Moxa Technologies UC-7420/7410 Observe and erase chain rules, Define policy for chain rules

Page 60

UC-7420/7410 User’s Manual

Managing Communication

The basic syntax to enable and load an IPTABLES module is as follows:

#lsmod

#modprobe ip_tables #modprobe iptable_filter

Use lsmod to check if the ip_tables module has already been loaded in the UC-7420/7410. Use modprobe to insert and enable the module.

Use the following command to load the modules (iptable_filter, iptable_mangle, iptable_nat):

#modprobe iptable_filter

Use iptables, iptables-restore, iptables-save to maintain the database.

NOTE IPTABLES plays the role of packet filtering or NAT. Take care when setting up the IPTABLES rules. If the rules are not correct, remote hosts that connect via a LAN or PPP may be denied access. We recommend using the Serial Console to set up the IPTABLES.

Click on the following links for more information about iptables.

http://www.linuxguruz.com/iptables/

http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html

Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have divided our discussion of the various rules into three categories: Observe and erase chain rules, Define policy rules, and Append or delete rules.

Observe and erase chain rules

Usage:

# iptables [-t tables] [-L] [-n]

-t tables: Table to manipulate (default: ‘filter’); example: nat or filter.

-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.

-n: Numeric output of addresses and ports.

# iptables [-t tables] [-FXZ]

-F: Flush the selected chain (all the chains in the table if none is listed).

-X: Delete the specified user-defined chain.

-Z: Set the packet and byte counters in all chains to zero.

Examples:

# iptables -L -n

In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table. Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted automatically, and all connections are accepted without being filtered.

#iptables –F #iptables –X #iptables -Z

Define policy for chain rules

Usage:

#iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING] [ACCEPT, DROP]

-P:	Set the policy for the chain to the given target.
INPUT:	For packets coming into the UC-7420/7410.

4-8

Image 60

Contents UC-7420/7410 User’s Manual Third Edition, JuneCopyright Notice TrademarksDisclaimer Table of Contents Chapter UC Finder Appendix B Windows Tool Chain Introduction Introduction ‰ Hardware IntroductionPackage Checklist Product FeaturesOverview UC-7410-LXProduct Hardware Specifications Appearance and Dimensions Hardware IntroductionAppearance Dimensions Hardware Block Diagram LED IndicatorsLED Name Color Meaning Reset-type Buttons Reset ButtonReset to default Button Real Time ClockPlacement Options Wall or CabinetWiring Requirements Hardware Connection DescriptionDIN-Rail Mounting Connecting the Power Connecting to the NetworkPin Signal Grounding UC-7420/7410Connecting to a Serial Device Connecting to the Console PortCompactFlash Pin RS-232 RS-422 RS-485Software Introduction Software ArchitectureJournaling Flash File System JFFS2 Software PackageSoftware Version Comparison Table Protocol stacks and utilities Directory Change‰ Configuring the Ethernet Interface Getting StartedPowering on UC-7420/7410 Connecting UC-7420/7410 to a PCSerial Console Default IP Address Netmask Telnet Console192.168.3.127 255.255.255.0 192.168.4.127 255.255.255.0SSH Console Windows UsersConfiguring the Ethernet Interface Modifying Network Settings with the Serial ConsoleLinux Users Static IP addressesDynamic IP addresses Configuring the Wlan via the Pcmcia Interface Modifying Network Settings over the NetworkDefault IP address is 192.168.5.127, netmask IEEE802.11b#vi /etc/wlan/wlancfg-any IEEE802.11g Setting Explanation SettingKey1Str, Key2Str, Key3Str, Key4Str-Sets strings Key1 to Key4 TurboRate-Enables or disables TurboRate Installing the Tool Chain Linux Test Program-Developing Hello.cChecking the Flash Memory Space StepCompiling Hello.c You should receive the following responseTesting Environment Developing Your First ApplicationUploading Hello to UC-7420/7410 and Running the Program Compiling tcps2.c #mount -t iso9660 /dev/cdrom /mnt/cdromUploading tcps2-release and Running the Program PuTTY#jobs // use this command to check if the program is running Testing Procedure Summary UC-7420/7410 User’s ManualUC-7420/7410 User’s Manual ‰ System Version Information ‰ System Image Backup Managing Embedded LinuxSystem Image Backup System Version InformationUpgrading the Firmware Upgrading the firmware will erase all data on the Flash ROM#upramdisk #cd /mnt/ramdisk Loading Factory Defaults Backing Up the User File System Firmware versions earlier than V1.5 not includingFirmware version V1.5 and later versions Enabling and Disabling Daemons UC-7420/7410 User’s Manual Managing Embedded Linux Setting the Run-Level Adjusting the System Time Setting the Time ManuallyExample shell script to update the system time periodically NTP ClientUpdating the Time Automatically Cron-daemon to Execute Scheduled Commands Change mode of fixtime.shEnable the cron daemon manually Enable cron when the system boots upConnecting Peripherals USB Mass StorageCF Mass Storage Managing Communications ‰ Iptables ‰ NATWeb Service-Apache Telnet / FTPEnabling the Telnet/ftp server Disabling the Telnet/ftp serverUsr/www/cgi-bin Saving a Web Page to the CF Card Use the following commands to restart the Apache web server Iptables Local Host Packets Observe and erase chain rules Define policy for chain rulesUsage ExamplesAppend or delete rules IptmacEnabling NAT at Bootup NAT ExampleDial-up Service-PPP Example 2 Connecting to a PPP server over a hard-wired link How to check the connection UP Loopback RunningSetting up UC-7420/7410 as an NFS Server Setting up a Machine for Incoming PPP ConnectionsNFS Network File System #vi /etc/exportsSetting up UC-7420/7410 as an NFS Client Mail Steps 2Open VPN Internet IFS=‘ Create link symbols to enable this script at boot time Destination Gateway Genmsk Flags Metric Use Iface Now ping Host B from Host a by typing Setup 3 Routed IP Destination Gateway Genmsk Flags Metric Use Iface Programmer’s Guide Address Size Contents Flash Memory MapLinux Tool Chain Introduction Debugging with GDB Obtaining helpCross Compiling Applications and Libraries Tools Available in the Host EnvironmentDevice API RTC Real Time ClockBuzzer WDT Watch Dog Timer Input Int fd File handle from swtdopen return value Output Special Note User application example ExampleSwtddisableswtdfd Int mainint argc, char *argv Pidt sonpid Example to set the baud rate Example to get the baud rateKeyPad Baud rate inaccuracySpecial Note ExamplesMake File Example UC Finder Installing the Software Windows UC FinderUC-7420/7410 User’s Manual UC Finder Broadcast Search Linux ucfinder System Commands Busybox V0.60.4 Linux normal command utility collectionFile manager EditorProcess OtherMoxa special utilities Windows Tool Chain Introduction Introduction Installation Procedure Select the Root DirectoryUC-7420/7410 User’s Manual Windows Tool Chain Introduction UC-7420/7410 User’s Manual Windows Tool Chain Introduction Using the Bash Shell GDB debug tool-Insight UC-7420/7410 User’s Manual Windows Tool Chain IntroductionUC-7420/7410 User’s Manual Windows Tool Chain Introduction Service Information Moxa Internet Services Following services are providedProblem Report Form Moxa Product † UC-7410-LX † UC-7420-LX Serial NumberProduct Return Procedure