netstack

freeNAS configuration

freeNAS install

Create freeNAS install USB 3.0 Sandisk bootable thumbdrive using Etcher - download or Rufus - download
Insert freeNAS install USB and a USB 3.0 Sandisk boot target or use a small SSD
Install… it will ask to set a root password
Pull freeNAS install USB and reboot

freeNAS first pool setup

Gateway purpose	IP	Local Domain Name
Network Management Gateway	https://192.168.128.1	https://ng.ns.lan
Storage Management Gateway	https://192.168.128.2	https://sg.ns.lan
Compute Management Gateway	https://192.168.128.3	https://cg.ns.lan

Login to FreeNAS (root - yoursecurepassword)
View Dashboard check for any notifications
From FreeNAS Dashboard -> Storage -> Pools -> Add -> Create new pool
- Name: nspool
- Type: raidz2
- Add Drives (the 4 disks) -> Set to raidz2 (default is raidz2)
Confirm Create (will delete all data)
Clean up Network
- Hostname: sg
- Domain: ns.lan
Add S.M.A.R.T. Test schedule to drives
- Tasks - S.M.A.R.T. Test
- Disks: (disk in each pool as a task) ada0, ada1, ada2
- Type: LONG
- Description: Monthly SMART test
- Schedule: Montly (0 0 - -) First day of month at 12AM
Add SCRUB schedule to drives
- Tasks - Scrub Tasks
- Pool: nspool
- Threshold days: 14
- Description: Weekly Scrub

Groups

Group	GID	Description
nsadmin	1009	Netstack System Administration Group
nsbackup	1008	Netstack Backup Group
nsprojects	1001	Netstack Projects Group
nspublic	1000	Netstack Public Group

Users

user	UID	Description
root	0	only use on head
nsadmin	1009	only use in emergency
buadmin	1008	backup user for scripts
nsprouser	1001	basic project user template
nspubuser	1000	public share only user template

Check Status of nspool Storage - Pools - Gear Status
Add Projects dataset Storage - Pools -> nspool -> Add Dataset
- Name: Projects
- Comments: netstack Projects
- Sync: Inherit (standard)
- Compression: Inherit (lz4) (default)
- Enable Atime: Inherit (on) (default)
- ZFS Dedulication: Inherit (off) (default)
- Case Sensitivity: Sensitive (default)
- Share Type: Generic
- SAVE
Add Public dataset Storage - Pools -> nspool -> Add Dataset
- Name: Public
- Comments: netstack Public share
- Sync: Inherit (standard)
- Compression: Inherit (lz4) (default)
- Enable Atime: Inherit (on) (default)
- ZFS Dedulication: Inherit (off) (default)
- Case Sensitivity: Sensitive (default)
- Share Type: Generic
- SAVE
Create group nspublic Accounts - Groups -> Add
- GID: 1000
- Name: nspublic
- SAVE
Create group nsprojects Accounts - Groups -> Add
- GID: 1001
- Name: nsprojects
- SAVE

Create user nspubuser Accounts - Users -> Add

Full Name: Netstack Public User
Username: nspubuser
Email: nspubuser@netstack.org
Password: somethingyouset
User ID: 1000
New Primary Group: unchecked - use nspublic as Primary Group
Primary Group: nspublic
Auxiliary Groups: none
Home Directory: /mnt/nspool/Public
Home Directory Permissions:

	User	Group	Other
Read	X	X	X
Write	X
Execute	X	X	X

Authentication (leave default)
SAVE
Repeat for nsprouser but with nsprojects as primary group

Add Public SMB share Sharing - Windows Shares (SMB) - Add - Path: /mnt/nspool/Public - Name: Public - Description: netstack Public SMB share - Enabled: yes - checked - Time Machine: no - Allow Guest Access: no - Enable Shadow Copies: yes - checked - SAVE
Edit ACL on Public Dataset Storage - Pools - nspool - Public
- Path: /mnt/nspool/Public
- User: root (default)
- Group: nspublic (select from pulldown)
- Apply Group: yes - Checked (need to check this to apply the group or it will not change)
- Default ACL Options: OPEN
- Apply Permissions Recursively: yes - Checked (good habbit when changing directories)
- Save
Add Projects SMB share Sharing - Windows Shares (SMB) - Add - Path: /mnt/nspool/Projects - Name: Projects - Description: netstack Projects - Enabled: yes - checked - Time Machine: no - Allow Guest Access: no - Enable Shadow Copies: yes - checked - SAVE
Edit ACL on Public Dataset Storage - Pools - nspool - Projects
- Path: /mnt/nspool/Projects
- User: root (default)
- Group: nsprojects (select from pulldown)
- Apply Group: yes - Checked (need to check this to apply the group or it will not change)
- Default ACL Options: RESTRICTED
- Apply Permissions Recursively: yes - Checked (good habbit when changing directories)
- Save
RESTART SMB Service
Test SMB connectivity on Windows
- Windows Machine
- File Browse to: \192.168.128.2\ or sg.ns.lan
- Network credentials: nspubuser - passwordyouset
- Under Network > SG should see Projects and Public
- Click on Public
- Should be able to read and write files
- Click on Project
- Should NOT be able to access folder
Enable SMB Service Services - SMB - Edita
- Number of servers: 4 (each takes 1 core)
- Allow no-root mount: Checked
- Enable NFSv4: Checked
- Restart NFS Service

Open File Explorer
Type “\sg.ns.lan” (or \192.168.128.2) into path bar
Windows should request credentials
With correct credentials, File Explorer will display all datasets associated with server

Windows 10 Map Network Drive

Right click on “This PC”
Select “Map network drive…”
- Select Drive to map: “Z:”
- Folder: “\sg.ns.lan” (or \192.168.128.2)
- Reconnect at sign-in: checked (yes)
- Connect using different credentials: checked (yes)
- Enter credentials: nsprouser - thepasswordyouset
- Finish
You should have access, you can edit or insert credentials directly see “Windows 10 credentials debug” below

Windows 10 credentials debug

Search for “credentials” Select “Manage Windows Credentials Control panel” Application
- Click Windows Credentials
- Add, Edit or Remove the associated Windows Credentials
Clear Windows 10 local credentials
- Press the Windows key + R together to open the Run box. Type the following command and hit Enter.
```
  rundll32.exe keymgr.dll, KRShowKeyMgr
```
- Select and delete the credential

Windows 10 bash mount Mounting DrvFs

In order to mount a Windows drive using DrvFs, you can use the regular Linux mount command. For example, to mount a removable drive D: as /mnt/d directory, run the following commands:

$ sudo mkdir /mnt/d
$ sudo mount -t drvfs D: /mnt/d

Now, you will be able to access the files of your D: drive under /mnt/d. When you wish to unmount the drive, for example so you can safely remove it, run the following command:

$ sudo umount /mnt/d

Mounting network locations When you wish to mount a network location, you can of course create a mapped network drive in Windows and mount that as indicated above. However, it’s also possible to mount them directly using a UNC path:

$ sudo mkdir /mnt/share
$ sudo mount -t drvfs '\\server\share' /mnt/share

Note the single quotes around the UNC path; these are necessary to prevent the need to escape the backslashes. If you don’t surround the UNC path with single quotes, you need to escape the backslashes by doubling them (e.g. \\server\share).

WSL does not have any way to specify which credentials to use to connect to a network share. If you need to use different credentials to connect to the server, specify them in Windows by navigating to the share in File Explorer, using the Windows Credential Manager, or the net use command. The net use command can be invoked from inside WSL (using net.exe use) via interop. Type net.exe help use for more information on how to use this command.

Apple Mac Map Network Drive

Via Network Browse

Click Finder -> Network -> sg
Click “Connect As” and enter credentials
Finder should show all resources on that server

Via GO

Click Finder GO -> “Connect to Server”
smb://sg.ns.lan (or smb://192.168.128.4)
Select the dataset you want to mount

Check Status of nspool Storage - Pools - Gear Status
Add NFS_ISO_Share Storage - Pools -> nspool -> Add Dataset LT-video
- Name: NFS_ISO_Share
- Comments: NFS ISO files for LAN Share
- Sync: Inherit (standard)
- Leave rest default
- SAVE
Edit Permissions on Projects Dataset LT-video
- Give Write to Group and Other
- Apply Permissions Recursively
- Save
Enable NFS Service Services - NFS - Edit LT-video
- Number of servers: 4 (each takes 1 core)
- Allow no-root mount: Checked
- Enable NFSv4: Checked
- Restart NFS Service

Turn off NFS Sync for each Dataset ZFS performance issue LT-Video

root@freenas[/mnt/nspool]# ls
NFS_ISO_Share	Projects
root@freenas[/mnt/nspool]# zfs set sync=disabled nspool/Projects
root@freenas[/mnt/nspool]# zfs set sync=disabled nspool/NFS_ISO_Share
root@freenas[/mnt/nspool]# 

Create NFS share Sharing - NFS - Add LT-video
- Path: /mnt/nspool/Projects
- All dirs (checked)
- Enabled (checked)
- Advanced: Security: sys
- Save
Create NFS share Sharing - NFS - Add LT-video
- Path: /mnt/nspool/NFS_ISO_Share
- All dirs (checked)
- Enabled (checked)
- Advanced: Security: sys
- Save
Add the NFS share to your xcp-ng server

Reference Links

Reference Videos

Hindsight Jail

From FreeNAS Dashboard -> Jails -> ADD
- Jail Name: hindsight
- Release: 11.2-RELEASE
- NEXT:
- IPv4 Interface: em0
- IPv4 Address: 192.168.1.6
- IPv4 Netmask: 24
- NEXT:
- Confirm
```
Jail Summary
Jail Name : hindsight
Release : 11.2-RELEASE
IPv4 Address : em0|192.168.1.6/24
Confirm these settings.
```
Confirm
- Basic: Auto-Start
- Jail: allow_set_hostname, allow_raw_sockets
Install hindsight - Jail -> hindsight -> shell
- root@hindsight:~ # pkg install stow
- root@hindsight:~ # mkdir /usr/local/stow
- root@hindsight:~ # cd /usr/local/stow/
- root@hindsight:~ # scp cat@192.168.1.30:/Users/cat/Downloads/hindsight_bsd_stow.tgz .
- root@hindsight:~ # tar -xzvf hindsight_bsd_stow.tgz
- root@hindsight:~ # vi /etc/rc.d/hindsight ``` $ cat /etc/rc.d/hindsight #!/bin/sh #
  PROVIDE: hindsight
  
  REQUIRE: DAEMON
  
  KEYWORD: shutdown

. /etc/rc.subr

name=hindsight rcvar=hindsight_enable

command=”/usr/sbin/daemon” command_args=”-P /var/run/hindsight.pid -T hindsight /usr/local/bin/hindsight /usr/local/hindsight/hindsight.cfg 7”

load_rc_config $name

DO NOT CHANGE THESE DEFAULT VALUES HERE

SET THEM IN THE /etc/rc.conf FILE

# hindsight_enable=${hindsight_enable-“NO”} pidfile=${hindsight_pidfile-“/var/run/hindsight.pid”}

run_rc_command “$1”

  - root@hindsight:~ # chmod 555 /etc/rc.d/hindsight
  - root@hindsight:~ # vi /etc/rc.conf

hindsight_enable=”YES”

  - root@hindsight:~ # systemclt start hindsight
  - root@hindsight:~ # systemclt status hindsight
  - root@hindsight:~ # lsb_heka_cat /usr/local/hindsight/output/input/0.log
  - syslog collector is running on the standard port 514
  - pfsense collector is on port 4514

## Hindsight update
1. root@hindsight:~ # /etc/rc.d/hindsight status || (service hindsight status)
2. root@hindsight:~ # /etc/rc.d/hindsight stop || (service hindsight stop)
3. root@hindsight:~ # cd /usr/local/
4. root@hindsight:~ # scp cat@192.168.1.30:/Users/cat/Downloads/hs_bsd_stow.tgz .
5. root@hindsight:~ # stow -v -D *
6. root@hindsight:~ # rm -rf stow
7. root@hindsight:~ # tar -zxf hs_bsd_stow.tgz
8. root@hindsight:~ # cd stow
9. root@hindsight:~ # stow -v *
10. root@hindsight:~ # /etc/rc.d/hindsight start || (service hindsight start)
11. root@hindsight:~ # /etc/rc.d/hindsight status || (service hindsight status)
12. root@hindsight:~ # lsb_heka_cat /usr/local/hindsight/output/input/0.log
  
  
## Install new FreeNAS and import existing Pool
1. USB FreeNAS install to new USB
2. Login to FreeNAS firstime set pw (yoursecurepassword)
3. Storage -> Pools -> Add 
   - Import an existing pool
   - NEXT:
   - Is the pool encrypted? No
   - NEXT:
   - Pool: nspool
   - NEXT:
   - Confirm: IMPORT

Pool Import Summary Pool to import : nspool | 9174643673441383865 Confirm these settings. ```

netstack

freeNAS configuration

freeNAS install

freeNAS first pool setup

freeNAS SMB Share Dataset Configuration

Windows 10 SMB Share browse

Windows 10 Map Network Drive

Windows 10 credentials debug

Windows 10 bash mount Mounting DrvFs

Apple Mac Map Network Drive

freeNAS NFS Share Dataset Configuration

Reference Links

Reference Videos

Hindsight Jail

PROVIDE: hindsight

REQUIRE: DAEMON

KEYWORD: shutdown

DO NOT CHANGE THESE DEFAULT VALUES HERE

SET THEM IN THE /etc/rc.conf FILE