technology and zen of life

“A heisenbug (named after the Heisenberg Uncertainty Principle) is a computer bug that disappears or alters its characteristics when an attempt is made to study it.”

Installing transmission and dnsmasq on a NAS

Introduction

In our student’s  dorm, we want to share files. We also have one shared internet connection using ADSL. The download speed is OK, but the uplink is weak. Many students like to use torrents, which quickly drain the uplink and the connection table of the modemrouter. So I set up a server with a torrent client, which was accessible by a web interface. I replaced this server by a Iomega StorCenter Ix2-200 Cloud Edition Network Attached Storage (NAS) device, which I will refer to as ix-2.

The default torrent client on the ix-2 is bad beyond imagination, so I wanted to install transmission-daemon.

Assumptions

  • The readers has moderate Linux command-line experience.
  • The reader is able to edit text files using vi.
  • The reader has good computer knowledge.
  • Your NAS device has a fixed / static IP address.

Enabling SSH

Before continuing, we need to have more control over the ix-2. So we enable SSH access. Do that this way:

  • Go to http://your-ix2-ip-address
  • Go into the administrative settings and set an admin password (if you have not already done so)
  • Go to https://your-ix2-ip-address/diagnostics.html and enable SSH.

(Older models used another URL, https://10.0.57.4/support.html, which you still often find using Google searches for enabling SSH on your ix-2.)

The SSH login credential will diffentiate from the webadmin credentials.
SSH username = root
SSH password = “soho” + webadmin-password
For example, when your administrative password for the ix-2 web interface is “S3c7sec”, then the SSH password will be “sohoS3c7sec”.

Credits:

ipkg

Where to get additional software for the ix-2? Fortunately, there exists a third-party repository and a package manager for this box. The NSLU2-Linux development group has created the ipkg package manager. The ipkg program is already pre-installed on the ix-2, so it seems to have native support for this. But we have to add the repositories.

vim /etc/ipkg.conf

src cross http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable
src native http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable

And update the cache:

ipkg update

Credits:

Installing transmission

Installing transmission is not hard:

ipkg install transmission

You also want to create a settings.json file before starting the transmission daemon. Here are example settings.

{
 "alt-speed-down": 600,
 "alt-speed-enabled": true,
 "alt-speed-time-begin": 540,
 "alt-speed-time-day": 62,
 "alt-speed-time-enabled": true,
 "alt-speed-time-end": 1320,
 "alt-speed-up": 40,
 "bind-address-ipv4": "0.0.0.0",
 "bind-address-ipv6": "::",
 "blocklist-enabled": true,
 "blocklist-url": "http://list.iblocklist.com/?list=bt_templist",
 "cache-size-mb": 4,
 "dht-enabled": true,
 "download-dir": "/mnt/pools/A/A0/Torrents",
 "encryption": 1,
 "idle-seeding-limit": 30,
 "idle-seeding-limit-enabled": false,
 "incomplete-dir": "/mnt/pools/A/A0/Torrents/_downloading",
 "incomplete-dir-enabled": true,
 "lpd-enabled": false,
 "message-level": 2,
 "open-file-limit": 32,
 "peer-congestion-algorithm": "",
 "peer-limit-global": 160,
 "peer-limit-per-torrent": 40,
 "peer-port": 6881,
 "peer-port-random-high": 65535,
 "peer-port-random-low": 49152,
 "peer-port-random-on-start": false,
 "peer-socket-tos": "lowcost",
 "pex-enabled": true,
 "port-forwarding-enabled": true,
 "preallocation": 1,
 "prefetch-enabled": 1,
 "ratio-limit": 1.2,
 "ratio-limit-enabled": true,
 "rename-partial-files": true,
 "rpc-authentication-required": false,
 "rpc-bind-address": "0.0.0.0",
 "rpc-enabled": true,
 "rpc-password": "{db401bc8e204e30a6da8c9188acbbce34dd02df3OFkagnx2",
 "rpc-port": 9091,
 "rpc-url": "/transmission/",
 "rpc-username": "",
 "rpc-whitelist": "127.0.0.1",
 "rpc-whitelist-enabled": false,
 "script-torrent-done-enabled": false,
 "script-torrent-done-filename": "",
 "speed-limit-down": 1000,
 "speed-limit-down-enabled": true,
 "speed-limit-up": 70,
 "speed-limit-up-enabled": true,
 "start-added-torrents": true,
 "trash-original-torrent-files": false,
 "umask": 18,
 "upload-slots-per-torrent": 5,
 "utp-enabled": true
}

Now don’t forget to forward the correct port (6881 in the example above) on your modemrouter to the ix-2.

Also, when using the example above, I suggest to

  • create a Torrent share using the ix-2 administrative web  interface
  • mkdir /mnt/pools/A/A0/Torrents/_downloading
  • mkdir /mnt/pools/A/A0/Torrents/_config
  • and to copy the settings.json to /mnt/pools/A/A0/Torrents/_config

Auto-start programs

Having things like transmission installed is great, but after a power outage or other problems, I want them to automatically start. Unfortunately, it’s not straightforward.

I have tried the method described by Chris Pont but had mixed experiences. I got a few programs running on startup, but after a while I had tens to hundreds of transmission instances. The core memory (RAM) will fill up quickly that way. I tried lots of options in the sohoProcs.xml but that did not solve the problem.

Follow the stept below to get a fool-proof method to start up programs on ix-2 boot.

First, create a shell script that allows editing the sohoProcs.xml configuration file.

vim /opt/editconfig.sh

#!/bin/sh
# edit the bootup config of the ix-2
# inspired by http://www.chrispont.co.uk/2010/10/allow-startup-daemons-on-storcenter-ix2-200-nas/
mknod -m0660 /dev/loop3 b 7 3
chown root.disk /dev/loop3
mkdir /tmp/apps
mount -o loop /boot/images/apps /tmp/apps
vi /tmp/apps/usr/local/cfg/sohoProcs.xml
sleep 1
umount /tmp/apps
rm /dev/loop3

chmod +x /opt/editconfig.sh

Now we start editing the XML list of programs that will automatically be started. Run:

/opt/editconfig.sh

You will see lots of <Program> Groups. We are going to add one <Program> to <Group Level=”1″>. We will add:

<Program Name="init-opt.sh" Path="/opt/init-opt.sh">
  <SysOption Restart="-1"/>
</Program>

To prevent lots of init-opt.sh instances, we use a sleep command at the end of the script:

vim /opt/init-opt.sh

#!/bin/sh
rm /opt/init-opt.log
echo "Last bootup:" >> /opt/init-opt.log
date >> /opt/init-opt.log
# echo "Starting DNS and DHCP server (dnsmasq)" >> /opt/init-opt.log
# /opt/sbin/dnsmasq
echo "Wait one minute, so that the storage pool is mounted" >> /opt/init-opt.log
sleep 1m
echo "Starting transmission-daemon" >> /opt/init-opt.log
/opt/bin/transmission-daemon -g /mnt/pools/A/A0/Torrents/_config
echo "I will reboot after 180 days..." >> /opt/init-opt.log
sleep 180d
reboot

chmod +x /opt/init-opt.sh

I have commented out the dnsmasq lines because maybe you will not be installing dnsmasq. You can uncomment them later if you proceed below with dnsmasq.

Credits:

Installing dnsmasq

Our modemrouter was acting as DHCP server, but did not allow to enter custom DNS servers for use by the clients on the local network. That’s a pity, because we recently were hit by a botnet trojan, and we would like to use OpenDNS. So I installed a DNS and DHCP server called dnsmasq in the ix-2 and disabled the DHCP service on the modemrouter.

ipkg install dnsmasq

Configuring DNS

vim /opt/etc/dnsmasq.conf

The options filterwin2k, no-resolv and no-poll are disabled by default. That’s fine, it’s probably best to keep it that way.

But enable bogus-priv (“never forward addresses in the non-routed address spaces”) and also domain-needed (“never forward plain names (without a dot or domain part)”).

I like to be able to use the XS4all proxy server always. The proxy hostname is not resolvable from outside the XS4all network, so OpenDNS will not resolve proxy.xs4all.nl, but I can add its IP address manually:

address=/proxy.xs4all.nl/194.109.6.13
address=/wwwproxy.xs4all.nl/194.109.6.13

The ix-2 can be administered using it’s settings web interface. In network –> network, you can specify which DNS servers to use. Internally, it will store those DNS settings in /etc/resolf.conf, which will be picked up by dnsasq.

Then, the ix-2 will become the forwarding DNS server. It will forward DNS request from clients on the local network (LAN) to the DNS servers specifiek in the settings web interface.

If you want that the ix-2 uses the provider’s DNS servers, normally you will use the IP address of the modem/router. Most modems today are forwarding DNS servers, and your provider will configure your modem with the correct DNS server settings (using DHCP). In our student network, our modem has the IP address 10.0.57.1. Note that now you have a chain of two forwarders, which could slow down things. Also, many modems are not very solid in this respect.

You could bypass the modem’s forwarding DNS server by setting the DNS server IP addresses directly in the settings web interface. For XS4all, those would be 194.109.6.66 and 194.109.9.99.

If you want to use OpenDNS, then use these DNS servers: 208.67.222.222 and 208.67.220.220.

Logging DNS queries

To reveal infected computers, we can study the DNS requests of the computers on the local networks. Botnets such als Torpiq will use random, weird domain names for their command and control servers. Use the script below. Also consifer the –log-facility option.

vim /opt/showdnsqueries.sh

#!/bin/sh
# Shows DNS queries
# in dnsmasq.conf, logging must be activated with:
# log-queries
grep -E ' dnsmasq\[.*\]: query' /var/log/messages
chmod +x /opt/showdnsqueries.sh

Show all DNS queries:

/opt/showdnsqueries.sh

Show all DHCP leases:

cat /opt/var/dnsmasq.leases

It would be interesting to check all queried hostnames (A records) against a DNS blacklist such as in.dnsbl.org but that will not be fully explored here because our internet connection is still filtered by XS4all and I cannot connect with the dnsbl server.

One way to get all A record queries for hostnames from the DNS log is:

/opt/showdnsqueries.sh | grep -E 'query\[A\]' | cut -d ' ' -f 7 | sort | uniq

This could be a nice input for a script that checks against the in.dnsbl.org. Note that the script below is computationally very wasteful, but that’s OK for small home usage and ease of reading. Also note that I could not test this script, so bugs are likely…  Update: 90% tested, should work (2011-07-18)

#!/bin/sh
# Uses DNSBL to find DNS requests from botnets.
# For use with showdnsqueries.sh
# Evert Mouw <post@evert.net>
# version: 2011-07-18
for query in $(/opt/showdnsqueries.sh | grep -E 'query[A]' | cut -d ' ' -f 7 | sort | uniq)
do
 dnsbl=$(host -t A -4 "$query.in.dnsbl.org")
 echo $dnsbl | grep "not found" > /dev/null
 if [ $? -eq 0 ]
 then
  echo "$query not blacklisted"
 else
  ip=$(echo "$dnsbl" | head -n 1 | cut -d ' ' -f 4)
  if [ "$ip" = "127.0.0.8" ] # DNSBL returns 127.0.0.8 for lookups associated with botnets
  then
   echo "_"
   echo "Found one botnet DNS query for $query"
   /opt/showdnsqueries.sh | grep "$query"
   for requester in $(/opt/showdnsqueries.sh | grep "$query" | cut -d ' ' -f 9 | sort | uniq)
   do
    echo $requester lease lookup:
    grep $requester /opt/var/dnsmasq.leases
   done
  else
   echo "Blacklisted for other reasons: $query"
  fi
 fi
done

Credits:

Concluding remarks

Adding more software would be trivial. Thinks like the unison file synchronizer, SABnzbd and other stuff could work on your ix-2.

It’t interesting what you can do with a cheapo NAS. For 1/10 of the normal costs of a full-blown server, you can already do fun stuff for a small network.

I referred to this howto from my own weblog (Dutch).

About Evert Mouw

Interested in kinda everything, studied political science, now studying medical informatics. MCSE, Linux enthousiast, and believing that technology is the path to enlightenment 😉 Best RTS game ever is Warhammer Soulstorm (IMHO). Other hobbies include hiking, kayaking, reading and when I have time, trying to have an ant colony in an artificial nest (formicarium).

Leave a Reply

24 Responses

  1. […] Installing transmission and dnsmasq on a NAS […]

  2. […] Installing transmission and dnsmasq on a NAS – … – Introduction In our student’s dorm, we want to share files. We also have one shared internet connection using ADSL. The download speed is OK, but the uplink […]

  3. Murat says:

    Hello everybody, does someone know how to install Owncloud on the IX2-200 Cloud Edition?

  4. Gerry Berry says:

    Total Noob – but getting places!
    Hi, I am a total newbie to Linux and UNIX, with some DOS experience from a lifetime ago, and so far I have managed to get down to the point of installing the package – all went fine.
    Now… I am stuck at trying to create the SETTINGS.JSON file. How do you do this? Do I create it in Vi or Vim, and manually type in the contents of the box, or is there a way of cutting and pasting it?
    Many thanks

    Gerry

  5. […] This HOWTO shows few tricks about installing custom software and changing default behavior: http://techmonks.net/installing-transmission-and-dnsmasq-on-a-nas/ You could find there more links to customization […]

  6. […] Ever Mouth:  Installing transmission and dnsmasq on a NAS […]

  7. George says:

    is it possible to restart appmd without losing connectivity to the NAS?

  8. mrod says:

    this was working perfectly for me, but stopped working when i updated my ix-200 to the latest software version 4.0.4

    did anyone else get the same issue?

  9. allaon says:

    I would like to thank you for the marvellous guide, it was very helpful and I also managed to configure emule.
    I’m not a real expert Linix and script, someone would be able to give me a script to make bootable emuled at every reboot?
    Btw thank you again to you all 🙂

  10. My apologies for all the spamming here!

    Found the issue – it seems that transmission is using a settings.json file located here: /.config/transmission-daemon/settings.js, instead of the one uploadet to the folder created by following your steps: /mnt/pools/A/A0/Torrents/_config

    After updating the correct json file, i was able to login using my nas ip and the correct port!

  11. the ip of the nas should of course be part of the URL in my previous post – not sure why it removed it!

  12. forgot to mention, that based on the settings.json i would expect to be able to access it via the URL: http://:9091/transmission

    but that doesn’t work either? My apologies if this is a dumb question, but not really sure what to do from here. So hoping you can help!

  13. Hi Evert, I have very limited knowledge regarding linux, but managed to go through your above guide with success – at least i believe so :-), Only thing left to do is to ensure it autostarts. However, before doing that i would like to try the torrent client, so how do i access Transmission Daemon? I don’t see it in the list of features on my nas, is that not expected. Have i done something wrong?

    Thanks!
    Kasper

  14. Lawrence says:

    Thanks for your reply. I didn’t run an “rm -r -f /tmp/apps” first, only rmdir. I will check it out when I get home later.

  15. Evert Mouw says:

    Dear Lawrence,

    The first two errors are not that bad. It means that the creation of /tmp/apps and /dev/loop3 succeeded, so you can ignore the errors.

    I’m not sure that the effect was of your removal of /tmp/apps while it was (maybe) still mounted. Maybe you removed sohoProcs.xml
    together with a lot of other important files. Normally “rmdir” only removes empty directories, but after running editconfig.sh, /tmp/apps should be mounted, and not empty. I see you not mentioning umounting; maybe you did a rm -r -f /tmp/apps first? In that case I cannot help you; your boot image is gone.

    Be careful with removing / deleting stuff. Your use of “rm -r -f /dev/loop3” hints that you do not really understand what you are doing. There is no point in using a recursive (-r) deletion of a device file.

    If you did not do such damage, rebooting the ix-2 and re-running the script could maybe work.

    Unfortunately I cannot do any tests because I no longer live in that student dorm, so I don’t have access to the ix-2.

  16. Lawrence says:

    Hi.

    I have had some trouble with the “fool-proof” editconfig.sh command. Clearly I am a fool. I made a mistake in vi. I quit the editor without adding the line (using :q!) and now, if I re-run the script, I get two errors:

    1) That the folder /tmp/apps exists.
    2) That no free loop device could be found.

    I ran:
    rmdir /tmp/apps
    rm -r -f /dev/loop3

    Now, if I rerun the script, I get a blank file in vi!! What now?! 🙁

  17. Mauro says:

    What a wonderful guide!! Thanks a lot, works perfectly!! (and you’re right, the default bittorrent client is a shame!!)

  18. Fernando says:

    This is a light howto install amule on NAS.

    ipkg install amule

    /opt/bin/amuled -c /mnt/pools/A/A0/Downloads/.aMule

    echo -n your_password | md5sum

    vi /mnt/pools/A/A0/Downloads/.aMule/amule.conf

    [eMule]
    TempDir=/mnt/pools/A/A0/Downloads/.aMule/Temp/
    IncomingDir=/mnt/pools/A/A0/Downloads/
    OSDirectory=/mnt/pools/A/A0/Downloads/.aMule/

    [ExternalConnect]
    AcceptExternalConnections=1
    ECPassword=1060b7b46a3bd36b3a0d66e0127d0517

    [WebServer]
    Enabled=1
    Password=1060b7b46a3bd36b3a0d66e0127d0517
    Path=/opt/bin/amuleweb

    /opt/bin/amuled – f -c /mnt/pools/A/A0/Downloads/.aMule

    Don’t forget add a server http://www.emule-mods.de/?servermet=show and forward the right ports (default 4662 & 4672)

    http://your-ix2-ip-address:4711

    Tested on: ix2-200 Cloud Edition with firm 3.2.3.9273

Email Subscription

Disclaimer

The views expressed on this blog are personal. We do not claim to be a representative voice of the views of any organisation whatsoever. We are not responsible for the content present on the blogs to which we have linked.Views expressed are solely that of the author and does not reflect a collective opinion of contributors.
%d bloggers like this: