Moxa Technologies UC-7420/7410 user manual Iptables

Page 58

UC-7420/7410 User’s Manual

Managing Communication

IPTABLES

IPTABLES is an administrative tool for setting up, maintaining, and inspecting the Linux kernel’s IP packet filter rule tables. Several different tables are defined, with each table containing built-in chains and user-defined chains.

Each chain is a list of rules that apply to a certain type of packet. Each rule specifies what to do with a matching packet. A rule (such as a jump to a user-defined chain in the same table) is called a “target.”

UC-7420/7410 supports 3 types of IPTABLES table: Filter tables, NAT tables, and Mangle tables:

A.Filter Table—includes three chains:

INPUT chain OUTPUT chain FORWARD chain

B.NAT Table—includes three chains:

PREROUTING chain—transfers the destination IP address (DNAT)

POSTROUTING chain—works after the routing process and before the Ethernet device process to transfer the source IP address (SNAT)

OUTPUT chain—produces local packets sub-tables

Source NAT (SNAT)—changes the first source packet IP address Destination NAT (DNAT)—changes the first destination packet IP address

MASQUERADE—a special form for SNAT. If one host can connect to internet, then other computers that connect to this host can connect to the Internet when it the computer does not have an actual IP address.

REDIRECT—a special form of DNAT that re-sends packets to a local host independent of the destination IP address.

C.Mangle Table—includes two chains

PREROUTING chain—pre-processes packets before the routing process. OUTPUT chain—processes packets after the routing process.

It has three extensions—TTL, MARK, TOS.

The following figure shows the IPTABLES hierarchy.

4-6

Image 58

Contents UC-7420/7410 User’s Manual Third Edition, JuneTrademarks Copyright NoticeDisclaimer Table of Contents Chapter UC Finder Appendix B Windows Tool Chain Introduction Introduction ‰ Hardware IntroductionOverview Package ChecklistProduct Features UC-7410-LXProduct Hardware Specifications Hardware Introduction Appearance and DimensionsAppearance Dimensions LED Indicators Hardware Block DiagramLED Name Color Meaning Reset to default Button Reset-type ButtonsReset Button Real Time ClockPlacement Options Wall or CabinetHardware Connection Description Wiring RequirementsDIN-Rail Mounting Pin Signal Connecting the PowerConnecting to the Network Grounding UC-7420/7410CompactFlash Connecting to a Serial DeviceConnecting to the Console Port Pin RS-232 RS-422 RS-485Software Introduction Software ArchitectureJournaling Flash File System JFFS2 Software PackageSoftware Version Comparison Table Protocol stacks and utilities Directory Change‰ Configuring the Ethernet Interface Getting StartedConnecting UC-7420/7410 to a PC Powering on UC-7420/7410Serial Console 192.168.3.127 255.255.255.0 Default IP Address NetmaskTelnet Console 192.168.4.127 255.255.255.0SSH Console Windows UsersLinux Users Configuring the Ethernet InterfaceModifying Network Settings with the Serial Console Static IP addressesDynamic IP addresses Default IP address is 192.168.5.127, netmask Configuring the Wlan via the Pcmcia InterfaceModifying Network Settings over the Network IEEE802.11b#vi /etc/wlan/wlancfg-any IEEE802.11g Setting Explanation SettingKey1Str, Key2Str, Key3Str, Key4Str-Sets strings Key1 to Key4 TurboRate-Enables or disables TurboRate Checking the Flash Memory Space Installing the Tool Chain LinuxTest Program-Developing Hello.c StepCompiling Hello.c You should receive the following responseDeveloping Your First Application Testing EnvironmentUploading Hello to UC-7420/7410 and Running the Program Compiling tcps2.c #mount -t iso9660 /dev/cdrom /mnt/cdromUploading tcps2-release and Running the Program PuTTY#jobs // use this command to check if the program is running Testing Procedure Summary UC-7420/7410 User’s ManualUC-7420/7410 User’s Manual ‰ System Version Information ‰ System Image Backup Managing Embedded LinuxUpgrading the Firmware System Image BackupSystem Version Information Upgrading the firmware will erase all data on the Flash ROM#upramdisk #cd /mnt/ramdisk Loading Factory Defaults Firmware versions earlier than V1.5 not including Backing Up the User File SystemFirmware version V1.5 and later versions Enabling and Disabling Daemons UC-7420/7410 User’s Manual Managing Embedded Linux Setting the Run-Level Adjusting the System Time Setting the Time ManuallyNTP Client Example shell script to update the system time periodicallyUpdating the Time Automatically Enable the cron daemon manually Cron-daemon to Execute Scheduled CommandsChange mode of fixtime.sh Enable cron when the system boots upUSB Mass Storage Connecting PeripheralsCF Mass Storage Managing Communications ‰ Iptables ‰ NATEnabling the Telnet/ftp server Web Service-ApacheTelnet / FTP Disabling the Telnet/ftp server Usr/www/cgi-bin Saving a Web Page to the CF Card Use the following commands to restart the Apache web server Iptables Local Host Packets Usage Observe and erase chain rulesDefine policy for chain rules ExamplesAppend or delete rules IptmacEnabling NAT at Bootup NAT ExampleDial-up Service-PPP Example 2 Connecting to a PPP server over a hard-wired link How to check the connection UP Loopback RunningNFS Network File System Setting up UC-7420/7410 as an NFS ServerSetting up a Machine for Incoming PPP Connections #vi /etc/exportsSetting up UC-7420/7410 as an NFS Client Mail Steps 2Open VPN Internet IFS=‘ Create link symbols to enable this script at boot time Destination Gateway Genmsk Flags Metric Use Iface Now ping Host B from Host a by typing Setup 3 Routed IP Destination Gateway Genmsk Flags Metric Use Iface Programmer’s Guide Flash Memory Map Address Size ContentsLinux Tool Chain Introduction Cross Compiling Applications and Libraries Debugging with GDBObtaining help Tools Available in the Host EnvironmentRTC Real Time Clock Device APIBuzzer WDT Watch Dog Timer Input Int fd File handle from swtdopen return value Output Special Note User application example ExampleSwtddisableswtdfd Int mainint argc, char *argv Pidt sonpid Example to set the baud rate Example to get the baud rateSpecial Note KeyPadBaud rate inaccuracy ExamplesMake File Example UC Finder Installing the Software Windows UC FinderUC-7420/7410 User’s Manual UC Finder Broadcast Search Linux ucfinder File manager System CommandsBusybox V0.60.4 Linux normal command utility collection EditorOther ProcessMoxa special utilities Windows Tool Chain Introduction Introduction Installation Procedure Select the Root DirectoryUC-7420/7410 User’s Manual Windows Tool Chain Introduction UC-7420/7410 User’s Manual Windows Tool Chain Introduction Using the Bash Shell GDB debug tool-Insight UC-7420/7410 User’s Manual Windows Tool Chain IntroductionUC-7420/7410 User’s Manual Windows Tool Chain Introduction Service Information Moxa Internet Services Following services are providedProblem Report Form Moxa Product † UC-7410-LX † UC-7420-LX Serial NumberProduct Return Procedure