Thursday, 11 October 2018

How to Setup BitTorrent Client Transmission iocage Jail on FreeNAS 11.1

بسم الله الرحمن الرحيم


Abstract



Tutorial on how to setup and configure a Bit Torrent Transmission Client in an iocage jail on FreeNAS 11.1.

Assumptions and Prerequisites



  • OS: FreeNAS 11.1-U6
  • FreeNAS Host: fn
  • FreeNAS Network Interface: igb0
  • FreeNAS IP: 10.0.0.2
  • FreeNAS Subnet Mask: 24
  • Jail Container: iocage
  • iocage Version: 1.0 Alpha
  • Jail Release: 11.1-RELEASE
  • Jail Name: transmission
  • Jail Network Interface: vnet0
  • Jail Network Config: DHCP
  • Jail Default Route: 10.0.0.1
  • IP Version: IPv4
  • Bridge Network Interface: bridge0
  • DNS 1: 10.0.0.1 
  • Domain: example.com
  • ZPool Volume: tank
  • Dataset: /mnt/tank/torrents
  • Setup iocage Jail


Instructions


1. Create an iocage Jail with VNET configured by DHCP 


iocage create -n "[Name]" -r [Release] vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" interfaces="vnet[N]:bridge[N]" resolver="search [DOMAIN];domain [DOMAIN];nameserver [DNS1 IP]

root@fn:~ # iocage create -n "transmission" -r 11.1-RELEASE defaultrouter="10.0.0.1" vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" interfaces="vnet0:bridge0" host_hostname="transmission" resolver="search example.com;domain example.com;nameserver 10.0.0.1"

2. Create Dataset and then mount inside the Jail


Create a user (eg:mujahid) as member of the media (gid:8675309) group that will have group access to the 'torrents' dataset on FreeNAS.



Create a dataset 'torrents' on the FreeNAS volume as type 'Windows'.



Create a torrent watch directory(watch_dir) for transmission within the 'torrents' dataset. When any torrent file is copied into this directory, transmission will read the file and add to its queue for downloading. This is optional if you don't need to create a torrent watch directory.  
root@fn:~ # mkdir -p /mnt/tank/torrents/watch_dir

Create a torrent downloads directory(downloads) for transmission within the 'torrents' dataset. This is the directory transmission will use to save the downloaded files. 
root@fn:~ # mkdir -p /mnt/tank/torrents/downloads

Set dataset 'torrents' user owner as 'mujahid(uid:1000)' and group owner as 'media(gid:8675309)'. And set these permissions recursively.



Create a windows share for the 'torrents' dataset on FreeNAS, So the FreeNAS user 'mujahid' can access the 'downloads' directory contents.



Mount the dataset '/mnt/tank/torrents/downloads' on FreeNAS into "Transmission" jail with read/write access.
root@fn:~ #  iocage fstab -a transmission /mnt/tank/torrents/downloads /mnt/downloads nullfs rw 0 0

Mount dataset '/mnt/tank/torrents/watch_dir' on FreeNAS into transmission jail with read/write access.
root@fn:~ #  iocage fstab -a transmission /mnt/tank/torrents/watch_dir /mnt/watch_dir nullfs rw 0 0

3. Install and Configure Transmission client in iocage jail


Login/Console into the transmission jail
root@fn:~ # iocage console transmission

Install the transmission package
root@transmission:~ # pkg install transmission-daemon

Create group 'media' with gid:8675309 in the transmission jail. Make sure the gid is the same as the gid on the FreeNAS host for the 'media' group. Then add the 'transmission' user to the 'media' group on the transmission jail as a member. This will make sure transmission has group read/write permissions to the 'torrents' dataset on the FreeNAS. Note: The group 'media' on the FreeNAS and the transmission jail should have the same gid(8675309), otherwise the permissions won't work properly.

Create group 'media' with gid:8675309 
root@transmission:~ # pw groupadd -n media -g 8675309

Add user 'transmission' to group 'media'
root@transmission:~ # pw groupmod media -m transmission

Enable transmission to start on boot
root@transmission:~ # sysrc transmission_enable="YES"

Set the transmission auto file permissions and ownership check to 'No'. Because, when the transmission service starts, it resets the user and group ownership of the FreeNAS dataset 'torrents' to the default jail user and group "root:wheel", which we don't want because the user won't be able to access the downloads share directory contents.
root@transmission:~ # sysrc transmission_chown="NO"

Set the download directory for transmission
root@transmission:~ # sysrc transmission_download_dir="/mnt/downloads"

Set the torrents watch directory for transmission.
root@transmission:~ # sysrc transmission_download_dir="/mnt/watch_dir"

Start and then stop the transmission service to create a '/usr/local/etc/transmission/home/settings.json' file with default settings.
root@transmission:~ # service transmission start && service transmission stop

Edit the 'settings.json' file to change the transmission configurations with the following settings 
root@transmission:~ # ee /usr/local/etc/transmission/home/settings.json

{   
    "port-forwarding-enabled": false, 
               .......
    "rpc-whitelist": "127.0.0.1, 10.0.0.*",     # Only for internal network clients to access 
               ....... 
    "speed-limit-up-enabled": true,             
               .......
    "trash-original-torrent-files": false,         # Do not save torrent files
    "umask": 2,                                              # Make downloads directory group read writable
               .......
    "watch-dir": "/mnt/watch_dir",               # Watch directory for *.torrent files
    "watch-dir-enabled": true                        # Watch directory enabled
}

Start transmission service
root@transmission:~ # service transmission start

Go to http://[IP]:9091/transmission/web to check if the transmission web-gui is accessible.



Helpful Commands


Remove user from group
root@transmission:~ # pw groupmod media -d transmission

Show Group members
root@transmission:~ # pw groupshow media

watch/monitor a log file in real-time up to 30 lines
root@transmission:~ # tail -f -n 30/var/log/messages

Links and Resources

4 comments:

Travis Runyard said...

Thanks for the post, it's good stuff. Have you thought about updating it with info for installing and configuring openvpn inside of the jail so torrent traffic is routed through the tunnel?

Mujahid said...

Yes. Its the next post over.

https://mujahidjaleel.blogspot.com/2018/10/how-to-setup-openvpn-client-in-iocage.html

Eric store said...

This guide can use on freenas 11.2? It same step?

Thanks

Unknown said...

Hello. I am having trouble editing the settings.json. Do you know another place they might be? The one you have in your instructions is a non-existent file.