— door Evert Mouw
Installing transmission and dnsmasq on the Iomega StorCenter Ix2-200 Coud Edition NAS
Originally published on the weblog TechMonks, which no longer exists.
In our student’s dorm, we want to share files. We also have one shared internet connection using ADSL. The download speed is OK, but the uplink is weak. Many students like to use torrents, which quickly drain the uplink and the connection table of the modemrouter. So I set up a server with a torrent client, which was accessible by a web interface. I now replaces this server by a Iomega StorCenter Ix2-200 Coud Edition Network Attached Storage (NAS) device, which I will refer to as ix-2.
The default torrent client on the ix-2 is bad beyond imagination, so I wanted to install transmission-daemon.
- The readers has moderate Linux command-line experience.
- The reader is able to edit text files using vi.
- The reader has good computer knowledge.
- Your NAS device has a fixed / static IP address.
Before continuing, we need to have more control over the ix-2. So we enable SSH access. Do that this way:
- Go to http://your-ix2-ip-address
- Go into the administrative settings and set an admin password (if you have not already done so)
- Go to https://your-ix2-ip-address/diagnostics.html and enable SSH.
(Older models used another URL, https://10.0.57.4/support.html, which you still often find using Google searches for enabling SSH on your ix-2.)
The SSH login credential will diffentiate from the webadmin credentials.
SSH username = root
SSH password = “soho” + webadmin-password
For example, when your administrative password for the ix-2 web interface is “S3c7sec”, then the SSH password will be “sohoS3c7sec”.
- Hedy on the IX-2-200 Hacking Wiki on 25 Apr 2011 in discussion Main / General >> SSH restrictions
- Christopher Kusek
- PlanetKris weblog
Where to get additional software for the ix-2? Fortunately, there exists a third-party repository and a package manager for this box. The NSLU2-Linux development group has created the ipkg package manager. The ipkg program is already pre-installed on the ix-2, so it seems to have native support for this. But we have to add the repositories.
src cross http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable
src native http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable
And update the cache:
- Vladimir Vuksan’s blog: Customizing iomega StorCenter ix4-200d with ipkg
Installing transmission is not hard:
ipkg install transmission
You also want to create a settings.json file before starting the transmission daemon. Here are example settings.
Now don’t forget to forward the correct port (6881 in the example above) on your modemrouter to the ix-2.
Also, when using the example above, I suggest to
- create a Torrent share using the ix-2 administrative web interface
- mkdir /mnt/pools/A/A0/Torrents/_downloading
- mkdir /mnt/pools/A/A0/Torrents/_config
- and to copy the settings.json to mkdir /mnt/pools/A/A0/Torrents/_config
Having thins like transmission installed is great, but after a power outage or other problems, I want them to automatically start. Unfortunately, it’s not straightforward.
I have tried the method described by Chris Pont but had mixed experiences. I got a few programs running on startup, but after a while I had tens to hundreds of transmiddion instances. The core memory (RAM) will fill up quickly that way. I tried lots of options in the sohoProcs.xml but that did not solve the problem.
Follow the stept below to get a fool-proof method to start up programs on ix-2 boot.
First, create a shell script that allows editing the sohoProcs.xml configuration file.
# edit the bootup config of the ix-2
# inspired by http://www.chrispont.co.uk/2010/10/allow-startup-daemons-on-storcenter-ix2-200-nas/
mknod -m0660 /dev/loop3 b 7 3
chown root.disk /dev/loop3
mount -o loop /boot/images/apps /tmp/apps
chmod +x /opt/editconfig.sh
Now we start editing the XML list of programs that will automatically be started. Run:
You will see lots of <Program> Groups. We are going to add one <Program> to <Group Level=”1″>. We will add:
<Program Name="init-opt.sh" Path="/opt/init-opt.sh">
To prevent lots of init-opt.sh instances, we use a sleep command at the end of the script:
echo "Last bootup:" >> /opt/init-opt.log
date >> /opt/init-opt.log
# echo "Starting DNS and DHCP server (dnsmasq)" >> /opt/init-opt.log
echo "Wait one minute, so that the storage pool is mounted" >> /opt/init-opt.log
echo "Starting transmission-daemon" >> /opt/init-opt.log
/opt/bin/transmission-daemon -g /mnt/pools/A/A0/Torrents/_config
echo "I will reboot after 180 days..." >> /opt/init-opt.log
chmod +x /opt/init-opt.sh
I have commented out the dnsmasq lines because maybe you will not be installing dnsmasq. You can uncomment them later if you proceed below with dnsmasq.
- Chris Pont: Allow startup daemons on StorCenter IX2-200 NAS (and other Soho based devices)
Our modemrouter was acting as DHCP server, but did not allow to enter custom DNS servers for use by the clients on the local network. That’s a pity, because we recently were hit by a botnet trojan, and we would like to use OpenDNS. So I installed a DNS and DHCP server called dnsmasq in the ix-2 and disabled the DHCP service on the modemrouter.
ipkg install dnsmasq
The options filterwin2k, no-resolv and no-poll are disabled by default. That’s fine, it’s probably best to keep it that way.
But enable bogus-priv (“never forward addresses in the non-routed address spaces”) and also domain-needed (“never forward plain names (without a dot or domain part)”).
I like to be able to use the XS4all proxy server always. The proxy hostname is not resolvable from outside the XS4all network, so OpenDNS will not resolve proxy.xs4all.nl, but I can add its IP address manually:
The ix-2 can be administered using it’s settings web interface. In network –> network, you can specify which DNS servers to use. Internally, it will store those DNS settings in /etc/resolf.conf, which will be picked up by dnsasq.
Then, the ix-2 will become the forwarding DNS server. It will forward DNS request from clients on the local network (LAN) to the DNS servers specifiek in the settings web interface.
If you want that the ix-2 uses the provider’s DNS servers, normally you will use the IP address of the modem/router. Most modems today are forwarding DNS servers, and your provider will configure your modem with the correct DNS server settings (using DHCP). In our student network, our modem has the IP address 10.0.57.1. Note that now you have a chain of two forwarders, which could slow down things. Also, many modems are not very solid in this respect.
You could bypass the modem’s forwarding DNS server by setting the DNS server IP addresses directly in the settings web interface. For XS4all, those would be 188.8.131.52 and 184.108.40.206.
If you want to use OpenDNS, then use these DNS servers: 220.127.116.11 and 18.104.22.168.
Logging DNS queries
To reveal infected computers, we can study the DNS requests of the computers on the local networks. Botnets such als Torpiq will use random, weird domain names for their command and control servers. Use the script below. Also consifer the –log-facility option.
# Shows DNS queries
# in dnsmasq.conf, logging must be activated with:
grep -E ' dnsmasq[.*]: query' /var/log/messages
chmod +x /opt/showdnsqueries.sh
Show all DNS queries:
Show all DHCP leases:
It would be interesting to check all queried hostnames (A records) against a DNS blacklist such as in.dnsbl.org but that will not be fully explored here because our internet connection is still filtered by XS4all and I cannot connect with the dnsbl server.
One way to get all A record queries for hostnames from the DNS log is:
/opt/showdnsqueries.sh | grep -E 'query[A]' | cut -d ' ' -f 7 | sort | uniq
This could be a nice input for a script that checks against the in.dnsbl.org. Note that the script below is computationally very wasteful, but that’s OK for small home usage and ease of reading. Also note that I could not test this script, so bugs are likely…
for query in $(/opt/showdnsqueries.sh | grep -E 'query[A]' | cut -d ' ' -f 7 | sort | uniq)
dnsbl=$(host -t A -4 "$query.ip.dnsbl.org")
if ( echo $dnsbl | grep "not found" > /dev/null ) then break
ip=$(echo "$dnsbl" | head -n 1 | cut -d ' ' -f 4)
if ($ip -eq "127.0.0.8") # DNSBL returns 127.0.0.8 for lookups associated with botnets
echo "Found one botnet DNS query:"
/opt/showdnsqueries.sh | grep "$query"
for requester in $(/opt/showdnsqueries.sh | grep "$query" | cut -d ' ' -f 9 | sort | uniq)
echo $requester lease lookup:
grep $requester /opt/var/dnsmasq.leases
It’t interesting what you can do with a cheapo NAS. For 1/10 of the normal costs of a full-blown server, you can already do fun stuff for a small network.
I referred to this howto from my own weblog (Dutch).