Please consider donating: https://www.corelan.be/index.php/donate/


7,149 views

Build a free SAN with Openfiler

After playing with iSCSI Enterprise Target for a while, I decided to have a look at some other solutions as well. I’m not saying that iSCSI Enterprise Target is not a stable and mature solution, but it lacks some important features (such as snapshots). I came across OpenFiler which seems to be a good (free) alternative. This solution differs from IET because you basically install OpenFiler on the system, wereas IET requires you to have a OS already sitting on the system prior installation of IET. On top of that, Openfiler offers VMWare and Xen virtual images so you can start playing in just a couple of minutes.

Installing OpenFiler is easy : just download the ISO file (323Mb) from the website (which took only about 2,5 minutes thanks to the fast Sourceforge mirrors)

080907_1928_BuildaFreeS1

Next, burn the image to CD, boot from CD and follow the installation process.

(PS : Make sure to select the right image. By default, the 64bit version is selected. The version I’ve used is v2.2)

My test system is an old Dell Optiplex GX200 with a Pentium III processor, 256Mb RAM, and 2x40Gb harddrives (IDE. Note : Openfiler supports SATA, SAS and so on, so it should run out of the box on newer systems as well)

SETUP

This is my installation summary :

  • Boot with the CD. Press enter to install in graphical mode
  • Click "next" at the Welcome screen
  • Choose your keyboard
  • Disk partitioning : select "Manually partition with disk druid"
  • In the Disk setup screen, create at least the following 3 partitions :

    • /boot (100Mb, ext3, force to be a primary partition)
    • Swap (2 x memory, swap)
    • / (enough space to hold system applications and libraries. 4Gb will do just fine)

    If you have more diskspace/disks available, don’t do anything with that yet. If you plan on using a part of the disk for storage, make sure you don’t have any extended partitions. If the free space falls under the extended partitions, you won’t be able to use that free space as storage.  So if you create the partitions as listed above, in the order as specified above, you should be fine.
    Click "next" to continue

  • Set Network options

    • Set IP address (192.168.0.11/255.255.255.0
    • Set hostname (openfiler1.corelan.be)
    • Set Gateway, DNS
  • Select time zone (Europe/Brussels)
  • Set root password
  • Wait until the installer has figured out which packages need to be installed
  • Click "Next" to start installing. Just wait until the installation has completed. Even on my old system, this process did not take very long.
  • At the "congratulations" window, click "Reboot" to reboot the system.

Once the system boots up again, navigate to https://openfiler1.corelan.be:446 (or point your browser to the IP address of your openfiler machine, on port 446 (https)). You are now ready to start configuring the system.

Read the GNU GPL and click the "I have read, and hereby accept, the license terms"

CONFIGURATION

When you access the webbased administration tool, you will be prompted to enter a username and password.

080907_1928_BuildaFreeS2

The default administrator username is "openfiler", with password set to "password". You should change the password straight away. By the way : don’t forget to check the date/time settings before doing anything else. Next, add your "Local Networks configuration". Last but not least, set up authentication. If you want to use the device as a NAS, you’ll need authentication to set up access to the shares on the filer. The openfiler administration manual has a lot of detailed information on setting up authentication, so I’ll jump right into the volume management piece. (Note : if you want to use the machine as a SAN, authentication is not that important at this point)

First of all, I created a new physical volume. The window showed my two disks, clearly stating that only the first disk has 3 partitions (/boot, swap and /). Select one of the disks by clicking on its identifier (first column)

080907_1928_BuildaFreeS3

I’ll start with using the remaining space on my first disk (/dev/hda).

As you can see below, the wizard already prompts some default values, which will do just fine in my case. Just make sure to select "Physical Volume" instead of "Extended Partition"

080907_1928_BuildaFreeS4

Simply click the "Create" button and the volume is created

080907_1928_BuildaFreeS5

If you go back to the "List of Existing Volumes", you’ll see a new option: "Create a new volume group"

080907_1928_BuildaFreeS6 

I named my group "Storage1" and selected "/dev/hda4", and pressed the "Add volume group" button

Before going on, we need to make sure iSCSI Target service is running. Go to "Services" and set iSCSI Target to Enabled

080907_1928_BuildaFreeS7

Guess what happened when I turned on the iSCSI Target service ? Yes, iSCSI Enterprise Target kicks in… isn’t that something ?

Let’s create a "share" and see if we can access it over iSCSI.

Go back to "Volumes" and click "Create new volume". Choose a name, set the required space and choose a filesystem type. Since we will export this volume as SAN storage, use "iSCSI" as Filesystem type

080907_1928_BuildaFreeS8

Creating a volume might take a long time – just wait until the process has completed. Note : if you want to use snapshots, you’ll have to take the amount of MB you want to dedicate to snapshots into account when creating the volume. When the volume was created, you will be redirected to this page :

080907_1928_BuildaFreeS9

That’s all you need to do. (You can snapshot schedules if you want, but if the iSCSI service is running, you should now be able to access this lun, as long as your local network configuration is set up correctly)

So, the next steps would be

  • Go to services and enable iSCSI
  • Go to local networks and add your local networks
  • Go back to your volume, go to the Volume’s Properties, click "Edit" next to the volume that needs to be changed and set the iSCSI parameters "CHAP + host access"

080907_1928_BuildaFreeS10

From this point forward, you should be able to connect to the SAN using a iSCSI initiator client.

080907_1928_BuildaFreeS11

The administration Status page for iSCSI shows my session :

080907_1928_BuildaFreeS12

Done – Let’s see how much my old machine suffers from being a SAN :

080907_1928_BuildaFreeS13

Not too bad huh ?

© 2007 – 2021, Peter Van Eeckhoutte (corelanc0d3r). All rights reserved.

Comments are closed.

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace
  • Categories