Moxa Technologies EM-1240-LX Define policy rules, and Append or delete rules, Usage, Examples

Page 38

EM-1240-LX User’s Manual

Configuring EM-1240-LX

The EM-1240-LX supports the following sub-modules. Be sure to use the module that matches your application.

ip_conntrack	ipt_MARK
ip_conntrack_ftp	ipt_MASQUERADE
ipt_conntrack_irc	ipt_MIRROT
ip_nat_ftp	ipt_REDIRECT
ip_nat_irc	ipt_REJECT
ip_nat_snmp_basic	ipt_TCPMSS
ip_queue	ipt_TOS

ipt_ah ipt_esp ipt_length ipt_limit ipt_mac ipt_mark ipt_multiport ipt_owner

ipt_state

ipt_tcpmss

ipt_tos

ipt_ttl

ipt_unclean

NOTE The EM-1240-LX does NOT support IPV6 and ipchains.

Use iptables, iptables-restore, iptables-save to maintain the database.

NOTE IPTABLES supports packet filtering or NAT. Take care when setting up the IPTABLES rules. If the rules are not correct, remote hosts that connect via a LAN or PPP may be denied access. We recommend using the Serial Console to set up IPTABLES.

Click on the following links for more information about iptables.

http://www.linuxguruz.com/iptables/

http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html

Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have divided our discussion of the various rules into three categories: Observe and erase chain rules,

Define policy rules, and Append or delete rules.

Observe and erase chain rules

Usage:

# iptables [-t tables] [-L] [-n]

-t tables:	Table to manipulate (default: ‘filter’); example: nat or filter.
-L [chain]: List	List all rules in selected chains. If no chain is selected, all chains are listed.
-n:	Numeric output of addresses and ports.

# iptables [-t tables] [-FXZ]

-F: Flush the selected chain (all the chains in the table if none is listed).

-X: Delete the specified user-defined chain.

-Z: Set the packet and byte counters in all chains to zero.

Examples:

# iptables -L -n

In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table. Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted automatically, and all connections are accepted without being filtered.

#iptables –F #iptables –X #iptables –Z

4-5

Image 38

Contents EM-1240-LX User’s Manual First Edition, NovemberCopyright Notice Table of Contents Chapter EM-1240-LX Device API Introduction Overview Package ChecklistProduct Features EM-1240-LXProduct Specifications Hardware SpecificationsSoftware Specifications Hardware Block Diagram Appearance EM-1240 Development Kit Embedded ModuleEM-1240 Embedded Module EM-1240 Development Kit Dimensions Wiring Requirements Installing the EM-1240-LXLED Indicators Grounding the EM-1240-LX Connecting Data Transmission CablesConnecting the Power Connecting to the Network Connecting to a Serial DeviceAdditional Functions Reset ButtonInternal SD Socket Serial Console PortReal-time Clock Getting Started Console Port Powering on the EM-1240-LXConnecting the EM-1240-LX to a PC 192.168.3.127 255.255.255.0 Default IP Address Default NetmaskTelnet 192.168.4.127 255.255.255.0Configuring the Ethernet Interface Ifconfig eth0 Dhcpcd -p -a eth0 & dhcpcd -p -a eth1Installing a Secure Digital SD Memory Card Step Installing the EM-1240-LX Tool ChainDeveloping Your Applications #mount -t iso9660 /dev/cdrom /mnt/cdromEM-1240-LX User’s Manual Compiling Hello.c PATH=/usr/local/arm-elf/bin$PATHUploading Hello to the EM-1240-LX #makeRunning Hello on the EM-1240-LX # chmod 755 hello #./helloMake File Example Code Cflags =Software Package EM-1240-LX Software Architecture Additional information about JFFS2 is available at Flash Context Flash Address Size Access controlJournaling Flash File System JFFS2 EM-1240-LX Software Package Bin DevPtyp0 Ppp Pio Rtc Ram1 Ram0 Null Kmem Mem Cua0 Console Tty Configuring the EM-1240-LX ‰ Iptables ‰ NATExample default enable Enabling and Disabling DaemonsDefault Home Page address Adding a WebLocal Host Packets Examples Define policy rules, and Append or delete rulesUsage Define policy for chain rules Enabling NAT at Bootup NAT ExampleDial-out Service Configuring Dial-in/Dial-out ServiceConfiguring PPPoE Dial-in ServiceHow to Mount a Remote NFS Server Dynamic Driver Module Load/UnloadUpramdisk Ramdiskupkernel em1240-1.x.bin /ramdiskrebootUpgrading the Kernel Cd ramdiskUpgrading the Root File System & User Directory Upramdisk Cd ramdiskUser Directory Backup-EM-1240-LX to PC Ramdiskbackupfs /ramdisk/usrdisk-backupAutostarting User Applications on Bootup Loading Factory DefaultsMirroring the Application Program and Configuration Checking the Kernel and Root File System VersionsFsversion Cat /etc/versionEM-1240-LX Device API Uart Interface RTC Real-time ClockBuzzer UC Finder Windows UC Finder EM-1240-LX User’s Manual UC Finder EM-1240-LX User’s Manual UC Finder Linux UC Finder File manager System CommandsBusybox µClinux normal command utility collection EditorOther NetworkProcess Moxa Special UtilitiesSnmp Agent with MIB II & RS-232 Like Group Snmp Agent with MIB II & RS-232 Like Group Ip MIB Tcp MIB Udp MIBSnmp MIB RFC1317 RS-232 like group supported variables Rs232 MIBEM-1240-LX FAQ Service Information Moxa Internet Services Following services are providedProblem Report Form Moxa Product † EM-1240-LX Serial NumberProduct Return Procedure