Seagate Central

This is taken from the Forums which are now unavailable (Credit has been given)

Compiling

IMPORTANT LD COMMANDS (Found by happyelement AKA github.com/harlequin)

=
==============

max-page-size = 0x10000 common-page-size = 0x10000 Ttext-segment=0x10000

https://github.com/harlequin/open-seagate-central http://seagate-central.blogspot.com/

ok ... let me start with some documentation :smileywink:

Toolchain:

I have taken all the official source code from the seagate website and created an toolchain out of the packages.

One important issue at this point is, that seagate didn't published the "binutils" package.

So therefore I have taken an old and stable version ....


 * 1) !/bin/bash

build=i686-pc-linux-gnu host=$build target=arm-unknown-linux-gnueabi linux_arch=arm
 * 1) target=arm-none-linux-gnu

binutilsv=binutils-2.21.1 gccv=gcc-4.4-2010q1-mv linuxv=git

top=$HOME/central/cross-build/ppc src=$HOME/central/cross-build/src

obj=$top/obj tools=$top/tools sysroot=$top/sysroot

PATH=$tools/bin:$PATH PATH=$tools/bin:$PATH

mkdir -p $obj/binutils cd $obj/binutils $src/$binutilsv/configure --target=$target --prefix=$tools --with-sysroot=$sysroot --disable-werror make -j4 make install
 * 1) BINUTILS

mkdir -p $obj/gcc1 cd $obj/gcc1 $src/$gccv/configure \ --target=$target \ --prefix=$tools \ --without-headers --with-newlib \ --disable-shared --disable-threads --disable-libssp \ --disable-libgomp --disable-libmudflap \ --enable-languages=c PATH=$tools/bin:$PATH make -j4 PATH=$tools/bin:$PATH make install
 * 1) THE FIRST GCC

cp -r $src/$linuxv $obj/linux cd $obj/linux make headers_install ARCH=$linux_arch CROSS_COMPILE=$target- INSTALL_HDR_PATH=$sysroot/usr
 * 1) LINUX KERNEL HEADERS

mkdir -p $obj/eglibc-headers cd $obj/eglibc-headers BUILD_CC=gcc \ CC=$tools/bin/$target-gcc \ CXX=$tools/bin/$target-g++ \ AR=$tools/bin/$target-ar \ RANLIB=$tools/bin/$target-ranlib \ $src/glibc-2.11-2010q1-mvl6/configure \ --prefix=/usr \ --with-headers=$sysroot/usr/include \ --build=$build \ --host=$target \ --disable-profile --without-gd --without-cvs --enable-add-ons
 * 1) EGLIBC Headers and Preliminary Objects

make -j4 install-headers install_root=$sysroot install-bootstrap-headers=yes mkdir -p $sysroot/usr/lib make csu/subdir_lib cp csu/crt1.o csu/crti.o csu/crtn.o $sysroot/usr/lib $tools/bin/$target-gcc -nostdlib -nostartfiles -shared -x c /dev/null -o $sysroot/usr/lib/libc.so

mkdir -p $obj/gcc2 cd $obj/gcc2 $src/$gccv/configure \ --target=$target \ --prefix=$tools \ --with-sysroot=$sysroot \ --disable-libssp --disable-libgomp --disable-libmudflap \ --enable-languages=c PATH=$tools/bin:$PATH make -j4 PATH=$tools/bin:$PATH make install
 * 1) The Second GCC

mkdir -p $obj/eglibc cd $obj/eglibc BUILD_CC=gcc \ CC=$tools/bin/$target-gcc \ CXX=$tools/bin/$target-g++ \ AR=$tools/bin/$target-ar \ RANLIB=$tools/bin/$target-ranlib \ $src/glibc-2.11-2010q1-mvl6/configure \ --prefix=/usr \ --with-headers=$sysroot/usr/include \ --build=$build \ --host=$target \ --disable-profile --without-gd --without-cvs --enable-add-ons PATH=$tools/bin:$PATH make -j4 PATH=$tools/bin:$PATH make install install_root=$sysroot
 * 1) EGLIBC, Complete

mkdir -p $obj/gcc3 cd $obj/gcc3 $src/$gccv/configure \ --target=$target \ --prefix=$tools \ --with-sysroot=$sysroot \ --enable-__cxa_atexit \ --disable-libssp --disable-libgomp --disable-libmudflap \ --enable-languages=c,c++ PATH=$tools/bin:$PATH make -j4 PATH=$tools/bin:$PATH make install
 * 1) The Third GCC

cp -d $tools/$target/lib/libgcc_s.so* $sysroot/lib cp -d $tools/$target/lib/libstdc++.so* $sysroot/usr/lib

Please take care about the directory structure and the downloaded file .... !!!!

When have compiled your own toolchain, there is only one important topic

LDFLAGS="-Wl,-z,max-page-size=0x10000 -Wl,-z,common-page-size=0x10000 -Wl,-O1 -Wl,-Ttext-segment=0x10000"

Because the kernel runs in page-aligned mode and with a base address offset 0x10000

HelloWorld.c (Posted by norstadt)

arm-linux-gnueabi-gcc -march=armv6k -Wl,-z,max-page-size=0x10000,-z,common-page-size=0x10000,-Ttext-segment=0x10000 hello.c -o hello

HOWTO: Add NFS support to Seagate Central (by evilwombat) If you don't know what this is, then you don't need it.

WARNING: THESE INSTRUCTIONS ARE INTENDED FOR USERS WHO ARE VERY FAMILIAR WITH LINUX / UNIX SYSTEMS. DO NOT do this if you don't understand what a particular step does. Doing something wrong is a very easy way to turn your device into an expensive paperweight. The following procedure has received very limited testing. It will (very likely) void your warranty. If done incorrectly, this procedure can permanently destroy your device and/or all data contained on it. Even doing everything correctly can permanently destroy your device and/or all data contained on it. This procedure may also open up security holes on your device and/or network, and should only be done by someone who understands what every step does, and its implications. YOU HAVE BEEN WARNED!

I only tested this once, on Seagate Central 4TB, firmware version 2013.0726.0250-F.

Anyway, I was rather annoyed that my Seagate Central (which runs Linux) can only share files with my laptop (which also runs Linux) using the CIFS / SMB sharing protocol. This is annoying. So, I went about seeing what I can do to compile an NFS server daemon to run directly on Seagate Central so that I can access it from Linux without having to encounter CIFS limitations.

Seagate Central is really an ARM board running Linux. So, we can cross-compile portmap and nfs-utils for ARM and presumably start them, and be able to configure NFSD from there.

First, we need to cross-compile portmap and nfs-utils for ARM. Props go to forum user 'happyelement' for having posted the LDFLAGS necessary for compiling binaries that this system will actually run. For getting portmap and nfs-utils cross-compiled, you can either (a) build them yourself or (b) use the pre-built binaries that I provided.

CROSS-COMPILING PORTMAP AND NFS-UTILS (skip this if you are using my pre-built files)

Buildroot is a handy (albeit quirky) environment for cross-compiling annoying things. So we'll be using that. On a normal Linux system (I used Ubuntu 12.04 x86_64), open a terminal and do this:

1. Clone buildroot:

git clone http://git.buildroot.net/git/buildroot.git

2. Checkout version 2012.05. We need an old version that supports an older toolchain that uses thelibc version that Seagate used.

cd buildroot

git checkout 2012.05

3. Apply the attached 0001-portmap-respect-target-LDFLAGS.patch to buildroot, to cause portmap to honor (happyelement's) LDFLAGS.

git am 0001-portmap-respect-target-LDFLAGS.patch

4. Copy my (attached) buildroot config file to .config in the buildroot directory

cp seagate_central_config .config

5. Build everything.

make

When compilation is complete, 'buildroot' will contain a directory called output/target where our binaries will end up.

portmap will end up in output/target/sbin/portmap.

rpc.mountd, rpc.nfsd, rpc.statd, and exportfs will end up in output/target/usr/sbin/. So you can just grab those from there. Or you can just use the ones that I've attached.

Anyway, once you've got your binaries, we copy them to Seagate Central and set them up. To do that:

1. Using whatever method you want, copy portmap, rpc.mountd, rpc.nfsd, rpc.statd, and exportfs to Seagate Central. I just used the CIFS mount to put them directly into my user directory, but you should be careful with doing that because these are things that will run (possibly as root) directly on the device, so there are some security considerations here. So make your own decisions. If you don't understand what this means, you probably should avoid this stuff.

2. ssh into seagate central and get root acess.

3. On Seagate Central, add the following two lines to /etc/services. The 'vi' keybindings can be tricky. Be careful!!!

nfs            2049/tcp nfs            2049/udp

4. Create a /etc/exports file (which contains your NFS exports). If your goal is to set up NFS, you presumably already know what this does. See nfs-utils documentation for syntax information. Anyway, I made a really simple one that just exports /Data/Public:

/Data/Public *(rw,no_root_squash,no_subtree_check)

5. cd into whereever you copied the aforementioned binaries (portmap and rpc.whatever) and start them (with no arguments), in this order:

./portmap ./rpc.mountd ./rpc.nfsd ./rpc.statd

6. NFSD should now be running. You should be able to mount /Data/Public on your Linux machine using the following command:

If you don't know what this is, then you don't need it.

WARNING: THESE INSTRUCTIONS ARE INTENDED FOR USERS WHO ARE VERY FAMILIAR WITH LINUX / UNIX SYSTEMS. DO NOT do this if you don't understand what a particular step does. Doing something wrong is a very easy way to turn your device into an expensive paperweight. The following procedure has received very limited testing. It will (very likely) void your warranty. If done incorrectly, this procedure can permanently destroy your device and/or all data contained on it. Even doing everything correctly can permanently destroy your device and/or all data contained on it. This procedure may also open up security holes on your device and/or network, and should only be done by someone who understands what every step does, and its implications. YOU HAVE BEEN WARNED!

I only tested this once, on Seagate Central 4TB, firmware version 2013.0726.0250-F.

Anyway, I was rather annoyed that my Seagate Central (which runs Linux) can only share files with my laptop (which also runs Linux) using the CIFS / SMB sharing protocol. This is annoying. So, I went about seeing what I can do to compile an NFS server daemon to run directly on Seagate Central so that I can access it from Linux without having to encounter CIFS limitations.

Seagate Central is really an ARM board running Linux. So, we can cross-compile portmap and nfs-utils for ARM and presumably start them, and be able to configure NFSD from there.

First, we need to cross-compile portmap and nfs-utils for ARM. Props go to forum user 'happyelement' for having posted the LDFLAGS necessary for compiling binaries that this system will actually run. For getting portmap and nfs-utils cross-compiled, you can either (a) build them yourself or (b) use the pre-built binaries that I provided.

CROSS-COMPILING PORTMAP AND NFS-UTILS (skip this if you are using my pre-built files)

Buildroot is a handy (albeit quirky) environment for cross-compiling annoying things. So we'll be using that. On a normal Linux system (I used Ubuntu 12.04 x86_64), open a terminal and do this:

1. Clone buildroot:

git clone http://git.buildroot.net/git/buildroot.git

2. Checkout version 2012.05. We need an old version that supports an older toolchain that uses thelibc version that Seagate used.

cd buildroot

git checkout 2012.05

3. Apply the attached 0001-portmap-respect-target-LDFLAGS.patch to buildroot, to cause portmap to honor (happyelement's) LDFLAGS.

git am 0001-portmap-respect-target-LDFLAGS.patch

4. Copy my (attached) buildroot config file to .config in the buildroot directory

cp seagate_central_config .config

5. Build everything.

make

When compilation is complete, 'buildroot' will contain a directory called output/target where our binaries will end up.

portmap will end up in output/target/sbin/portmap.

rpc.mountd, rpc.nfsd, rpc.statd, and exportfs will end up in output/target/usr/sbin/. So you can just grab those from there. Or you can just use the ones that I've attached.

Anyway, once you've got your binaries, we copy them to Seagate Central and set them up. To do that:

1. Using whatever method you want, copy portmap, rpc.mountd, rpc.nfsd, rpc.statd, and exportfs to Seagate Central. I just used the CIFS mount to put them directly into my user directory, but you should be careful with doing that because these are things that will run (possibly as root) directly on the device, so there are some security considerations here. So make your own decisions. If you don't understand what this means, you probably should avoid this stuff.

2. ssh into seagate central and get root acess.

3. On Seagate Central, add the following two lines to /etc/services. The 'vi' keybindings can be tricky. Be careful!!!

nfs            2049/tcp nfs            2049/udp

4. Create a /etc/exports file (which contains your NFS exports). If your goal is to set up NFS, you presumably already know what this does. See nfs-utils documentation for syntax information. Anyway, I made a really simple one that just exports /Data/Public:

/Data/Public *(rw,no_root_squash,no_subtree_check)

5. cd into whereever you copied the aforementioned binaries (portmap and rpc.whatever) and start them (with no arguments), in this order:

./portmap ./rpc.mountd ./rpc.nfsd ./rpc.statd

6. NFSD should now be running. You should be able to mount /Data/Public on your Linux machine using the following command:

mount -t nfs your-seagate-central-hostname:/Data/Public /media/some-mount-point-of-your-choice

Good luck!

'''HOWTO Enable Twonky Settings ''' This enables the Twonky web settings

open the config file

nano /Data/TwonkyData/twonkyconfig/twonkyserver.ini

Look for # access to web config pages, 0 for denied, 1 for local only, 2 for open

enableweb=1
 * 1) access to web config pages, 0 for denied, 1 for local only, 2 for open

Change the value to 2

enableweb=2
 * 1) access to web config pages, 0 for denied, 1 for local only, 2 for open

Restart the Seagate Central

Opne your browser to

SEAGATECENTRALIP:9000

---

HOWTO: Setting up the FTP server on the Seagate Central (by Papabear) [ Edited ] Options

‎08-16-2013 12:11 AM - edited ‎08-16-2013 10:51 AM

UPDATE #1 : the value pasv_address=yourWANIP needs to be present when using passive mode behind a router/firewall

Hi,

I felt I had to write this guide because for me it's frustrating to see how many people are disappointed with the provided Remote Access in its current incarnation. Using FTP to access your content remotely is a safe and widespread method if set up correctly.

Although I have no idea if accessing the Central with this method is a breach of Seagate policy or warranty, it is definitely no hack or tampering because they provided the drive with both SSH and FTP enabled.

I guess I will soon enough find out if this post is not allowed.

About the guide: the method described here worked for me accessing from a Windows 7 computer on the same network as the NAS. It's also important to tell you that I have very little Linux experience and that I had to learn all of this as I was going along.

This means that certain issues may have been overlooked or have been simplified. So corrections are always welcome.

In a future post I will be writing a quick tutorial on how to copy files directly from a USB drive to the Central, instead of over the network.

Anyway, here goes...

Your Seagate Central NAS has both the FTPserver (vsftpd) and SSH (OpenSSH) enabled by default.

Although you can open up SSH to the internet as well and use this for file transferring, I recommend you use the FTP server instead for security reasons.

OpenSSH can be opened up to the internet but then you should at least be using key authentication instead of password authentication. And the latter I haven’t been able to get working yet.

But that’s another story altogether. This guide will focus on setting up the FTP server and just use SSH to connect to the Linux shell.

1. Download Putty from this location.

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

(the first link putty.exe)

2. Run it on one of your computers in the same network as your NAS.

Default settings should be ok but just to be sure, check SSH is selected.

Enter the IP of the NAS and the default port for SSH is 22.

Click Open.

3. You are now remotely logging in to the Linux shell of the Central NAS.

You are prompted with “login as:”

Here you should enter one of the usernames you created with the Seagate webadmin.

(Logging out of the shell can be done with the “exit” command or Ctrl-D.)

Once you are logged in you’d want to switch to the root account. This is the account which has all privileges on the Linux system.

Type “su –“ to switch to the root account. (To switch to other accounts enter “su username”)

Noticed how you didn’t have to enter a password? This is not very safe obviously so first I’d suggest to give the root user a password.

Enter “passwd” to change the password for the current user. To change the password for other users type “passwd username”.

Changing a password in the shell has the same effect as entering a new password in the Seagate webadmin for any given user.

4. Now that you are logged in as root (# = root, $= standard user) you should navigate to the folder where the vsftpd config file is located.

By default you are in the home directory of your user. (identified by the ~symbol)

(The home directory of each user you created in the webadmin will be /Data/username )

To go up one directory you can do a “cd ..”, mind the space after cd.

Once you reached “/” you are at the top folder, similar to the C:\ in Windows.

For our needs it’s easier to just type “cd /etc” and we are in the folder we need to be.

To list the files you enter “ls –al”. As you can see there are a couple of files related to vsftpd.

(Should you wonder what all the info means in the file listing, there is a very good explanation right here -> http://www.firewall.cx/general-topics-reviews/linuxunix-related/introduction-to-linux/299-linux-file... )

Anyway the file we’re interested in is vsftpd.conf and possibly vsftpd.user_list

5. First off we start with the configuration file vsftpd.conf.

I urge you to make a backup of the file first with the copy command. Enter “cp vsftpd.conf vsftpd.conf_backup”

I guess now is the most tricky part, you need to learn how to work with the text editor “vi”.

It’s not that hard but it takes some getting used to, here’s a nice basic tutorial -> http://www.cs.colostate.edu/helpdocs/vi.html

Once you get the hang of things we need to change some values in the config file.

A value that is commented out (with #) is omitted and uses the default value.

Just clear the # and change the value to your needs.

Make sure you don’t enter the same value twice anywhere in the file.

I will just list settings that are important to set up your server, obviously there are many more settings available which I suggest you look up on the net.

( https://security.appspot.com/vsftpd/vsftpd_conf.html )

If the value doesn’t exist you can add them at the bottom of the file, if it already exists just change them accordingly.

A nice guideline I used to set things up is http://ubuntuforums.org/showthread.php?t=518293

Important stuff:

listen=YES -> makes it a stand-alone running server

ftp_username=nobody -> the username entered here is used for anonymous logins which I don’t use, “nobody” on the Central is actually the underlying username for the Public folder. So anonymous logins (if enabled) would be working within the Public folder.

anonymous_enable=NO -> speaks for itself.

local_enable=YES -> allows local users to use the ftp, I have this enabled so I can upload or download files in my own private folder.

write_enable=YES -> enable writing on the ftp server, yes please if you are going to upload files or change anything.

connect_from_port_20=NO -> if YES active connections to the server are allowed, I only recommend passive ftp so NO

chown_uploads=NO -> chown is the linux command to change the owner of a specific file, this should not be necessary when you’re working within your own private folder

chroot_local_user=YES

chroot_list_enable=NO

-> these 2 options set as shown will lock all users in their home directory and prevents them from navigating around the system.

See the guideline link for more info on different settings.

userlist_enable=YES

userlist_deny=NO

userlist_file=/etc/vsftpd.user_list

These settings will only allow users to login which are listed in the vsftpd.user_list file.

Personally I think this is the safest way to go.

So when you “vi” vsftpd.user_list you should only list the users you want to allow to login to the FTP server. I would remove the ftp and nobody user if you want to do things like I did.

As I said before nobody is the username that is connected to the Public folder and ftp is a common login used for anonymous logins.

Again for different settings concerning users, check out the guideline link.

listen_port=21 -> this is the default FTP port but possibly your ISP has blocked several ports including this one for security reasons. I would suggest setting this to a high number like 45000 something.

At least something above 1024 and not a port that is used by a common service.

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

No matter what port you choose you will have to forward it in your router to allow outside access.

pasv_address=yourWANIP -> enter your external WAN IP here to get passive mode working, if not your server will give out the LAN IP to the client and things will not work

When using passive mode like I do, it's also recommended to enter a passive port range:

pasv_min_port=12000 pasv_max_port=12100

And don't forget to forward these ports in your router's firewall as well !

So once everything is set with the vi text editor and you saved and exited back to the command prompt we are going to have to restart the server.

Enter “/etc/init.d/vsftpd restart”

You should get a message that the server has stopped and again started.

Now the server is running with your new settings.

Now we have covered the basic setup for the vsftpd server.

However I personally suggest to enable SSH to secure your server. I will explain this in the next part.

But first up you should try if the server works and you can connect to it from inside and outside your home network. Use the local IP of the Central when you’re connecting from within your network.

To connect from the outside you should enter your WAN IP.

Don’t enter your WAN IP from within your home network, this might give errors.

7. Setting up a secure FTP server with SSH

When you enable SSH in the config file your server uses a secure connection which is very much recommended.

In your client you just need to set the connection to FTPS Explicit. I use SmartFTP for this with no problems.

Important note: Enabling SSH on the vsftpd server causes file transfers to be significantly slower than standard FTP connections. I suppose this is due to extra overhead induced by the encryption.

Although slower I still recommend to use encryption when connectiong from outside your network.

Extra settings that should be present in the config file to enable secure FTP are :

ssl_enable=YES -> enables SSL altogether

ssl_tlsv1=YES -> this is the preferred type of secure connection so at least this option should be enabled

ssl_sslv2=YES

ssl_sslv3=YES

allow_anon_ssl=NO -> if SSL is enabled allows anonymous logins to use SSL (obviously when anonymous logins are enabled on the server)

force_local_data_ssl=YES -> if SSL is enabled local users are forced to use SSL for all data transfers

If you set this to NO, the client can choose to use encryption or standard FTP.

force_local_logins_ssl=YES -> if SSL is enabled local users are forced to use SSL for logging in

If you set this to NO, the client can choose to use encryption or standard FTP.

(I recommend using the same value for these two settings.)

rsa_cert_file=/etc/vsftpd.pem -> standard authentication file used by vsftpd for encryption

Good luck :smileytongue: