NOTE (7/7/2012) : I recently upgraded to ffp 0.7. For the most part, I simply followed the well-written directions posted here. I am happy to report that the transition was indeed smooth and painless! If you are on the fence whether to upgrade (or are doing a fresh ffp install), I strongly recommend that you use ffp 0.7. Updated versions of all software mentioned here (Telnet, SSH, PHP, Lighttpd, Transmission) work the same, if not better. I love the convenience offered by the new Slacker tool. Also, Midnight Commander is a delight!
I have been deliberating for quite a while about buying an increased capacity hard drive to store my ever expanding digital content. After a lot of research, my focus gradually shifted to purchasing a NAS RAID device instead. It just makes more sense. The ubiquity of these systems coupled with drastically reducing hard drive prices makes it a no-brainer. I finally settled on a DNS-323. The ability to install pretty much ANY Linux based server on this miniature device makes it an awesome buy! It turns out that the folks at D-Link actually realize the benefits of having such a robust community around their product and tweak their firmware accordingly.
I also purchased two 1 TB Samsung green drives (HD103SI) to store all my data (in RAID1)
Documented below are all the steps my NAS went through – Most of this information has been gathered from various online websites.
Step 1: Initial setup
After hooking up my NAS (without any drives) into my router, it was assigned a random IP address by the DHCP server in my router (WPN824). The first order of business was to assign a static IP so that my NAS is assigned the same address every time. There are two ways this can be done
- Setting up a static IP address in the DNS-323 web interface (this would hardcode an IP address in the device and could present a problem if a need arose to attach it to another router)
- Use the ‘Address reservation’ feature of the router to assign a constant IP address to the NAS. This the approach I took. My router had an easy way to set this up (WPN824 web interface->LAN Setup->Address Reservation.. I assigned my NAS an IP of 192.168.1.4 as shown below). Note that you will need to power cycle your router in order for the new IP addresses to be assigned.
Once the IP is fixed, the NAS can be accessed by pointing your browser to the assigned IP (http://192.168.1.4 in my case). The next step was to check and upgrade the firmware (this is strongly recommended by D-link). My DNS-323 came with firmware version 1.07 installed. A quick look on the D-Link website revealed that the most recent firmware is 1.09. An upgrade was in order
Note that a firmware upgrade must never be done using a computer hooked up to the router over a wireless link. I downloaded the latest firmware on my desktop, expanded the zip file and uploaded it from the web interface (Tools->Firmware). The upgrade was a smooth process. Graphic below:
Ok.. Now that the firmware was upgraded, I powered down the system and inserted my two SATA drives in the provided slots. The NAS was then powered back up. On opening up the web interface, my drives were recognized and displayed.
I decided to go with RAID 1 and format my drives to the more stable EXT3 file system.
Your NAS is designed to send you an email when several pre-defined events occur. Lets go ahead and set that up in the admin screen. I have it configured to send emails to my Gmail account.. Working settings below:
That’s it! Basic setup is complete. After you restart, your drive (named Volume_1) will be available to all computers on your LAN.
Step 2: Preparing Your NAS for Awesomeness!
What you did in step 1 covered the bare minimum of what your NAS is capable of. This step will reveal the sheer power of this tiny device!
There is a nifty little package named fun_plug which when installed on the DNS-323 opens up the system to numerous software installations. The firmware installed by DLink actually looks for this plug-in in the last phase of the boot up process (and loads it if found).
Setup of fun_plug is as simple as downloading the two packages into Volume_1 and restarting your NAS. As of this writing, the most recent version of fun_plug is 0.5 and it is available at http://www.inreto.de/dns323/fun-plug/0.5/. Do read all the text/instructions on this website for more information regarding the packages bundled with fun_plug.
Restart your DNS-323. The fun_plug.tgz file is unpacked (into a directory named ffp) and the .tgz file is deleted. A telnet server is also started so that you can log into your NAS and work with the files on the device. The package you just installed contains several goodies.. The most notable among them being:
- Lighttpd Web Server
- OpenSSH Secure Shell
- RSync File Transfer Utility
I prefer using windows for setting up fun_plug on my DNS-323. In order to login to our NAS box, we need a telnet client. Windows 7 comes with a Telnet client but it needs to be turned on (Control Panel->Programs->Add/Remove windows features):
After the client is setup , click on start and type in “Telnet” in the search box. In order to connect to the DNS-323, type in
This literally means “Open a connection to 192.168.1.4”. Installing the fun_plug package started a telnet server on the NAS and this is what allows us to login to the box. Note that the telnet connection does not prompt for any passwords and logs you in with root privileges (this is inherently insecure and we will take steps to close this vulnerability in the future).
Step 3: Activating Lighttpd web server
Not being content with the ability to access our shared folders on the internal LAN, we are now going to transform our little NAS box into a web server.
Lighttpd is an open source, super-tiny, high-performance web server. What’s more, it comes bundled with fun_plug.. all that is required to be done is to setup a few config parameters:
I created a folder named “share” on volume_1 of my NAS, and I would like for the entire “share” folder (and everything under it) to be web accessible (In case I want to view/download something over the internet, I would like the option to do so). In the final phase of our setup, we will be securing our web server.. so, don’t worry too much about it now.
Telnet into your NAS (o 192.168.1.4 from windows telnet client) and type in the following commands:
cd /ffp/etc //change directory to the /ffp/etc folder
cp examples/lighttpd.conf . //copy the lighttpd.conf file from examples into current directory
cd /mnt/HD_a2 //navigate to /mnt/HD_a2.. our shared drive home..
mkdir logs //create directories for the logs
Now, we can customize the lighttpd.conf file that we copied into /ffp/etc
(vi is the default editor and it takes a bit of getting used to.. Please make sure you know the basics before opening vi.. ‘i’ for insert, ‘esc’+’:wq’ for ‘save and exit’, ‘esc’+’:q’ for ‘exit without saving’ etc.)
Edit the following lines establishing document folders and replace them with the intended folder paths:
server.document-root = “/mnt/HD_a2/share/”
server.upload-dirs = ( “/mnt/HD_a2/tmp” )
server.errorlog = “/mnt/HD_a2/logs/error.log”
#### accesslog module
accesslog.filename = “/mnt/HD_a2/logs/access.log”
Now, we are ready to start off our webserver:
cd /ffp/start //navigate to the ‘start’ folder.
chmod a+x lighttpd.sh //grant execute permissions to all
sh /ffp/start/lighttpd.sh start //start up the web server!
By default, it activates the web server at port 8080. So, if all went well, you should be able to navigate to http://192.168.1.4:8080 on your browser and see the existing folders.
Installing PHP (Updated 4/2/2011):
PHP is not installed as part of fun_plug by default, but you can get it from the extra-packages repository from here (php-5.2.9 as of this writing). Telnet into your NAS:
#funpkg -i php-5.2.9-1.tgz
To use PHP with the lighttpd-webserver, you have to use the appropriate configuration file template (provided in the examples directory). Note that if you customized your earlier .conf file, you need to make a backup copy before replacing your existing config file:
#cp /ffp/etc/examples/lighttpd.conf-with-php /ffp/etc/lighttpd.conf
Also copy the recommended php.ini file to the appropriate folder:
#cp /ffp/etc/examples/php.ini-dist /ffp/etc/php.ini
Restart lighttpd to load the new configuration:
#sh /ffp/start/lighttpd.sh restart
You now have all the goodies that php has to offer (you may want to create a phpinfo file in your web folder to test before proceeding). A simple blog application is easy to setup. Head over to Flatpress and grab a copy (it is a beautiful minimalist flat-file based blogging platform that works very nicely on our NAS). Extract it and save it to your web folder (say /www/).
NOTE: You need to include ctype.so in your php.ini in order to play nice with Flatpress:
uncomment (or add) the following line in the extensions section:
If all went well, you will be able to navigate to http://192.168.1.4:8080/flatpress and finish setting up your personal blog server!
Step 4: Installing Transmission BitTorrent Client
DNS-323 does come with an inbuilt bit torrent client. But it completely pales in comparison to the features and interface of ‘Transmission’. In addition, the UI of transmission offers us the ability of selecting individual files within the torrent, and the ability to automatically download torrents placed in a designated folder. Setup is quite simple. Most of the work is already done.. we just need to download pre-compiled libraries and setup appropriate config options:
Telnet into your NAS – Open the windows telnet client and type in
Download and setup the uclibc library (C library optimized for embedded systems)
# cd /mnt/HD_a2
# wget http://www.inreto.de/dns323/fun-plug/0.5/packages/uclibc-0.9.29-7.tgz
# funpkg -i uclibc-0.9.29-7.tgz
After the install step above, REBOOT the NAS. Next, get the libcurl and transmission packages, and install them
UpdateFeb 12,2012: Links have been updated to install transmission 2.42 – the most recent version. If you already have an earlier version running, refer to this website for detailed upgrade instructions. Scroll down to the section labeled “Upgrading from previous version of Transmission”. Follow the directions exactly and it should be effortless.
# wget http://kylek.is-a-geek.org:31337/files/curl-7.18.1.tgz
# wget http://kylek.is-a-geek.org:31337/files/Transmission-2.42-1.tgz
# funpkg -i curl-7.18.1.tgz
# funpkg -i Transmission-2.42-1.tgz
Make Transmission start up automatically when NAS boots up.. Then start and stop it so we can edit the config file created by transmission:
# chmod a+x /ffp/start/transmission.sh;
# sh /ffp/start/transmission.sh start
# sh /ffp/start/transmission.sh stop
Edit transmission settings:
# vi /mnt/HD_a2/.transmission-daemon/settings.json
Create the following directories to serve as the download, incomplete and watch directories for our torrent files – The transmission client automatically downloads .torrent files placed in the ‘transmission-watch’ folder.
# mkdir /mnt/HD_a2/share/transmission-incomplete
# mkdir /mnt/HD_a2/share/transmission-watch
Make the following changes in the settings.json file:
Transmission’s ‘watch-dir’ uses a feature of the host OS named ‘inotify’ in which, the directory automatically raises an event when a change occurs. This is very different from (and superior to) the mechanics of a ‘cron’ job.
Update 7/21/10 : I ended up disabling the ‘watch-dir’ feature of transmission as it was preventing hard drive spin-down and causing my NAS to overheat.
These settings also create a userid and password for access (I have my rpc-whitelist set to *.*.*.* as I like the flexibility of initiating BT transfers from anywhere on the internet. You can easily restrict access to the transmission web interface to only your LAN if you specify rpc-whitelist as ‘192.168.*.*’).
Restart the NAS. You should be able to access the transmission web interface at http://192.168.1.4:9091 (you will be prompted for the username and password that you setup in the json config file. Also note that even though you entered the password in plaintext in the json file, it will be encrypted and stored when transmission is restarted)
Step 5: Setup SSH
While telnet is a super lightweight protocol that has served us well this far, we must move quickly to password protect our dns-323 box. Telnet was designed to work within a private network and not across a public network.. but we have much grander plans for our DNS-323! Ssh or “secure shell” provides an encrypted channel with similar functionality as telnet.
ssh, however does not permit logging in without a password. So, lets first fix that problem by assigning a password to the ‘root’ user.
By default, the DNS-323 comes with 3 users – root, admin and nobody. This can be observed by executing:
Note the ‘x’ in the password field indicating use of a shadow password file.
We can assign a password for ‘root’ using the following commands:
pwconv //refresh the shadow password suite
passwd //change the passwd of the logged in user
Next, remember to change the default shell of the root user
usermod -s /ffp/bin/sh root
and then, save the whole thing to the ROM
(The default ‘ash’ shell is an extremely stripped down shell and does not offer much functionality. If by chance you missed the usermod step above, on logging in, you will be in the ash shell with the following display:
BusyBox v1.00-pre1 (2009.05.07-06:36+0000) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.
And, nothing works after this.. You need to enter the unlock code which is 5784468, and hit the enter key. Then type the usermod and store-password commands shown above. Thanks to http://forum.nas-tweaks.net/index.php?action=recent;start=20 for this little tip.. I almost thought I had to redo my NAS fun_plug install!)
Now that the root user has a password, we can go ahead and setup ssh (ssh REQUIRES a password)
cd /ffp/start //navigate to the /ffp/start folder
chmod a+x sshd.sh //allow all to execute the ssh daemon
./sshd.sh start //start the ssh server!
It will do its thing and finally setup the server. We are now ready to use an SSH client (like putty) to secure our communications with the DNS-323.
You will be prompted with a security message the first time you log in.. Click on the ‘Yes’ button.
Yeah connected via SSH!
Now, it is safe to disable the telnet connection.. we don’t want to leave the security hole unpatched in our box! (Update Nov 14, 2010 : A power failure caused my NAS to lose root password information.. This made it impossible to log on via SSH.. Also, since “root” is protected, it is not possible to go back into your ffp/start directory and restart telnetd!
So, unless you perceive a REAL threat from leaving your telnetd running, I strongly recommend you leave it as is)
cd /ffp/start //navigate to /ffp/start
chmod a-x telnetd.sh //take away execute permissions for telnet
Restart your box.
Step 6:Securing Lighttpd
Our default web server is wide open for anyone to access.. It might not be desirable in some cases. You can setup directory level authentication. As always, telnet or ssh into the DNS-323:
– Add following lines:
auth.backend = “htdigest”
auth.backend.htdigest.userfile = “/ffp/etc/lightpwd”
auth.debug = 2
auth.require = ( “/” =>
“method” => “digest”,
“realm” => “Secure Pages”,
“require” => “valid-user”
– Create password file ‘/ffp/etc/lightpwd’:
echo `sh htdigest.sh ‘myusername’ ‘Secure Pages’ ‘mysecretpassword’` >> lightpwd
Restart the NAS.
Step 7: Enable FTP
The DNS-323 comes with an inbuilt FTP server. Once enabled, it will permit you to upload (and download) files remotely.
Activating the FTP server requires you to create a userid using the DNS-323 web interface. Navigate to http://192.168.1.4/ and login using your admin credentials. Click on the “Advanced” tab and setup a new user:
Once the ftp user is setup, click on the “ftp server” option and setup the folder permissions for the user. Hit the ‘Add’ button when done:
Next up, FTP server settings:
The “Report external IP in Passive mode’” checkbox MUST be checked.
Leave the other defaults…That’s all there to it. FTP server is now started on port 21.
I use FireFTP (firefox plugin) to connect with my NAS. Here are my settings:
Note that my host is set to “my.dnsalias.com”. this is the globally accessible DNS address that I setup so I can access my NAS box from anywhere in the world! (after all, it really does not make sense using FTP to transfer files over a LAN!) Dynamic DNS is a really neat feature offered for free by dyndns.com. This is described in the next section.
The “Passive mode” box is checked and security is set to “Auth TLS”. This is the most secure configuration, and all data to and from your server will be encrypted. Before you try and connect, note that you must also open ports 55563-55663 on your router (Take a look at the port forwarding screens shown in the following section for more information)
Most modern browsers allow you to view/download files on your ftp server.. so, you could open up your browser and navigate to ftp://myserver.dnsalias.com to view files on your NAS.
You can also connect to your ftp server using windows explorer. Right click on “My Network Places” on windows explorer, Select “Map network drive”.. then click on the “Sign up for online storage..” (yeah..not the most intuitive.. I agree!)
Then, follow the wizard..
Enter your ftp address in the dialog box:
Make sure you uncheck “Anonymous access”. Enter your username and password when prompted. Now, you have the familiar windows interface to drag and drop files/folders into your NAS box.
Using a Dynamic DNS & Port Forwarding
This is the final phase of our NAS setup that will truly expose your NAS to the world.
So far, we have been accessing our NAS using the internal IP assigned by our router (192.168.1.4). In order to access our NAS from outside the LAN, we need to first setup a DNS name (i.e. a Domain Name Server Name) for our box. Head over to http://dyndns.com and setup an account (it is a free service!).
Update 4/3/2011: DLink also offers a free dynamic DNS service (in collaboration with dyndns) – head over to https://www.dlinkddns.com, create an account and setup your own domain name. In fact, I recommend creating your domain name at dlinkddns because it never expires!
The name that you select (say my.dnsalias.com) will now point to your router IP address (Note that in order to test if the newly setup dns redirection is functional, you should be on a computer OUTSIDE your LAN)
The next crucial step that ties everything together is to setup “Port forwarding” on your router so that requests to your router are forwarded to the NAS box at 192.168.1.4. This is a feature provided on most routers. Here is how I set it up on my WPN824:
1. Open up the admin interface of the router (mine is at 192.168.1.1)
2. Click on “Port forwarding/port triggering”.. Here’s how I setup various ports to forward to my NAS:
Port forwarding is a simple concept.. What the first line literally means is “Please forward all requests that come into port 8080 of the router to port 8080 of the device at 192.168.1.4”. If the start-port and end-port differ (like in the case of FTP and FTP_Passive above), the router forwards requests received in that PORT RANGE to the corresponding ports on the designated server.
So, after the above rules are setup, the addresses to access the various servers that we have setup are:
|http://myserver.dnsalias.com:8080||lighttpd on NAS|
|http://myserver.dnsalias.com:8080/flatpress||flatpress service on NAS|
|http://myserver.dnsalias.com:9091||transmission web-client on NAS|
|http://myserver.dnsalias.com (port 21)||FTP server on NAS|
By The Way…
Always be mindful of the fact that the DNS-323 is extremely underpowered (It runs on 64MB of RAM on a 500Mhz clock!). Even with the above installations, we are stretching its limits. It was not designed to house databases or index terabytes of images or do video encoding/decoding on the fly. You are asking for trouble if you go overboard in your customization – After all, we do not want to take away from its MAIN function which is keeping your data safe.
NAS free memory under minimum load (Just after startup):
And, here’s a snapshot of my NAS memory utilization under load (transmission running, and RAID 1 active). Note that I have just 1.5M of ‘free’ memory (but 0 swap used). If you install too many extras, and exceed your physical RAM, thrashing will result, and the processor will spend all its time paging.
It has been a long journey this far.. but I now have my NAS setup exactly the way I want :-)