NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
OS 6 tips and tricks
I believe this would be a good idea to provide some tips to use with OS6 units. Anyone will take its responsibilities and decide to use them or not.
As a disclaimer I will tell that enabling SSH may cause Netgear to deny support, I don't know what's their exact policy for that. I know they did enable it on my unit for the last ticket I filled and I don't think they will deny me support for something they did. So I think unless you harm the system they will support but I'm no Netgear and can't think for them.
Before trying anything you want to understand it. Don't apply something you don't understand. Tips provided come with no warranty and may be unsafe. Use with caution.
Activating EXFat support
plug the drive and wait for it to show.
Reducing the number of apache process
I personnaly don't use apache unless I need to log to the dashboard. By default Netgear has 5 startup servers, you can get this down to one. This will save you a few Mb of memory (always useful on the RN102/104)
go to /etc/apache2/apache2.conf
replace StartServers values with 1. Replace MinSpareServers with 1.
Solve apache warning about hostname
You may get "apache2: Could not reliably determine the server's fully qualified domain name, using YourIPAddress for ServerName" while starting apache. I don't know for you but I hate to get warnings ;)
In /etc/apache2/apache2.conf
add a line beginning with ServerName followed by the domain name.
show detailed memory information (safe)
Add autodefrag to BTRFS mount options (experimental feature)
edit /etc/fstab
add ",autodefrag" after nodatasum (no space).
you should see autodefrag in the mount options
show CPU usage and process running (safe)
Mount SMB shares
create the folder you want the share to be mounted to.
/mnt/share for example :
Defrag from command line
This is the default defrag command for recursive defrag. Doing it with /data won't work so you'll have to do it with every folder in /data to get a full defrag. (source : https://btrfs.wiki.kernel.org/index.php ... y_files.3F ).
I added the verbose mode (-v) so that you can see the last file processed.
you can exclude files :
Running a test VM
http://apps.readynas.com/pages/?page_id=143
Adding color to ls
edit the .bashrc file in your home directory (~/.bashrc)
add a line with :
Free memory
it speeds up my NAS web interface, it shouldn't but it does. Effect should be void at reboot.
Firewall
with 6.1.7RC5 (untested on other version) you can get basic iptables support. You definitely don't want SSH to be accessible from internet, do you ? This lets you deny everything (AFP, SMB...) at once without going on every config file.
This script allows only incoming HTTPS and ping on interface eth1 (the second one). Rules are erased at boot by default, you can enforce them via cron for example but you definitely want to test before doing that. I kept everything simple but you can be way more paranoid.
send a mail
for your scripts...
with test.mail formatted as this (with the empty line):
I'll try to post some more if people are interested.
As a disclaimer I will tell that enabling SSH may cause Netgear to deny support, I don't know what's their exact policy for that. I know they did enable it on my unit for the last ticket I filled and I don't think they will deny me support for something they did. So I think unless you harm the system they will support but I'm no Netgear and can't think for them.
Before trying anything you want to understand it. Don't apply something you don't understand. Tips provided come with no warranty and may be unsafe. Use with caution.
Activating EXFat support
apt-get install exfat-fuse exfat-utils
plug the drive and wait for it to show.
Reducing the number of apache process
I personnaly don't use apache unless I need to log to the dashboard. By default Netgear has 5 startup servers, you can get this down to one. This will save you a few Mb of memory (always useful on the RN102/104)
go to /etc/apache2/apache2.conf
replace StartServers values with 1. Replace MinSpareServers with 1.
apachectl restart
Solve apache warning about hostname
You may get "apache2: Could not reliably determine the server's fully qualified domain name, using YourIPAddress for ServerName" while starting apache. I don't know for you but I hate to get warnings ;)
In /etc/apache2/apache2.conf
add a line beginning with ServerName followed by the domain name.
show detailed memory information (safe)
cat /proc/meminfo
Add autodefrag to BTRFS mount options (experimental feature)
edit /etc/fstab
add ",autodefrag" after nodatasum (no space).
mount -o remount /data.
mount |grep data
you should see autodefrag in the mount options
show CPU usage and process running (safe)
top
Mount SMB shares
create the folder you want the share to be mounted to.
/mnt/share for example :
mkdir /mnt/share
mount -t cifs -o username=User,password=Password //IP/Mount-point /mnt/share/
Defrag from command line
This is the default defrag command for recursive defrag. Doing it with /data won't work so you'll have to do it with every folder in /data to get a full defrag. (source : https://btrfs.wiki.kernel.org/index.php ... y_files.3F ).
find /data/Share-Name -xdev -type f -exec btrfs filesystem defragment -v -- {} +I added the verbose mode (-v) so that you can see the last file processed.
you can exclude files :
find /data/Share-Name ! -path "*filename" -xdev -type f -exec btrfs filesystem defragment -v -- {} +Running a test VM
http://apps.readynas.com/pages/?page_id=143
Adding color to ls
edit the .bashrc file in your home directory (~/.bashrc)
add a line with :
alias ls='ls --color'
Free memory
it speeds up my NAS web interface, it shouldn't but it does. Effect should be void at reboot.
echo 3 > /proc/sys/vm/drop_caches
Firewall
with 6.1.7RC5 (untested on other version) you can get basic iptables support. You definitely don't want SSH to be accessible from internet, do you ? This lets you deny everything (AFP, SMB...) at once without going on every config file.
This script allows only incoming HTTPS and ping on interface eth1 (the second one). Rules are erased at boot by default, you can enforce them via cron for example but you definitely want to test before doing that. I kept everything simple but you can be way more paranoid.
#GET ETH1 IP ADDRESS (if you use DHCP and want filtering with rules implying IP address destination/sourcei use $IP_ETH1 instead of ETH1 IP address)
IP_ETH1=`ifconfig eth1 |grep "inet addr" | awk '{ print $2 }' |cut -b6-`
#ERASE OLD RULES
iptables -F
#PASS HTTPS
iptables -A INPUT -p tcp --dport 443 -j ACCEPT -i eth1
#PING INBOUND RULE SIMPLE
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT -i eth1
#BLOCK ANYTHING ELSE (add anything that should be allowed before this rule)
iptables -A INPUT -j DROP -i eth1
send a mail
for your scripts...
cat test.mail | msmtp -a default dest@domaine.com
with test.mail formatted as this (with the empty line):
subject: subject-message
message of the mail.
I'll try to post some more if people are interested.
5 Replies
Replies have been turned off for this discussion
- Hello xeltros
Excellent tips!I am expecting more from you and trying to practice on my ReadyNAS 104. - In case you want to test safely ;)
http://apps.readynas.com/pages/?page_id=143
I have some ideas left but need some testing and searching. - Added Defrag, ls and VM tips to the original post.
- Thanks a lot ! Excellent idea Xeltros ! I hope other's will give you more tips to add to this list.
- added a tip to free memory caches, send mail and another to do some basic firewalling.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
