Can I use FreeNAS as a firewall/router?

[petterb]

I have just built a new rig from a bunch of spares I found in the closet and bought a few new disks in order to get a decent size raidz volume. Although I have not yet completed the basic build and configuration I am planning for the next step.

I want to retire my old D-link firwall/router and use the FreeNAS rig for that task too, using pfSenses etc (see http://www.smallnetbuilder.com/secu...1406-build-your-own-ids-firewall-with-pfsense) using a 2nd NIC on a PCI card for the WAN connection.

Before I go ahead I would like to solicit some input on this, do you see any issues with such a setup? Is it possible to have several jails so that my firewall would not run in the same jail as e.g. miniDNLA?

 

[ProtoSD]

Hi Peter,

It's great to finally see someone say "hey, can I do this in a jail on FreeNAS" instead of disregarding the warnings and just trying to force it to co-exist with FreeNAS :)

I think it's a great idea and have thought about it myself, but...

Jails have some limitations with what they can do with the network. Some of the MiniDLNA people AND Serviio people have discovered certain "multicast" issues. This will probably also cause problems with pfSense, thought it would be interesting to try and see.

Yes, you can have multiple jails if you know how to set them up. Currently the new plugin system only allows one, though adding another without access from the GUI could probably be done.

What kind of hardware are you using? CPU/RAM etc.?

-- Proto

 

[petterb]

Hi.

I have have a AMD Phenom(tm) II X4 810 with 8 GB RAM, RAID-Z2 with 6 disks and a 64 GB SSD + a 32 GB USB flash for cache. The disk array is a bit crippled as i am using a 320 GB drive until I have copied all data from my old NAS. I have a feeling that it should be sufficient with just the SSD for cache and that the USB flash is degrading the cache performance.

As for the jail(s) is there any drawback with installing them from the command line by remounting the root file system etc? Will I get into trouble when FreeNAS needs to be updated later on?

I have tried to install the jail PBI but I am not able to start it, what logs to I need to check to understand what is going on?

 

[ProtoSD]

I have a feeling that it should be sufficient with just the SSD for cache and that the USB flash is degrading the cache performance.

You're probably right.

As for the jail(s) is there any drawback with installing them from the command line by remounting the root file system etc? Will I get into trouble when FreeNAS needs to be updated later on?

There's not really any drawback installing the jails from the command line, I've been doing it since 8.01? But yes, when you upgrade you need to copy /conf/base-/etc/"jailname".fstab /conf/base/etc/rc.conf /conf/base/etc/sysctl.conf, and if you upgraded to 8.2 it would overwrite those files.

I have tried to install the jail PBI but I am not able to start it, what logs to I need to check to understand what is going on?

/var/log/messages

What documentation did you follow to setup the PBI Jail?

I have a video, if you haven't seen it you can find it here:

http://protosd.blogspot.com/2012/04/quick-guidevideo-to-pbi-jail-mount.html

(If you click on the YouTube link below the video, there's a larger/better quality version)

If you still can't get it to work, it might be a good idea to open a ticket at support.freenas.org or ask for more help in this thread:

http://forums.freenas.org/showthread.php?6884-Beta-3-PBI-Jail-won-t-start

 

[petterb]

I forgot to mention that I am already on the 8.2 beta SW.

I just deleted the Plugin installation and started over and the 2nd time it works fine. I am however contemplating to use ezjail and forget about the PBI stuff altogether.