What's cool to do in FreeNAS ?

[Benny Mac]

So I'm new to FreeNAS. I chose it because it looked easy to configure and I had a fairly simple requirement for SMB connections for my PC and Dune player. I've got that working, and installed Logitech Media Server in a jail too.

My question is, what's cool to do with FreeNAS beyond this? I see the plugins available for easy install. I'll try Plex out of curiosity, but the others don't really grab me.

Who's doing something really cool with FreeNAS? I'd like to think my 99% idle Xeon can be put to good use.

 

[cyberjock]

My question is, what's cool to do with FreeNAS beyond this? I see the plugins available for easy install. I'll try Plex out of curiosity, but the others don't really grab me.

Who's doing something really cool with FreeNAS? I'd like to think my 99% idle Xeon can be put to good use.

Don't talk to me that way again! :P

The real question is "What's NOT cool to do with FreeNAS!?" :D

The answer: absolutely nothing!

Literally it's just a game of finding out what services you can run in FreeBSD. If you can do it in FreeBSD you can almost certainly do it in a jail. It's just that awesome.

I'm currently doing the following:

virtualbox
ventrilo
mumble
logitech media server
teamspeak
email server(in progress)
ZNC
minecraft
owncloud

 

[SweetAndLow]

How about:
Snapshots
Auto emails
Auto scrubs
Auto smart tests
Smb homes settings
Compression
And anything else you could possibly think of by using jails

 

[Benny Mac]

Thanks for the ideas everyone. Not quite sure I understand what "Porn on FreeNAS" is, but for the rest of the suggestions I'll have a think.

Actually cyberjock, I have to say you scared me there. I first got your reply on my phone, and neither of the smileys appeared. "Uh oh", I thought, "Prepare for a perma-ban for publicly dissing the great FreeNAS!" Was quite relieved when I read it again on the PC. ;)

And cyberjock, some of your ideas sound like they need might require port forwarding from the internet. (Ventrilo? Teamspeak?) I've read several times from you that if I have to ask how to do it safely, then I shouldn't do it at all. If I was to start a new thread, and ask very politely what would be the minimum acceptable setup to do this, would you provide a beginner-level answer? Although it's true I am a beginner, I'm willing to learn how to do it properly (e.g. run pfSense on its own box, whatever else it takes).

 

[cyberjock]

I don't forward any ports.. I let people VPN in as necessary. ;)
The most secure response is to not forward anything. If you do decide to do port forwarding, you better be a pro at FreeBSD because the jails and plugins are literally FreeBSD and need to be maintained updated by YOU.

And frankly, if you are that pro at FreeBSD, you probably think of FreeNAS as a toy...

 

[Benny Mac]

Thanks cyberjock. Ok, ok, I get it ;) The NAS shall not be opened up to all and sundry on teh interwebs.

Just so you know, it was after reading the discussion on ECC ram that I realised I'd made a big mistake last year with "let's build a typical desktop and call it a NAS". I value my data, so have now replaced it with a Supermicro ECC-enabled build (and can replace my actual PC with what I was using for the NAS). There's a lot that's new to me, but it's fun learning.

 

[IanWorthington]

I don't forward any ports.. I let people VPN in as necessary. ;)

Doesn't that rather reduce the utility of, for instance, owncloud? I'd like to run that in the future but if I can't safely open it up I'm not sure its worth it?

i

 

[avpullano]

I don't forward any ports.. I let people VPN in as necessary. ;)

Don't you need to open a port to allow VPN access (or any outside access)? I would imagine that it would be whitelisted or something like that, but isn't the port still forwarded? Maybe I'm just misusing terminology.

 

[ser_rhaegar]

Don't you need to open a port to allow VPN access (or any outside access)? I would imagine that it would be whitelisted or something like that, but isn't the port still forwarded? Maybe I'm just misusing terminology.

The VPN is an extra layer of security and offers more options to prevent unauthorized users. Some VPN devices allow authentication via passwords, SSL certs, RSA tokens or a combination of them (two-factor authentication). Some also have features that detect unauthorized attempts and block them, repeated failure lock outs, etc.

 

[ser_rhaegar]

Doesn't that rather reduce the utility of, for instance, owncloud? I'd like to run that in the future but if I can't safely open it up I'm not sure its worth it?

i

All of my devices connect to my home VPN 24/7 so I owncloud functions as if the VPN wasn't there. I use SSL certs for my phone so the connection in seamless behind the scenes and I use a combination of SSL cert + password for my laptop.

 

[anodos]

Don't you need to open a port to allow VPN access (or any outside access)? I would imagine that it would be whitelisted or something like that, but isn't the port still forwarded? Maybe I'm just misusing terminology.

It depends on how you set things up at home. I think many people who use pfsense either have a simple cable modem, or put their gateway into "bridge mode" and use pfsense for firewall, NAT, dhcp, and openvpn. In this sort of setup you would have the following:

cable modem (assuming you're using cable internet) --> pfsense firewall / VPN --> gigabit switch.

FreeNAS server is connected to gigabit switch. Wireless AP is also connected to gigabit switch.

 

[avpullano]

cable modem (assuming you're using cable internet) --> pfsense firewall / VPN --> gigabit switch.

FreeNAS server is connected to gigabit switch. Wireless AP is also connected to gigabit switch.

Ah, I think this is the source of my confusion. When I think of VPN connection to FreeNAS, I think of FreeNAS actually running the OpenVPN or something of the like. This means that my router still has to allow traffic on whatever port OpenVPN is listening, then OpenVPN will deal with authenticating the user. As I understand it, using a security device to handle the firewall (i.e. your example) is more secure, no? Out of curiosity, what hardware do you use for pfsense/VPN?

 

[anodos]

Ah, I think this is the source of my confusion. When I think of VPN connection to FreeNAS, I think of FreeNAS actually running the OpenVPN or something of the like. This means that my router still has to allow traffic on whatever port OpenVPN is listening, then OpenVPN will deal with authenticating the user. As I understand it, using a security device to handle the firewall (i.e. your example) is more secure, no? Out of curiosity, what hardware do you use for pfsense/VPN?

It can be more secure than a typical residential gateway (or less secure if you misconfigure it). You can use almost any hardware for a pfsense box. The most important thing is to have good-quality NICs. I've set up an old P4 with two Intel Pro/1000 PCI network cards. It is probably cheaper / better to go with an atom board, but I used what I had lying around.

 

[cyberjock]

Don't you need to open a port to allow VPN access (or any outside access)? I would imagine that it would be whitelisted or something like that, but isn't the port still forwarded? Maybe I'm just misusing terminology.

Nope.. my VPN is my router. :)

Hooray for pfsense.

I do not endorse or recommend people run VPN services from their FreeNAS box or a jail. There's a bunch of reasons, but the plain and simple truth is that network security 102 says "don't do that".

 

[avpullano]

I do not endorse or recommend people run VPN services from their FreeNAS box or a jail. There's a bunch of reasons, but the plain and simple truth is that network security 102 says "don't do that".

I think I'm ok with that reasoning, hah. I've spent some time playing around with SSH and VPN on my FreeNAS box, but I don't think I would ever keep either of those services up for more than a few minutes of testing. I like your approach with pfsense.