Sun 15 April 2012
Zyxel NSA310 is a neat little box, with a good set of software
out of the box, frequent firmware updates (for now) and decent
performance. I have no desire to replace the software on it as it works
really well. However, sometimes you do want a bit more. Putting Debian
in a chroot with working sshd has worked well for me in the past (on a
Popcorn Hour A-110) so I figured I would do the same here.
I have roughly documented my procedure below; the two scripts you will
need are in
a git repository. When you follow these steps, you will
end up with a fully functional Debian chroot in which you can use
apt-get to install additional software. We will also setup telnet
running outside of the chroot, accessible from localhost, for easy root
access to the NSA itself without going through the backdoor sequence
Of course, this is just a guide, written according to my taste and
preferences. Feel free to do things your way; I’d love a comment to hear
what you did differently.
One final note: this setup only arranges for ssh and localhost telnet to
be started on boot; other daemons you install inside Debian will not get
automatic startups. I believe you can replace the ssh line in
with something else to get a full Debian startup, but for now I have no
need for it.
grab a working Debian box (I used Debian 6/squeeze amd64), and run
sudo /usr/sbin/debootstrap --foreign --arch=armel --variant=minbase --include=openssh-server squeeze ./nas-debootstrap/ ftp://ftp.nl.debian.org/debian’.
This creates a Debian environment in
./nas-debootstrap/. Tar it up
and copy it to the NSA (in any share will do).
open telnet on the NSA310 - log in as administrator on the
webinterface and browse to
/zyxel/cgi-bin/remote_help-cgi?type=backdoor’. This opens telnet
(port 23). The URL never finishes loading for me, but you can just
cancel it. Username is root; password is your admin password.
on my box, the main storage dir is
/i-data/370f61a5 which seems a
bad thing to standardise on;
/etc/zyxel/storage/sysvol is a
symlink to it, and we’ll use that from here on.
/etc/zyxel/storage/sysvol I made a dir
.debian; I will refer
to this dir as
.debian from now on.
extract the tarball and rename it to
chroot .debian/root /debootstrap/debootstrap --second-stage’
to finish the debootstrap. Then, set a root password:
chroot .debian/root passwd root’. Note: after this step you can
enter your Debian setup by saying ‘
chroot .debian/root’ to look
around a bit
mkdir .debian/root/data’ for mounting our actual storage.
outside of the chroot, grab
telnet.sh from the git
repo and put them in
.debian and chmod +x them. Put
.debian/root/etc and chmod +x it too.
cd /usr/local/zy-pkgs/etc/init.d; ln -s /etc/zyxel/storage/sysvol/.debian/init.sh DEBIAN; ln -s /etc/zyxel/storage/sysvol/.debian/telnet.sh LOTELNET’
Now, you should have a Debian setup that starts when you boot your NAS.
If everything looks okay, type ‘
reboot’ to give it a shot! A reboot on
mine (with or without Debian) takes about two minutes, so don’t panic!
When it is up again, try ‘
ssh root@nsa310’ replacing nsa310 with the
IP or perhaps internal hostname you have. This should drop you into a
bash shell inside your Debian setup!
One last thing: to use
apt-get, you’ll need a
configuration for it. I recommend using
Debian Sources List
Generator for this.
Update Jan 5th 2014: All of the above was done on the 4.40 firmware. I have now upgraded
to 4.62 without issue, and have also dist-upgraded the Debian to Wheezy. I presume
replacing squeeze with wheezy in step 1 would work fine as well.