Please Donate to Bitcoin Address : [[address]]

Donation of [[value]] BTC Received. Thank You.
[[error]]

How to Install Headless Torrent Server in FreeBSD 11.2-RELEASE

Hello everyone,

This is how you can install a headless torrent server (transmission-daemon) in FreeBSD 11.2 so you can keep feeding the internet also the world.

You just need a VPS which has a reachable IP address but please keep that in mind this document has been prepared for IPv4. IPv6 configuration might need some extra work to do beside this blog post. Enjoy it!

Introduction

First of all, if you do not have any idea what’s FreeBSD, please refer here.

So it’s a free-software distribution developed by a large community in all over the world.

I’m a GNU/Linux System Engineer myself but I think I have a special interest for BSD kernel and its distributions all the time. So one day I spawned up a droplet through DigitalOcean with a FreeBSD cloud image pre-installed and it was ready to ssh (which I find so cool). I’m going to explain in this blog post technically how to install and configure transmission torrent server in FreeBSD 11.2 release and gonna mention some system administration practices such as firewalling in FreeBSD etc.

I hope no one is going to be mad at me from BSD community ((i have doubts if it even exists in Turkey but whatever) if I do some mistakes in this blog post technically (or, culturally I would say) because I have very strict GNU/Linux habits and it’s hard to switch my entire skill set to do the same thing with different ways is not a piece of cake that easily for me.

Preparation

Prior proceed with the transmission server installation, we need to check and fix couple of things because it’s going to be a production torrent server.

  1. OpenSSH configuration
  2. Package/Kernel Updates
  3. Firewall (PF)
1. User Management, Authorization and OpenSSH

OpenSSH is pretty much the same software as we’re always using in our favorite GNU/Linux Distros (ok ok also in Mac too) but we need to ensure some of the openssh-server configuration.

I’m a fanatic of Math and Cryptology Science so I always trust to Math when it comes to authentication. I always disable password authentication for any user and permit root login for any method (cryptic or not). So ensure you have a RSA key-pair to use it for secure authentication.

First we need to create an admin user, it’s very simple, run below command and follow up with the instructions in CLI :

Note: make sure that this user is a member of “wheel” group because we need sudo to become root.


# adduser

Ensure /usr/local/etc/sudoers file has the correct configuration for wheel group :

# vi /usr/local/etc/sudoers ---  yeah I know what you're thinking "vi" is the default text editor in FreeBSD

%wheel ALL=(ALL) ALL

Copy your ssh public key to your newly created user’s home directory and make sure you can SSH without problem with that user

Now harden your openssh server a little bit :


# vi /etc/ssh/sshd_config PermitRootLogin no PasswordAuthentication no

I never open my root user to the world (better safe and “little paranoid” than sorry) but below also a good option :


PermitRootLogin without-password

Restart your service :


# service sshd restart

BSD distros are systemd-free operating systems. I hate that shit to be honest and trying to find some peace in my free times via tinkering BSD systems recently.

2. Package Management

pkg is the package manager for FreeBSD. There’s an also another popular way to install stuff in FreeBSD which is called “ports”. I enjoy it a lot myself but it seems like it’s compiling the source code and its dependencies all the time to install programs on your computer, I’m pretty sure that the binaries will be pretty stable btw, however; I’m going to install stuff via pkg package manager to not waste much of your time in this blog post.

Update your package index :

$ sudo pkg update

Upgrade your packages :

$ sudo pkg upgrade

Reboot (if necessary)

3. Firewalling in BSD (PF)

Packet Filter (from here on referred to as PF) is OpenBSD’s system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization. PF has been a part of the GENERIC kernel since OpenBSD 3.0. For more info, please refer here.

In order to enable pf (or all services) we need to manipulate old-good rc files.

Run below commands to enable PF in the system :

$ sudo sysrc pf_enable="YES"
$ sudo sysrc pf_rules="/usr/local/etc/pf.conf"
$ sudo sysrc pflog_enable="YES"
$ sudo sysrc pflog_logfile="/var/log/pflog"

If my understanding is correct, above sysrc is a tool to safely edit system rc files so it simply adds above configuration to /etc/rc.conf if you do not say the otherwise. Now as you can see we’ve configured PF to look for its rules on /usr/local/etc/pf.conf. Here’s my pf.conf for a FreeBSD transmission server and some extra cool stuff like some preventions for SSH bruteforce attacks :


me="vtnet0" table persist icmp_types = "echoreq" junk_ports="{ 135,137,138,139,445,68,67,3222 }" junk_ip="224.0.0.0/4" martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 }" set loginterface vtnet0 scrub on vtnet0 reassemble tcp no-df random-id # ---- First rule obligatory "Pass all on loopback" pass quick on lo0 all # ---- Block junk logs block quick proto { tcp, udp } from any to $junk_ip block quick proto { tcp, udp } from any to any port $junk_ports # --- Drop Martians block drop in quick on $me from $martians to any block drop out quick on $me from any to $martians # --- antispoof quick for $me # ---- Second rule "Block all in and pass all out" block in log all pass out log all keep state ############### FIREWALL ############################################### # ---- Allow all traffic from my VPN pass quick proto {tcp, udp} from 91.189.88.154 to $me keep state # ---- block SMTP out block quick proto tcp from $me to any port 25 # ---- Allow incoming Web/Transmission traffic pass quick proto tcp from any to $me port { 80, 443, 9091, 51413 } flags S/SA keep state pass quick proto udp from any to $me port { 123, 51413 } # ---- Allow my team member SSH access pass quick proto tcp from any to $me port ssh flags S/SA keep state # ---- Block bruteforcers block log quick from # ---- Allow SSH from trusted sources, but block bruteforcers pass quick proto tcp from any to $me port ssh \ flags S/SA keep state \ (max-src-conn 10, max-src-conn-rate 20/60, \ overload flush global) # --- # ---- Allow ICMP and be a Good Sysadmin pass in inet proto icmp all icmp-type $icmp_types keep state pass out inet proto icmp all icmp-type $icmp_types keep state # ---- This is for high TCP ports, you'll need it if you use ssh -D to this server for example. pass out inet proto tcp from $me to port > 50276 keep state

Run checks in case of you have any faulty configuration :

$ sudo service pf check

Checking pf rules.

Start the pf :

$ sudo service pf start

Now we have a secure FreeBSD VPS ready to serve anything on the internet!

Installing Torrent Server

In order to install torrent server, run below command :


$ sudo pkg install transmission-cli transmission-daemon transmission-web

Enable it in the rc :


$ sudo sysrc transmission_enable="YES"

You will need a settings.json file for transmission server configuration, my configuration with rpc-enabled can be found below :

$ sudo vi /usr/local/etc/transmission/home

{
"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"blocklist-url": "",
"cache-size-mb": 4,
"dht-enabled": true,
"download-dir": "/usr/local/etc/transmission/home/Downloads",
"download-limit": 100,
"download-limit-enabled": 0,
"download-queue-enabled": true,
"download-queue-size": 5,
"encryption": 1,
"idle-seeding-limit": 30,
"idle-seeding-limit-enabled": false,
"incomplete-dir": "//Downloads",
"incomplete-dir-enabled": false,
"lpd-enabled": false,
"max-peers-global": 200,
"message-level": 2,
"peer-congestion-algorithm": "",
"peer-id-ttl-hours": 6,
"peer-limit-global": 200,
"peer-limit-per-torrent": 50,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": "default",
"pex-enabled": true,
"pidfile": "/var/run/transmission/daemon.pid",
"port-forwarding-enabled": true,
"preallocation": 1,
"prefetch-enabled": true,
"queue-stalled-enabled": true,
"queue-stalled-minutes": 30,
"ratio-limit": 2,
"ratio-limit-enabled": false,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-host-whitelist": "",
"rpc-host-whitelist-enabled": false,
"rpc-password": "s3cr3tp4sswO0rd",
"rpc-port": 9091,
"rpc-url": "/transmission/",
"rpc-username": "aydintd",
"rpc-whitelist": "127.0.0.1,167.99.137.255",
"rpc-whitelist-enabled": true,
"scrape-paused-torrents-enabled": true,
"script-torrent-done-enabled": false,
"script-torrent-done-filename": "",
"seed-queue-enabled": false,
"seed-queue-size": 10,
"speed-limit-down": 100,
"speed-limit-down-enabled": false,
"speed-limit-up": 100,
"speed-limit-up-enabled": false,
"start-added-torrents": true,
"trash-original-torrent-files": false,
"umask": 18,
"upload-limit": 100,
"upload-limit-enabled": 0,
"upload-slots-per-torrent": 14,
"utp-enabled": true
}

Make sure transmission’s home directory has the correct ownerships :

$ sudo chown -R transmission:transmission /usr/local/etc/transmission/home

Start the transmission service and check if it’s listening on port 9091 and 51413 via sockstat :

$ sudo service tranmission start

$ sudo service tranmission status
transmission is running as pid 5445.

$ sudo sockstat -4 -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sshd 9344 4 tcp4 *:22 *:*
transmission transmissi5445 9 udp4 *:23295 *:*
transmission transmissi5445 10 tcp4 *:9091 *:*
transmission transmissi5445 11 tcp4 *:51413 *:*
transmission transmissi5445 13 udp4 *:51413 *:*
root sendmail 838 3 tcp4 127.0.0.1:25 *:*
root syslogd 438 7 udp4 *:514 *:*

Now you should be able to access to your transmission server’s web-gui on :

http://your.server.ip.address:9091/web/transmission

Be aware that when you navigate to the above web page, tranmission web-gui will pop-up a dialog box to ask you the username and the password for RPC you’ve configured in the settings.json. RPC on the open world is not so much a reliable way, but you can handle the security issues via using rpc-whilelists as well.

In web-gui you can easily upload any kind of torrent file or directly point to its URL and it will download the related torrent content for you in “download-folder” in your remote VPS or home server powered by FreeBSD. Transmission can be used by it’s CLI tool as well :

$ transmission-cli path/of/torrent -w path/to/save/the/downloaded/file

That should be all!

Happy Torrenting!

ps. Sharing is caring 😉

5 Aralık 2018

Posted In: Aburcubur, Genel, Teknik

Etiketler: , , , , , ,

Leave a Comment

Yenilendik!

Merhaba,

Uzun zamandır şu gri, iç karartıcı görüntüden kurtarmak istiyordum şu blogu. Hatta 2 ay önce başlamıştım bile, tamamlamak bugüneymiş.

Şunu söylemeliyim ki çok istediğim halde LYK2016 için iki satır goy-goy bile olsa yazacak zaman bulamadım. İçimde ukte kaldı. Her neyse ki önümüzde ÖWTG’16 var. Bu vesileyle iki etkinliği birleştirip bir şeyler yazarım belki diye düşünüyorum 🙂

Olmadı AB’17 ye artık.

ÖWTG’de olacaklarla 22-23 Ekim’de İstanbul’da görüşmek üzere!

Duymadım o ne diyen varsa hala vay haline : ÖWTG’16

19 Ekim 2016

Posted In: Genel, Kişisel

Leave a Comment

Redmine’da WYSIWYG Editörü Kullanmak

Merhaba,
Bir süredir blog yazamıyordum. Bunun birden fazla sebebi var ancak bir kaç tanesinden bahsetmem gerekirse şöyle diyebilirim :

İlginç, yazmaya değer bir şeyler bulup, biriktirme eğilimim
İş, güç yoğunluğu ve ruh halim
ve son olarak Akademik Bilişim konferansına eğitmen olarak katılmam

bir süredir blog yazısı yazamamama neden oldu. Ancak sebeplerim makul bence.

Konumuza gelecek olursak, bu blog yazısında Redmine’da What You See Is What You Get (WYS|WYG) editörü nasıl kullanılır,
mevcut  Redmine kurulumunuzda textile formatlı wiki kullanılarak hazırlamış olduğunuz wikilerinizi, iş kayıtlarınızı
nasıl bu editöre uyumlu ve HTML ile görüntüleyebilip, düzeltebileceğinizi anlatacağım.

“Bununla neden uğraştın ki olum?” diyenlerinizi duyuyorum. Aslında ben kendimce wiki’yi, wiki yazmayı hatta syntax’ını bile seviyorum. Ancak
özellikle benim gibi daha önce wiki yazmaya alışmamış, syntaxla uğraşmak istemeyen, “bir tablo için bu kadar pipe’mı dizecem şimdi yav?” diye
mızıklanan personele sistem yönetimi desteğini ancak wiki yerine zengin editör kullandırtarak verebiliyorum 🙂 Tek sebebi budur. Yoksa wikiyi severiz, candır.

Redmine’da bu işi sizin için yapan güzel bir plugin var, adı da CKEditor , bu bir redmine plugini olduğundan öncelikle redmine pluginlerinin redmine’a nasıl
kurulması gerektiğinden bahsetmeliyiz. Blog yazısının goy-goy’unu burada bırakıp, teknik kısmına geçiyorum, ilginizi çekmediyse diye uyarayim.

Continue reading Redmine’da WYSIWYG Editörü Kullanmak

19 Şubat 2016

Posted In: Genel, Sistem, Teknik

Etiketler: , , , , , ,

Leave a Comment