Installing transmission and dnsmasq on a NAS

Installing transmission and dnsmasq on the Iomega StorCenter Ix2-200 Coud Edition NAS

Originally published on the weblog TechMonks, which no longer exists.

Introduction

In our student’s dorm, we want to share files. We also have one shared internet connection using ADSL. The download speed is OK, but the uplink is weak. Many students like to use torrents, which quickly drain the uplink and the connection table of the modemrouter. So I set up a server with a torrent client, which was accessible by a web interface. I now replaces this server by a Iomega StorCenter Ix2-200 Coud Edition Network Attached Storage (NAS) device, which I will refer to as ix-2.

The default torrent client on the ix-2 is bad beyond imagination, so I wanted to install transmission-daemon.

Assumptions

• The readers has moderate Linux command-line experience.
• The reader is able to edit text files using vi.
• The reader has good computer knowledge.
• Your NAS device has a fixed / static IP address.

Enabling SSH

Before continuing, we need to have more control over the ix-2. So we enable SSH access. Do that this way:

• Go to http://your-ix2-ip-address
• Go into the administrative settings and set an admin password (if you have not already done so)
• Go to https://your-ix2-ip-address/diagnostics.html and enable SSH.

(Older models used another URL, https://10.0.57.4/support.html, which you still often find using Google searches for enabling SSH on your ix-2.)

The SSH login credential will diffentiate from the webadmincredentials.
SSH username = root
SSH password = “soho” + webadmin-password
For example, when your administrative password for the ix-2 web interface is “S3c7sec”, then the SSH password will be “sohoS3c7sec”.

Credits:

• Hedy on the IX-2-200 Hacking Wiki on 25 Apr 2011 in discussion Main / General >> SSH restrictions
• Christopher Kusek
• PlanetKris weblog

ipkg

Where to get additional software for the ix-2? Fortunately, there exists a third-party repository and a package manager for this box. The NSLU2-Linux development group has created the ipkg package manager. The ipkg program is already pre-installed on the ix-2, so it seems to have native support for this. But we have to add the repositories.

vim /etc/ipkg.conf

src cross http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable
src native http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable

And update the cache:

ipkg update

Credits:

• Vladimir Vuksan’s blog: Customizing iomega StorCenter ix4-200d with ipkg

Installing transmission

Installing transmission is not hard:

ipkg install transmission

You also want to create a settings.json file before starting the transmission daemon. Here are example settings.

{
 "alt-speed-down": 600,
 "alt-speed-enabled": true,
 "alt-speed-time-begin": 540,
 "alt-speed-time-day": 62,
 "alt-speed-time-enabled": true,
 "alt-speed-time-end": 1320,
 "alt-speed-up": 40,
 "bind-address-ipv4": "0.0.0.0",
 "bind-address-ipv6": "::",
 "blocklist-enabled": true,
 "blocklist-url": "http://list.iblocklist.com/?list=bt_templist",
 "cache-size-mb": 4,
 "dht-enabled": true,
 "download-dir": "/mnt/pools/A/A0/Torrents",
 "encryption": 1,
 "idle-seeding-limit": 30,
 "idle-seeding-limit-enabled": false,
 "incomplete-dir": "/mnt/pools/A/A0/Torrents/_downloading",
 "incomplete-dir-enabled": true,
 "lpd-enabled": false,
 "message-level": 2,
 "open-file-limit": 32,
 "peer-congestion-algorithm": "",
 "peer-limit-global": 160,
 "peer-limit-per-torrent": 40,
 "peer-port": 6881,
 "peer-port-random-high": 65535,
 "peer-port-random-low": 49152,
 "peer-port-random-on-start": false,
 "peer-socket-tos": "lowcost",
 "pex-enabled": true,
 "port-forwarding-enabled": true,
 "preallocation": 1,
 "prefetch-enabled": 1,
 "ratio-limit": 1.2,
 "ratio-limit-enabled": true,
 "rename-partial-files": true,
 "rpc-authentication-required": false,
 "rpc-bind-address": "0.0.0.0",
 "rpc-enabled": true,
 "rpc-password": "{db401bc8e204e30a6da8c9188acbbce34dd02df3OFkagnx2",
 "rpc-port": 9091,
 "rpc-url": "/transmission/",
 "rpc-username": "",
 "rpc-whitelist": "127.0.0.1",
 "rpc-whitelist-enabled": false,
 "script-torrent-done-enabled": false,
 "script-torrent-done-filename": "",
 "speed-limit-down": 1000,
 "speed-limit-down-enabled": true,
 "speed-limit-up": 70,
 "speed-limit-up-enabled": true,
 "start-added-torrents": true,
 "trash-original-torrent-files": false,
 "umask": 18,
 "upload-slots-per-torrent": 5,
 "utp-enabled": true
}

Now don’t forget to forward the correct port (6881 in the example above) on your modemrouter to the ix-2.

Also, when using the example above, I suggest to

• create a Torrent share using the ix-2 administrative web interface
• mkdir /mnt/pools/A/A0/Torrents/_downloading
• mkdir /mnt/pools/A/A0/Torrents/_config
• and to copy the settings.json to mkdir /mnt/pools/A/A0/Torrents/_config

Auto-start programs

Having thins like transmission installed is great, but after a power outage or other problems, I want them to automatically start. Unfortunately, it’s not straightforward.

I have tried the method described by Chris Pont but had mixed experiences. I got a few programs running on startup, but after a while I had tens to hundreds of transmiddion instances. The core memory (RAM) will fill up quickly that way. I tried lots of options in the sohoProcs.xml but that did not solve the problem.

Follow the stept below to get a fool-proof method to start up programs on ix-2 boot.

First, create a shell script that allows editing the sohoProcs.xml configuration file.

vim /opt/editconfig.sh

#!/bin/sh
# edit the bootup config of the ix-2
# inspired by http://www.chrispont.co.uk/2010/10/allow-startup-daemons-on-storcenter-ix2-200-nas/
mknod -m0660 /dev/loop3 b 7 3
chown root.disk /dev/loop3
mkdir /tmp/apps
mount -o loop /boot/images/apps /tmp/apps
vi /tmp/apps/usr/local/cfg/sohoProcs.xml
sleep 1
umount /tmp/apps
rm /dev/loop3

chmod +x /opt/editconfig.sh

Now we start editing the XML list of programs that will automatically be started. Run:

/opt/editconfig.sh

You will see lots of <Program> Groups. We are going to add one <Program> to <Group Level=“1″>. We will add:

<Program Name="init-opt.sh" Path="/opt/init-opt.sh">
  <SysOption Restart="-1"/>
</Program>

To prevent lots of init-opt.sh instances, we use a sleep command at the end of the script:

vim /opt/init-opt.sh

#!/bin/sh
rm /opt/init-opt.log
echo "Last bootup:" >> /opt/init-opt.log
date >> /opt/init-opt.log
# echo "Starting DNS and DHCP server (dnsmasq)" >> /opt/init-opt.log
# /opt/sbin/dnsmasq
echo "Wait one minute, so that the storage pool is mounted" >> /opt/init-opt.log
sleep 1m
echo "Starting transmission-daemon" >> /opt/init-opt.log
/opt/bin/transmission-daemon -g /mnt/pools/A/A0/Torrents/_config
echo "I will reboot after 180 days..." >> /opt/init-opt.log
sleep 180d
reboot

chmod +x /opt/init-opt.sh

I have commented out the dnsmasq lines because maybe you will not be installing dnsmasq. You can uncomment them later if you proceed below with dnsmasq.

Credits:

• Chris Pont: Allow startup daemons on StorCenter IX2-200 NAS (and other Soho based devices)

Installing dnsmasq

Our modemrouter was acting as DHCP server, but did not allow to enter custom DNS servers for use by the clients on the local network. That’s a pity, because we recently were hit by a botnet trojan, and we would like to use OpenDNS. So I installed a DNS and DHCP server called dnsmasq in the ix-2 and disabled the DHCP service on the modemrouter.

ipkg install dnsmasq

Configuring DNS

vim /opt/etc/dnsmasq.conf

The options filterwin2k, no-resolv and no-poll are disabled by default. That’s fine, it’s probably best to keep it that way.

But enable bogus-priv (“never forward addresses in the non-routed address spaces”) and also domain-needed (“never forward plain names (without a dot or domain part)”).

I like to be able to use the XS4all proxy server always. The proxy hostname is not resolvable from outside the XS4all network, so OpenDNS will not resolve proxy.xs4all.nl, but I can add its IP address manually:

address=/proxy.xs4all.nl/194.109.6.13
address=/wwwproxy.xs4all.nl/194.109.6.13

The ix-2 can be administered using it’s settings web interface. In network –> network, you can specify which DNS servers to use. Internally, it will store those DNS settings in /etc/resolf.conf, which will be picked up by dnsasq.

Then, the ix-2 will become the forwarding DNS server. It will forward DNS request from clients on the local network (LAN) to the DNS servers specifiek in the settings web interface.

If you want that the ix-2 uses the provider’s DNS servers, normally you will use the IP address of the modem/router. Most modems today are forwarding DNS servers, and your provider will configure your modem with the correct DNS server settings (using DHCP). In our student network, our modem has the IP address 10.0.57.1. Note that now you have a chain of two forwarders, which could slow down things. Also, many modems are not very solid in this respect.

You could bypass the modem’s forwarding DNS server by setting the DNS server IP addresses directly in the settings web interface. For XS4all, those would be 194.109.6.66 and 194.109.9.99.

If you want to use OpenDNS, then use these DNS servers: 208.67.222.222 and 208.67.220.220.

Logging DNS queries

To reveal infected computers, we can study the DNS requests of the computers on the local networks. Botnets such als Torpiq will use random, weird domain names for their command and control servers. Use the script below. Also consifer the –log-facility option.

vim /opt/showdnsqueries.sh

#!/bin/sh
# Shows DNS queries
# in dnsmasq.conf, logging must be activated with:
# log-queries
grep -E ' dnsmasq[.*]: query' /var/log/messages
chmod +x /opt/showdnsqueries.sh

Show all DNS queries:

/opt/showdnsqueries.sh

Show all DHCP leases:

cat /opt/var/dnsmasq.leases

It would be interesting to check all queried hostnames (A records) against a DNS blacklist such as in.dnsbl.org but that will not be fully explored here because our internet connection is still filtered by XS4all and I cannot connect with the dnsbl server.

One way to get all A record queries for hostnames from the DNS log is:

/opt/showdnsqueries.sh | grep -E 'query[A]' | cut -d ' ' -f 7 | sort | uniq

This could be a nice input for a script that checks against the in.dnsbl.org. Note that the script below is computationally very wasteful, but that’s OK for small home usage and ease of reading. Also note that I could not test this script, so bugs are likely…

#!/bin/sh
for query in $(/opt/showdnsqueries.sh | grep -E 'query[A]' | cut -d ' ' -f 7 | sort | uniq)
do
 dnsbl=$(host -t A -4 "$query.ip.dnsbl.org")
 if ( echo $dnsbl | grep "not found" > /dev/null ) then break
 ip=$(echo "$dnsbl" | head -n 1 | cut -d ' ' -f 4)
 if ($ip -eq "127.0.0.8") # DNSBL returns 127.0.0.8 for lookups associated with botnets
 then
  echo "_"
  echo "Found one botnet DNS query:"
  /opt/showdnsqueries.sh | grep "$query"
  for requester in $(/opt/showdnsqueries.sh | grep "$query" | cut -d ' ' -f 9 | sort | uniq)
  do
   echo $requester lease lookup:
   grep $requester /opt/var/dnsmasq.leases
  done
 fi
done

Credits:

• http://wiki.safesquid.com/dns-blacklist

Concluding remarks

Adding more software would be trivial. Thinks like the unison file synchronizer, SABnzbd and other stuff could work on your ix-2.

It’t interesting what you can do with a cheapo NAS. For 1/10 of the normal costs of a full-blown server, you can already do fun stuff for a small network.

I referred to this howto from my own weblog (Dutch).

Deze blogpost werd in december 2022 overgezet van WordPress naar een methode gebaseerd op Markdown; het is mogelijk dat hierbij fouten of wijzigingen zijn ontstaan t.o.v. de originele blogpost.