In Part 3 of this series I described how to install FreeBSD and set it up properly. Now that the base system setup is complete, we can start providing services…
1. Fileserver with Samba
The first and obvious service would be a fileserver. Samba provides a cross-platform compatible way of accessing files using the SMB network filesystem debuted in Windows. I created a jail using this commands:
ezjail-admin create fileserver 10.0.0.21
ezjail-admin start fileserverI also had to set the time zone manually within the jail using
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtimeI chose the first IPv4 address I created as an alias on re0. The following blog post shows how to set up a fileserver
with Samba on FreeBSD 10.3. Please note that you cannot set sysctl properties within a jail, as well as adding kernel
modules like aio to be loaded at boot or loading it at runtime. So I have configured those on the host system. On my
home network with a mixed CAT5e/CAT6 setup, I get transmission rates of about 60-100 MB/s, which is OK for me.
2. OS X Time Machine backup with netatalk
As I run OS X on all my machines I want to back up all data regularly. The AFP file service netatalk allows to enable
Time Machine support to provide a simple solution for system backups. I also created a jail for that using this commands:
ezjail-admin create timecapsule 10.0.0.22
ezjail-admin start timecapsulePlease note to also set the time zone manually within the jail using
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtimeThe following blog post provides information about how to set up a OS X backup server using netatalk on FreeBSD 10.3:
FreeBSD: Time Machine backup server with netatalk
Also important here: You can neither set sysctl properties from within a jail, nor adding kernel modules like aio
to be loaded at boot or loading it at runtime. So configure those settings on the host system itself.
I chose to give my backups a maximum disk space of 300G, so I executed this on the host system:
zfs set quota=300G data/ezjail/timecapsule2.1. Avahi problems
There’s only one problem: Avahi, which announces the file share within the network and is responsible for providing that tiny little file server button on the left of OS X’s Finder that prevents you from typing the IP address manually, does not work properly inside jailed environments. This is because it uses multicast messages for service announcement, but jails can not receive multicast messages - only send them, which might result in a state where you can sometimes see the share and sometimes not.
But there is a workaround using pf to redirect all multicast messages to the jail’s IP address. But as you can have
only one forward rule, you can also have only one jail announcing it’s services through Avahi. As the iTunes media server
only works when Avahi works, I chose to disable it completely for my Time Machine backup jail by running:
sysrc avahi_daemon_enable=NO
sysrc dbus_enable=NO
service avahi-daemon stop
service dbus stopBut if you don’t plan to run a iTunes media server anyway, you can use this rule in the /etc/pf.conf on the host
system to make it work:
# avahi multicast
rdr on re0 proto udp from any to 224.0.0.251 port 5353 -> 10.0.0.22 port 5353
Where re0 is your network adapter and 10.0.0.22 is the IPv4 address of your jail. Then you have to enable pf and
start it:
sysrc pf_enable=YES
service pf start3. iTunes media server using forked-daapd
forked-daapd allows you to set up an iTunes Media server that hosts all music, podcasts and audiobooks and shows
up in iTunes like a shared library. While other daapd implementations don’t work anymore with the current iTunes
versions, forked-daapd does. Also create a jail for this one:
ezjail-admin create itunes-server 10.0.0.23
ezjail-admin start fileserverand set the time zone manually within the jail using
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtimeThe following blog post shows how to set up a iTunes media server with forked-daapd on FreeBSD 10.3.
Please note that if the library does not show up, you need to enable multicast streams on your router and configure the
pf firewall on your host system to redirect all multicast messages to your jail (see 2.1.).