Category Archives: FreeNAS

Installing Ubuntu Server 16.04 in FreeNAS 9.10 Beehyve

Emulation Be Gone!

Well I had enough of trying to update the CrashPlan plugin and getting it working with CrashPlan 4.7. I even tried installing a standard jail and using the FreshPorts to get it installed. I got close – I  had CrashPlan downloaded but the make script wanted “jdk-8u92-linux-i586.tar.gz” even though that has known vulnerabilities and it wouldn’t take the latest version “jdk-8u102-linux-i586.tar.gz”. I forced the old Java version (security issues and all) and got everything built but then ran into problems with kernel modules, which given a month of Sundays I might have resolved, but I only want to devote half a Sunday to this, so backed out of that when I realised that I was at that cul-de-sac dead end of frustration I’m sure that you know all too well.

Beehyve to the Rescue

So I backed out of the CrashPlan plugin Jail; gave up on the Crashplan standard Jail, and have gone in a whole new direction with FreeBSD’s “Beehyve” which is accessible under FreeNAS 9.10. This is a hypervisor which has kernel support, so you could say it’s type 1, but probably emulates a lot of stuff, so just how “type 1” is for others to say.  In any case, it seems to perform flawlessly for me so I’m a happy camper.

Emulating Linux ABI on FreeBSD to me always felt like shoving a square peg through a round hole. Why emulate parts of Linux to run CrashPlan, when you can instead virtualize a whole Linux instance, and run CrashPlan native? This will surely keep compatibility problems to a minimum. Not only that, but I can move my TVHeadend to it as well, and anything else that I need to run on a Linux server. I can’t see myself ever going back to the plugin setup for CrashPlan.

Setting up the Beehyve Environment

It was reasonably straightforward setting up Ubuntu Server 16.04 (“Xenial Xerus”), which I will use to host my CrashPlan server, and also my TVHeadend server, and anything else that I really need Ubuntu for.

Speedy Alias – “iohyve” becomes “io”

You can configure beehive directly, but you’re far better served by using the “iohyve” scripts. Now here’s the thing – I hate typing. I am also a clumsy typer with bent fingers, and find “iohyve” particularly annoying to type. You can do what I do and alias “iohyve” to “io” to make things easier. Send a “which io” to make sure that the alias isn’t used in your path already, and then add it to your “~/.bashrc” if you’re using bash:

sarlacc# which io  #make sure that 'io' isn't used for any other commands
sarlacc# cat ~/.bashrc | grep iohyve
alias io='iohyve'    # the alias I added to ~/.bashrc

After adding the alias, log out and log back in, or just source the rc file: . ~/.bashrc

All my subsequent “iohyve” commands will just show “io”.

Initial Parameters

Beehyve needs to know 3 things:

  • Where to store its files?
  • Which NIC to bridge to?
  • If it should start up the kernel modules? (yes… yes it should!)

Configure the answer to those three questions with the following:

io setup pool=<ZFS pool> kmod=1 net=<bridged NIC>    #kmod=1 means yes, 0 means no.

io setup pool=volume1 kmod=1 net=vlan10
Setting up iohyve pool...
On FreeNAS installation.
Checking for symbolic link to /iohyve from /mnt/iohyve...
Symbolic link to /iohyve from /mnt/iohyve successfully created.
Loading kernel modules...
bridge0 is already enabled on this machine...
Setting up correct sysctl value... 0 -> 1

Some older docs say that on FreeNAS you need to ln -s /mnt/iohyve /iohyve but as you can see above that’s already added. If you add the symlink manually it’ll create a weird circular sym linking.

Files and Folders

Run this to see that the folder structure is setup:

sarlacc# zfs list | grep iohyve
volume1/iohyve                                              21.4G  2.46T   140K  /mnt/iohyve
volume1/iohyve/Firmware                                      140K  2.46T   140K  /mnt/iohyve/Firmware
volume1/iohyve/ISO                                           771M  2.46T   151K  /mnt/iohyve/ISO
volume1/iohyve/ISO/FreeBSD-10.3-RELEASE-amd64-bootonly.iso   116M  2.46T   116M  /mnt/iohyve/ISO/FreeBSD-10.3-RELEASE-amd64-bootonly.iso
volume1/iohyve/ISO/ubuntu-16.04.1-server-amd64.iso           655M  2.46T   655M  /mnt/iohyve/ISO/ubuntu-16.04.1-server-amd64.iso
volume1/iohyve/ubusrv16                                     20.6G  2.46T   140K  /mnt/iohyve/ubusrv16
volume1/iohyve/ubusrv16/disk0                               20.6G  2.48T  2.66G  -

You should just have the first three paths – the rest is stuff I’ve setup later on in this guide.

The Kernel Modules

You can check that the kernel modules are loaded with this:

sarlacc# kldstat
Id Refs Address            Size     Name
 1   94 0xffffffff80200000 18b4000  kernel
 2    1 0xffffffff81d9f000 ffd8c    ispfw.ko
 3    1 0xffffffff82021000 f947     geom_mirror.ko
 4    1 0xffffffff82031000 46a1     geom_stripe.ko
 5    1 0xffffffff82036000 ffca     geom_raid3.ko
 6    1 0xffffffff82046000 ec6a     geom_raid5.ko
 7    1 0xffffffff82055000 574f     geom_gate.ko
 8    1 0xffffffff8205b000 4a33     geom_multipath.ko
 9    1 0xffffffff82060000 5718     fdescfs.ko
10    1 0xffffffff82066000 89d      dtraceall.ko
11   10 0xffffffff82067000 3ad67    dtrace.ko
12    1 0xffffffff820a2000 4638     dtmalloc.ko
13    1 0xffffffff820a7000 225b     dtnfscl.ko
14    1 0xffffffff820aa000 63d7     fbt.ko
15    1 0xffffffff820b1000 579a4    fasttrap.ko
16    1 0xffffffff82109000 49cb     lockstat.ko
17    1 0xffffffff8210e000 162f     sdt.ko
18    1 0xffffffff82110000 d8d8     systrace.ko
19    1 0xffffffff8211e000 d494     systrace_freebsd32.ko
20    1 0xffffffff8212c000 4da3     profile.ko
21    1 0xffffffff82131000 7fdf     ipmi.ko
22    1 0xffffffff82139000 b3c      smbus.ko
23    1 0xffffffff8213a000 1a62a    hwpmc.ko
24    1 0xffffffff82155000 2b80     uhid.ko
25    2 0xffffffff82158000 2b32     vboxnetflt.ko
26    2 0xffffffff8215b000 45320    vboxdrv.ko
27    1 0xffffffff821a1000 41ca     ng_ether.ko
28    1 0xffffffff821a6000 3fd4     vboxnetadp.ko
29    1 0xffffffff821aa000 3567     ums.ko
30    1 0xffffffff821ae000 a684     linprocfs.ko
31    1 0xffffffff821b9000 670b     linux_common.ko
32    1 0xffffffff821c0000 1b140b   vmm.ko
33    1 0xffffffff82372000 2ebb     nmdm.ko
34    1 0xffffffff82375000 1fe1     daemon_saver.ko

If vmm.ko and nmdm are there, you’re golden.

MTU – Danger Will Robinson!

Now the “bridged NIC” is the physical or logical NIC that carries the IP address of the network that you want your virtual machine to bridge to – not the bridged interface. For my home setup I share a VLAN10 (data) and a VLAN99 (management) on a single physical interface – bge0. Why do I do this? Well my switches and routers only have management IPs on VLAN99, and my computer is the only one on VLAN99, so that’s added security. Plus I do it, because I am a network engineer, and because I can 🙂

Now when you have VLAN interfaces you can run into MTU problems, unless you up the MTU to account for the extra 4 bytes of VLAN tag overhead. In FreeNAS GUI, I set “mtu 1504” on any interface I run VLANs on, so that the VLANs can get 1500 bytes MTU.

The automatically created bridge0 interface interits this MTU:

sarlacc# ifconfig bridge0          
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1504
        description: iohyve-bridge
        ether 02:f3:f6:80:91:00
        nd6 options=1<PERFORMNUD>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 9 priority 128 path cost 2000000
        member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 12 priority 128 path cost 2000
        member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 11 priority 128 path cost 2000
        member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 10 priority 128 path cost 2000
        member: vlan10 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 20000
sarlacc# ifconfig tap0 
 description: iohyve-ubusrv16
 ether 00:bd:1b:3e:01:00
 media: Ethernet autoselect
 status: active
 Opened by PID 3694

That tap0 is originally created by iohyve as 1500 bytes, and fails to add to the bridge0 because of the MTU mismatch. In order to get it into the bridge0, I had to do this:

ifconfig tap0 mtu 1504
ifconfig tap0 promisc       # not sure if this was necessary but added anyway
ifconfig bridge0 addm tap0

Surviving Reboots

You want these settings to survive reboots, so add these in the GUI to your “System” > “Tunables”.

iohyve_enable iohyve_flags

Unfortunately I haven’t worked out how to do the tap0 MTU fix just yet, so I’m manually doing that at reboot just for now. I’d like this to be “fixed” by iohyve, but if all else fails I could add a pre or post init script that just runs the commands that way.

Installing Ubuntu 16.04 “Xenial Xerus”

Either FTP fetch the install media or add the path:

io fetch
io cpiso /mnt/volume1/files/software/ISOs/Ubuntu/ubuntu-16.04.1-server-amd64.iso

Once downloaded or copied see that it’s listed:

sarlacc# io isolist
Listing ISO's...

Now create the VM and set its parameters (I call my VM ubusrv16 for Ubuntu Server 16.x):

sarlacc#io create ubusrv16 20G
sarlacc#io set ubusrv16 loader=grub-bhyve os=d8lvm ram=2G cpu=1 con=nmdm1
sarlacc#io list
Guest     VMM?  Running  rcboot?  Description
ubusrv16  NO    NO       NO       Sun Jul 24 11:04:26 AEST 2016

Use “os=debian” if not using LVM. If using LVM, use “os=d8lvm”

I just give it one CPU, and 2Gigs of RAM. The console will be nmdm1 if it’s the first VM.

Do the install, and use another SSH session to attach to the console:

io install ubusrv16 ubuntu-16.04.1-server-amd64.iso
io console ubusrv16  #handy to do this in another window

Configuring VM to Start at Reboot

One criticism I’ve heard of VirtualBox is that you can’t start the VMs on reboot. I haven’t verified this though. The good thing with Beehyve is that you can start a VM on reboot:

io set ubusrv16 boot=1


Let me know you you go in the comments.

Setting up a Crashplan FreeNAS Plugin Jail


I backup about 400 Gigabytes of photo RAW files and Lightroom (LR) catalogs to the cloud using CrashPlan. I used to have these files on a single hard drive inside my computer – dangerous!

I realised that I needed my photo files on a RAID array so that I don’t lose everything in case of a single disk failure. Instead of putting a RAID array inside my PC, or directly attaching a RAID array to it using USB or Thunderbolt (called a “DAS” for “directly attached”), I realised I didn’t need to spend money when I already have a perfectly good RAID box already – my NAS running FreeNAS!

I had a rude shock though when it came to backing up with CrashPlan running on my PC, and having my work files on a mapped network drive. CrashPlan refused to touch the files on the mapped network drive! I then to take the plunge and move the CrashPlan engine to my NAS, and do backups from there. Brilliant!

About Running CrashPlan “Headless”

CrashPlan has two basic parts – the CrashPlan application, and the CrashPlan engine. The engine runs continuously and backups up even when the client isn’t running. The client just checks the engine status, and is used to configure it. The Client app is designed to connect to an engine on the local machine and not on a remote machine. Luckily it uses TCP ports, so we can hack the configuration in order to get it to connect to a remote (headless) machine.

Install the CrashPlan Plugin Jail

Setup you jail configuration, if you haven’t already. Mine is as follows:

jail configuration

Install the CrashPlan plugin jail by going to “Plugins > Available” and then highlighting “CrashPlan” and then clicking the “Install” button.

After it has installed, map the files you want to backup into the jail under “View Jails > Storage”. You’ll find detailed instructions on this on the FreeNAS documentation homepage.

My jail storage is as follows:

jail storage

“volume1” is my raid array volume, and “lacie” is an external 12TB USB3.0 drive volume. I initially decided to use CrashPlan to backup all my files (software, multimedia and music) to my external drive, but I found that too slow. Now I just have a backup set to back up my “RAW files” and “Calalogs”, which are contained within my “/software/photography”, as I didn’t want to create another dataset just for those two.

It makes sense to only map your source files as read-only as I have done here – no need to give CrashPlan more permissions than it needs to do its job, and safeguards the files in case something goes drastically wrong. Mapped like this – you can only trash your backups, and not the source.

Update the Plugin Jail

I usually run the following for any new jail to get it up to date:

pkg clean     # clean out old cache
pkg update    # gets the latest list of files
pkg upgrade   # updates the jail software

I also like to install bash with “pkg install bash” and then log out and back into the jail under bash:

sarlacc# jls
 JID IP Address Hostname Path
 1 - crashplan_1 /mnt/volume1/jails/crashplan_1
 2 - dnsmasq /mnt/volume1/jails/dnsmasq
 3 - plexmediaserver_1 /mnt/volume1/jails/plexmediaserver_1
 4 - sabnzbd_1 /mnt/volume1/jails/sabnzbd_1
sarlacc# jexec 1 bash
[root@crashplan_1 /]#

Configure SSH in the Plugin Jail

You’ll need SSH in order to connect your PC to the CrashPlan engine running on the NAS. This is quite straightforward:

Edit “/etc/ssh/sshd_config" and uncomment/edit as follows:

PermitRootLogin yes
PasswordAuthentication yes
AllowTcpForwarding yes

For more security you can create another user such as “adduser crashplan” or “adduser backupuser” etc, but I don’t bother – I just use the root user and set a strong root password (in the jail) with “passwd root” command.

Next get sshd going:

sysrc sshd_enable=YES  # allows sshd to be started as a service
service sshd keygen    # generate sshd keys
service sshd start     # start the sshd service
service sshd status    # check sshd service status - should return the process ID

Update and Start CrashPlan Engine in Plugin Jail

The current problem we face is that the plugin is only version 3.6.3_1, and that’s way behind the exiting GUI version of 4.7, and there are compatibility issues. No problem – just manually update the jail:

su -                    # if not already root
cd /usr/pbi/crashplan-amd64/share/crashplan
wget --no-check-certificate
tar -xf CrashPlan_4.7.0_Linux.tgz
cd crashplan-install
cpio -idv < CrashPlan_4.7.0.cpi
service crashplan stop
cd ..
rm -r lib*
cp -r crashplan-install/lib* .
sysrc crashplan_enable=YES

The above assumes that 4.7 is the latest version, and that the crashplan TARGETDIR is “/usr/pbi/crashplan-amd64/share/crashplan“. Check the install vars here:

root@crashplan_1:/usr/pbi/crashplan-amd64/share/crashplan # cat install.vars 

you may have to change “JAVACOMMON=/usr/pbi/crashplan-amd64/share/crashplan/jre/bin/java” to: “JAVACOMMON=/usr/pbi/crashplan-amd64/bin/java” if you get an error message in /var/log/crashplan/engine_error.log complaining about “”

How I found the correct java:

[root@crashplan_1 /usr/pbi/crashplan-amd64/share/crashplan]# find / -name "java"

/usr/pbi/crashplan-amd64/linux-sun-jre1.7.0/bin/java -version   Java(TM) SE Runtime Environment (build 1.7.0_51-b13) 
/usr/pbi/crashplan-amd64/share/java -version  directory
/usr/pbi/crashplan-amd64/share/crashplan/jre/bin/java -version   - breaks with issue
/usr/pbi/crashplan-amd64/bin/java -version   (build 1.7.0_51-b13)

Go to Plugins > CrashPlan, in the left hand side tree menu in order to accept the Java licence agreement. This trips a lot of people up.

Now start Crashplan

 service crashplan start

You can check that CrashPlan is running with the following:

root@crashplan_1:/mnt/lacie # sockstat -4 | grep java
root java 4859 88 tcp4
root java 4859 105 tcp4 *:*
root java 4859 108 tcp4
root java 4859 119 tcp4

Line 2 is a connection to, which is Code42 Australia, where I am backing up some files to.
Line 3 is listening on the local server for new connections.
Line 4 is a an SSH port map from my Windows PC where I run the GUI. We’ll get to that.
Line 5 is a connection to , which is Code42 (makers of CrashPlan) in the USA. Possibly a license server.

Don’t be alarmed when you see “crashplan is not running”, when issuing a “service crashplan status”. If Java is listening on the 4243 port then it should be fine. 🙂

Configure SSH in Windows

I use a program called SecureCRT to easily setup the portmap, connecting to my jail IP of, and CrashPlan port of 4243, using local Windows port of 4200:

Crashplan port forward secure CRT with crashplan settings

It’s handy to create a save a session for this, and then create a desktop shortcut to the session, so you can just double-click the icon and start it. I like to start it minimised. The target for the shortcut for me is “C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe" /S "CrashPlan

NB: Check that 4243 is actually your CrashPlan engine port, with the “sockstat -4 | grep java” command above.

Connecting Windows CrashPlan Client to FreeNAS CrashPlan Engine

After setting up the portmap, we need to finish off by connecting the Windows Client to the FreeNAS server. To do this we need to update the following file:  “C:\ProgramData\CrashPlan\.ui_info” changing port and API key.

e.g. from:




The format is <local port>,<api key>,<IP address>. Where is the API key you might ask? Answer – from the server’s .ui_info file. Run this on the FreeNAS box to check:

cat /var/lib/crashplan/.ui_info

You can double check the server’s port config there.

Once the Windows “.ui_info file” is saved, you should now be able to start the CrashPlan application on your PC and connect to the server.

The .ui_info file reverts back to the previous settings on every reboot of Windows. It is therefore important to create a .bat file to update this on reboot.

Windows Batch File

  1. Copy your newly configured “.ui_info” file to a new file called “freenas.ui_info” in the same directory.
  2. Create a file called “cpcfg.bat” (short for “crashplan configuration”) in the same directory, with the following contents:
    copy C:\ProgramData\CrashPlan\FreeNAS.ui_info C:\ProgramData\CrashPlan\.ui_info
  3. Create a shortcut to that same cpcfg.bat file in the same folder.
  4. Once the shortcut has been created, right-click the file and select Cut.
  5. Press the WindowsKey+R to get to the “Run” dialog box.
  6. Type “shell:startup” in the Run dialog box and hit “OK”.
  7. Paste your “cpcfg.bat” shortcut into that folder.
  8. Right-click on the shortcut and go to “Properties > Shortcut (tab) > Advanced, and click “Run as Administrator”, and then OK, Apply, OK, to save.

Now everytime you reboot, that file will have the correct info. If that doesn’t work then you’ll have to just manually run the .bat file.

Troubleshooting and Tips

I did the following when I was troubleshooting, just following tips on forums, as you do. I’m not sure if they made my setup work or not, but if you have trouble, then it doesn’t hurt to try the following on the server, within the CrashPlan plugin jail:

ln -s /usr/local/bin/bash /bin/bash
/usr/bin/cpuset -l 0 /usr/local/share/crashplan/bin/CrashPlanEngine restart

In the GUI you can doubleclick on the CrashPlan “House” and logo on the top right and bring up the GUI CLI. Type “” and you should see something like this: 

UI Port=4243
HTTP Port=4244

Address= and UI Port=4243 is correct if you’re mapping local port 4200 to server port 4243


Big tip here is to set the CPU usage to 100% (for user present and idle) in the FreeNAS GUI. This is because FreeNAS does CPU management for jails, and 100% within the jail means about 60% overall. The more CPU you throw at it, the better.

It does help to have a very grunty box when doing local backups at speed. I found that my speeds went up, the more I ramped CPU up to 100%, so it’s definitely CPU-bound. I get about 325Mbps  (bits not bytes) to my external Lacie 12TB box over USB3.0 (5Gbps throughput). That would definitely go up with more CPU clock cycles.


There’s no need to compress your files within the jail, if you’ve already turned compression on at the dataset level. You’re just wasting your time and CPU otherwise. It is good to compress when going over the Internet though, so save your network bandwidth.


This draws heavily from these two links:
Using CrashPlan On A Headless Computer
FreeNAS Forums: CrashPlan 4.5 Setup


Replacing a Failed Drive on a Gen8 HP Microserver Running FreeNAS

I recently had one of my freeNAS9.3 report the following issues:

  • CRITICAL: Device: /dev/ada2, 8 Currently unreadable (pending) sectors
  • CRITICAL: Device: /dev/ada2, 8 Offline uncorrectable sectors

unreadable sectors

After a bit of reading I decided it best I replace the drive, as I don’t want to take chances since I’m only running RAID-Z1 (for the space), instead of the preferred and safer RAID-Z2.

Then I hit a problem: What physical drive is ada2?  The Gen8 HP Microserver G2020T doesn’t have drive lights to indicate which ones are active.

What I did was took a bit of a pun that the drives are numbered left to right, and it proved correct.

What you really need to do before doing anything, is take a screenshot of the different drive serial #’s. Don’t rely on the drive numbers!!! The reason I say that is because once you pull out a drive, the drive numbers get remapped! When I pulled out ada2, what was previously ada3 became the new ada2! This can get confusing and cause you to pull the wrong drive and screw your data – so concentrate on the serial numbers.

I don’t need to repeat the full instructions, but will link you to them here:

Here’s my screenshot of my drives. Note the serial of ada2.

Pre drive replace

I now offlined ada2 and shutdown FreeNAS in order to pull the drive out, as the drives in the Gen8 HP Microserver are apparently not hot-swappable (that’s something they really should address!). I booted up to make sure that the correct expected drive SERIAL NUMBER disappeared. Notice how what was ada3 is now ada2.

Post drive pull

Happy that I have pulled the right drive, I now proceed to shut down again, and then insert the new 4TB Seagate NAS drive. After booting up again:

New drive inserted

OK so far so good. I now highlighted the new ada2 as per the screenshot, and then clicked on “Replace”. I then had to confirm that I wanted to replace the original ada2, but I didn’t get a screenshot of that. It then went about reslivering, which is the process of recreating the data on the redundant drive.


For me it got up to about 5% after 10 mins, so figured it would take somewhere between 3 and 4 hours, so kicked it off before I went to bed. The interesting thing is that the old drive’s volume ID (8482932750830730262) is still listed in the array during the resilvering process. It’s as if you can cancel the resilvering and go back to the original drive if you so wished (if you had a failed resilver perhaps?) but I didn’t test this theory. Once resilvering is complete, this old drive/volume reference goes away.

Hope this helps. Happy and safe NASing!


Update: 20 August 2015.  There was an a file in my /tmp directory called “.smartalert” which seemed to contain the source of the alert. I deleted that file and rebooted, and the alarms cleared.


Installing Mythweb into Your FreeNAS MythTV Jail

In my last blog I showed how I installed a MythTV backend PVR server into a FreeNAS Jail.

A must-have for usability is the Mythweb HTTP-based configuration tool. There’s a lot of hoops to jump through, but you should hopefully make it through unscathed!

Install Mythweb and Dependencies

pkg install mythplugin-mythweb

For me this says that it will install the following:

New packages to be INSTALLED:
 mythplugin-mythweb: 0.27_1
 php56-session: 5.6.7
 php56: 5.6.7
 apache24: 2.4.12
 php56-posix: 5.6.7
 php56-json: 5.6.7
 php56-mysql: 5.6.7

Since it is installing PHP 5.6, you’ll need the “56” version of mod_php as well:

pkg install mod_php56

There are important messages from the installs (shown here) which we’ll address below:

Message for apache24-2.4.12:
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR
 If build with modular MPM and no MPM is activated in 
 httpd.conf, then mpm_prefork will be activated as default
 MPM in etc/apache24/modules.d to keep compatibility with 
 existing php/perl/python modules!
Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

Message for mythplugin-mythweb-0.27_1:
mythweb has been installed into:
You need to configure mythweb now according to the instructions in
For lighttpd you should have a look at the MythTV Wiki

Message for mod_php56-5.6.7:
Make sure index.php is part of your DirectoryIndex.
You should add the following to your Apache configuration file:
<FilesMatch ".php$">
 SetHandler application/x-httpd-php
<FilesMatch ".phps$">
 SetHandler application/x-httpd-php-source

Server-Wide Config

Update “/etc/rc.conf" with the following:


Update “/etc/hosts" to something similar to the below – changing the parts in red to suite your IP, hostname and domain: localhost localhost.localdomain mythserver mythserver.gavowen.local mythserver mythserver.gavowen.local

Mythweb Config

You can choose to put your mythweb into the root of the web server, but I prefer to put it off to the side it its own “mythweb” directory.

Copy the mythweb files to where the web server can use them:

mkdir /usr/local/www/apache24/data/mythweb
cp -R /usr/local/www/mythweb/* /usr/local/www/apache24/data/mythweb

Apache 2.4 runs as user and group “www” on FreeBSD/FreeNAS, so update the permissions accordingly:

chgrp -R www /usr/local/www/apache24/data
chmod -R g+rw /usr/local/www/apache24/data

TV Icons

I copied mine into my jail, then across to MythWeb’s TV icons directory:

cp /mnt/storage/channelicons/* /usr/local/www/apache24/data/mythweb/data/tv_icons

Mythweb Apache Config File

The Mythweb Apache config file (“/usr/local/www/apache24/data/mythweb/mythweb.conf.apache“) is a bit out of date for Apache 2.4 and PHP 5.6, so pull down the latest version directly to the directory you need it in.

cd /usr/local/etc/apache24/extra/
wget --no-check-certificate
cp /usr/local/etc/apache24/extra/mythweb.conf.apache /usr/local/etc/apache24/extra/mythweb.conf

Edit the “mythweb.conf" file and change the following:

<Directory “/var/www/html/data”>
<Directory “/usr/local/www/apache24/data/mythweb/data”>

<Directory “/var/www/html”>
<Directory “/usr/local/www/apache24/data/mythweb”>

My NAS has plenty of RAM, so I increase the PHP “php_value memory_limit” to 256M. Save the file and quit.

Make sure these lines are uncommented:

 setenv db_server "localhost" 
 setenv db_name "mythconverg" 
 setenv db_login "mythtv" 
 setenv db_password "mythtv"

Apache Config

Backup Apache’s original config file before editing “httpd.conf":

cp /usr/local/etc/apache24/httpd.conf /usr/local/etc/apache24/httpd.conf.original

Uncomment all these mods. The first two are usually on by default:


Uncomment ServerName and change it to match what you’ve done previously in “/etc/hosts" e.g.:

ServerName mythserver.gavowen.local:80

In the “Supplemental Configuration” of the file, I place the following two lines:

# Mythweb configuration
Include etc/apache24/extra/mythweb.conf

Further down you’ll find the DirectoryIndex, where I add “index.php”

<IfModule dir_module>
 DirectoryIndex index.php index.html

Directly below that part I add the following:

<FilesMatch ".php$">
 SetHandler application/x-httpd-php
<FilesMatch ".phps$">
 SetHandler application/x-httpd-php-source

Restart Apache:

service apache24 start

Now open a browser. Enjoy.

NB: Subsequent restarts of apache can be done with “apachectl graceful"


If the page doesn’t load try this:

create user 'mythtv'@'127.0.0.%' identified by 'mythtv'; 
create user 'mythtv'@'127.0.1.%' identified by 'mythtv'; 
set password for 'mythtv'@'127.0.0.%' = password('mythtv'); 
set password for 'mythtv'@'127.0.1.%' = password('mythtv'); 
connect mythconverg; 
grant all privileges on *.* to 'mythtv'@'127.0.0.%' with grant option; 
grant all privileges on *.* to 'mythtv'@'127.0.1.%' with grant option; 
flush privileges; 

There are other possible issues addressed at this link.

Time Issue

You might get a warning such as:

User Notice at /usr/local/share/mythtv/bindings/php/MythBackend.php, line 132:
 !!NoTrans: Failed to set php timezone to AEST Response from backend was Array ( [0] => AEST [1] => 36000 [2] => 2015-04-25T10:14:06Z ) !!
 Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /usr/local/www/apache24/data/mythweb/includes/errors.php on line 161

If that’s the case I find installing NTP a good solution:

pkg install ntp

Update “/etc/rc.conf" with the following:


Then start it with “service ntpd start". Issue “date" to see that it’s accurate. Then:

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

search for “date.timezone” and change it to suit. For me it’s date.timezone = "Australia/Melbourne"


MythTV Server in a FreeNAS Jail

MythTV is is one of the most well-known open source LiveTV/PVR servers, and worth trying out and comparing to Tvheadend for serving up live TV to Kodi. I have previously given some background info on both of them. Here’s how you can install the MythTV backend in a FreeNAS jail.

Creating your Jail

First make sure your jail environment is set-up correctly:

Jail setup

I’ve carved out a range of IPs from my local LAN /24 subnet of

Next, go to the Jails tab and “Add Jail”. Click on “Advanced Mode” if not already.

I like to call my MythTV Jail “mythserver” – I feel this is preferable to calling it say “mythtv” because if the name is too close to the program name, it can get confusing later on in system log files.

I let it auto-select the next available free IP address, and then manually add the “IPv4 default gateway” – the router’s LAN IP which for me is

I leave “autostart” and “VIMAGE” selected.

Once you hit “Ok” you can edit the jail you just created, and you should see that it’s added a MAC address, and for FreeNAS 9.3 it’s also added “allow.raw_sockets=true” in the “Sysctls” section.  If this is your first jail, it’ll take a while as it downloads the jail template from FreeNAS, before it finalises setting up the jail.

Jail Storage

You’ll want to map some extra storage into your jail for recordings. I give it full permissions:


I limit it to 40 Gigs in the Options:


Then I mount it into the jail:


Jail Login

SSH to your FreeNAS and list your jails:



root@sarlacc# jls
 JID IP Address Hostname Path
 1 - dhcp_dns /mnt/volume1/jails/dhcp_dns
 2 - mythserver /mnt/volume1/jails/mythserver

My MythTV jail called “mythserver” is jail ID #2 at the moment. Log into the jail:

jexec 2 /bin/csh

Jail Update

pkg update
pkg upgrade

The “pkg update” is redundant as the upgrade does an update first, but I still like to do it regardless. Just say yes to all the upgrade prompts. You can run the same commands again after the upgrade, just to confirm the software is now current.

Bash Shell

If you prefer Bash like I do, install it tweak it.

pkg install bash
vi ~/.bashrc

and add some aliases…

# some useful aliases
alias h='fc -l'
alias j=jobs
alias m=$PAGER
alias ll='ls -laFo'
alias l='ls -l'
alias g='egrep -i'

Log out and back in with bash:

jexec 2 /usr/local/bin/bash

That’s if jail ‘2’ is your myth jail. You may only need to type jexec 2. Try it and see.

Helper Software

Install “GNU Make” for compiling LAME:

pkg install gmake

Install the FreeBSD Ports tree and compile the LAME encoder:

cd /usr/ports
portsnap fetch extract
cd /usr/ports/audio/lame
make install clean
cd /

NB: Even though the directories are there, if you don’t do a fresh “extract” then the system will complain, so you have to run this the first time after creating the jail. If you are doing further installs some time in the future (say next week), all you need to run before compilation is portsnap fetch update

Install the graphical packages. You’ll need these for configuring MythTV by the setup GUI which runs on the X-Windows system. Note the upper case X in libXv:

pkg install libXv
pkg install qt4-webkit
pkg install xauth
pkg install xorg-fonts

Install MythTV

pkg install mythtv

You have time to go grab a coffee now, as it’ll take a while. You’ll see a message at the end like:

MythTV has now been installed, but it still needs to be configured.
1. To create the database, use the following command:
mysql -uroot -p < /usr/local/share/mythtv/database/mc.sql
2. Next, run mythtv-setup.
See for more information.

You’ll get to do (1.) and (2.) later. For now, update /etc/rc.conf with the following:

sshd_enable="YES" #change the existing "NO" entry to "YES"

I found that the hostname was in that file twice, so I deleted the duplicate.

Tip: You can quickly update system variables with the following:

sysrc sshd_enable=YES
sysrc mysql_enable="YES"
sysrc mythbackend_enable="YES"

Install MyQSL

Of course we don’t have MySQL installed yet, so we need to grab that too, and start it up:

pkg install mysql56-server
service mysql-server start

Populate mysql with the MythTV database:

mysql -uroot -p < /usr/local/share/mythtv/database/mc.sql

Just hit the “enter” key at the password prompt, as a password isn’t yet set. Out of interest, this does the following:

GRANT ALL ON mythconverg.* TO mythtv@localhost IDENTIFIED BY "mythtv";
GRANT CREATE TEMPORARY TABLES ON mythconverg.* TO mythtv@localhost IDENTIFIED BY "mythtv";
ALTER DATABASE mythconverg DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

Login into mysql (hit enter at the password prompt) and check that “mythconverg” is in there.

mysql -p
show databases;

MySQL Timezone Update

Update timezone info with:

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

I found I got the “Data too long for column ‘Abbreviation’ Error” so I did the following:

mysql_tzinfo_to_sql /usr/share/zoneinfo > /tmp/timezonefix
vi /tmp/timezonefix

I searched through the file and found the stanza (parts between two semicolons) that contain “use tzsetup” and edited out the following lines:

INSERT INTO time_zone (Use_leap_seconds) VALUES ('N');
SET @time_zone_id= LAST_INSERT_ID();
INSERT INTO time_zone_name (Name, Time_zone_id) VALUES ('Factory', @time_zone_id);
INSERT INTO time_zone_transition_type (Time_zone_id, Transition_type_id, Offset, Is_DST, Abbreviation) VALUES
 (@time_zone_id, 0, 0, 0, 'Local time zone must be set--use tzsetup')

I then ran:

cat /tmp/timezonefix | mysql -u root -p mysql

This now completed without error.

Set MySQL Password

mysqladmin -u root password <yourpassword>
mysqladmin -u root password letmein

Test with:

mysql -p

You should have to put in that password now. Type “exit” to quit out.

Setup X11 Forwarding

Edit /etc/ssh/sshd_config with the following updates, replacing the IP address below with your IP:

PermitRootLogin yes
PasswordAuthentication yes
X11Forwarding yes
X11UseLocalhost no

Now start sshd:

service sshd start

This generates keys and starts the SSH server. I like to test the server with a  service sshd restart , to make sure it starts cleanly now that the keys are present.

Set a root password, and test the password along with external connectivity to the mythtv-setup script. If all’s successful, it’ll time out and say that it cannot connect to the X server. That’s the desired outcome, as you want to connect to an X server on another machine. Remember to update the IP address below to that of your jail.

[root@mythserver /]# passwd 
Changing local password for root
New Password:
Retype New Password:
[root@mythserver /]# exit
[root@mythserver /]# ssh -Y root@ /usr/local/bin/mythtv-setup
mythtv-setup: cannot connect to X server

Setup Remote X Server

Download Xming from here:
Download PuTTY from here:

1) Install Xming server and start it
2) Install PuTTY on your local machine
3) Configure the default profile in PuTTY with the IP and SSH port of your MythTV Server
4) Go to the Connection panel then select ssh and enable compression, then the x11 tab and check “Enable x11 Forwarding” box, then enter localhost:0 in the “X Display Location” and check “MIT-Magic-Cookie-”
5) Go to “Session”, type “MythTV Server” in the Saved Sessions, and hit the Save button.

Configuring MythTV

With the Xming server started, open the PuTTY session you saved and login (with the user you created earlier) to the myth server, then type….


This will open an Xwindow on your local screen and load the myth setup screen. You might have to run this a second or third time, as it might quit after a country and language update, and also after a database schema update. You’ll get there eventually.

I recommend you follow the MythBuntu setup guide here, skipping right down to the “MythTV Backend Setup” section, and taking it from there.

Start the Backend

The backend service now needs to be started if not already:

service mythbackend start

Also make sure it’s filled with your config settings:


Congratulations – you’ve now configured MythTV backend on FreeNAS in a jail.


If you have any issues, check where the logserver stores its files and check the logs.

[root@mythserver /var/log/mythtv]# ll
total 12988
drwxr-xr-x 2 root wheel - 5 Apr 21 03:00 ./
drwxr-xr-x 3 root wheel - 22 Apr 21 03:01 ../
-rw-r--r-- 1 root wheel - 219163 Apr 21 03:00 mythbackend.20150420163447.83755.log
-rw-r--r-- 1 root wheel - 12917053 Apr 21 19:40 mythbackend.20150420170022.85871.log
-rw-r--r-- 1 root wheel - 4998 Apr 21 03:00 mythlogserver.20150420163448.83757.log
[root@mythserver /var/log/mythtv]#

tail the latest backend log file:

[root@mythserver /var/log/mythtv]# tail -5 mythbackend.20150420170022.85871.log
2015-04-21 19:41:31.854481 E [85871/101782] HttpServer107 servicehost.cpp:426 (ProcessRequest) - No Security Pin assigned. Run mythtv-setup to set one.
2015-04-21 19:41:31.862285 I [85871/101739] ProcessRequest mainserver.cpp:1420 (HandleAnnounce) - MainServer::ANN Monitor
2015-04-21 19:41:31.862295 I [85871/101739] ProcessRequest mainserver.cpp:1422 (HandleAnnounce) - adding: kodi as a client (events: 0)
2015-04-21 19:41:31.875402 E [85871/101782] HttpServer114 servicehost.cpp:143 (Invoke) - MethodInfo::Invoke - An Exception Occurred: No Security Pin assigned. Run mythtv-setup to set one.
2015-04-21 19:41:31.875436 E [85871/101782] HttpServer114 servicehost.cpp:426 (ProcessRequest) - No Security Pin assigned. Run mythtv-setup to set one.
[root@mythserver /var/log/mythtv]#

ooops – didn’t add a security pin – have to set that up!

Other tips:

  • Go to another box and “telnet <your myth IP> 3306” to make sure your MySQL database is working and allowing connections.
  • Got to http:<your MythTV IP>:6544  to make sure you have web connectivity
  • All else fails – RTFM: MythTV Wiki, and the User Manual.

Other Tasks

It’s advisable you setup MythWeb for managing your TV recordings.

A Breakdown of Kodi LiveTV PVR Backends for FreeNAS

I use the awesome open source Kodi media centre for all my movies and TV shows, so it’s only natural that I use it as a live TV frontend. Since I already have an equally awesome FreeNAS NAS, then it makes sense to see if I can utilise its “Jails” functionality to run the live TV / PVR backend, instead of utilising a separate box. It makes sense – the NAS has a grunty CPU; teamed 1Gig Ethernet links; 16Gig of RAM; loads of storage space for recording TV, and is always on – so it’s the perfect candidate, so long as I can get the backend software to run!

This page currently lists four backends for Linux:  TVheadendMythTVVDR and DVBLink.  Out of those four, only the first three are possible under FreeBSD, as DVBLink is commercial software with only binary code downloads for Linux (among others), but not FreeBSD. The others have downloadable source code which can be compiled on FreeBSD. Discussing them further:


Tvheadend (aka “TVH”) is basically the unofficial TV backend for Kodi. One distribution – OpenELEC – even includes the server in it’s distribution (although SoC systems like RaspberryPi miss out). I was actually using the inbuilt TVH server in OpenELEC before going to a RaspberryPi2 front end, which cut down noise in my lounge room by not having to run a PC with fan near my TV.

On their currently out-of-date website they say “With the integration of PVR functionality into XBMC [kodi], this has now become possibly the most popular TVH client. Indeed much of the recent development of HTSP has been focused on improving integration with XBMC [kodi].

Although the TVH devs don’t much update the website, the actual code is coming along in leaps and bounds with a lot of active development over at GitHub. From what I can gather here, this code was at version 3.4 when one developer by the name of Adam Sutton did a lot of work up till that point, but with a young family he found it hard to continue to commit to the project. That branch is currently known as the “stable” branch. Thankfully another team of devs lead by Andreas Öman came to the fore, and the project was fully opened up as an open source project, and the current code being updated to 3.9.x and is deemed the “unstable” branch. Still this is the branch that you want to be using as it has the transcoding, timeshifting (pause/rewind live TV) and other goodies, and it’s what you’ll get from Github.

Hopefully the 3.9 branch stabilises into 4.0 soon, and FreeBSD ports update their code, and the iPhone TvhClient gets updated as well so it supports all the 3.9 features like transcoding. This does seem to be the backend for Kodi users to watch in the future.

The problem main problem with Tvheadend on FreeBSD is seemingly no support for the SiliconDust HDHomeRun. According to this page, the way TVH supports HDHomeRun is with a Linux “dvbhdhomerun” driver, which only works on Linux as far as I’m aware. This really is a deal-breaker for me, as the HDHomeRun is what I use, and FreeBSD/FreeNAS is my preferred server platform. I really hope they can find some other way to support HDHomeRun on the *BSD’s.


This one has been around for years, and has the most tedious set-up process, although is arguably the most flexible. On a generic server or ESXi, you can install the MythBuntu distribution, which makes install a lot easier, but on FreeBSD in a headless server, there’s a lot more heavy lifting.

I recommend setting up a MythTV jail, even if you have Tvheadend installed, and see which one works best for you.  The good thing about the FreeBSD jails in FreeNAS is that you can set them up without stepping on each other’s toes, and it’s a fun tech exercise. The only thing with MythTV is that it engages all the HDHomeRun tuners at all times even when not watching TV, so you’ll need to shut that jail if you’ve got a Tvheadend jail running and are trying that out. Tvheadend is a lot friendlier in this regard – it only uses a HDHomeRun tuner when it needs one, so most of the time it’s either using none or one tuner, and only using more than one tuner if you’re watching live TV on one mux, and recording on another mux (or recording two shows simultaneously on two different muxes).


Well I can’t say I’ve actually used this for Kodi. I’ve stayed away mostly because of what I perceive as limited support for the HDHhomeRun network TV tuner. A web search for “VDR HDHomeRun” shows up This isn’t very confidence-inspiring because if you look at the history, it shows it’s at version 0.0.1 last updated five years ago in 2010! Yes I think I’ll give this one a miss for now.


If it wasn’t for wanting to use the HDHomeRun I’d probably use Tvheadend for its ease of use, but since I do, my only choice is to use MythTV as a TV/PVR backend for Kodi. I’ll put together an install guide on my blog for MythTV, and also add some info into my wiki.

HP Microserver Gen8 FreeNAS Tips and Tricks

Well I’ve been spending some time with the new HP Microserver Gen8 (G2020T), and wanted to post a few little tips and tricks for using it with FreeNAS

  1. Make the internal USB slot external
  2. Use MicroSD for swap space
  3. Bind CIFS to certain interfaces

Make the Internal USB slot External

With my older HP N40L NAS I was used to accessing the bootable internal USB by opening the front door. With the new NAS, you can’t get to the internal bootable USB without taking the case cover off. I had a spare USB extension cable so I put it to work as per the following photos:

I can now sit it on top of my NAS which gives me the following benefits:

  1. I can get to it easy. The rear USB2 are practically blocked by the two NIC ports I’m using, so I don’t have to reach around the back to get to them.
  2. It keeps the two front USB ports clear, so I don’t have a stick jutting out, and I can keep them free for if I need to plug in a mouse and keyboard.

Just so you know, you can boot from the external USB ports – the USB2 ones at least. I’m pretty sure I read somewhere that you can only boot from USB2 though – the USB3 ports are made available via OS drivers post-boot. It was quite easy to bend back the bit of metal and feed the plug through.  BTW – you can see my Intel 2-port server NIC there that I use to team two interfaces into my ESXi box for iSCSI disks straight off the NAS.

Use the MicroSD for the FreeBSD/FreeNAS OS Swap Space

This is my favorite tip. See the MicroSD card slot on the photo above? I thought about what use that could be for a dedicated NAS box, where I boot off the USB drive and use the HDD array for storage – surely it’s useless? Well I found a use for it that I’m quite happy with.

What I didn’t know is that by default, not all of your HDD space is used for data storage. In the default settings of FreeNAS (8 and now 9.1) is that it reserves 2GB per-disk for OS swap space.

Where it’s set is SETTINGS -> ADVANCED… “Swap size on each drive in GiB, affects new disks only. Setting this to 0 disables swap creation completely (STRONGLY DISCOURAGED).”

Here is a discussion on the matter.  If a disk fails and you’re using the swap space on it, that could leave your server inoperable. I don’t like that sound of that. What you can do is use the MicroSD for OS swap. This will then leave your HDD’s purely for ZFS data storage.

There are new MicroSD cards from Sandisk  (the creators of the format) that can transfer up to 80MB/s that should be adequate for emergency swap space. Mind you I say “emergency” swap. I am using my box as a NAS with 8GB and soon to be 16GB RAM – I don’t expect to be using swap at all, but like to have it for any emergency needs, which is preferable to the server crashing.  If you are smashing the swap space, then you’d need more RAM, and if you’re still smashing it, then perhaps get a dedicated SSD that can sit in the thin optical drive bay (there are third-party solutions for this).

To set this up this is what you do:-

Set swap size on each drive to “0” before you create any ZFS volumes! Otherwise you’ll have to blow those away and start again.

Put the MicroSD card in. I’m not sure if it’s hot swap, but since it’s a one-off task I do it cold. You can can either check the “dmesg” or via the GUI check that it shows up as a drive. On FreeNAS 9.1 it shows up on my server as “da1”.

On the CLI you type:

swapon /dev/da1

Check that it’s using it:

freenas# swapctl -l
Device:       1024-blocks     Used:
/dev/da1         992000         0

That’s a tiny 1GB MicroSD I pulled from a mobile phone as I didn’t have any others spare. I’ll put the order in for a 16GB Sandisk Extreme soon enough. I think it’s good form to be at least as big as the size of your RAM.
You also need to make sure it enables the swap on boot, so in the FreeNAS web GUI in “System” then under the pre-init scripts section, add a new pre-init script of:

swapon /dev/da1

If your ZFS volumes already have swap on them you might see something like this:

 freenas# swapctl -l
 Device:       1024-blocks     Used:
 /dev/ada0p1.eli   2097152         0
 /dev/ada1p1.eli   2097152         0
 /dev/ada2p1.eli   2097152         0

…because /etc/fstab will have these entries:

 freenas# cat /etc/fstab
 /dev/ufs/FreeNASs1a / ufs ro 1 1
 /dev/ufs/FreeNASs3 /cfg ufs rw,noauto 2 2
 /dev/ufs/FreeNASs4 /data ufs rw,noatime 2 2
 /dev/ada0p1.eli none                    swap            sw              0       0
 /dev/ada1p1.eli none                    swap            sw              0       0
 /dev/ada2p1.eli none                    swap            sw              0       0

You’ll need to build your volumes from scratch to get rid of that swap, unless you know how to hack this and extend the ZFS volume(s) to fill that extra space, which sounds problematic for live data. For me I copied the data off and rebuilt the volumes and datasets, just to be safe.

Bind CIFS to Only Certain Interfaces

With the extra NIC that I didn’t have before, I decided to use the extra port for “Out of Band Management”. This is handy for security so that only computers on the OOBM network can access the web GUI (if you pin the web GUI to a certain IP address). It’s good practice to have all your network devices managed this way where possible. I like to use the default VLAN for this, with general data on VLAN10 and voice traffic on VLAN20, and if I have a dedicated “SAN” (with jumbo frames usually), then I use VLAN30 for this.
Of course I could have set this up previously with VLAN interfaces which is fine from a security perspective, but I do like the idea of OOBM being on a totally separate physical interface for a pure OOBM setup.

You can either bind Samba to individual interfaces, or a range of interfaces by specifying a network. The latter is my preference as it requires less thought. The commands I  use are:

interfaces =
bind interfaces only = yes

Where you apply this is under “Services –> CIFS –> Auxiliary parameters

That subnet listed is what I have on my data VLAN10. It’s good for me as my PC has NICs on both Data and OOBM, and means I don’t accidentally mount Samba shares across the OOBM network. BTW that “interfaces” statement doesn’t have to match the subnet mask of your interface. You can just have written “” which depending on your setup might match one or more interfaces. Otherwise you can specify interface names like “bge0”, or “em0” – i.e. the OS-given device name – not the name you gave it with the FreeNAS web GUI.