Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Jun 2017 16:33:48 +0200
From:      Peter Ludikovsky <peter@ludikovsky.name>
To:        freebsd-questions@freebsd.org
Subject:   New User, new server
Message-ID:  <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name>

next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--PuTTUT6tWC6DHR1X9St3OJKs9bdue8hQH
Content-Type: multipart/mixed; boundary="Rrwx8IfvUQFcL9Hcf773hqMJWNdnlxOWM";
 protected-headers="v1"
From: Peter Ludikovsky <peter@ludikovsky.name>
To: freebsd-questions@freebsd.org
Message-ID: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name>
Subject: New User, new server

--Rrwx8IfvUQFcL9Hcf773hqMJWNdnlxOWM
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello,

I recently acquired a former office tower to replace my old home server
(Debian 8), itself an even older office tower. As it's my primary
storage location for images and documents I want something stable, and I
want to try something besides Linux, so I'm going for FreeBSD
11-RELEASE. Which brings a few questions:

1) The new machine comes with a 128G SSD, in addition to the 2 4T HDDs
from the older server. I'd like to set up ZFS root, with a slice of the
SSD as ZIL and L2ARC, and the root mirrored across the SSD and the 2
HDDs. Does this make sense, and if so what would be the ideal slice
layout? Or should I just use the whole SSD as ZIL/L2ARC?

1.1) Can I start this setup with just the SSD an one HDD, as to keep the
old server alive until everything is migrated?

2) Moving data from the old machine. Can I run zfs send/receive to get
the ZFS on Linux datasets onto FreeBSD, or do I need to (r)sync?

3) Firewalling: PF, IPFW, or IPFilter? The machine will be behind an ISP
provided router, but I'm paranoid enough to want an additional firewall
on that machine, and one that plays nice with fail2ban at that.

4) As far as I understand it the host plays gateway for jails. Does that
mean that any firewalling is done there too? If so, is any special
configuration required besides enabling IP forwarding? (NAT, =E2=80=A6)

5) Currently all services on the machine run together. With FreeBSD I'd
like to jail them. Is there an easy way to convert, or will I be
creating jails for the services & shovel the data over as if it's a
fresh install?

Any pointers are appreciated. I'm in no hurry (old machine ain't dying
yet), and I'd rather do it slow & clean than fast & dirty.

Regards,
/peter


--Rrwx8IfvUQFcL9Hcf773hqMJWNdnlxOWM--

--PuTTUT6tWC6DHR1X9St3OJKs9bdue8hQH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdBQJZSTJRFhxwZXRlckBsdWRpa292c2t5Lm5hbWUACgkQz7o2Dmlu
3JkwfRAAo26NVCH6dk1+ZSGJ0cdcmvE+4V2WdXKGDzls9qsZSF9POt0XKB8eD9/T
1Sk6+6DspEjkx0D2DV4pt/XlhOhqEy62cV2pSfAu/jv10VNc92v1/nmwfCoJqo4Z
a0nw9h8nec2Zduoj+GYYDnshbEwcS57vj/OPCtrB6XFapB2bxNvXA8VVWPRFaIcN
LUTsHE2jPeK56ZfD8iw/b5ScrsNI/XppjyGqsap+F66QImXiQsaPp+lvrNlFIMni
FAJq69ufBdeGjqqtOfepdPif9BDCEsb6R0hLAmq977uYZAi/MdMvQXAwrn5Q8SQa
1wrg5aRwW0NlR7t1uLPt6RVE7rbARH0uUGsyHLfKcjywsJ5oOGk2IhuhIIC38vQP
EQgFvhSFIaMCsb7SamOqWtGvwcKglQL/FBA8iafZorb52ThYK2UOUHcl8ADooivd
wqg+mPHlPtB1crI1AIRO1T/k4lyadejW1b2f/+wTNBcwOFR9itQbVHOTp7gFJsOS
R/9wus3rakSYef69w+oBmOysfoRrKKxMBSiimJsnT20czM2farw5tVTus0dkgFuF
CA/MMJ/y425b9O55FNNLp4h9zL8ocG088jjGW11nub6DOlKOAkXBWuMursR2c9Bm
ON8uQM0x+wVCnhxXKtC5+7o7MHijdkh0EXa9yeoB1B3HgqU9BY4=
=FS5j
-----END PGP SIGNATURE-----

--PuTTUT6tWC6DHR1X9St3OJKs9bdue8hQH--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?800e15b2-d7f5-d339-bd77-862e9d0cab5b>