Updatoval som Ommniu na verziu 3.11. V nasledovnom prispevku uverejnujem moje zistenia.
Moja konfiguracia je:
1.NAS s mSata radicom na dvoch HDD WDC WD4003FFBX.
WD4003FFBX: 4TB, 7200 rpm, Sector Sizes: 512 bytes logical, 4096 bytes physical,
SATA Version is: SATA 3.2, 6.0 Gb/s (current: 3.0 Gb/s),
mSata radic: (lspci) 03:00.0 SATA controller: ASMedia Technology Inc. ASM1062 Serial ATA Controller (rev 01).
2.File system btrFS s RAID1.
3.Kedze som kupil Ommniu v obchode za plnu cenu, vsetky sluzby navyse som zastavil.
Najbezpecnejsia je taka sluzba, ktora vobec nebezi na routry a nesposobuje zaraz navyse.
DHCP.
V /etc/cofig/dhcp pribudli nove parametre:
list interface ‘br-lan’
list notinterface ‘lo’.
Co je chvalihodne, ale nemaju podporu v luci interface. Ak urobite zmenu cez luci
stratite tieto nastavenia. Neboli zaclenene do menu v luci!
SAMBA 4.
a)Namerane rychlosti s Fast Copy v.361 su nasledovne:
Total R\W: 11,160 MiB
Files: 8
Download:
TotalTime: 1:56s
Trans Rate: 95,9MiB/s (766,4MiBit/s)
Upload:
TotalTime: 2:18s
Trans Rate: 80,5MiB/s (644MiBit/s)
Pri prenose suborov pomocou samby 4 pri tychto rychlostiach
sa vam bude zdat ze vam zatuhlo PC ale pravda je ze nema
klient samby na nacitanie zdielanych adresarov
alebo aj inych sluzieb http, atd pasmo.
Jedine ako zaistite potrebne pasmo pre ine sluzby je dat QOS na LAN.
Paradoks? … ano je!
Z dostupnych a uzivatelsky prijemnych, som pouzil FIREQOS na https://firehol.org/.
Kedze mame verziu na Ommnii OpenWRT 15.05 je mozne stiahnut
z https://github.com/firehol/packages/releases/download/2017-09-17-1424/firehol_3.1.5-1_all_chaos_calmer.ipk
balicek.
Skoro vsetky podporne programy uz mate nainstalovane. Je to script, ktory sa raz spusti a nastavi tc. Existuje aj verzia
18.06 co je pre TO 4 vhodne. Moja aktualna konfiguracia je nasledovna:
cat fireqos.conf
#Set this appropriately for your system (internet link)
DEVICE=br-lan
#my speed is 12200kbit down, 890 up
#I use only 85% of down and 95% of up
INPUT_SPEED="$((940000 * 95 / 100))kbit"
OUTPUT_SPEED="$((940000 * 95 / 100))kbit"
#adsl = ATM overheads calculation
#local = I run pppoe on this linux box
#pppoe-llc = ADSL encapsulation as reported by ADSL modem
#LINKTYPE=“adsl local pppoe-llc”
#LINKTYPE=“adsl local pppoe-llc mtu 1492”
LINKTYPE=“ethernet”
#------------- CUSTOM SERVICES -------------
#unlike FireHOL, only server ports are needed.
#all the services used but not defined here, are defined internally in FireQOS.
#netdata
server_netdata_ports=“tcp/19999”
#VoIP RTP ports.
#As configured in /etc/asterisk/rtp.conf
server_rtp_ports=“udp/10000:10100”
#League of Legends match, for my kids
server_lol_ports=“udp/5000:5500 tcp/8393:8400,2099,5223,5222,8088”
#My OpenVPN servers
server_openvpn_ports=“any/1195:1198”
#Torrent client configured to listen at a fixed port
server_mytorrent_ports=“any/51413”
#dlna
server_dlna_ports=“tcp/8200”
#------------- INTERFACES ------------- qdisc htb
interface $DEVICE lan bidirectional $LINKTYPE input rate $INPUT_SPEED output rate $OUTPUT_SPEED qdisc htb # balanced
class voip pfifo min 10% max 90% pfifo
#0 priority: VoIP
client surfing # tcp/0:1023
client http
client https
client dlna
client dns
client ssh
client microsoft_ds
client netbios_ns
client netbios_dgm
client netbios_ssn
client netdata
client icmp
#client sip
#client stun # udp/3478 udp/3479
#client teamviewer # tcp/5938
#client lol # udp/5000:5500 tcp/8393:8400,2099,5223,5222,8088
class interactive min 10% max 90%
#1 priority: ICMP, DNS, SSH
server dlna
server icmp limit 10% # icmp/any
server dns # udp/53 tcp/53
server ssh # tcp/22
#server sip # udp/5060
#server rtp # udp/10000:20000
class chat min 1% max 10%
#2 priority: chat and conferencing
client facetime # udp/3478:3497 udp/16384:16387 udp/16393:16402
#client hangouts
#client gtalk # tcp/5222 tcp/5228
#client jabber # tcp/5222 tcp/5223 tcp/5269
#server hangouts # udp/19302:19309 tcp/19305:19309
class vpns min 20% max 90%
#3 priority: my VPNs
server pptp # tcp/1723
server GRE # 47/any
server openvpn # any/1195:1198
class servers min 20% max 90%
#4 priority: the servers I run
match tcp port 8080
server http # tcp/80
server https # tcp/443
server netdata # tcp/19999
class samba prio keep min 10% max 500000kbit
#4 priority (prio keep): samba
server microsoft_ds # tcp/445
server netbios_ns # udp/137
server netbios_dgm # udp/138
server netbios_ssn # tcp/139
class surfing prio keep min 5% max 90%
#Again 4 priority (prio keep): Internet Surfing
client rsync # tcp/873 udp/873
class synacks min 5% max 90%
#5 priority: SYNs and small ACKs for the rest of the traffic
match tcp syn
match tcp ack
class default min 10% max 90%
#6 priority: default
#unclassified traffic ends up in the 'default' class
#no need to match anything here
class torrents min 9% max 90%
#7 priority: torrents
client torrents # tcp/6881:6999 udp/6881:6999
server mytorrent prio 1
match sports 16384:65535 dports 16384:65535
Ak budu zaujemci napisem navod. Skusenejsi uzivatelia to zvladnu aj samy ;-)!
Nezlaknite sa sucastou ipk je aj FireHole co je firewal, ale tento nebudete spustat.
Od toho isteho autora je aj program NetData co je monitorovaci program a nativne
podporuje aj QOS. NetData je obsiahnuty v repozitory Ommnii.
Ale spat…
b)Balicek samba4-libs obsahuje kniznice ktore sa nainstalovali do adresara /usr/lib. Podla inych
instalacii samby4 by sa mal nainstalovat do /usr/lib/samba/.
Ak zadate prikaz smbd -b na konci vypisu je zoznam modulov vfs:
Builtin modules:
vfs_default vfs_posixacl auth_builtin auth_sam auth_unix auth_script pdb_smbpasswd pdb_tdbsam
vfs_fruit vfs_shadow_copy2 vfs_recycle vfs_fake_perms vfs_readonly vfs_cap vfs_offline
vfs_crossrename vfs_catia vfs_streams_xattr vfs_xattr_tdb vfs_acl_xattr vfs_acl_tdb.
Tieto moduly boli prelozene, ale nikde ich nemozem najst. Nie su sucastou balicku samba4-libs.
c)Updater vam bude posielat spravu, ze chce nainstalovat spat sambu3-server. Potvrdil som ze beriem na vedomie
vo forise a dal uz pokoj.
Zial nie prisla my nasledovna sprava:
Subject: Upozornění od Vašeho routeru
#####Oznámení o chybách#####
Updater failed:
[string "transaction"]:323: [string "transaction"]:149: Collisions:
• /usr/sbin/smbd: samba4-server (existing-file), samba36-server (new-file)
• /etc/samba/smb.conf.template: samba4-server (existing-file), samba36-server (new-file)
d)Ak nakonfigurujete zdielany adresar je mozne zvolit ci bude len RW alebo R pre cely zdielany adresar v sambe4.
Lepsie by bolo keby sa dalo zvolit, kto bude mat pravo RW a kto len R pre zdielany adresar. Toto je flexibilnejsie!
Preto navrhujem pridat polozku “read list” a “write list” v luci samby, ktorymi sa bude definovat uzivatelia, ktory budu mat pravo
zapisu a citania pre dany adresar.
Kedze tento balicek spravuje spravca balickou, nemal by byt ziadny problem s jeho upravou.
Viem ze teraz finisujete s TO 4 (na vyvoji HW a zjednoteni OS), takze ste na roztrhanie a je vas STALE malo!
Tak sa ponukam ze to vykonam a otestujem a predam vam upravene programy. … ak ste za?
Mam este v plane preverit dalsie programy ako minidlna a nut.
Vela zdravia pri prechode na TO 4.