Moxa Technologies UC-7420/7410 user manual Append or delete rules, Iptmac

Page 61

UC-7420/7410 User’s Manual

Managing Communication

OUTPUT:

For locally-generated packets.

 

FORWARD:

For packets routed out through the UC-7420/7410.

PREROUTING:

To alter packets as soon as they come in.

 

POSTROUTING: To alter packets as they are about to be sent out.

Examples:

#iptables –P INPUT DROP #iptables –P OUTPUT ACCEPT #iptables –P FORWARD ACCEPT #iptables –t nat –P PREROUTING ACCEPT #iptables –t nat –P OUTPUT ACCEPT #iptables -t nat –P POSTROUTING ACCEPT

In this example, the policy accepts outgoing packets and denies incoming packets.

Append or delete rules:

Usage:

#iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp, all] [-s IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP]

-A: Append one or more rules to the end of the selected chain.

-I: Insert one or more rules in the selected chain as the given rule number.

-i: Name of an interface via which a packet is going to be received.

-o: Name of an interface via which a packet is going to be sent.

-p: The protocol of the rule or of the packet to check.

-s: Source address (network name, host name, network IP address, or plain IP address).

--sport: Source port number.

-d: Destination address.

--dport:Destination port number.

-j: Jump target. Specifies the target of the rules; i.e., how to handle matched packets. For example, ACCEPT the packet, DROP the packet, or LOG the packet.

Examples:

Example 1: Accept all packets from lo interface.

# iptables –A INPUT –i lo –j ACCEPT

Example 2: Accept TCP packets from 192.168.0.1.

# iptables –A INPUT –i ixp0 –p tcp –s 192.168.0.1 –j ACCEPT

Example 3: Accept TCP packets from Class C network 192.168.1.0/24.

# iptables –A INPUT –i ixp0 –p tcp –s 192.168.1.0/24 –j ACCEPT

Example 4: Drop TCP packets from 192.168.1.25.

# iptables –A INPUT –i ixp0 –p tcp –s 192.168.1.25 –j DROP

Example 5: Drop TCP packets addressed for port 21.

# iptables –A INPUT –i ixp0 –p tcp --dport 21 –j DROP

Example 6: Accept TCP packets from 192.168.0.24 to UC-7420/7410’s port 137, 138, 139

# iptables –A INPUT –i ixp0 –p tcp –s 192.168.0.24 --dport 137:139 –j ACCEPT

Example 7: Log TCP packets that visit UC-7420/7410’s port 25.

# iptables –A INPUT –i ixp0 –p tcp --dport 25 –j LOG

Example 8: Drop all packets from MAC address 01:02:03:04:05:06.

# iptables –A INPUT –i ixp0 –p all –m mac –mac-source 01:02:03:04:05:06 –j DROP

NOTE: In Example 8, remember to issue the command #modprobe ipt_mac first to load module

ipt_mac.

4-9

Page 60 Page 62
Image 61
Page 60 Page 62
Contents Third Edition, June UC-7420/7410 User’s ManualTrademarks Copyright NoticeDisclaimer Table of Contents Chapter UC Finder Appendix B Windows Tool Chain Introduction ‰ Hardware Introduction IntroductionProduct Features Package ChecklistOverview UC-7410-LXProduct Hardware Specifications Hardware Introduction Appearance and DimensionsAppearance Dimensions LED Indicators Hardware Block DiagramLED Name Color Meaning Reset Button Reset-type ButtonsReset to default Button Real Time ClockWall or Cabinet Placement OptionsHardware Connection Description Wiring RequirementsDIN-Rail Mounting Connecting to the Network Connecting the PowerPin Signal Grounding UC-7420/7410Connecting to the Console Port Connecting to a Serial DeviceCompactFlash Pin RS-232 RS-422 RS-485Software Architecture Software IntroductionSoftware Package Journaling Flash File System JFFS2Software Version Comparison Table Directory Change Protocol stacks and utilitiesGetting Started ‰ Configuring the Ethernet InterfaceConnecting UC-7420/7410 to a PC Powering on UC-7420/7410Serial Console Telnet Console Default IP Address Netmask192.168.3.127 255.255.255.0 192.168.4.127 255.255.255.0Windows Users SSH ConsoleModifying Network Settings with the Serial Console Configuring the Ethernet InterfaceLinux Users Static IP addressesDynamic IP addresses Modifying Network Settings over the Network Configuring the Wlan via the Pcmcia InterfaceDefault IP address is 192.168.5.127, netmask IEEE802.11b#vi /etc/wlan/wlancfg-any IEEE802.11g Setting Setting ExplanationKey1Str, Key2Str, Key3Str, Key4Str-Sets strings Key1 to Key4 TurboRate-Enables or disables TurboRate Test Program-Developing Hello.c Installing the Tool Chain LinuxChecking the Flash Memory Space StepYou should receive the following response Compiling Hello.cDeveloping Your First Application Testing EnvironmentUploading Hello to UC-7420/7410 and Running the Program #mount -t iso9660 /dev/cdrom /mnt/cdrom Compiling tcps2.cPuTTY Uploading tcps2-release and Running the Program#jobs // use this command to check if the program is running UC-7420/7410 User’s Manual Testing Procedure SummaryUC-7420/7410 User’s Manual Managing Embedded Linux ‰ System Version Information ‰ System Image BackupSystem Version Information System Image BackupUpgrading the Firmware Upgrading the firmware will erase all data on the Flash ROM#upramdisk #cd /mnt/ramdisk Loading Factory Defaults Firmware versions earlier than V1.5 not including Backing Up the User File SystemFirmware version V1.5 and later versions Enabling and Disabling Daemons UC-7420/7410 User’s Manual Managing Embedded Linux Setting the Run-Level Setting the Time Manually Adjusting the System TimeNTP Client Example shell script to update the system time periodicallyUpdating the Time Automatically Change mode of fixtime.sh Cron-daemon to Execute Scheduled CommandsEnable the cron daemon manually Enable cron when the system boots upUSB Mass Storage Connecting PeripheralsCF Mass Storage ‰ Iptables ‰ NAT Managing CommunicationsTelnet / FTP Web Service-ApacheEnabling the Telnet/ftp server Disabling the Telnet/ftp serverUsr/www/cgi-bin Saving a Web Page to the CF Card Use the following commands to restart the Apache web server Iptables Local Host Packets Define policy for chain rules Observe and erase chain rulesUsage ExamplesIptmac Append or delete rulesNAT Example Enabling NAT at BootupDial-up Service-PPP Example 2 Connecting to a PPP server over a hard-wired link UP Loopback Running How to check the connectionSetting up a Machine for Incoming PPP Connections Setting up UC-7420/7410 as an NFS ServerNFS Network File System #vi /etc/exportsSetting up UC-7420/7410 as an NFS Client Steps 2 MailOpen VPN Internet IFS=‘ Create link symbols to enable this script at boot time Destination Gateway Genmsk Flags Metric Use Iface Now ping Host B from Host a by typing Setup 3 Routed IP Destination Gateway Genmsk Flags Metric Use Iface Programmer’s Guide Flash Memory Map Address Size ContentsLinux Tool Chain Introduction Obtaining help Debugging with GDBCross Compiling Applications and Libraries Tools Available in the Host EnvironmentRTC Real Time Clock Device APIBuzzer WDT Watch Dog Timer Input Int fd File handle from swtdopen return value Output User application example Example Special NoteSwtddisableswtdfd Int mainint argc, char *argv Pidt sonpid Example to get the baud rate Example to set the baud rateBaud rate inaccuracy KeyPadSpecial Note ExamplesMake File Example UC Finder Windows UC Finder Installing the SoftwareUC-7420/7410 User’s Manual UC Finder Broadcast Search Linux ucfinder Busybox V0.60.4 Linux normal command utility collection System CommandsFile manager EditorOther ProcessMoxa special utilities Windows Tool Chain Introduction Introduction Select the Root Directory Installation ProcedureUC-7420/7410 User’s Manual Windows Tool Chain Introduction UC-7420/7410 User’s Manual Windows Tool Chain Introduction Using the Bash Shell UC-7420/7410 User’s Manual Windows Tool Chain Introduction GDB debug tool-InsightUC-7420/7410 User’s Manual Windows Tool Chain Introduction Service Information Following services are provided Moxa Internet ServicesMoxa Product † UC-7410-LX † UC-7420-LX Serial Number Problem Report FormProduct Return Procedure
Top Page Image Contents