How to use a USB drive with FreeNAS

First of all, a disclaimer: I use this setup just as a secondary backup, I do not recommend you rely on USB drives as storage media for your FreeNAS server.


I have a few spare 2 TB drives that used to be in my homeserver, and I wanted to connect them to my FreeNAS every few weeks to store some backups on them, then disconnect them and put them in a drawer.

Preparing the USB hard drive

If your drives are not brand new, chances are you already have some data on them, so you’ll need to wipe them first. To do so, connect your drives to FreeNAS, login to the webinterface, go to the Storage tab, click on “View Disks”, select the correct one from the list, then click on the “Wipe” button on the bottom of the screen.

Everything will turn red now. That’s because you’re doing something potentially dangerous. Make sure you really select the correct drive, otherwise you might destroy all of your data.

A Quick wipe is usually enough. Select that and proceed.

Once the wipe is completed, you can turn the disk into a Volume you can use on FreeNAS, just like your main one(s). Head over to the Storage tab, click on the “Volume Manager” button. You will see your newly wiped disk there, give it a volume name, tick the “Encryption” checkbox if you’d like, then click on “Add Volume”. I’ll call mine “ColdStorage” for the purpose of this tutorial.

Do NOT select any “Volume to extend”. That would mean you’d bee adding a single (USB!) hard drive striped to your main pool, and that drive would become the single point of failure for all the data in that pool.

After the disk has been initialized, you can start adding datasets, clone other ones, setup network sharing, whatever.

Disconnecting the USB drive

Once you’re done with it, you will want to disconnect your USB drive to store it somewhere. To do so, once again go to the Storage Tab, select your pool from the list (ColdStorage in this example), then click on the “Detach Volume” button. You will only see this button if you select the pool, while if you select the dataset with the same name you will get a different set of buttons.

I’m not sure that I have to point that out, but let’s do it anyway: do NOT select “Mark the disks as new (destroy data)”. Once the pool has been detached, you can disconnect the USB drive.

Reconnecting the USB drive

For the thousandth time, go back to your trusty Storage tab, then click on the “Import Volume” button. A box will appear, select wether you have an encrypted volume or not, then click OK. FreeNAS will stop a few seconds to reflect on the good it’s made in its life, then it will present you a dropdown from which you’ll be able to select your USB volume. Click OK and it will be once again available in FreeNAS.

ARP moved messages in FreeNAS/pfSense explained

kernel: arp: x.x.x.x moved from xx:xx:xx:xx:xx:xx to xx:xx:xx:xx:xx:xx on em0

Ever since adding a pfSense router and a FreeNAS box to my network, I noticed quite a few ARP moved messages in my system logs, and I finally found out what causes them.

TL;DR: Nothing to worry about.

Long(ish) version

First a little background. ARP messages are excahanged in ethernet networks (even wireless ones) in order to keep track to which physical (MAC) address each IP belongs to, so especially if you have static IP addresses or static leases in your DHCP server, you shouldn’t be seeing messages like these, which indicate that a given address is now assigned to a different device, hence the change of the MAC address.

I had noticed a couple interesting things about these MAC addresses: they all belong to Apple devices (you can check by entering the first three 2-character blocks in a lookup service), and one of tham always belonged to a Mac. The other one belonged to an AirPort base station (either an Extreme or an Express), which initially made me worry that somehow my Wi-Fi network was breached and somebody was connecting to it and stealing an IP. Actually it didn’t make much sense, unless the AirPort itself was hacked and used as a sort of relay.

After some googling, I came to this post on the FreeNAS forums where they explained that this behavior is due to a feature of AirPort base stations called sleep proxy.

Basically, when a Mac goes to sleep, its Bonjour-advertiesd services would disappear, making it no longer visibile on the network. AirPort base stations understand Bonjour, and they get notified when a Mac goes to sleep, so they start broadcasting the Mac’s services (file sharing, screen sharing, SSH, etc.) and “grab” its IP. This way, when somebody tries to access one of these services, either because they already knew the sleeping Mac’s IP or because they discovered it through Bonjour, the AirPort wakes the Mac by some kind of WOL technology, maybe a simple magic packet. When the Mac comes out from sleep, it takes its IP back, thus generating a second, opposite entry in pfSense’s/FreeBSD’s system log.

Connect to CrashPlan running in a FreeNAS jail using OS X

I’ve got CrashPlan running on my FreeNAS-based home server1, and it is going smoothly. It was kinda pain to get it working (java problems, CrashPlan upgrades, and stuff like that), but now it has been behaving itself for a few months.

I don't know why I feel i should make these images in every post. Sorry.

Still, every now and then I want to check on it to keep track of the upload progress, change a few settings and what not.
Since I also run CrashPlan on my Mac, it has always been a pain to reconfigure everything each time I wanted to control the instance running in the FreeNAS jail and then back to the Mac’s.
Also, a while back CrashPlan changed their daemon-GUI authentication scheme: previously you just had to connect to the proper port on the right IP, now it also needs a token that seems to change randomly. It looks like it changes whenever the backup service restarts, but I’m not really sure, as my Mac’s doesn’t seem to change nearly as often, and my Macs power cycles way more than my server, but that’s an argument for another day. Also, the port seems to be randomly changing as well, so don’t even get me started about that.

Anyway, I had to find a way to get the current token, put it in the proper CrashPlan GUI’s config file (which is /Library/Application Support/CrashPlan/.ui_info in OS X), launch the GUI, do my business, close it and the put everything back.

To accomplish that, the first thing you need to do is to enable SSHd in the jail: connect to your main FreeNAS, type jls to get a list of all the running jails, and take note of CrashPlan’s JID.

[[email protected]] ~# jls
   JID  IP Address      Hostname                      Path
     1  -               VBox                          /mnt/Archivio/jails/VBox
     2  -               couchpotato_1                 /mnt/Archivio/jails/couchpotato_1
     3  -               crashplan_2                   /mnt/Archivio/jails/crashplan_2
     4  -               plexmediaserver_1             /mnt/Archivio/jails/plexmediaserver_1
     6  -               sonarr_1                      /mnt/Archivio/jails/sonarr_1
     7  -               transmission_1                /mnt/Archivio/jails/transmission_1

As you can see, mine is 3. So let’s connect to the jail: jexec 3 csh (which means launch the csh shell on jail number 3).

Now you need to edit the jail’s /etc/rc.conf, in order to have the SSH server start with the jail. You can do so by adding the following line:


(Or, if present and set to NO, just switch it to YES and save the file.)

Now just start the SSH server with service ssh start.

The next step is to add a user to the jail: we’ll be using this instead of root to connect to it. Run adduser and follow the instructions. In the rest of this post the user will be luca. Why? Well, because reasons2.

Now switch to the newly created user and create a .ssh directory in the home directory.

su luca
mkdir ~/.ssh

Now it’s a good time to copy the SSH public key of your Mac’s account, which you can find in ~/.ssh/ Copy it to the clipboard:

cat ~/.ssh/ | bcopy

Back to the jail, paste it into the ~/.ssh/authorized_keys file:

echo "PASTE HERE YOUR PUBLIC KEY" >> ~/.ssh/authorized_keys

After all this hard work, we can finally test our setup. Open a new terminal window/tab and try to connect (you’ll find the jail’s IP address in the FreeNAS web UI).

ssh luca@

Of course replace luca with your user and the IP with the correct one. If all worked as it should, you’ll be asked (for the first time only) to accept the server’s RSA fingerprint, and then you’ll be logged in without needing a password.

Now that we have a working SSH server, let’s get to the main part of all this madness. Here’s my script,

First, adjust line 8 and 9 replacing the placeholder user and IP with the one you set earlier.

Make the script executable (chmod +x /path/to/ and put it somewhere in your PATH (may I suggest /usr/local/bin?).

Before launching the script, I feel I should explain what it does. First of all it makes a backup of your current local GUI settings (root privileges needed here), then it connects to the jail, retrives the current token and port to connect to the service, puts them in the .ui_info config file (again, root required), creates an SSH tunnel that is used to avoid having the CrashPlan service directly exposed to the network (by default it listens on only). Once the tunnel is established, it launches the CrashPlan GUI, which will now communicate with the remote service. Once you close it, the tunnel will be closed as well and the local settings will be put back in place (root privileges required).

If you’ve read this far, you just have to launch and the script will take care of everything for you. It will even tell you what it is doing, here’s the output I get:

[luca @ MBP-Luca-eth in ~ ✅ ] $
Password: (I entered my password here, required by sudo)
PORT: 4343
TOKEN: th1sC0d3-iZn0-tTh3-C0rR-3ct0N3Y0L0OO
.ui_info updated, creating SSH tunnel...
SSH tunnel established, launching CrashPlan Desktop
CrashPlan Desktop closed, terminating SSH tunnel...
Exit request sent.
Restoring local CrashPlan settings...
  1. Nothing fancy: a Pentium G2020, 8 GB of RAM and 4×4 TB WD Red’s in RAIDZ1. I know RAIDZ1/RAID–5 is dead, but thanks to ZFS I should only loose those files that happen to suffer from UREs, and the important stuff is backed up elsewhere. I only regret I didn’t go for 5×4 TB drives, it should have improved speeds.
  2. My name is Luca. My user is called luca.