Here are a few posts for future reading: How to add a jailed server to OpenVPN? Running OpenVPN in a ezjail jail Restarting OpenVPN in jail erase tun0 configuration OpenVPN Client in a jail
Interesting jail/OpenVPN reading Read More »
I’ve been meeting a few challenges with running an instance of bacula-fd in each of my jails. Most of them are related to networking. Perhaps my deployment strategies are imposing too many restrictions. The challenges arise on the jail hosts which are not behind my firewall at home. Each of those servers is accessible through a VPN, but the individual jails on those servers are not. The backup of the jail host is
Accessing every jail from a VPN Read More »
I’ve been using Bacula since early 2004. I’ve been using FreeBSD since 1998. Jails are a relatively newcomer. I starting using it later in 2004. But it’s only recently that I’ve started using them intensively. Backups are always a touchy subject. With ezjail, the files you need to backup are greatly reduced. You’re not backing up the base OS, just the local files. I’ve created a fileset which seems to do the right
ezjail-jail: making a full backup of a FreeBSD jail with Bacula Read More »
I use FreeBSD Jails. I use them a lot. I have jails for websites. I have jails for regression testing, mail servers, OpenVPN servers, etc. I like jails for many reasons. One of which is being able to create a new jail which is pretty much identical to another jail, except for a few things. In this case, I wanted to create a new jail to do regression testing for Bacula, the best
Using ezjail-admin archive to create a new jail, almost like an existing jail Read More »
I decided to set up some of my mail servers to require certification authentication on the submission port (587). In my case, I want to forward mail from my server at home to my public servers out there on the Internet. I don’t want just anyone to be able to submit mail here, so the easiest way for me do to this was with certification. I could have done it with IP addresses,
Postfix client certificate verification Read More »
Last week, while at EuroBSDCon in Malta, I noticed that one of my servers had the wrong time. It was Bacula who told me, through this message in one of the backup jobs: 28-Sep 21:59 nyi-fd JobId 144899: DIR and FD clocks differ by -5 seconds, FD automatically compensating Fixing the time I connected to all my systems, and ran date(1). One system was by 2 seconds, and another was off by 5
different times despite running ntpd Read More »
I have a number of things I want to get done in the short term: remove the mail server on my gateway box at home and start using a mail server on an internal box Configure my external mail servers (out there on the Internet) to use TLS when talking to each other Configure those same servers to accept mail from that new internal mail server Stop using Postfix on servers which only
My ZFS system hits a high load average every week during its scrub. Here is what top looks like after I pressed i and then S: last pid: 42049; load averages: 3.78, 3.26, 3.42 up 18+13:47:14 11:43:01 220 processes: 3 running, 216 sleeping, 1 waiting CPU: 7.5% user, 0.0% nice, 12.8% system, 1.2% interrupt, 78.5% idle Mem: 765M Active, 236M Inact, 8667M Wired, 17M Cache, 3284M Buf, 22G Free Swap: 8192M Total, 2404K
ZFS system hits high load during scrub Read More »
I’m in the process of setting up a new gateway/firewall. The new hardware will be faster and have more space. At present, the old firewall is also providing DHCP and DNS services. I want to move those off the gateway and onto another server. Why? I want the gateway to run only services that are related to gateway/firewall services. That keeps things simple. At present, the new firewall has just 43 packages installed.
Creating a FreeBSD jail to run DHCP and DNS Read More »
For future reference, this is the knew server. It runs a few jails, including Bacula regression testing services. The filesytems: