![Moxa DA-682A-C7-DPP-LX [43/108] Rule examples applying user defined chains](/img/pdf.png)
Moxa DA-682A-C7-DPP-LX [43/108] Rule examples applying user defined chains
![Moxa DA-682A-C7-DPP [43/108] Rule examples applying user defined chains](/views2/1198982/page43/bg2b.png)
DA-682A-DPP Linux Software Managing Communications
3-25
ATTENTION
To use the rule in Exam
ples 8 and 9, below, remember to first, to load the module ipt_mac:
moxa@Moxa:~# modprobe ipt_mac.
To make a module load across reboots, you may add it to the /etc/modprobe.conf file
using this command:
moxa@Moxa:~# echo “ipt_mac” >> /etc/modprobe.conf
Don’t forget to backup your modprobe.conf file before altering it, and take care to
use the double pointer (>>)
—which is append—
rather the single pointer (>) which is
overwrite.
Example 8: Drop all packets from MAC address 01:02:03:04:05:06.
# iptables –A INPUT –i eth0 –p all –m mac --mac-source 01:02:03:04:05:06 –j DROP
Example 9: Accept all packets from MAC address 02:03:04:05:06:07.
# iptables –A INPUT –i eth0 –p all –m mac --mac-source 02:03:04:05:06:07 –j ACCEPT
Rule Examples: Applying User-Defined Chains
Some network administrators may find it useful to define their own rule chains. Here, we show how to
implement them in the INPUT chain, and use the chains defined above, in the section User-Defined Chains.
# iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
# iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
The TCP and UDP chains are now attached to the INPUT chain; by adding in the above connection rule, once
a connection is accepted by either chain, it will be handled by the RELATED/ESTABLISHED rule. You may now
add rules to these chains as if you were adding rules to the INPUT chain. Using some of the INPUT rules defined
above as examples:
# iptables -A TCP -p tcp --dport 80 -j ACCEPT
# iptables -A TCP -p tcp --dport 443 -j ACCEPT
# iptables -A TCP -p tcp --dport 22 -j ACCEPT
# iptables -A UDP -p udp --dport 53 -j ACCEPT
ATTENTION
A s
ample firewall is provided in Appendix C, Sample Scripts
. If you have further questions, please refer to
those.
Saving the Firewall
You must save your firewall so that it will reload on the next reboot; otherwise, the firewall rules and settings
will be permanently deleted. After configuring iptables, the following command will save the ruleset to
/etc/sysconfig/iptables:
moxa@Moxa:~# /sbin/service iptables-save
NAT (Network Address Translation)
The NAT (Network Address Translation) protocol translates IP addresses used on a local network into IP
addresses used on a connecting network. One network is designated the inside network and the other is the
outside network. Typically, the DA-682A-DPP-LX connects several devices on a network and maps local inside
network addresses to one or more global outside IP addresses, and translates the global IP address used on by
packets coming in from the WAN back into local IP addresses.
Содержание
- Da 682a dpp linux software user s manual 1
- Edition 1 march 2016 1
- Www moxa com product 1
- Copyright notice 2
- Da 682a dpp linux software user s manual 2
- Disclaimer 2
- Technical support contact information 2
- Trademarks 2
- Www moxa com support 2
- Table of contents 3
- Introduction 5
- Attention 6
- Device driver 6
- Hardware 6
- Linux kernel 6
- Micro kernel 6
- Overview 6
- Protocol stack 6
- Software specifications 6
- Software configuration 7
- Account management 8
- Connecting from an ssh console 9
- Da 682a dpp linux software software configuration 9
- Moxa login moxa password last login thu sep 15 22 46 00 cst 2011 on tty1 linux moxa 2 2 5 amd64 1 smp tue jun 14 09 42 28 utc 2011 x86_64 the programs included with the debian gnu linux system are free software the exact distribution terms for each program are described in the individual files in usr share doc copyright debian gnu linux comes with absolutely no warranty to the extent permitted by applicable law root moxa 9
- Moxa moxa sudo i sudo password for moxa 9
- Rx bytes 0 0 b tx bytes 0 0 b interrupt 41 base address 0xe000 9
- Starting from a vga console 9
- Are you sure you want to continue connection yes no yes_ 10
- Da 682a dpp linux software software configuration 10
- Http www chiark greenend org uk sgtatham putty download htm 10
- Linux users 10
- Moxa moxa ssh 192 68 27 10
- User remotedebian moxa moxa ssh 192 68 27 the authenticity of host 192 68 27 192 68 27 can t be established rsa key fingerprint is 8b ee ff 84 41 25 fc cd 2a f2 92 8f cb 1f 6b 2f 10
- Windows users 10
- Attention 11
- Ntp client 11
- Setting the system clock and the rtc 11
- Using a shell script for automatic updates 11
- Warning 11
- How to run a shell script automatically across re boots 12
- Sample shell script for scheduled clock synchronizations 12
- Setting a time manually 12
- System time 12
- Attention 13
- Enabling and disabling daemons 13
- Setting the rtc 13
- Managing services using the insserv command 14
- Warning 14
- 10 root home fixtime sh 15
- 8 root hwclock w 15
- Bin sh ntpdate time stdtime gov tw hwclock w exit 0 15
- Cron for executing scheduled commands 15
- Da 682a dpp linux software software configuration 15
- Etc cronta 15
- Fixtime s 15
- Media usb 15
- Minute hour dom date month dow user command 15
- Mounting a usb storage device 15
- Moxa moxa chmod 755 fixtime sh 15
- Moxa moxa ls l etc rc d tcps ls cannot access etc rc d tcps no such file or directory 15
- Moxa moxa mount dev sdd1 on media usb0 type vfat rw nodev noexec noatime nodiratime sync fmask 0022 dmask 0022 codepage cp437 ioc harset utf8 shortname mixed errors remount ro 15
- Attention 16
- Checking versions for your kernel and os 16
- Da 682a dpp linux software software configuration 16
- Dev sdb 16
- Dev sdb1 media cf1 ext4 noatime errors remount ro 0 0 16
- Disconnecting a usb storage device 16
- Etc apt sources lis 16
- Etc fstab 16
- Mounting a cf card 16
- Moxa moxa kversion a 16
- Moxa moxa sudo vi etc apt sources list 16
- Moxa moxa syn 16
- Root moxa moxa umount f media usb0 16
- Root moxa moxa uname a linux moxa 3 4 686 pae 1 smp debian 3 6 1 i686 gnu linux 16
- Using apt to install and remove software 16
- Attention 17
- Cleaning out the package cache 17
- Determining available drive space 17
- Checking the file system 18
- Da 682a dpp linux software software configuration 18
- Tmpfs 403m 4 k 403m 1 run shm dev sdd1 7 g 553m 7 g 8 media usb0 18
- Managing communications 19
- Attention 20
- Configuring a persistent network interface naming order 20
- Configuring network interfaces 20
- Da 682a dpp linux software managing communications 21
- Dynamic ip address using dhcp 21
- Etc networ 21
- Etc network interfaces 21
- Etc network sudo vi interfaces 21
- Etc networking interface 21
- Ethernet interface configuration 21
- Static ip address 21
- Sudo service networking restart 21
- The loopback network interface auto lo iface lo inet loopback the primary network interface auto eth0 iface eth0 inet dhcp address 192 68 27 netmask 255 55 55 broadcast 192 68 55 21
- The loopback network interface auto lo iface lo inet loopback the primary network interface auto eth0 iface eth0 inet static address 192 68 27 netmask 255 55 55 broadcast 192 68 55 auto eth1 iface eth1 inet static address 192 68 27 netmask 255 55 55 broadcast 192 68 55 21
- Adjusting ip addresses with ifconfig 22
- Apt ge 22
- Da 682a dpp linux software managing communications 22
- Etc network interface 22
- Moxa moxa apt get pppoeconf 22
- Moxa moxa pppoeconf 22
- Point to point protocol over ethernet pppoe configuration 22
- Sudo ifconfig eth0 192 68 22
- The easy way pppoeconf 22
- Da 682a dpp linux software managing communications 23
- Etc resolve con 23
- The difficult way manually 24
- Attention 25
- Cat etc resolv conf resolv conf this file is the resolver configuration file see resolver 5 nameserver 168 5 nameserver 139 75 0 0 etc 25
- Configuring a point to point connection 25
- Da 682a dpp linux software managing communications 25
- Inet addr 192 6 2 p t p 129 7 65 mask 255 55 55 inet addr 192 6 2 p t p 129 7 65 mask 255 55 55 25
- Moxa moxa ifconfig ppp 25
- Moxa moxa kill 9 pppd 25
- Moxa moxa pppd eth0 25
- Nameserver 168 5 nameserver 139 75 0 0 25
- Nameserver ip_addr_of_first_dns_server nameserver ip_addr_of_second_dns_server 25
- Ppp0 link encap point to point protocol 25
- Rx packets 33 errors 0 dropped 0 overrun 0 rx packets 33 errors 0 dropped 0 overrun 0 25
- Tx packets 42 errors 0 dropped 0 overrun 0 tx packets 42 errors 0 dropped 0 overrun 0 25
- Up pointopoint running mtu 1500 metric 1 up pointopoint running mtu 1500 metric 1 25
- Da 682a dpp linux software managing communications 26
- Moxa moxa pppd connect chat v atdt5551212 connect login username password password dev ttym0 115200 debug crtscts modem defaultroute 192 7 26
- Moxa moxa pppd connect chat v atdt5551212 connect user username password password dev ttym0 115200 crtscts modem 26
- Checking the connection 27
- Connecting to a ppp server over a hardwired link 27
- Method 1 pppd dial in with pppd commands 28
- Method 2 pppd dial in with pppd script 28
- Setting up a machine for incoming ppp connections 28
- Attention 29
- Disabling a telnet ftp tftp server 29
- Enabling a telnet ftp or tftp server 29
- Telnet ftp tftp server 29
- Configuring the dns resolver 30
- Configuring the name service switcher 30
- Configuring the os hostname 30
- Da 682a dpp linux software managing communications 30
- Dns utilities 30
- Etc hostnam 30
- Etc hostname 30
- Etc nsswitch con 30
- Etc resolv con 30
- Moxa moxa hostname your preferred hostname 30
- Moxa moxa ntpdate time stdtime gov tw 30
- Moxa moxa sudo etc init d hostname sh start 30
- Resolv conf moxa moxa etc cat resolv conf resolv conf this file is the resolver configuration file see resolver 5 nameserver 192 68 6 nameserver 140 15 1 nameserver 140 15 36 0 nameserver 168 5 30
- Apache web server 31
- Attention 31
- Default homepage 31
- Attention 32
- Configuring the common gateway interface cgi 32
- Da 682a dpp linux software managing communications 32
- Disabling cgi 32
- Media usb 32
- Moxa moxa sudo cp a var www media usb0 32
- Moxa moxa sudo mount 32
- Moxa moxa sudo service apache2 restart 32
- Moxa moxa vi etc apache2 sites enabled 000 default 32
- Saving web pages to a usb storage device 32
- Setting up cgi 32
- Usr lib cgi bi 32
- Var ww 32
- Var www cgi bi 32
- Attention 34
- Building the firewall writing filter rules 34
- Da 682a dpp linux software managing communications 34
- Netfilter iptables 34
- Overview of basic netfilter architecture 34
- Setting up nat 34
- Da 682a dpp linux software managing communications 35
- Ip tables and ip chains 35
- The filter table 35
- The mangle table 35
- The nat table 35
- Attention 36
- Da 682a dpp linux software managing communications 36
- Moxa moxa iptables n tcp iptables n udp 36
- The five built in rule chains 36
- Understanding basic traffic flows 36
- User defined chains 36
- Attention 37
- Da 682a dpp linux software managing communications 37
- Netfilter hierarchy for incoming packets 37
- Connection tracking 38
- Da 682a dpp linux software managing communications 38
- Policies setting default firewall behavior 38
- Command arguments 39
- Da 682a dpp linux software managing communications 39
- Moxa moxa iptables p forward drop 39
- Moxa moxa iptables p input drop 39
- Moxa moxa iptables p output accept 39
- Moxa moxa iptables t tables p policy chain target policy accept drop etc 39
- Moxa moxa sbin service iptables save 39
- Netfilter policy examples 39
- Policy arguments 39
- Setting firewall policies 39
- Warning 39
- Command arguments 40
- Da 682a dpp linux software managing communications 40
- Flush a current rule chain or delete a user specified chain 40
- List current rule chains for a target table or for all tables 40
- Moxa iptables t table or multiple tables l chain n 40
- Moxa iptables t table or tables fxz 40
- Moxa moxa iptables t nat p output accept 40
- Moxa moxa iptables t nat p postrouting accept 40
- Moxa moxa iptables t nat p prerouting accept 40
- Viewing and manipulating rulesets 40
- Warning 40
- Da 682a dpp linux software managing communications 41
- Delete a user generated chain 41
- Etc sysconfig iptables sav 41
- Etc sysconfig iptables save 41
- Moxa iptables l z n chain rulenum 41
- Moxa iptables t table ai input output forward io interface p tcp udp icmp all s ip network sport ports d ip network dport ports j accept drop 41
- Moxa iptables x chain 41
- Moxa moxa iptables 41
- Warning 41
- Writing rulechains 41
- Zero out the packet and byte counters for a rule chain 41
- Attention 42
- Da 682a dpp linux software managing communications 42
- Examples 42
- Iptables a input i eth0 p tcp dport 21 j accept 42
- Iptables a input i eth0 p tcp dport 25 j log 42
- Iptables a input i eth0 p tcp s 192 68 24 j accept 42
- Iptables a input i eth0 p tcp s 192 68 4 dport 137 139 j accept 42
- Iptables a input i eth0 p tcp s 192 68 5 j drop 42
- Iptables a input i eth0 p tcp s 192 68 j accept 42
- Iptables a input i lo j accept 42
- Iptables a input m conntrack ctstate invalid j drop 42
- Iptables a input m conntrack ctstate related established j accept 42
- Iptables a input p 41 j accept 42
- Iptables a input p tcp dport 22 j accept 42
- Iptables a input p tcp dport 443 j accept 42
- Iptables a input p tcp dport 80 j accept 42
- Iptables a input p udp dport 53 j accept 42
- Moxa moxa iptables a input i lo j accept 42
- Warning 42
- Attention 43
- Nat network address translation 43
- Rule examples applying user defined chains 43
- Saving the firewall 43
- Attention 44
- Da 682a dpp linux software managing communications 44
- Enabling nat masquerading 44
- Etc modprobe conf 44
- Ip tables nat policies 44
- Iptables t nat a postrouting o eth0 s 555 66 77 88 24 j masquerade 44
- Iptables t nat p prerouting accept iptables t nat p postrouting accept iptables t nat p output accept 44
- Moxa moxa modprobe ipt_masquerade 44
- Proc sys net ipv4 ip_forward 44
- Source nat snat and destination nat dnat 44
- Attention 45
- Da 682a dpp linux software managing communications 45
- Etc fsta 45
- Moxa moxa mkdir p home nfs public 45
- Moxa moxa mount t nfs o nolock 192 68 home public home nfs public 45
- Moxa moxa showmount e host 45
- Setting up a networked file system nfs 45
- Setting up a vpn 45
- Attention 46
- Da 682a dpp linux software managing communications 46
- Etc openvpn secrouter ke 46
- Ethernet bridges linking independent subnets over the internet 46
- Moxa moxa 46
- Moxa moxa openvpn genkey secret secrouter key 46
- Moxa moxa scp etc openvpn secrouter key xxx xxx x xxx etc openvpn 46
- Configuring openvpn a 47
- Configuring openvpn b 47
- Da 682a dpp linux software managing communications 49
- Etc openvpn tap0 br conf 49
- Ethernet bridging for private networks on the same subnet 49
- Moxa moxa killall term openvpn 49
- Point to the peer remote 192 68 74 dev tap0 secret etc openvpn secrouter key cipher des ede3 cbc auth md5 tun mtu 1500 tun mtu extra 64 ping 40 up etc openvpn tap0 br sh comp lzo 49
- Routed ip tunnels 49
- Da 682a dpp linux software managing communications 50
- Etc openvpn tun con 50
- Etc openvpn tun sh 50
- Point to the peer remote 192 68 73 dev tun secret etc openvpn secrouter key cipher des ede3 cbc auth md5 tun mtu 1500 50
- Point to the peer remote 192 68 74 dev tun secret etc openvpn secrouter key cipher des ede3 cbc auth md5 tun mtu 1500 tun mtu extra 64 ping 40 ifconfig 192 68 73 192 68 74 up etc openvpn tun sh 50
- Start bin sh value after net is the subnet behind the remote peer route add net 192 68 netmask 255 55 55 gw 5 end 50
- File overview 51
- Setting up hot swap for block storage 51
- Programming guide 52
- Desktop management interface dmi 53
- Rtc real time clock 53
- Introduction 54
- Programmable leds 54
- Relay output 54
- Syntax 54
- Turning on or off the leds 54
- Watch dog timer wdt 54
- Da 682a dpp linux software programming guide 55
- Etc watchdog con 55
- How the wdt works 55
- Init d watchdog 55
- Moxa moxal update rc 55
- The watchdog device ioctl commands 55
- Watchdog device dev watchdog interval 60 realtime yes priority 10 55
- Da 682a dpp linux software programming guide 56
- Example hotswa 56
- Examples 56
- Hot swapping block drives 56
- Int main void int fd open dev watchdog o_wronly int ret 0 if fd 1 perror watchdog exit exit_failure while 1 ret write fd 0 1 if ret 1 ret 1 break sleep 10 close fd return ret 56
- Da 682a dpp linux software programming guide 57
- Documentation format 57
- Function documentation 57
- Attention 58
- Examples 58
- Function documentation 58
- Moxa safeguard 58
- Programming optional modules 60
- Configuring serial port mode 61
- Programming serial modules 61
- Attention 62
- Loading the defaults 62
- Programming the lan module 62
- Programming the fiber module 63
- Programming the switch module 63
- Programming the pci module 64
- System recovery 65
- Da 682a dpp linux software system recovery 66
- Overview setting up the recovery environment 66
- Recovery da 682a dpp lx_recovery clonezill 66
- Step 1 preparing the usb drive 66
- Tuxboot windows 23 ex 66
- Da 682a dpp linux software system recovery 67
- Two types of recovery base install and fully configured 67
- Attention 68
- Da 682a dpp linux software system recovery 68
- Media cd0 recovery os_imag 68
- Media usb0 home partima 68
- Moxa moxa cp media cd0 recovery os_image media usb0 home partimag 68
- Step 2 optional recovering to a stock os 68
- Step 3 setting the bios to boot via usb 68
- Da 682a dpp linux software system recovery 69
- F home partimag 69
- Step 4 optional create a custom system image 69
- Da 682a dpp linux software system recovery 70
- Home partima 70
- Warning 70
- Da 682a dpp linux software system recovery 71
- Da 682a dpp linux software system recovery 72
- Step 5 performing a system recovery 72
- Da 682a dpp linux software system recovery 73
- Da 682a dpp linux software system recovery 74
- Step 6 resetting the bios to its original state 74
- Da 682a dpp linux software system recovery 75
- A linux software components 76
- Linux software components 76
- Da 682a dpp linux software linux software components 77
- Da 682a dpp linux software linux software components 78
- Da 682a dpp linux software linux software components 79
- Da 682a dpp linux software linux software components 80
- Da 682a dpp linux software linux software components 81
- Da 682a dpp linux software linux software components 82
- Da 682a dpp linux software linux software components 83
- Da 682a dpp linux software linux software components 84
- Da 682a dpp linux software linux software components 85
- B the moxa custom mib file 86
- The moxa custom mib file 86
- C sample scripts and firewall rules 105
- Sample scripts and firewall rules 105
- A sample initialization script 106
- A sample firewall 108
Похожие устройства
- Moxa DA-682A-C7-DPP-LX Руководство по аппаратной части
- Moxa DA-682A-C7-DPP-LX Технические характеристики
- Braun 5050s Series 5 Инструкция по эксплуатации
- Braun HD 550 Инструкция по эксплуатации
- Braun Silk-epil 7 SkinSpa 7-561 Wet And Dry Инструкция по эксплуатации
- Braun 195s Series 1 Инструкция по эксплуатации
- Braun BT 7050 Инструкция по эксплуатации
- Braun 7929 Silk-epil 7 Skin Spa Инструкция по эксплуатации
- Candy FLE 0502/6 X Инструкция по эксплуатации
- Candy FPE 609/6 XL Инструкция по эксплуатации
- Candy CCFE 300 RU Инструкция по эксплуатации
- Candy FCL 614/6 GH Инструкция по эксплуатации
- Candy FPE 629/6 NX Инструкция по эксплуатации
- Candy CLG 64 SPTF Инструкция по эксплуатации
- Candy CLGC 64 SPBA Инструкция по эксплуатации
- Candy GV42 128DC1-07 Инструкция по эксплуатации
- Теплодар Сибирский утес 20 ЛП Руководство по эксплуатации
- Теплодар Сибирь 20 ЛК Руководство по эксплуатации
- Теплодар Сибирь 20 ЛНЗП Руководство по эксплуатации
- Теплодар Сибирь 20 ЛРК Руководство по эксплуатации