by ·0 Comments

iodineI’ve had some troubles getting Iodine-server to work under CentOS 7. So iv’e decided to write an article how I’ve managed to get it to work.

This instruction is based on a setup using iptables instead of firewalld, because I run iptables on all my servers since forever.

DNS setup

For iodine to work there are two records required. An A-record and an NS record. I’ve used the same naming as the iodine documentation, to keep it as simple as possible.
First add an A-record with the name t1ns that points to the ip of your server that will run the iodine server. The ip used here for the example should be replaced by your ip.
A: t1ns.<<yourdomain>> → 374.263.291.194

Then add an NS record with the name t1 that points to the A-record you’ve just made;
NS: t1.<<youdomain>> → t1ns.<<yourdomain>>

That’s all there is required for iodine to work with your domain.

Installing iodine

Firstly, make sure the EPEL repository is installed:
yum -y install epel-release

Then install iodine-server:
yum -y install iodine-server

Next is configuring iodine by editing /etc/sysconfig/iodine-server.
Make sure the line that starts with OPTIONS look something like this:
OPTIONS="-f -c -P <<yourpassword>> 10.1.1.1 t1.<<yourdomain>>"
Replace <<yourpassword>> with the password you wish to use, and <<yourdomain>> with the domain you are using for iodine.

Then, start iodine-server and enable it at boot:
systemctl start iodine-server
systemctl enable iodine-server

Configure traffic routing

Allow DNS and NAT traffic trough iptables:
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
iptables -t filter -A INPUT -p udp -m multiport --dports 53 -j ACCEPT
iptables -t filter -A INPUT -i dns0 -j ACCEPT
iptables -t filter -A OUTPUT -o dns0 -j ACCEPT
iptables -t -A OUTPUT -p udp -m multiport --dports 53 -j ACCEPT
iptables -t filter -A FORWARD -i dns0 -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT

And save the new ruleset:
iptables-save > /etc/sysconfig/iptables

Next, allow ipv4 packet forwarding and restart the network service to apply this change:
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_forward.conf
systemctl restart network

Conclusion

That’s it. You should be able to connect with iodine to your server by using the address t1.<<yourdomain>>.

An Android client that seems to work pretty good and I use is AndIodine, and is available via the F-Droid catalogue.

Please leave a comment if this post was helpfull in any way.

by ·0 Comments

For my (simple) file server I’ve done a minimal installation of CentOS 5.4, and added some repositories. I’ve decided to use ZFS as filesystem for my storage.

The installation of zfs-fuse went smooth, and I’ve created a pool in no-time. There were many tutorials available online on how to do this stuff.

The only problem I ran into, was running out out of memory. The server has only 512Mb Ram, and zfs-fuse was using over 400Mb RAM.

After some research, it seamed the problem was the caching mechanism of ZFS. After a while I figured out how to disable this caching mechanism. You can use the following commands:

zfs set secondarycache=none data

zfs set primarycache=none data

Where data is the name of the pool. This affects the performance of this filesystem, but at least my server doesn’t run out of memory anymore.

Another tip for ZFS: after an update, upgrade your pool to a new version with the following command:

zpool upgrade data