woensdag 6 november 2013

Part I : IpFire - Howto: Ubuntu Home Server (ZFS + virtual IpFire)

Series: Ubuntu Home Server (ZFS + virtual IpFire) 

-->Part I   : Ubuntu install and setting up IpFire (this post)<--

Ubuntu install and setting up IpFire 

Table of Contents:

Towards a next generation file system at home
Home server hardware specs
Ubuntu installation
Virtual firewall preparation
Virtual firewall set-up
Automatic starting of headless firewall VM

Towards a next generation file system at home

A few weeks ago I decided I wanted to move my home server to a next generation file system.  I realized I have rather a number of files I do not want to lose and I don't want to be 100 % dependent on Crashplan (who says this company is forever). Moreover it stands to reason that I never realize my files have gotten corrupt before I actually need them from backup. 

There are a number of options, but basically it comes down to the choice between either btrfs or ZFS. Given the still relatively unstable state of btrfs (currently raid 5/6 partitions cannot be scrubbed or integrity checked) the choice came down to ZFS. Luckily there is ZFS on Linux (ZoL) which provides a native Linux kernel port of the ZFS filesystem and is maintained by Lawrence Livermore National Laboratory (LLNL). 

To make a long story short, setting everything up was not difficult but there are some tricks that wou have made live easier if I'd known them, hence this post. My OS of choice was Ubuntu based on the large community, ZoL availability, webmin availability, virtualbox availability, and previous experience with Linux. 

Home server hardware specs:

So here's what I set up:

  • Ubuntu 12.04.03 LTS
  • ZFS on Linux (6 disk RAIDZ2 , double parity)
  • Virtual firewall (IpFire) running through Virtualbox
  • DHCP / DNS / samba file sharing
  • LAN runs in the 192.168.10.xxx range.

Running on:
  • Athlon II X3
  • 16 GB ECC RAM
  • 3 Ethernet adapters (2 for the firewall and 1 for the host OS)
  • 6 WD 2 TB disks (mix of Green and Red)
  • 500 GB bootdrive (2.5 " WD)

Ubuntu installation

Using a standard bootable USB stick I set up Ubuntu on a 30 GB partition (enabling me to have a small image which can be restored to another disk in the case of boot disk failure). 

The roles that I selected were :
  • LAMP (might want to host internal webpages)
  • DHCP
  • DNS
  • Samba
  • Postfix (configured as website but can also be smarthost (e.g. google))
After installation you will end up at a login prompt. Subsequently I installed the Xubuntu desktop for convenience using aptitude.
sudo apt-get install xubuntu desktop

After installation of the desktop I installed some tools via the terminal to enable hardware monitoring and make administration easy. Terminal can be found in 'Accessories' in the start menu.

sudo apt-get install smartmontools

sudo apt-get install lm-sensors

Afterwards configure with :

Install gnome task manager:
sudo apt-get install gnome-system-monitor

sudo apt-get install chromium-browser

Virtual firewall preparation

The next step is setting up the virtual firewall and configure it. In my case I had three dedicated network adapters I can use but obviously you can also work with vlans and a virtual network (though I prefer hardwired myself). Before you move forward there are some things to make sure you write down on paper to make identification easier later on. Decide which ethernet adapter should fullfill which role and note the (last 5 digits) of the mac address of each adapter. 

The data can be found using the gnome network manager (via the network icon in the menu bar or via settings in the start menu) or via ifconfig in terminal. Using the network manager I also rename the adapters for quick identification, for me:

Adapter   Name    Mac address

eth0      Red     x:xx:xx (Virtual firewall WAN / Internet) 
eth1      Green   x:xx:xx (Virtual firewall LAN / Network)
eth2      Host    x:xx:xx (Server LAN) 

This will allows you to connect the proper virtual adapters to the proper hardware adapters in virtualbox.

Should one of your network adapters be displayed as 'unmanaged' happens sometimes. You can resolve this in the following way.

Open a terminal and edit the network adapters config:
sudo leafpad /etc/network/interfaces 

In the file scroll to the section "# the primary network interface" and comment out lines "auto eth0" and "iface eth0 inet dhcp" (or eth1 depending on the one that was 'unmanaged' (by placing a # as a first character on the line), should look like:

# The primary network interface
# auto eth0
# iface eth0 inet dhcp

Then make the changes as mentioned above via the network configuration tool. 

Virtual firewall set-up:

Next steps are the actuall installation of the firewall, first install dkms to allow virtualbox to reconfigure the kernel modules for virtualbox:
sudo apt-get install dkms

also don't forget the kernel headers:

sudo apt-get install linux-headers-`uname -r` linux-headers-generic build-essential

Subsequently download and install virtualbox from https://www.virtualbox.org/wiki/Linux_Downloads
Open a terminal an navigate to download folder (when starting in home 'cd /Downloads' ) and install virtualbox (the xxx depends on the downloaded version):
sudo dpkg -i virtualbox-4.3.xxxxxxxxxx-amd64.deb

Note that you should download and install this way rather than using aptitude as aptitude will install an older version (4.1.xx) which does not play nice with the automatic startup / save stae script below.

After installation download IpFire from : http://www.ipfire.org/download

Open virtualbox under 'System' in the start menu and create a new virtual machine. Call it 'ipfire' (also make sure to use lowercase, this is important later on to have the machine autostart on boot).

The type of machine is a generic linux machine, reserve at least 512 MB of RAM (likely more than enough), 1 core, and create a 3 GB virtual hard drive (should also be plenty). After you have finished open the ípfire'virtual machine settings and go to 'network', now grab you note and pen. 

Hook up the first adapter to your 'red' ethernet adapter in 'bridged' mode. Create a second network adapter and hook it up to your green interface using again 'bridged' mode. Now add again the last digits if the mac addresses of the virtual adapters to your list (note that the host adapter has no virtual counterpart).

Adapter   Name    Mac      Virtual Mac

eth0      Red     x:xx:xx  x:xx:xx      (Virtual firewall WAN / Internet) 

eth1      Green   x:xx:xx  x:xx:xx      (Virtual firewall LAN / Network)

eth2      Host    x:xx:xx               (Server LAN) 

Next go to disks and select the virtual cdrom, klik next to the cd icon select mount image and browse to the downloaded IpFire image 'Choose a Virtual CD/DVD image' .

Before installing the firewall go back to the network adapters configuration tool. Open up your red adapter, go to Ipv4 amd set to 'disabled' , go to Ipv6 and set to 'ignore'. Also repeat this for the green adapter. This is to prevent bypassing the firewall and forcing the traffic through red, the firewall, and green from the WAN to the LAN network. 

Set your host adapter to the following settings in Ipv4:
ip address :
netmask : (allows 30 hosts)
gateway :
dns : (when you have installed a dns server, otherwise use your ISPs or Google (

Now start your virtualmachine and the ipfire setup should also autostart. Grab your note again (write down the root password and web interface password). Go through the setup and configure the 'Red' interface in ipfire to be connected to your first primary adapter:

Adapter   Name    Mac      Virtual Mac
eth0      Red     x:xx:xx  x:xx:xx      (Virtual firewall WAN / Internet) 

depending on your ISP you have to set it to DHCP (likely when using a router / modem) or use another configuration. But please refer to ISP documentation. 

Also set up the 'Green' adapter:

Adapter   Name    Mac      Virtual Mac
eth1      Green   x:xx:xx  x:xx:xx      (Virtual firewall LAN / Network)

Set this one to the static IP : (will be the gateway for the network). After setup completes the virtual machine will reboot. If all has gone well connectivity to the machine. If not try to navigate to , this should open up your ipfire webinterface and allows you to see if the firewall is correctly set up. If this is not the case chances are that you switched the red and green adapters. 

Automatic starting of headless firewall VM:

The last stage is to have your virtualmachine autostart / shutdown on boot and shutdown using a simple script (otherwise you have to do this manually every time, not very convenient):
sudo leafpad /etc/init.d/StartVM.

Copy Past the following in the file and replace "MyUser" with your ubuntu useracount name (mind capitals). If you used ipfire as virtualmachine name, you can keep that as is.:

#! /bin/sh
# /etc/init.d/StartVM
#Edit these variables!
case "$1" in
   echo "Starting VirtualBox VM..."
   sudo -H -b -u $VMUSER /usr/bin/VBoxVRDP -s "$VMNAME"
   echo "Saving state of Virtualbox VM..."
   sudo -H -u  $VMUSER /usr/bin/VBoxManage controlvm "$VMNAME" 
   echo "Usage: /etc/init.d/StartVM {start|stop}"
   exit 1
exit 0

Close leafpad and give the script executable permission with
sudo chmod +x /etc/init.d/StartVM

Tell the script be the first to shutdown and the last to startup.
sudo update-rc.d StartVM defaults 99 01

Now you should have configure a basic Ubuntu server with desktop and virtual firewall. Reboot to make sure everything works and your virtualmachine autostarts.

The next part will focus on the set up of ZFS, webmin and hardware monitoring.

1 opmerking:

  1. HI! I was wondering, why set up IpFire under VirtualBox? Any advantages for doing this instead of running IpFire natively and installing ZFS from there?