I've decided to buy a NAS or build my own but I have a couple of questions

I've decided to buy a NAS or build my own but I have a couple of questions.

Is it possible to use ZFS and mirror three hard drives at once with automatic checksums?
How does it connect it to my PC if I don't have internet?
How do I block my roommates from accessing it? Can't they change their MAC address on their PCs to resemble mine and spoof it?
Do we need a normal router? We're using the router that arrived with our ISP and we're not allowed to replace or bridge it because it's forbidden in the campus.

You have ambitious plans for to your current level of savvyness.

All I can say is Google that shit and test ALL data recovery scenarios (disk failure, restoring from backups) before you put any real data on it.

Take it slow and in steps. This will take a while, really.

>ISP router
>physical access to computer from anyone but you

You're dead already unless you want to go crazy on encryption, which will gimp your transfer speeds.

>we're not allowed to replace or bridge it because it's forbidden in the campus.

Collect $50 from your roommates and buy your own router to place behind the one supplied by the campus. It not a lot of money for gaining control over your LAN.

better yet just buy a $10 nic and directly attach the nas

Yeah, I though of that too, but this may be just one bridge to far for OP if I read his post correctly.

We can't use replace the router. It's hard to explain but we don't have physical access to the router, just the wall socket which we plug directly into.

I didn't mean replacing it. I got that you cannot do this.

What I mean is: Buy your own router. Plug its WAN port to the wall. Plug your NAS and your and roommates other devices in the new router. This way you have created your own LAN neatly separated from the rest. From your LAN you still have access to everything your campus provides but from the outside no-one can get on your LAN unless you punch some hole in it for this purpose.

Bonus: If you buy a router with built-in Wi-Fi access point (pretty much the standard today) you'll probably have better Wi-Fi in your room as well.

He seriously thinks a police campus will allow unauthorized routers access to their main switch.

That main switch apparently works with all the facebook remotes the students have these days. I see no reason why that router will not be accepted. If you have to register a MAC you need a router with custom MAC settings (every router that has dd-wrt/openwrt support) and buy a new wireless NIC for the device you poached the MAC from.

>I've decided to buy a NAS or build my own but I have a couple of questions.
>Is it possible to use ZFS and mirror three hard drives at once with automatic checksums?
Why? The chances of having three disk failures at once is minimal at best.
>How does it connect it to my PC if I don't have internet? LAN networking.
>How do I block my roommates from accessing it? Can't they change their MAC address on their PCs to resemble mine and spoof it?
User accounts. Use them.
>Do we need a normal router? We're using the router that arrived with our ISP and we're not allowed to replace or bridge it because it's forbidden in the campus.
A router is a layer-three device. As long as you don't cross that boundary, you'll be able to directly reach it.

> A router is a layer-three device. As long as you don't cross that boundary, you'll be able to directly reach it.

Do you recommend a switch?

Won't I be able to stop the internet connection from the NAS so it's only local?

> (You)
>> A router is a layer-three device. As long as you don't cross that boundary, you'll be able to directly reach it.
>Do you recommend a switch?
I mean, is it really necessary? Even a cutesy little WRT54G has five "switch" ports. A consumer home router should more than be enough, barring circumstances that'd be obvious if you needed it.

>Won't I be able to stop the internet connection from the NAS so it's only local?
Not sure what you mean but if your NAS is behind your own router than your NAS is reachable only for devices on the same "side" of that router, i.e. you and your roommates can access it but not other students on the campus. Your NAS will be able to connect to the internet, though, unless you specifically block it from doing so. You want your NAS to connect to the internet or it will not be able to update itself.

Nice, it is possible to stop the drives from access the internet right, so it can only reach the LAN. Also how easy is it to add more drives or replace it? I plan to use 3 drives that are mirrored, so two drives will have identical data on the first drive. Is that possible with ZFS and will bit rot protection and checksum work on such a setup? Right now I'm using three 8TB (one for usage and the other two as back up) but I'll replace it with 10TB soon. It's annoying to back it up manually, because I have to delete everything on both drives and then fill it up which takes a day. So that's why I want to build my own NAS with support for mirrored drives. Is it true I need intermediary storage when I want to replace or add different drives or update the NAS?

ZFS is terrible in scaling. LVM is better in this aspect. Expanding ZFS storage is basically building a new bigger one and copying all the data from your old setup to the new one.

A three disk mirror is possible with zfs but it's diminishing returns. It's favorable to use a two disk mirror with the third disk as backup.

RAID is not backup because accidental deletion or ransomware will still destroy everything on all mirrored disks at once. The third disk should not be in the mirror, be inaccessible from the network and only used by the NAS itself to make backups. This way in a situation where ransomware destroys all network accessible data, you can restore from this backup (after all clients have been disinfected of course).

For even better protection, this third disk isn't built in the NAS but an external disk only connected regular for backup when the data is known to be good.

>
>ZFS is terrible in scaling. LVM is better in this aspect. Expanding ZFS storage is basically building a new bigger one and copying all the data from your old setup to the new one.
Do more research. You add disks to vDevs and expandnit that way; ZFS was designed to be planned around and ahead of time.
>A three disk mirror is possible with zfs but it's diminishing returns. It's favorable to use a two disk mirror with the third disk as backup.
What? Why not just use raidZ1? You get two disks of storage data while retaining a redundancy.
>RAID is not backup because accidental deletion or ransomware will still destroy everything on all mirrored disks at once. The third disk should not be in the mirror, be inaccessible from the network and only used by the NAS itself to make backups. This way in a situation where ransomware destroys all network accessible data, you can restore from this backup (after all clients have been disinfected of course).
ZFS snapshots offset this.
>For even better protection, this third disk isn't built in the NAS but an external disk only connected regular for backup when the data is known to be good.

I agree with you on all points and my own NAS is pretty much configured like you mentioned (raidz, snapshotting).

However OP is obviously a n00b and expanding and re-balancing (or the lack of) can royally fuck you up when not exactly knowing what you're doing. I can feel OP's simple RAID-1 approach and tried to help him on this path without proposing a whole different solution.

Yeah, that's what I thought as well. But if he tries hard enough, my setup might work a touch better if he's willing to spend a bit of time improving it. I'm not sure if he's capped out at three HDDs though, but that might be the case if he's the one proposing it.

>
>Yeah, that's what I thought as well. But if he tries hard enough, my setup might work a touch better if he's willing to spend a bit of time improving it. I'm not sure if he's capped out at three HDDs though, but that might be the case if he's the one proposing it.
Continued, any storage tech can fuck you up if you screw up the wrong way. Fat-expanding an XFS volume comes to mind. I just believe the ZFS gotcha's are a bit less severe for someone who might not be as technically apt.

Basically what I want to do is use the NAS as my main primary storage (movies, music and images) on my PC running Winblows. If I want to listen to music on my PC, I'll play it directly from my NAS and so on, and I wouldn't mind using two drives as mirrored drives and the third one for cold storage.

I'm more or less scared and paranoid that my roommates will somehow get access to my content and I don't want that to happen. How does encryption work on FreeNAS? Is it possible to encrypt each drive with a different password and have a password to access the FreeNAS? Is it possible to block out everyone except for my PC? What would happen if my roommate copied my MAC address, wouldn't he get access? How would it work on Windows if it's running ZFS?

Or I could use the NAS as my back up server which would only be on when I want to back up whatever is on my desktop drive. Is that possible? That'd be a lot easier imo, because I don't plan on accessing the NAS from more than one host (my PC).

Your NAS will share files to windows clients using SAMBA. Configure a SAMBA user with password on your NAS and keep the credentials secret. You now need this user/pass to access the SAMBA share on your NAS and as long as your roommates don't know this they can't get in. You can even create a guest account that only has read access to for example your music/videos so you can share some content to your roommates without them vandalizing your shit or reading private stuff. A "public" share with read/write access for all is also convenient for (insensitive) file sharing between devices.

Don't do access control based on from which device you connect, i.e. just restrict access from one MAC address. This can be spoofed pretty easily.

Also, your roommates have physical access to your NAS. This means they can open the case, connect the disk to their own computer and read it. In Campus culture this is considered a dick move by your roommates but you were being paranoid. To counter this you need encryption so all they can read is noise to them. The problem with encryption is that the key has to be available on boot or the NAS cannot access its own data. This mean you'll have to enter it every time your NAS (re)starts. Some NASes keep this password in separate memory so they have the key when booting but this is unsafe because you are now literally storing the key next to your data (although it can be non-trivial to grab this key).

Yes, the easiest way is to create a SAMBA share only accessible to you (user/pass) on your NAS and use the integrated windows backup tool on your PC (the windows 7 tool, also available in win10) and select "save to network" or something like that.

I wouldn't mind writing the password to each drive whenever I start the NAS. What is ZFS's equivalent to RAID1 with checksum and bit rot protection and is it in FreeNAS too?