Black Box 1102, 1101 
 
 

 


 

 

, 



Chapter 15: Advanced Configuration

fi </etc/config/pmshell-start.sh>


 


 





 


You can use tip and stty to completely bypass the portmanager and have raw access to the serial ports.

When you run tip on a portmanager controlled port, portmanager closes that port, and stops monitoring it until tip releases control of it.

With stty, the changes made to the port only “stick” until that port is closed and opened again. People probably will not want to use stty for more than initial debugging of the serial connection.

If you want to use stty to configure the port, you can put stty commands in /etc/config/scripts/portXX.init, which gets run whenever portmanager opens the port.

Otherwise, any setup you do with stty will get lost when the portmanager opens the port. (The reason that portmanager sets things back to its config rather than using whatever is on the port, is so the port is in a known good state, and will work, no matter what things are done to the serial port outside of portmanager.)







The console dial-in is handled by mgetty, with automatic PPP login extensions. mgetty is a smart getty replacement, designed to be used with Hayes compatible data and data/fax modems. mgetty knows about modem initialization, manual modem answering (your modem doesn’t answer if the machine isn’t ready), UUCP locking (you can use the same device for dial-in and dial-out). mgetty provides very extensive logging facilities. All standard mgetty options are supported.

Enabling Boot Messages on the Console:

If you are not using a modem on the DB9 console port and instead want to connect to it directly via a Null Modem cable, enable verbose mode, which allows you to see the standard linux start-up messages. Follow these commands:

#/bin/config --set=config.console.debug=on # /bin/config --run=console # reboo

t

If at some point in the future you chose to connect a modem for dial-in out-of-band access, you can reverse the procedure with the following commands.

#/bin/config --del=config.console.debug # /bin/config --run=console # reboot





The console server uses the iptables utility to provide a stateful firewall of LAN traffic. By default, rules are automatically inserted to allow access to enabled services and serial port access via enabled protocols. The commands that add these rules are contained in configuration files:

/etc/config/ipfilter

This is an executable shell script that runs whenever the LAN interface is brought up and whenever modifications are made to the iptables configuration as a result of CGI actions or the config command line tool.

The basic steps performed are as follows:

The current iptables configuration is erased.

If a customized IP-Filter script exists it is executed and no other actions are performed.

Standard policies are inserted that will drop all traffic not explicitly allowed to and through the system.

Rules are added which explicitly allow network traffic to access enabled services, for example, TTP, SNMP, etc

.

Rules are added that explicitly allow traffic network traffic access to serial ports over enabled protocols, for example, Telnet, SSH, and raw TCP.