chrooted debian on Zyxel NSA310

The Zyxel NSA310 is a neat little box, with a good set of software out of the box, frequent firmware updates (for now) and decent performance. I have no desire to replace the software on it as it works really well. However, sometimes you do want a bit more. Putting Debian in a chroot with working sshd has worked well for me in the past (on a Popcorn Hour A-110) so I figured I would do the same here.

I have roughly documented my procedure below; the two scripts you will need are in a git repository. When you follow these steps, you will end up with a fully functional Debian chroot in which you can use apt-get to install additional software. We will also setup telnet running outside of the chroot, accessible from localhost, for easy root access to the NSA itself without going through the backdoor sequence every time.

Of course, this is just a guide, written according to my taste and preferences. Feel free to do things your way; I’d love a comment to hear what you did differently.

One final note: this setup only arranges for ssh and localhost telnet to be started on boot; other daemons you install inside Debian will not get automatic startups. I believe you can replace the ssh line in init.sh with something else to get a full Debian startup, but for now I have no need for it.

  1. grab a working Debian box (I used Debian 6/squeeze amd64), and run ‘sudo /usr/sbin/debootstrap --foreign --arch=armel --variant=minbase --include=openssh-server squeeze ./nas-debootstrap/ ftp://ftp.nl.debian.org/debian’. This creates a Debian environment in ./nas-debootstrap/. Tar it up and copy it to the NSA (in any share will do).
  2. open telnet on the NSA310 - log in as administrator on the webinterface and browse to ‘/zyxel/cgi-bin/remote_help-cgi?type=backdoor’. This opens telnet (port 23). The URL never finishes loading for me, but you can just cancel it. Username is root; password is your admin password.
  3. on my box, the main storage dir is /i-data/370f61a5 which seems a bad thing to standardise on; /etc/zyxel/storage/sysvol is a symlink to it, and we’ll use that from here on.
  4. in /etc/zyxel/storage/sysvol I made a dir .debian; I will refer to this dir as .debian from now on.
  5. extract the tarball and rename it to .debian/root.
  6. type ‘chroot .debian/root /debootstrap/debootstrap --second-stage’ to finish the debootstrap. Then, set a root password: ‘chroot .debian/root passwd root’. Note: after this step you can enter your Debian setup by saying ‘chroot .debian/root’ to look around a bit
  7. mkdir .debian/root/data’ for mounting our actual storage.
  8. outside of the chroot, grab init.sh and telnet.sh from the git repo and put them in .debian and chmod +x them. Put chroot-initin .debian/root/etc and chmod +x it too.
  9. cd /usr/local/zy-pkgs/etc/init.d; ln -s /etc/zyxel/storage/sysvol/.debian/init.sh DEBIAN; ln -s /etc/zyxel/storage/sysvol/.debian/telnet.sh LOTELNET

Now, you should have a Debian setup that starts when you boot your NAS. If everything looks okay, type ‘reboot’ to give it a shot! A reboot on mine (with or without Debian) takes about two minutes, so don’t panic!

When it is up again, try ‘ssh root@nsa310’ replacing nsa310 with the IP or perhaps internal hostname you have. This should drop you into a bash shell inside your Debian setup!

One last thing: to use apt-get, you’ll need a sources.list configuration for it. I recommend using Debian Sources List Generator for this.

Update Jan 5th 2014: All of the above was done on the 4.40 firmware. I have now upgraded to 4.62 without issue, and have also dist-upgraded the Debian to Wheezy. I presume replacing squeeze with wheezy in step 1 would work fine as well.

blogroll

social