![Moxa IA261-I-LX [34/71] Iptables](/img/pdf.png)
Moxa IA261-I-LX [34/71] Iptables
![Moxa IA261-I-T-LX [34/71] Iptables](/views2/1199953/page34/bg22.png)
IA260-261-262 EM-2260 LX User’s Manual Managing Communications
IPTABLES
IPTABLES is an administrative tool for setting up, maintaining, and inspecting the Linux kernel’s
IP packet filter rule tables. Several different tables are defined, with each table containing built-in
chains and user-defined chains.
Each chain is a list of rules that apply to a certain type of packet. Each rule specifies what to do
with a matching packet. A rule (such as a jump to a user-defined chain in the same table) is called
a “target.”
The IA260/IA261/IA262/EM-2260 supports 3 types of IPTABLES table: Filter tables, NAT
tables, and Mangle tables:
A. Filter Table—includes three chains:
INPUT chain—filters all incoming traffic destined for the local host. Note that all incoming
packets destined for this host pass through this chain, no matter what interface or direction
they came from.
OUTPUT chain—filters packets sent from the local host.
FORWARD chain—routs and filters forwarded packets only. Note that all forwarded traffic
passes through this chain (not only in one direction), so you need to consider this factor when
writing your rule-set.
B. NAT Table—includes three chains:
PREROUTING chain—transfers the destination IP address (DNAT)
POSTROUTING chain—works after the routing process and before the Ethernet device
process to transfer the source IP address (SNAT)
OUTPUT chain—produces local packets
Sub-tables
Source NAT (SNAT)—changes the first source packet IP address.
Destination NAT (DNAT)—changes the first destination packet IP address.
MASQUERADE—a special form for SNAT. If one host can connect to Internet, then
other computers that connect to this host can connect to the Internet when the computer
does not have an actual IP address.
REDIRECT—a special form of DNAT that re-sends packets to a local host independent
of the destination IP address.
C. Mangle Table—includes the following chains:
INPUT—mangles packets after they have been routed, but before they are actually sent to the
processing machine.
FORWARD—mangles the packet after the initial routing decision, but before the last routing
decision prior to sending the packet the out.
PREROUTING chain—pre-processes packets before the routing process.
OUTPUT chain—processes packets after the routing process.
It has three extensions—TTL, MARK, and TOS.
4-7
Содержание
- First edition january 2009 1
- Ia260 ia261 ia262 em 2260 linux user s manual 1
- Www moxa com product 1
- Copyright notice 2
- Disclaimer 2
- Ia260 ia261 ia262 em 2260 linux user s manual 2
- Technical support contact information www moxa com support 2
- Trademarks 2
- Table of contents 3
- Introduction 5
- Overview 6
- Software architecture 6
- Journaling flash file system jffs2 7
- Software package 8
- Getting started 9
- Connecting the ia260 ia261 ia262 em 2260 to a pc 10
- Debug port 10
- Powering on the ia260 ia261 ia262 em 2260 10
- Telnet console 11
- Ssh console 12
- Windows users 12
- Linux users 13
- Configuring the ethernet interface 14
- Modifying network settings 14
- Vga console 14
- Cf socket for storage expansion 15
- Modifying network settings by command 15
- Test program developing hello c 15
- Checking the flash memory space 16
- Installing the tool chain linux 16
- Compiling hello c 17
- Uploading and running the hello program 17
- Managing embedded linux 18
- System version information 19
- Upgrading the firmware 19
- Attention 21
- Ia260 261 262 em 2260 lx user s manual managing embedded linux 21
- Next use the upgradehfm command to upgrade the kernel and root file system 21
- The upgradehfm utility will reboot your target after the upgrade is ok 21
- Enabling and disabling daemons 22
- Ia260 261 262 em 2260 lx user s manual managing embedded linux 22
- Loading factory defaults 22
- Snmpd snmp agent daemon telnetd telnet server daemon and client inetd internet daemons ftpd ftp server daemon and client sshd secure shell server daemon httpd apache www server daemon 22
- The following daemons are enabled when the ia260 ia261 ia262 em 2260 boots up for the first time 22
- To load the factory default settings you must press the reset to default button for more than 5 seconds all files in the home etc directories will be deleted note that while pressing the reset to default button the ready led will blink three times and then turn off it takes about one minute for the factory defaults to fully load for users who have logged onto the computer please note that they will be forcibly logged out when the factory defaults are loaded and the systems start to reboot 22
- Type the command ps to list all processes currently running 22
- Ia260 261 262 em 2260 lx user s manual managing embedded linux 23
- Next use vi to open your application script we use the example program tcps2 release and put it to run in the background 23
- The enabled daemons will be available after you reboot the system 23
- To run a private daemon you can edit the file rc local as follows 23
- Setting the run level 24
- Adjusting the system time 25
- Setting the time manually 25
- Ntp client 26
- Updating the time automatically 26
- Cron daemon to execute scheduled commands 27
- Managing communications 28
- Telnet ftp 29
- Web service apache 30
- Ia260 261 262 em 2260 lx user s manual managing communications 32
- Install php for apache web server 32
- Step 1 check that you have enough free space 32
- Step 2 type upramdisk to get the free space ram disk to save the package 32
- Step 3 download the php package from the cd rom you can find the package in cd rom utility_tools libmysqlclientx_x x xx_xxxxxx ipk and rom utility_tools libphpx_x x x_xxxxxx ipk where x indicates the version and cpu model 32
- Step 4 run ipkg cl install libmysqlclient5_5 3_arm ipk and then run ipkg cl install libphp5_5 _arm ipk to install php 32
- Step 5 test it use the browser to access http 192 68 27 phpinfo php 32
- This embedded computer supports the php option however since the php file is 3 mb it is not installed by default to install it yourself first make sure there is enough free space at least 3 mb on your embedded flash rom 32
- To check that the dev mtdblock3 free space is greater than 3 mb 32
- Iptables 34
- Ia260 261 262 em 2260 lx user s manual managing communications 35
- The following figure shows the iptables hierarchy 35
- Observe and erase chain rules 36
- Append or delete rules 37
- Define policy for chain rules 37
- Enabling nat at bootup 39
- Ia260 261 262 em 2260 lx user s manual managing communications 39
- In most real world situations you will want to use a simple shell script to enable nat when the ia260 ia261 ia262 em 2260 boots up the following script is an example 39
- Nat area private ip 39
- Nat example 39
- The ip address of lan1 is changed to 192 68 27 you will need to load the module ipt_masquerade 39
- Dial up service ppp 40
- Example 1 connecting to a ppp server over a simple dial up connection 40
- Example 2 connecting to a ppp server over a hard wired link 41
- How to check the connection 42
- Setting up a machine for incoming ppp connections 43
- Nfs network file system 45
- Setting up the ia260 ia261 ia262 em 2260 as an nfs client 45
- Openvpn 46
- Copy the file that is generated to the openvpn machine 47
- Generate a script file named openvpn bridge on each openvpn machine this script reconfigures interface eth1 as ip less creates logical bridge s and tap interfaces loads modules enables ip forwarding etc 47
- Host a 47
- Host a b represents one of the machines that belongs to openvpn a b the two remote subnets are configured for a different range of ip addresses when this setup is moved to a public network the external interfaces of the openvpn machines should be configured for static ips or connect to another device such as a firewall or dsl box first 47
- Host b 47
- Ia260 261 262 em 2260 lx user s manual managing communications 47
- Internet internet 47
- Lan1 192 68 71 47
- Lan1 192 68 72 lan1 192 68 74 47
- Lan1 192 68 73 47
- Lan2 192 68 73 47
- Lan2 192 68 74 47
- Local net 47
- Openvpn a 47
- Openvpn b 47
- Set up four machines as shown in the following diagram 47
- Setup 1 ethernet bridging for private networks on different subnets 47
- Ia260 261 262 em 2260 lx user s manual managing communications 48
- Create link symbols to enable this script at boot time 49
- Ia260 261 262 em 2260 lx user s manual managing communications 49
- Setup 2 ethernet bridging for private networks on the same subnet 51
- Create a configuration file named a tun conf and an executable script file named a tun sh 52
- Create a configuration file named b tun conf and an executable script file named b tun sh on openvpn b 52
- Host a 52
- Host b 52
- Ia260 261 262 em 2260 lx user s manual managing communications 52
- Internet internet 52
- Lan1 192 68 71 52
- Lan1 192 68 72 lan1 192 68 74 52
- Lan1 192 68 73 52
- Lan2 192 68 73 52
- Lan2 192 68 74 52
- Local net 52
- Openvpn a 52
- Openvpn b 52
- Set up the four machines as shown in the following diagram 52
- Setup 3 routed ip 52
- Development tool chains 54
- Compilation for applications 55
- Linux tool chain 55
- Steps for installing the linux tool chain 55
- On line debugging with gdb 56
- Programmer s guide 57
- Device api 58
- Flash memory map 58
- Rtc real time clock 58
- Buzzer 59
- Baudrate inaccuracy 60
- Example to get the baudrate 60
- Example to set the baudrate 60
- Special note 60
- Introduction 61
- Moxacan programming guide 61
- Programming guide 61
- Application programming interface 64
- Digital i o 64
- Examples 66
- Special note 66
- Ia260 ia261 ia262 em 2260 linux user s manual programmer s guide 67
- Ia260 ia261 ia262 em 2260 linux user s manual programmer s guide 68
- 13 6 13 69
- Bin rm f fname fname dbg o 69
- Dio program make file example 69
- Ia260 ia261 ia262 em 2260 linux user s manual programmer s guide 69
- A system commands 70
- Editor 70
- File manager 70
- Linux normal command utility collection 70
- Network 70
- System commands 70
- Moxa special utilities 71
- Process 71
Похожие устройства
- Moxa IA261-I-LX Руководство по аппаратной части
- Moxa IA261-I-LX Технические характеристики
- Moxa IA261-I-LX Руководство по быстрой установке
- Moxa IA261-I-LX Руководство по работе с утилитой Moxa Device Manager
- Moxa IA261-I-T-LX Инструкция по эксплуатации
- Moxa IA261-I-T-LX Руководство по аппаратной части
- Moxa IA261-I-T-LX Технические характеристики
- Moxa IA261-I-T-LX Руководство по быстрой установке
- Moxa IA261-I-T-LX Руководство по работе с утилитой Moxa Device Manager
- Moxa IA262-I-CE Инструкция по эксплуатации
- Moxa IA262-I-CE Руководство по аппаратной части
- Moxa IA262-I-CE Технические характеристики
- Moxa IA262-I-CE Руководство по работе с утилитой Moxa Device Manager
- Moxa IA262-I-CE Руководство по быстрой установке
- Moxa IA262-I-T-CE Инструкция по эксплуатации
- Moxa IA262-I-T-CE Руководство по аппаратной части
- Moxa IA262-I-T-CE Технические характеристики
- Moxa IA262-I-T-CE Руководство по быстрой установке
- Moxa IA262-I-T-CE Руководство по работе с утилитой Moxa Device Manager
- Moxa IA262-I-LX Инструкция по эксплуатации