Quick how-to: Running Samba and a webserver from a USB stick

[SuperB]

I guess that everybody that starts fiddling with the firmware of the WL500g(x) wants something else. Maybe that is the reason why one has to look in so many places for information.
What I wanted was to share a website on my (Windows-formatted) USB stick to the outside world. For updating the stick I wanted to run Samba.

I started with following some of the threads on this forum, but I had a lot of problems because I missed a number of details. Therefore, I wrote this thread, so others (you?) may use my experiences to their benefit.

I started with installing the latest Oleg firmware (1.9.2.7-7c). Read here how: http://oleg.wl500g.info. Great software by the way. (Don't forget to change the password.)

SAMBA

Setting up Samba was relatively easy. I just followed this thread. I skipped the ssh and partitioning steps, because I can use telnet from the LAN side (I don't need secure shell access from the WAN side) and I want to use my Windows (fat) USB stick.

I saw that I could approach the files on my USB stick via /tmp/harddisk, so I decided to configure Samba for that directory. We'll see below why that was not a good idea.

Also http://wiki.wl500g.info/index.php/ho...CR4%20firmware was helpful for setting up Samba.

Then I turned on 'Samba demo mode' through the settings webpages of the router and rebooted. Unfortunately, it wasn't working. I checked if smdb and nmbd were running with

Code:

ps

They weren't, so I did

Code:

cat /var/log/smb

and

Code:

cat /var/log/nmb

to see if someting was wrong. There was, but when I gave the router a Host name (e.g. asus), through the configuration web pages under LAN IP Settings, it was fixed.

HTTPD

Now, I turned to this thread for setting up the second webserver. I created the post-boot and post-firewall scripts.

After rebooting I couldn't connect to the website. I saw that busybox_http had started but the rules in post-firewall had not been added to the the iptables chains. I checked this with the following commands:

Code:

iptables --list -t nat

(for the PREROUTING chain) and

Code:

iptables --list

(for the INPUT chain).

A lot of fiddling with iptables commands didn't help. I did see that when manually executing the post-firewall scripts the rules were added to the bottom of the list, were they are useless. So I added the 1 and 2 after the -I command to get them to the top of the chain. (I learned a lot on iptables here.)

One problem was solved, but still nothing worked. So I checked these forums again and I saw that #!/bin/sh had not been added to the post-firewall script. After rebooting, finally the rules were added to the chains.

Unfortunately, the website still wasn't accessible. It turned out I could not start busybox_httpd on /tmp/harddisk were I initially found my USB stick, because this directory is not mapped at the time post-boot is executed. I mapped the USB stick to /mnt and finally I was ready. Phew.

Here are the files I use.

/etc/smb.conf:

Code:

[global]
workgroup=mygroup
guest account=nobody
security=share
browseable=yes
guest ok=yes
guest only=no
log level=1
max log size=100
encrypt passwords=yes
dns proxy=no

[fat32]
path=/mnt
writeable=yes
browseable=yes
force user=admin

/tmp/local/sbin/post-firewall:

Code:

#!/bin/sh
/usr/sbin/iptables -t nat -I PREROUTING 1 -p tcp -d "$2" --dport 80 -j DNAT --to "$2":8080
/usr/sbin/iptables -t nat -D PREROUTING -i "$1" -p tcp --dport 80 -j DROP
/usr/sbin/iptables -t nat -I PREROUTING 2 -i "$1" -p tcp --dport 8080 -j DROP
/usr/sbin/iptables -I INPUT 1 -i "$1" -d "$2" -p tcp --syn --dport 8080 -j ACCEPT

/tmp/local/sbin/post-boot:

Code:

#!/bin/sh
mount -t vfat /dev/scsi/host0/bus0/target0/lun0/part1 /mnt
/usr/sbin/smbd -D
/usr/sbin/nmbd -D
busybox_httpd -p 8080 -h /mnt

So I finally got it to work. But it sure cost me a lot of time. Well, I guess it's a hobby ;->

Note: It is not always clear to me how the various settings of the Asus configuration webpages relate to the configuration files on the router. (Perhaps someone could make a list of this?) But I found out that what I describe here works when I enable Samba and the Firewall, and disable other stuff like ftp, WAN to LAN filter, LAN to WAN filter and WAN web access.

Anything you would like to add or correct? Please add post a reply.

I just ordered a Terratec Noxon 2, so my next steps will be installing a USB harddisk and a UPnP media server. EDIT: Read here for a thread on this subject.