Archive for February, 2010

How to Secure Your FreeNAS Server

February 24th, 2010 2 comments

Via the FreeNAS forum, Phan Vinh Thinh has posted some details on how to secure your FreeNAS server.

  1. Change the WebGUI admin/root password (the default is: freenas)
    Use a very strong password if you intend to access FreeNAS over the Internet.
    Please note – admin/root accounts use the same password.
    Please note – Users that are members of the wheel group can su to root if they know the root password.
  2. Change WebGUI admin user name (the default is admin), to protect your system against dictionary attacks.
  3. DO NOT give shell access to everybody.
  4. DO NOT use FTP over the Internet, use SSH or SFTP instead.
  5. DO NOT enable Password Authentication with SSH, set-up and use SSH key based authentication.
  6. Always use https protocol to access WebGUI interface.
  7. DO NOT open your WebGUI server to internet, rather open a tunnel via SSH from client to server.

See the rest of his blog entry for a brief tutorial on implementing these steps Phan’s blog: How to secure your FreeNAS server

Categories: Tips Tags:

FreeNAS 0.8 Roadmap

February 24th, 2010 3 comments

Some more details are starting to emerge about what will appear in FreeNAS 0.8:

Planned major features:

  • Development on FreeBSD RELENG_8. Release, depending on timeframe may be based on a RELENG_8 snapshot or 8.1-RELEASE
  • Migrate off m0n0wall
  • Migrate GUI to django
  • Add support for ada and ahci SATA drivers
  • Add optional SoftUpdates + Journaling support to UFS2 filesystems
  • Migration path/tool for previous releases and configurations
  • Preservation of all existing features of the current FreeNAS release
  • Refactor FreeNAS build system to allow building FreeNAS without affecting the host environment
  • Non-Blocking Features

Possible other features

  • FreeNAS package support. Binary one click installs that modify the GUI dynamically.

I am sure this list will evolve and you can keep an eye on the current developments here:

Categories: News Tags:

FreeNAS 0.7.1 Released

February 19th, 2010 1 comment

There doesn’t seem to have been an actual official announcement about this, but it seems FreeNAS 0.7.1 has been released.

You can download it from SourceForge:

FreeNAS 0.7.1 (Shere):

Majors changes:

  • Upgrade e2fsprogs to 1.41.9.
  • Upgrade istgt to version 20100125.
  • Upgrade msmtp to 1.4.19.
  • Upgrade transmission to 1.76.
  • Upgrade PHP to 5.2.12 (Thanks to Xin LI).
  • Upgrade fuppes to 0.660.
  • Upgrade rsync to 3.0.7.
  • Upgrade inadyn-mt to 02.18.08.
  • Upgrade netatalk to 2.0.5.
  • Upgrade bash to 4.0.35.
  • Upgrade lighttpd to 1.4.25.
  • Upgrade proftpd to 1.3.2c.

Minors changes:

  • Modify Samba default buffer size.
  • Modify Tuning values.
  • Add new MIB in System|Advanced|sysctl.conf.
  • Add UTF-8 with English menu in File Manager (quixplorer).
  • Restrict NFS sharing directory with alldirs.
  • Add serial console support.

Bug fixes:

  • Fix bug in istgt script.
  • Fix Samba ‘Unknown socket option IPTOS_LOWDELAY’ messages. Thanks to Daisuke Aoyama. (BR 2894782|2858262).
  • Fix mt-daapd/firefly error ‘Undefined symbol "avcodec_decode_audio"’ (BR 2895960).
  • Fix bug in iSCSI initiator script (BR 2916334). Thanks to Daisuke Aoyama.
  • Set home dir for Quixplorer users. Thanks to Daisuke Aoyama.
  • Remove useless character in email (BR 2928068).
  • Every reboot increases the number of ‘proc’ entries in fstab on ‘full’ installations (BR 2929029).
  • Fix message in console menu ‘Reset WebGUI password’ (BR 2929338).
  • Fix initial resolv issue.
  • Fix full install upgrade error.
  • Fix nsswitch error when ldap is enabled (BR 2936505).
  • Fix transmission umask does not work (BR 2945242).
  • Fix WebGUI allows usernames longer than 16 characters (BR 2934168).
  • Fix cannot check WebGUI default port.
  • Fix fail to apply if webserver authentication is enabled and documentroot is missing.

Permanent restrictions:

  • It is not possible to format a SoftRAID disk with MSDOS FAT16/32.
  • It is not possible to encrypt a disk partition, only complete disks are supported.
  • It is not possible to get seperate CPU stats per processor on SMP machines because FreeBSD does not support that feature.
  • Enable ‘polling’ on interfaces used by a LAGG interface will make it inoperable.
  • It is not possible to mount EXT2 disks with an inode size of 256 bytes. You have to format it with 128 bytes on Linux to use them on FreeBSD.

Known bugs:

  • If DHCP for IPv4 is used, the IPv6 statically configured DNS server will be overriden by the IPv4 DNS server.
  • Downgrading to 0.69 via WebGUI fails because of broken pipe error.
  • FreeBSD’s ext2fs module, as of release 7.1, cannot mount ext2 file systems with 256-byte large inodes, only 128 byte sized. Unfortunately, 256 byte is the default size with many recent Linux distributions.
Categories: FreeNAS Releases Tags: