Unable to update GoFlex Net

I've just got hold of a GoFlex Net unit which is running:

root@nas:/etc# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Bleeding Edge'
DISTRIB_REVISION='unknown'
DISTRIB_CODENAME='chaos_calmer'
DISTRIB_TARGET='kirkwood/generic'
DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer unknown'
DISTRIB_TAINTS=''

running opkg update results in:-

Downloading http://downloads.openwrt.org/snapshots/trunk/kirkwood/packages/base/Packages.gz.
Collected errors:
 * opkg_download: Failed to download http://downloads.openwrt.org/snapshots/trunk/kirkwood/packages/base/Packages.gz, wget returned 8.

What should I do?

I am able to ping the Internet.

Don't run opkg update, just use sysupgrade to flash a current release

https://openwrt.org/toh/hwdata/seagate/seagate_goflexnet

3 Likes

Thanks, I'll try and do that but first I want to make a copy of what is on the system, but I can't access via ssh.. I suspect there is some firewall rule blocking access. The system was configured with an IP of 192.168.0.1 but I've changed it to 192.168.1.7 so maybe the firewall rules may need changing.

root@nas:~/ cat /etc/firewall.user

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
root@nas:/# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

iptables -I zone_lan_input -j REJECT
#iptables -I zone_lan_input -j LOG
iptables -I zone_lan_input -p icmp -j ACCEPT
iptables -I zone_lan_input -p igmp -j ACCEPT
# Allow torrent clients to initiate connections (transmission)
iptables -I zone_lan_input -p tcp --dport 6881:6999 -j ACCEPT
iptables -I zone_lan_input -p udp --dport 6881:6999 -j ACCEPT

iptables -I zone_lan_input -s 192.168.0.128/25 -j ACCEPT
iptables -I zone_lan_input -s 192.168.0.254 -j REJECT

# Allow ssh and rsync access from gw
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 22  -j ACCEPT
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 873 -j ACCEPT

# Allow NFS from gw
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 32780 -j ACCEPT
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 2049 -j ACCEPT

nmap -sT ROUTERIP
netstat -lnp
ps aux; ps w

root@nas:/# nmap -sT ROUTERIP
/bin/ash: nmap: not found
root@nas:/# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.1.7:873         0.0.0.0:*               LISTEN      1647/tcpserver
tcp        0      0 0.0.0.0:32777           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:32780           0.0.0.0:*               LISTEN      2904/rpc.mountd
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      2752/dropbear
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2811/lighttpd
tcp        0      0 0.0.0.0:51413           0.0.0.0:*               LISTEN      3128/transmission-d
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2859/vsftpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2700/sshd
tcp        0      0 :::2222                 :::*                    LISTEN      2752/dropbear
tcp        0      0 :::51413                :::*                    LISTEN      3128/transmission-d
udp        0      0 0.0.0.0:2049            0.0.0.0:*                           -
udp        0      0 0.0.0.0:32777           0.0.0.0:*                           -
udp        0      0 0.0.0.0:32780           0.0.0.0:*                           2904/rpc.mountd
udp        0      0 0.0.0.0:51413           0.0.0.0:*                           3128/transmission-d
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING       1342 1617/ubusd          /var/run/ubus.sock
root@nas:/# ps aux; ps w
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.1  0.5   1084   648 ?        S    12:16   0:04 /sbin/procd
root         2  0.0  0.0      0     0 ?        S    12:16   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S    12:16   0:00 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   12:16   0:00 [kworker/0:0H]
root         6  0.0  0.0      0     0 ?        S    12:16   0:00 [kworker/u2:0]
root         7  0.0  0.0      0     0 ?        S<   12:16   0:00 [khelper]
root         8  0.0  0.0      0     0 ?        S    12:16   0:00 [kworker/u2:1]
root       111  0.0  0.0      0     0 ?        S<   12:16   0:00 [writeback]
root       114  0.0  0.0      0     0 ?        S<   12:16   0:00 [bioset]
root       116  0.0  0.0      0     0 ?        S<   12:16   0:00 [kblockd]
root       131  0.0  0.0      0     0 ?        S    12:16   0:00 [khubd]
root       155  0.0  0.0      0     0 ?        S    12:16   0:00 [kworker/0:1]
root       161  0.0  0.0      0     0 ?        S    12:16   0:00 [kswapd0]
root       162  0.0  0.0      0     0 ?        S    12:16   0:00 [fsnotify_mark]
root       756  0.0  0.0      0     0 ?        S<   12:16   0:00 [deferwq]
root       768  0.0  0.0      0     0 ?        S<   12:16   0:00 [ata_sff]
root       780  0.0  0.0      0     0 ?        S    12:16   0:00 [scsi_eh_0]
root       781  0.0  0.0      0     0 ?        S<   12:16   0:00 [scsi_tmf_0]
root       784  0.0  0.0      0     0 ?        S    12:16   0:00 [scsi_eh_1]
root       785  0.0  0.0      0     0 ?        S<   12:16   0:00 [scsi_tmf_1]
root       815  0.3  0.0      0     0 ?        SN   12:16   0:13 [jffs2_gcd_mtd]
root      1617  0.0  0.2    700   260 ?        S    12:16   0:00 /sbin/ubusd
root      1618  0.0  0.3   1228   380 ?        S    12:16   0:00 /bin/sh /usr/bi
root      1619  0.0  0.3   1228   448 ttyS0    Ss   12:16   0:00 /bin/ash --logi
root      1623  0.0  0.1    664   212 ?        S    12:16   0:00 svscan /service
root      1624  0.0  0.1    616   172 ?        S    12:16   0:00 readproctitle s
root      1627  0.0  0.1    628   196 ?        S    12:16   0:00 supervise mdadm
root      1628  0.0  0.1    628   196 ?        S    12:16   0:00 supervise log
root      1629  0.0  0.1    628   196 ?        S    12:16   0:00 supervise rsync
root      1630  0.0  0.1    628   196 ?        S    12:16   0:00 supervise log
root      1631  0.0  0.1    628   196 ?        S    12:16   0:00 supervise spind
root      1632  0.0  0.1    628   196 ?        S    12:16   0:00 supervise log
root      1635  0.0  0.3    952   396 ?        S    12:16   0:00 /sbin/mdadm --m
root      1636  0.0  0.3   1224   404 ?        S    12:16   0:00 /bin/sh ./run
root      1647  0.0  0.1    648   208 ?        S    12:16   0:00 tcpserver -vDRH
root      2375  0.0  0.0      0     0 ?        S    12:17   0:00 [mv_crypto]
root      2382  0.0  0.0      0     0 ?        S<   12:17   0:00 [ipv6_addrconf]
root      2384  0.0  0.0      0     0 ?        S<   12:17   0:00 [md]
root      2394  0.0  0.0      0     0 ?        S<   12:17   0:00 [rpciod]
root      2440  0.0  0.0      0     0 ?        S<   12:17   0:00 [nfsiod]
root      2445  0.0  0.0      0     0 ?        S<   12:17   0:00 [cryptodev_que]
nobody    2509  0.0  0.1    636   200 ?        S    12:17   0:00 /usr/bin/multil
nobody    2510  0.0  0.1    636   200 ?        S    12:17   0:00 /usr/bin/multil
nobody    2511  0.0  0.1    636   200 ?        S    12:17   0:00 /usr/bin/multil
root      2643  0.0  0.3    820   400 ?        S    12:17   0:00 /sbin/logd -S 1
root      2689  0.0  0.5   1164   680 ?        S    12:17   0:00 /sbin/netifd
root      2700  0.0  1.0   2744  1276 ?        S    12:17   0:00 /usr/sbin/sshd
root      2737  0.0  0.3   1232   412 ?        S    12:17   0:00 /usr/sbin/crond
root      2752  0.0  0.3    920   404 ?        S    12:17   0:00 /usr/sbin/dropb
www-data  2811  0.0  0.8   3164  1012 ?        S    12:17   0:00 /usr/sbin/light
root      2859  0.0  0.1    820   204 ?        Ss   12:17   0:00 /usr/sbin/vsftp
root      2898  0.0  0.0      0     0 ?        S    12:17   0:00 [lockd]
root      2899  0.0  0.0      0     0 ?        S    12:17   0:00 [nfsd]
root      2900  0.0  0.0      0     0 ?        S    12:17   0:00 [nfsd]
root      2904  0.0  0.4   1396   568 ?        S    12:17   0:00 /usr/sbin/rpc.m
root      2930  0.0  0.3   1228   428 ?        S    12:17   0:00 /usr/sbin/ntpd
ftp       3128  0.0  1.0   9764  1336 ?        Ssl  12:17   0:01 /usr/bin/transm
root      3455  0.0  0.0      0     0 ?        S    12:30   0:00 [scsi_eh_2]
root      3456  0.0  0.0      0     0 ?        S<   12:30   0:00 [scsi_tmf_2]
root      3457  0.0  0.0      0     0 ?        S    12:30   0:00 [usb-storage]
root      3593  0.0  0.0      0     0 ?        S    12:35   0:00 [jbd2/sda1-8]
root      3594  0.0  0.0      0     0 ?        S<   12:35   0:00 [ext4-rsv-conv]
root      4037  0.0  0.0      0     0 ?        S    12:56   0:00 [kworker/0:2]
root      4489  0.0  0.2   1224   356 ?        S    13:20   0:00 /bin/sh -c nice
root      4490  0.2  0.3   1272   484 ?        S<   13:20   0:00 /bin/sh /usr/lo
root      4578  0.0  0.3   1120   428 ?        S<   13:20   0:00 rsync -qv /mnt/
root      4582  0.0  0.2   1216   260 ?        S    13:20   0:00 sleep 60
root      4583  0.0  0.3   1096   424 ttyS0    R+   13:20   0:00 ps aux
  PID TTY      STAT   TIME COMMAND
 1619 ttyS0    Ss     0:00 /bin/ash --login
 4584 ttyS0    R+     0:00 ps w
root@nas:/# 

dropbear

tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      2752/dropbear

port 2222 > ssh -p 2222 ROUTERIP

( there is an sshd on 22 run a general websearch on your device to see what the story is your device )

sometime you gotta use admin instead of root then su etc. etc.

root@S07:/# ping -c2 192.168.1.7
PING 192.168.1.7 (192.168.1.7): 56 data bytes
64 bytes from 192.168.1.7: icmp_seq=0 ttl=64 time=0.291 ms
64 bytes from 192.168.1.7: icmp_seq=1 ttl=64 time=0.253 ms

--- 192.168.1.7 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.253/0.272/0.291/0.019 ms
root@S07:/# arp 192.168.1.7
? (192.168.1.7) at 00:10:75:26:64:91 on em0 expires in 1176 seconds [ethernet]
root@S07:/# telnet 192.168.1.7:21
192.168.1.7:21: hostname nor servname provided, or not known
root@S07:/# ssh -p 2222 admin@192.168.1.7
ssh: connect to host 192.168.1.7 port 2222: Connection refused
root@S07:/# ssh  admin@192.168.1.7
ssh: connect to host 192.168.1.7 port 22: Connection refused
root@S07:/# ssh 192.168.1.7
ssh: connect to host 192.168.1.7 port 22: Connection refused
root@S07:/# nmap -sT 192.168.1.7
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-27 12:08 UTC
Warning: 192.168.1.7 giving up on port because retransmission cap hit (10).

I do have serial access so am able to change the configuration, just don't know how to enable ssh for root on port 22...

Why don’t you fill in your history on this unit. I think that you've got a good dozen threads you've started about this unit.

At least last I recall, you had bricked it and had to be hand-fed how to get it flashed with stock OpenWrt.

Then after a few threads more, you were unable to turn on the wireless, even after posting a screenshot the exact screen where the Enable and Edit buttons are placed.

Most likely you’ve done something since to break it again. You clearly had it running 6 days ago, with access to LuCI.

You really should take the time, as previously requested, to understand the basics of networking and the very basics of Linux-based OS system administration before you proceed.

2 Likes

This is a GoFlex Net. I've never had one of these and only just got it yesterday, and have had nothing to do with configuring it (apart from changing IP address) or installing any software on it.

Everything still applies.

Have you even read the page describing how to upgrade the device?

You have clearly failed to comprehend that

Downloading http://downloads.openwrt.org/snapshots/

is not compatible with

DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer unknown

Have you somehow missed that you can't use opkg to update a unit across versions, nor should it ever be used to "bulk upgrade" packages?

I will upgrade it once I have copied everything currently on it, but I want to ssh into it first and can't figure out what is stopping me.

This has got to be a joke.

I advise resetting the device to defaults and flashing 18.06.2.

Why are you running this command?

Why are you trying to connect to port 22, when @anon50098793 told you it's running at port 2222???

RUN THIS:

ssh 192.168.1.7 -p 2222

Exactly like @anon50098793 already told you:

The you should never have run opkg to try to upgrade it, eh?

What's stopping you? Use of skills in reading and comprehending directions before taking action. Over-reliance on these forums to spoon-feed you personalized directions.

Also, when @balanga uses the phrase "copied everything" - I'm not sure if that means "copy files" or "backup router."

Those are two different goals and tasks...and as I recall, on a previous device he was working on, the backup didn't help (or was never used) anyway.

I did as I was told and it clearly did not work.

The port is filtered and I'm guessing I need to change something here in /etc/firewall.user :-

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

iptables -I zone_lan_input -j REJECT
#iptables -I zone_lan_input -j LOG
iptables -I zone_lan_input -p icmp -j ACCEPT
iptables -I zone_lan_input -p igmp -j ACCEPT
# Allow torrent clients to initiate connections (transmission)
iptables -I zone_lan_input -p tcp --dport 6881:6999 -j ACCEPT
iptables -I zone_lan_input -p udp --dport 6881:6999 -j ACCEPT

iptables -I zone_lan_input -s 192.168.0.128/25 -j ACCEPT
iptables -I zone_lan_input -s 192.168.0.254 -j REJECT

# Allow ssh and rsync access from gw
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 22  -j ACCEPT
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 873 -j ACCEPT

# Allow NFS from gw
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 32780 -j ACCEPT
iptables -I zone_lan_input -p tcp -s 192.168.0.254 --dport 2049 -j ACCEPT

Maybe some helpful person could advise...

@balanga

Right now, what you are trying to do is well past your apparent understanding of Linux-based OSes in general, and OpenWrt in specific.

I think you would be greatly benefited by purchasing a well-supported device with a relatively fool-proof recovery method. I recommend something like the GL.iNet AR300M-Lite, which is now supported in snapshots[1]. That device has a very good U-Boot, for which GL.iNet has included a web-based method for flashing an image, without use of serial. It is available for under US$20.

Use of such a device will let you better understand how to manage and troubleshoot an OpenWrt system.

While not quite a "12 o'clock flasher", you should stay out of editing config files, configure only using LuCI, and never write to the raw MTD devices.

You should also plan what you what to accomplish. That you're fixated on connecting via ssh to a device that you have serial access to is puzzling. One with sufficient skill should be able to ssh/scp from the device to any other connected device, without needing an SSH server running on the device.

[1] The AR300M-Lite should generally not be flashed with the AR300M (no -Lite) firmware that has been available for some time now. As the AR300M-Lite has a single Ethernet port and the "no -Lite" version has two, the AR300M firmware on a -Lite version will, on first boot or reset to defaults, likely be unreachable. This can be recovered by flashing the proper firmware version through U-Boot over its web-based interface.

2 Likes

I see no proof of what you claim, in fact your posting (using port 22 and not 2222) proved otherwise.

:laughing:
YOU SHOULD DELETE ALL THE RULES FOUND THERE, AS YOU DIDN'T ADD THEM!!!
There are 0 rules in /etc/firewall.user on a default OpenWrt Install!!!

  • DID YOU SEE THIS FIRST RULE - AND DO YOU KNOW WHAT IT MEANS???
  • Also, make sure you do not address your device as 192.168.0.254, as that is also blocked.

I highly advise you simply upgrade - resetting to defaults in the process, or as @jeff suggests:

  • purchase a device with button and web-based recovery, etc.
1 Like

I can't connect via LUCI.

Also, without midnight commander, which I can't install, I'm finding it difficult to find my way round the filesystem.

You shouldn't be relying on some GUI to do things as basic as navigating a file system on a device that has only tens of MB of storage.

Start with

  • ls
  • less
  • find
1 Like

Then you did not read the log I posted.

If you had read my first post you would know that it is not a default install. It's an existing installation which I have just acquired!