All this in a single server?

[PrimeSonic]

If you need to know what kind of hardware I intend to put in this thing, here's a list of parts I'm considering: http://pcpartpicker.com/p/D6hjjX

 

I've been wanting to build a more robust NAS for some time now (as opposed to the out-of-the-box one we have now).

I've been looking into what pfSense offers in terms of a firewall at the router level.

Combined with a routing table and DNS server, I could have much more control and security over my network traffic.

My old NetGear Nighthawk would be relegated to being nothing more than a wireless access point once the server took over routing duties.

 

So in summary, these are the tasks I would want out of this server

• NAS
• DNS
• router
• network level firewall

I know of various OS options for a NAS and I know of pfSense for a router/network firewall.

But should all this live in a single OS? Is there even a single OS that can do all that?

And if VMs are necessary, or even just recommended to keep certain things separate (like keeping the NAS only on the local network), then what base OS would be a good option to handle the VMs?

[Mikensan]

VMs are very necessary if you want to use pfsense as a firewall. You want as few as possible services running from your firewall as possible, lot of people have wanted to run a NAS off of pfsense and some were successful - however it's highly advised you do not.

 

VMware ESXi is free for home/lab use, I think the only limitation now is ram (32gb). There's also Xenserver, or Microsoft Hyper-V. I find VMware much easier to use and get going personally. 99% GUI driven for what you'll be doing at home.

 

**Also, you will need a HBA card to pass off to the FreeNAS VM so it can have direct access to the drives. However the FreeNAS community advises against running FreeNAS as a VM.

[PrimeSonic]

7 minutes ago, Mikensan said:

**Also, you will need a HBA card to pass off to the FreeNAS VM so it can have direct access to the drives. However the FreeNAS community advises against running FreeNAS as a VM.

I haven't had to use these before so...

http://pcpartpicker.com/part/intel-wired-network-card-e1g44ht

would something like this serve as a host bus adapter card?

 

On the topic of NAS software, it doesn't have to be FreeNAS. It could also just be a Linux distro or another NAS OS solution. But thanks for the heads up on FreeNAS and VMs.

[Mikensan]

You could get a LSI based card like the IBM m1015 and flash it HBA mode. On ebay they run $50-$100 in the US.

 

Thinking a little bit more.. FreeNAS does all you to run "jails" and virtual machines as well, however it isn't very polished (supposedly version 10 will improve upon it) and you could theoretically run pfsense virtually from FreeNAS. Running it from a jail would be a little more complicated.

 

unRaid also could do this for you very easily, much more polished. However there are some performance considerations with unRaid to consider.

 

You could use Windows Server 2012r2 (Or windows 8/10) as a nas inside a VM. Lot of users here using Windows + softwared based raid (FlexRAID I think).

 

I've only ever used FreeNAS, even then only for about a year now. So others may have to chime in for alternatives.

 

Also wanted to say your hardware looks good, solid processor choice and ok amount of ram. pfSense would be very happy with 2gb of ram if you only use packages like country blocker etc... and have a small environment. FreeNAS with those drives in your list would be happy with 8gb. The hypervisor if you go that route should have ~4-6gb.

[PrimeSonic]

16 minutes ago, Mikensan said:

You could get a LSI based card like the IBM m1015 and flash it HBA mode. On ebay they run $50-$100 in the US.

Excuse me earlier ignorance. I thought we were talking networking, not storage.

 

The reason I chose that motherboard over others was because of the large number of SATA ports onboard, saving me the expansion slot and allowing me to go with a MiniITX form factor.

 

I know that motherboard does have 3 network ports, so if I re-purpose the old router as both a WAP and a hub, then I might be able to get away with not adding a NIC to it.

 

So to ask the real question:

If the motherboard has all the SATA ports I want, do I still need a raid card?

[Mikensan]

If you want to use FreeNAS as a VM, yes. You have to pass it off directly to FreeNAS. If you drop FreeNAS, you can drop the add-on card. No worries, can't know everything there is to know, I certainly dont.

 

3 nics - 1 for NAS, 2 for pfSense (WAN/LAN) but makes life a little harder if you want to separate your LAN and WiFi traffic (just in case somebody hacks your wifi, deny 'em access to your LAN).

[PrimeSonic]

13 minutes ago, Mikensan said:

3 nics - 1 for NAS, 2 for pfSense (WAN/LAN) but makes life a little harder if you want to separate your LAN and WiFi traffic (just in case somebody hacks your wifi, deny 'em access to your LAN).

Looks like MiniITX might not be enough for this server then, regardless of how I handle the NAS portion. I do want to have the necessary layers of network security and privacy.

 

Thanks for the heads up. I'll be changing up my parts list later on and figuring out how I can cram all that into the smallest space possible.

 

[minutellim]

I don't think this is something you should consider. I think that it's doable, but it adds so much confusion to things that I just don't see how it's worth it, especially for someone that hasn't used any of this kind of software before. I've looked at a lot of mini-ITX motherboards, and I'm guessing you're looking at something like the ASRock C2550. All of the ITX boards that I have seen have a dedicated port for IPMI which, as far as I know, cannot be used in a typical networking capacity like you're expecting.

 

Both FreeNAS and pfSense advise against running them in VMs, let alone both. I say don't do it.

[PrimeSonic]

40 minutes ago, minutellim said:

Both FreeNAS and pfSense advise against running them in VMs, let alone both. I say don't do it.

Well shoot.

I just wanted to see if I could get away with not buying a pfSense router.

But then, the NICs I would need to buy are going to be far more expensive than the cost of one of those routers, and I still have my old one to use as a hub. So I guess that's that.

 

I can probably do without a DNS server, or see if pfSense will handle that as well.

So this would just move my plans back to their original state where I was going to be building a NAS and adding a pfSense router to administrate.

[Mikensan]

I ran pfSense as a virtual appliance for nearly 3 years before switching to dedicated hardware. Their advise is do not share NICs, not necessarily running it as a VM.

[minutellim]

What NICs are you buying that are more expensive than buying a pfSense router? My suggestion is to build a dedicated router and build a dedicated server. 

[PrimeSonic]

1 minute ago, minutellim said:

What NICs are you buying that are more expensive than buying a pfSense router? My suggestion is to build a dedicated router and build a dedicated server. 

http://pcpartpicker.com/part/intel-wired-network-card-e1g44ht

Something like this. Add three of these and it adds up to over the cost of an entry level pfSense router.

 

In any case, yes, I agree given all this information that attempting to run all of this in the same box is going to be both a nightmare and a bad idea.

[minutellim]

Ah, I think I see what you're trying to do. You're wanting to just plug all of your devices into the router itself, right? While pfSense can do bridging between the ports, it's kind of clunky and not really what that's for. A router should route traffic between different networks, not different devices. When people add more LAN ports to their pfSense router, they're usually setting up multiple LANs. For the home user, most of the time you only want one LAN, so you only need two ethernet ports to your router. One will go from your modem to your router, and one will come out of the router and go into a network switch. Then, all of your devices will connect to the switch.

[PrimeSonic]

15 minutes ago, minutellim said:

Ah, I think I see what you're trying to do. You're wanting to just plug all of your devices into the router itself, right? While pfSense can do bridging between the ports, it's kind of clunky and not really what that's for. A router should route traffic between different networks, not different devices. When people add more LAN ports to their pfSense router, they're usually setting up multiple LANs. For the home user, most of the time you only want one LAN, so you only need two ethernet ports to your router. One will go from your modem to your router, and one will come out of the router and go into a network switch. Then, all of your devices will connect to the switch.

Let me clarify. I think we both have the same idea.

 

I would want the pfSense router to sit between my local network and the internet.

There it can act as a network level firewall (and maybe as a DNS server, or at least have some custom hosts file style DNS-IP  matching table in place).

The only connections to that router would be to the modem and the network hub.

 

I have an old NetGear router that will be reused as nothing more than the wireless access point for the WiFi and a hub for the local network. I remember it supporting a "pass-through" mode.

 

Inside the local network is where I want a new NAS to live.

It will be connected through the hub along with all our PCs.

 

[minutellim]

I gotcha. I'm still confused as to why you needed 3 of those 4 port NICs that you linked, though.

[PrimeSonic]

Just now, minutellim said:

I gotcha. I'm still confused as to why you needed 3 of those 4 port NICs that you linked, though.

Well, if I end up reusing my router as a hub, I won't need that many to connect all our LAN cables.

But initially, I wanted to see if I could do away with that router entirely.

 

I might have also been thinking about future expandability a little too much. Either that or there's a hole burning in my pocket.

[minutellim]

Haha! I know that feeling all too well. I think it happens to all of us. Good luck with your builds. I recently just went through and built a pfSense box and a NAS, so if you have any more questions, just ask me. 

[Jarsky]

If you value your data, don't run FreeNAS in a VM.

1. You will get no support on it from the FreeNAS community

2. There is unexplained sudden loss of ZFS partitions on reboot when running in VM, which is not recoverable.

3. Newer versions of FreeNAS do not run in Hyper-V/VMWare/etc...so you wouldn't be able to ever update your FreeNAS.

 

This might be a case where unRAID would be a good solution - given you can run storage at the unRAID OS level, and then VM's ontop of that.

Else you could install something like ESXi, and pass the HBA through to a VM and mount the drives in there.

 

Though I notice you only have 2 x HDD's, so you're running them as independant storage disks? or are you planning to create a mirrored raid?

Also whats the idea of 2 x 60GB SSD's rather than just a 120GB one?

[PrimeSonic]

1 hour ago, Jarsky said:

 

 

Though I notice you only have 2 x HDD's, so you're running them as independant storage disks? or are you planning to create a mirrored raid?

Also whats the idea of 2 x 60GB SSD's rather than just a 120GB one?

This was part of my original NAS plan. The SSDs were for the OS (raid 1) and the HDDs for storage (also raid 1).

 

Given that we still haven't used up the 2Tb of storage on our current NAS,  starting with 4Tb should be enough.

I would add additional drive pairs as additional raid 1 volumes as needed.

[Blake]

15 hours ago, PrimeSonic said:

If you need to know what kind of hardware I intend to put in this thing, here's a list of parts I'm considering: http://pcpartpicker.com/p/D6hjjX

 

I've been wanting to build a more robust NAS for some time now (as opposed to the out-of-the-box one we have now).

I've been looking into what pfSense offers in terms of a firewall at the router level.

Combined with a routing table and DNS server, I could have much more control and security over my network traffic.

My old NetGear Nighthawk would be relegated to being nothing more than a wireless access point once the server took over routing duties.

 

So in summary, these are the tasks I would want out of this server

• NAS - You don't need much CPU power unless your doing a parity RAID or similar. As you'll be doing VM's this will be good. Keep in mind the Motherbaord will limit you to 6 Disks, but with your use case, i don't see it being an issue. Are you just going to mirror the SSD's and make another mirror with the HDDs?
• DNS - Litterlly my toaster could run this for a home use. You are fine.
• router - Yeah, it'll be fine, assuming your just routing, if you going to start to do DPI or Caching, etc you might start to get slower then line speed rates. 
• network level firewall - Thought it was built into pfSense? I havn't used it in a while so meh. Sophos UTM will be good.

I know of various OS options for a NAS and I know of pfSense for a router/network firewall.

But should all this live in a single OS? Is there even a single OS that can do all that? There are a few, but you don't want to do that, you have enough power to virtualise everything. Hyper-V is out as pfsense doesn't like it without some modifications, plus ESXi is also free for 1 host. You will want to virtualise so if one system breaks, or you decide to upgrade one of the systems you can P2V or V2V it.

And if VMs are necessary, or even just recommended to keep certain things separate (like keeping the NAS only on the local network), then what base OS would be a good option to handle the VMs?

See answers above. then:

 

Have ESXi boot of the usb port. I believe that I herd talk of another NIC? Make sure it is an Intel one (so no messing with drivers), then configure one port as the WAN port and link it to the sophos UTM (or other firewall), Setup a virtual switch to connect the firewall -> router and have the router (pfsense) access to the NAS and DNS servers + all other Network ports (you can have another as a dedicated mgmt port if you want). If you have an RJ45 Port on your boarder gateway (i.e. what your ISP's network terminates as in your network), just configure Sophos to do all the authentication and don't bother with a modem. If not? keep your modem and just have it convert the serial WAN connection and connect to the WAN port on the server.

[dalekphalm]

On 2016-05-11 at 11:32 AM, PrimeSonic said:

Excuse me earlier ignorance. I thought we were talking networking, not storage.

 

The reason I chose that motherboard over others was because of the large number of SATA ports onboard, saving me the expansion slot and allowing me to go with a MiniITX form factor.

 

I know that motherboard does have 3 network ports, so if I re-purpose the old router as both a WAP and a hub, then I might be able to get away with not adding a NIC to it.

 

So to ask the real question:

If the motherboard has all the SATA ports I want, do I still need a raid card?

 

On 2016-05-11 at 11:39 AM, Mikensan said:

If you want to use FreeNAS as a VM, yes. You have to pass it off directly to FreeNAS. If you drop FreeNAS, you can drop the add-on card. No worries, can't know everything there is to know, I certainly dont.

 

3 nics - 1 for NAS, 2 for pfSense (WAN/LAN) but makes life a little harder if you want to separate your LAN and WiFi traffic (just in case somebody hacks your wifi, deny 'em access to your LAN).

 

Just a heads up, the Motherboard in question does NOT have 3x NIC's built in.

 

It was 2x 10/100/1000 Gigabit NIC's (Intel® i210)

 

It also has a single MANAGEMENT INTERFACE NIC (ASPEED AST2300 : IPMI (Intelligent Platform Management Interface) 2.0 with iKVM support). You use this last NIC to access basic hardware functionality remotely, allowing things like BIOS access, and remote reboot/startup/shutdown.

 

So effectively, your motherboard has 2x usable NIC's, for your purposes.

 

http://www.asrockrack.com/general/productdetail.asp?Model=E3C226D2I#Specifications