From owner-freebsd-questions@freebsd.org Tue Jun 20 14:34:09 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F6A7D99FFE for ; Tue, 20 Jun 2017 14:34:09 +0000 (UTC) (envelope-from peter@ludikovsky.name) Received: from ludikovsky.name (ludikovsky.name [IPv6:2a03:f80:ed15:158:255:212:178:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D7DBB308 for ; Tue, 20 Jun 2017 14:34:08 +0000 (UTC) (envelope-from peter@ludikovsky.name) Received: from [0.0.0.0] (unknown [185.170.41.8]) by ludikovsky.name (Postfix) with ESMTPSA id 480E3404F for ; Tue, 20 Jun 2017 14:33:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ludikovsky.name; s=mail; t=1497969237; bh=9gAVKFjVycdhABP+RV8lvTbjQs/xUNfKMJWKoYgLQb0=; h=From:Subject:To:Date:From; b=X4Z89qZsDlPQzr7D1QUWBDJZH4WKkBq98icTV08vQU5tysZ2J8cJMvTx3VReNEuV8 dnNEVbwpG3SL/iFCfzg0SE5PTpoTi6hnYCuaZPyA4LpQGk3UaDRKtfyujvET+Og7ku yiZPnxWIVGb/Zgkc+DRncDARe06XVDxRnV8M+fg8= From: Peter Ludikovsky Subject: New User, new server To: freebsd-questions@freebsd.org Message-ID: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> Date: Tue, 20 Jun 2017 16:33:48 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="PuTTUT6tWC6DHR1X9St3OJKs9bdue8hQH" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 14:34:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --PuTTUT6tWC6DHR1X9St3OJKs9bdue8hQH Content-Type: multipart/mixed; boundary="Rrwx8IfvUQFcL9Hcf773hqMJWNdnlxOWM"; protected-headers="v1" From: Peter Ludikovsky To: freebsd-questions@freebsd.org Message-ID: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> Subject: New User, new server --Rrwx8IfvUQFcL9Hcf773hqMJWNdnlxOWM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I recently acquired a former office tower to replace my old home server (Debian 8), itself an even older office tower. As it's my primary storage location for images and documents I want something stable, and I want to try something besides Linux, so I'm going for FreeBSD 11-RELEASE. Which brings a few questions: 1) The new machine comes with a 128G SSD, in addition to the 2 4T HDDs from the older server. I'd like to set up ZFS root, with a slice of the SSD as ZIL and L2ARC, and the root mirrored across the SSD and the 2 HDDs. Does this make sense, and if so what would be the ideal slice layout? Or should I just use the whole SSD as ZIL/L2ARC? 1.1) Can I start this setup with just the SSD an one HDD, as to keep the old server alive until everything is migrated? 2) Moving data from the old machine. Can I run zfs send/receive to get the ZFS on Linux datasets onto FreeBSD, or do I need to (r)sync? 3) Firewalling: PF, IPFW, or IPFilter? The machine will be behind an ISP provided router, but I'm paranoid enough to want an additional firewall on that machine, and one that plays nice with fail2ban at that. 4) As far as I understand it the host plays gateway for jails. Does that mean that any firewalling is done there too? If so, is any special configuration required besides enabling IP forwarding? (NAT, =E2=80=A6) 5) Currently all services on the machine run together. With FreeBSD I'd like to jail them. Is there an easy way to convert, or will I be creating jails for the services & shovel the data over as if it's a fresh install? Any pointers are appreciated. I'm in no hurry (old machine ain't dying yet), and I'd rather do it slow & clean than fast & dirty. Regards, /peter --Rrwx8IfvUQFcL9Hcf773hqMJWNdnlxOWM-- --PuTTUT6tWC6DHR1X9St3OJKs9bdue8hQH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdBQJZSTJRFhxwZXRlckBsdWRpa292c2t5Lm5hbWUACgkQz7o2Dmlu 3JkwfRAAo26NVCH6dk1+ZSGJ0cdcmvE+4V2WdXKGDzls9qsZSF9POt0XKB8eD9/T 1Sk6+6DspEjkx0D2DV4pt/XlhOhqEy62cV2pSfAu/jv10VNc92v1/nmwfCoJqo4Z a0nw9h8nec2Zduoj+GYYDnshbEwcS57vj/OPCtrB6XFapB2bxNvXA8VVWPRFaIcN LUTsHE2jPeK56ZfD8iw/b5ScrsNI/XppjyGqsap+F66QImXiQsaPp+lvrNlFIMni FAJq69ufBdeGjqqtOfepdPif9BDCEsb6R0hLAmq977uYZAi/MdMvQXAwrn5Q8SQa 1wrg5aRwW0NlR7t1uLPt6RVE7rbARH0uUGsyHLfKcjywsJ5oOGk2IhuhIIC38vQP EQgFvhSFIaMCsb7SamOqWtGvwcKglQL/FBA8iafZorb52ThYK2UOUHcl8ADooivd wqg+mPHlPtB1crI1AIRO1T/k4lyadejW1b2f/+wTNBcwOFR9itQbVHOTp7gFJsOS R/9wus3rakSYef69w+oBmOysfoRrKKxMBSiimJsnT20czM2farw5tVTus0dkgFuF CA/MMJ/y425b9O55FNNLp4h9zL8ocG088jjGW11nub6DOlKOAkXBWuMursR2c9Bm ON8uQM0x+wVCnhxXKtC5+7o7MHijdkh0EXa9yeoB1B3HgqU9BY4= =FS5j -----END PGP SIGNATURE----- --PuTTUT6tWC6DHR1X9St3OJKs9bdue8hQH--