what would be the ideal >> slice layout? Or should I just use the whole SSD as ZIL/L2ARC? >=20 > I wouldn't mirror anything across an SSD and a magnetic drive (or two).= > Pick either the SSD or the drives. >=20 > ZIL/L2ARC may be overkill on a home system unless it's frequently > accessed by multiple users, but if you insist on having both on one SSD= , > make them the only things on the drive, and keep everything else on the= > 4TB drives. It's best to have ZIL and L2ARC on different, dedicated > devices, but your hardware eliminates that possibility. >=20 The idea here was that since the machine came with an SSD pre-installed, I might as well try and use it. But the installation probably won't use the whole disk, even if I want the system to be on redundant disks too, not just the data. But oh well, I'm sure I can find other use for it. >> 2) Moving data from the old machine. Can I run zfs send/receive to >> get the ZFS on Linux datasets onto FreeBSD, or do I need to (r)sync? >=20 > It _should_ work, but rsync will work. I'll spin up 2 VMs and just try it. Since it's only 3 datasets that would have been moved that way (/home, Webserver data, Fileserver data) there's not much of a problem either way. >> 3) Firewalling: PF, IPFW, or IPFilter? The machine will be behind an >> ISP provided router, but I'm paranoid enough to want an additional >> firewall on that machine, and one that plays nice with fail2ban at >> that. >=20 > Unless you're running services that expect outside connections (say if > this is a file server), it won't matter. In fact, it really doesn't > matter anyway. Pick one, learn it, use it. I use PF. I've used the othe= r > two also. PF includes functionality for port redirection and NAT. I hav= e > no idea about fail2ban. I use PF tables and the expiretable utility. Fileserver for internal use only, an Nextcloud instance for the family photos/videos/calendars/contacts, a Bitcoin node, and a Torrent client for various OSS images. Regards, /peter --9Hc5in9wj9SqvA8AbLxjHBpA0ebr7DrlJ-- --GVBMAgf6IIMvrG0DrwcrpVaWqus8iRQwA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdBQJZSh7fFhxwZXRlckBsdWRpa292c2t5Lm5hbWUACgkQz7o2Dmlu 3JmQdQ/5AaRezIHf580uKCXNA7vfFUvuZDgk8MpQEfdiJXLNqpT2zwJYQihg8OlE nJwuhPNuawfMCPpM3NtmYl2FAT+/Sy7vpLm0dticO55YCcv/72m9H1zAJR1szqOL NC8HIyr+xzl6NwloDtpJ/dFlJK3uOglfVhwg/MaJ1QPHlkx1AygPnd0tsYij2hUm VKvKx8xEqK8VsffPJ2z+XDZW4hzDkg3Mro5YpWR4DxR5wiFXqzPQMocI9nWnrNqN 2y1+rmhtMxAwEahD8H8rRw81iq1DDnA4Xb/sqkW5cu5no4jEF1uI3LnhERriFMmk iN6LaBxNHSj/3Pc1J7mQhQ68KNHZavPdizZdcg5/mI3dJPNPA0bq4o7UcQhJAp0V j7JQgOsQi8vXB51+5UCA7W19tLOA3rm6Ipw50QSqmHkNtCrikBL5hncS6jv/nXbi g/lsWUq8ERPQKPwU0aMgwQySKmIw6abUhUWl1MSpStjk6bsfsLC+n5IDjkVOELAZ fukafGKbNdr1skhH7s9QptGiT4sLlnF6BS/EX2b1nkQeI7atNJ6G0GSaNMEI9RCN 70eOQvCw17+gYfeqvaK5jlBhvbQeIdTYULSF+lsFk7KTd6QvINOYLbeDbh+8gH1t UHk8yQB5pPKX1pdJQLgTkoJKTPzl65xyxURTvJeQimj5CnwgjjY= =/C5e -----END PGP SIGNATURE----- --GVBMAgf6IIMvrG0DrwcrpVaWqus8iRQwA--