Installing transmission and dnsmasq on a NAS

— door Evert Mouw

Installing transmission and dnsmasq on the Iomega StorCenter Ix2-200 Coud Edition NAS

Originally published on the weblog TechMonks, which no longer exists.

Introduction

In our student’s  dorm, we want to share files. We also have one shared internet connection using ADSL. The download speed is OK, but the uplink is weak. Many students like to use torrents, which quickly drain the uplink and the connection table of the modemrouter. So I set up a server with a torrent client, which was accessible by a web interface. I now replaces this server by a Iomega StorCenter Ix2-200 Coud Edition Network Attached Storage (NAS) device, which I will refer to as ix-2.

The default torrent client on the ix-2 is bad beyond imagination, so I wanted to install transmission-daemon.

Assumptions

  • The readers has moderate Linux command-line experience.
  • The reader is able to edit text files using vi.
  • The reader has good computer knowledge.
  • Your NAS device has a fixed / static IP address.

Enabling SSH

Before continuing, we need to have more control over the ix-2. So we enable SSH access. Do that this way:

  • Go to http://your-ix2-ip-address
  • Go into the administrative settings and set an admin password (if you have not already done so)
  • Go to https://your-ix2-ip-address/diagnostics.html and enable SSH.

(Older models used another URL, https://10.0.57.4/support.html, which you still often find using Google searches for enabling SSH on your ix-2.)

The SSH login credential will diffentiate from the webadmin credentials.
SSH username = root
SSH password = “soho” + webadmin-password
For example, when your administrative password for the ix-2 web interface is “S3c7sec”, then the SSH password will be “sohoS3c7sec”.

Credits:

ipkg

Where to get additional software for the ix-2? Fortunately, there exists a third-party repository and a package manager for this box. The NSLU2-Linux development group has created the ipkg package manager. The ipkg program is already pre-installed on the ix-2, so it seems to have native support for this. But we have to add the repositories.

vim /etc/ipkg.conf

And update the cache:

ipkg update

Credits:

Installing transmission

Installing transmission is not hard:

ipkg install transmission

You also want to create a settings.json file before starting the transmission daemon. Here are example settings.

Now don’t forget to forward the correct port (6881 in the example above) on your modemrouter to the ix-2.

Also, when using the example above, I suggest to

  • create a Torrent share using the ix-2 administrative web  interface
  • mkdir /mnt/pools/A/A0/Torrents/_downloading
  • mkdir /mnt/pools/A/A0/Torrents/_config
  • and to copy the settings.json to mkdir /mnt/pools/A/A0/Torrents/_config

Auto-start programs

Having thins like transmission installed is great, but after a power outage or other problems, I want them to automatically start. Unfortunately, it’s not straightforward.

I have tried the method described by Chris Pont but had mixed experiences. I got a few programs running on startup, but after a while I had tens to hundreds of transmiddion instances. The core memory (RAM) will fill up quickly that way. I tried lots of options in the sohoProcs.xml but that did not solve the problem.

Follow the stept below to get a fool-proof method to start up programs on ix-2 boot.

First, create a shell script that allows editing the sohoProcs.xml configuration file.

vim /opt/editconfig.sh

chmod +x /opt/editconfig.sh

Now we start editing the XML list of programs that will automatically be started. Run:

/opt/editconfig.sh

You will see lots of <Program> Groups. We are going to add one <Program> to <Group Level=”1″>. We will add:

To prevent lots of init-opt.sh instances, we use a sleep command at the end of the script:

vim /opt/init-opt.sh

chmod +x /opt/init-opt.sh

I have commented out the dnsmasq lines because maybe you will not be installing dnsmasq. You can uncomment them later if you proceed below with dnsmasq.

Credits:

Installing dnsmasq

Our modemrouter was acting as DHCP server, but did not allow to enter custom DNS servers for use by the clients on the local network. That’s a pity, because we recently were hit by a botnet trojan, and we would like to use OpenDNS. So I installed a DNS and DHCP server called dnsmasq in the ix-2 and disabled the DHCP service on the modemrouter.

ipkg install dnsmasq

Configuring DNS

vim /opt/etc/dnsmasq.conf

The options filterwin2kno-resolv and no-poll are disabled by default. That’s fine, it’s probably best to keep it that way.

But enable bogus-priv (“never forward addresses in the non-routed address spaces”) and also domain-needed (“never forward plain names (without a dot or domain part)”).

I like to be able to use the XS4all proxy server always. The proxy hostname is not resolvable from outside the XS4all network, so OpenDNS will not resolve proxy.xs4all.nl, but I can add its IP address manually:

The ix-2 can be administered using it’s settings web interface. In network –> network, you can specify which DNS servers to use. Internally, it will store those DNS settings in /etc/resolf.conf, which will be picked up by dnsasq.

Then, the ix-2 will become the forwarding DNS server. It will forward DNS request from clients on the local network (LAN) to the DNS servers specifiek in the settings web interface.

If you want that the ix-2 uses the provider’s DNS servers, normally you will use the IP address of the modem/router. Most modems today are forwarding DNS servers, and your provider will configure your modem with the correct DNS server settings (using DHCP). In our student network, our modem has the IP address 10.0.57.1. Note that now you have a chain of two forwarders, which could slow down things. Also, many modems are not very solid in this respect.

You could bypass the modem’s forwarding DNS server by setting the DNS server IP addresses directly in the settings web interface. For XS4all, those would be 194.109.6.66 and 194.109.9.99.

If you want to use OpenDNS, then use these DNS servers: 208.67.222.222 and 208.67.220.220.

Logging DNS queries

To reveal infected computers, we can study the DNS requests of the computers on the local networks. Botnets such als Torpiq will use random, weird domain names for their command and control servers. Use the script below. Also consifer the –log-facility option.

vim /opt/showdnsqueries.sh

Show all DNS queries:

/opt/showdnsqueries.sh

Show all DHCP leases:

cat /opt/var/dnsmasq.leases

It would be interesting to check all queried hostnames (A records) against a DNS blacklist such as in.dnsbl.org but that will not be fully explored here because our internet connection is still filtered by XS4all and I cannot connect with the dnsbl server.

One way to get all A record queries for hostnames from the DNS log is:

This could be a nice input for a script that checks against the in.dnsbl.org. Note that the script below is computationally very wasteful, but that’s OK for small home usage and ease of reading. Also note that I could not test this script, so bugs are likely

Credits:

Concluding remarks

Adding more software would be trivial. Thinks like the unison file synchronizer, SABnzbd and other stuff could work on your ix-2.

It’t interesting what you can do with a cheapo NAS. For 1/10 of the normal costs of a full-blown server, you can already do fun stuff for a small network.

I referred to this howto from my own weblog (Dutch).