![Moxa TC-6110-T-LX [37/117] Netfilter hierarchy for incoming packets](/img/pdf.png)
Moxa TC-6110-T-LX [37/117] Netfilter hierarchy for incoming packets
![Moxa TC-6110-T-LX [37/117] Netfilter hierarchy for incoming packets](/views2/1200319/page37/bg25.png)
TC-6110 Linux User's Manual Managing Communications
3-19
Netfilter Hierarchy for Incoming Packets
This figure shows how packets traverse the table hierarchy. Outbound packets originating on the local network
start at the box labeled Local Process. Inbound packets start at the top box labeled Incoming Packets.
ATTENTION
Be careful when setting up
iptables rules.
Incorrectly configured rules can very easily break connectivity with
a
remote host. For simple setups requiring minimal configuration (five rules or less), Moxa recommends
directly configuring
iptables using the console and a standard editor.
For more complicated setups, users may
use Arno’s iptables firewall script, or for very large, extremely complicated setups Moxa recommends the
Shorelin
e Firewall. The following
links will take you to further information about iptables setups and the various
software packages mentioned above
.
The netfilter
/iptables Project Homepage: http://www.netfilter.org/index.html
The Official neftilter/iptables packet
-filtering HOWTO:
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.htm
Arno’s iptables
Firewall (click on IPTABLES FIREWALL tab at the top navigation ribbon):
http://rocky.eld.leidenuniv.nl/joomla/
The Shore
line Firewall Homepage (lots of information about netfilter/iptables, as well):
http://www.shorewall.net/Documentation_Index.html
Public iptables/neftilter Forum:
http://www.linuxguruz.com/iptables/
Incoming
Packets
Mangle Table
PREROUTING Chain
NAT Table
PREROUTING Chain
NAT Table
POSTROUTING Chain
Outgoing
Packets
Other Host
Packets
Mangle Table
FORWARD Chain
Filter Table
FORWARD Chain
Mangle Table
POSTROUTING Chain
Local Host
Packets
Mangle Table
INPUT Chain
Filter Table
INPUT Chain
Local
Process
Mangle Table
OUTPUT Chain
NAT Table
OUTPUT Chain
Filter Table
OUTPUT Chain
Содержание
- First edition september 2013 1
- Tc 6110 linux user s manual 1
- Www moxa com product 1
- Copyright notice 2
- Disclaimer 2
- Tc 6110 linux user s manual 2
- Technical support contact information 2
- Trademarks 2
- Www moxa com support 2
- Table of contents 3
- Introduction 6
- Attention 7
- Device driver 7
- Hardware 7
- Linux kernel 7
- Micro kernel 7
- Overview 7
- Protocol stack 7
- Software components 7
- Software specifications 7
- Basic platform configuration 8
- Attention 9
- Default user account and password 9
- Attention 10
- Logging in to the linux console 10
- Connecting from an ssh console 11
- Http www chiark greenend org uk sgtatham putty download htm 11
- Linux users 11
- Moxa moxa ssh 192 68 27 11
- Tc 6110 linux user s manual basic platform configuration 11
- Windows users 11
- Attention 12
- Ntp client 12
- Setting the system clock and the rtc 12
- Using a shell script for automatic updates 12
- How to run a shell script automatically across re boots 13
- Sample shell script for scheduled clock synchronizations 13
- Setting a time manually 13
- System time 13
- Attention 14
- Enabling and disabling daemons 14
- Setting the rtc 14
- Managing services with insserv 15
- Warning 15
- 10 root home fixtime sh 16
- 8 root hwclock w 16
- Bin sh ntpdate time stdtime gov tw hwclock w exit 0 16
- Cron for executing scheduled commands 16
- Etc cronta 16
- Fixtime s 16
- Media usb 16
- Minute hour dom date month dow user command 16
- Mount dev sdd1 on media usb0 type vfat rw nodev noexec noatime nodiratime sync fmask 0022 dmask 0022 codepage cp437 io charset utf8 shortname mixed errors remount ro 16
- Mounting a usb storage device 16
- Moxa moxa chmod 755 fixtime sh 16
- Moxa moxa ls l etc rc d tcps ls cannot access etc rc d tcps no such file or directory 16
- Tc 6110 linux user s manual basic platform configuration 16
- Attention 17
- Checking versions for your kernel and os 17
- Deb http ftp us debian org debian wheezy main deb src http ftp us debian org debian wheezy main deb http security debian org wheezy updates main deb src http security debian org wheezy updates main wheezy updates previously known as volatile deb http ftp us debian org debian wheezy updates main deb src http ftp us debian org debian wheezy updates main 17
- Disconnecting a usb storage device 17
- Etc apt sources lis 17
- Moxa moxa kversion a 17
- Moxa moxa syn 17
- Root moxa moxa umount f media usb0 17
- Sudo apt get install openswan 17
- Sudo apt get remove openswan 17
- Sudo apt get remove openswan purge 17
- Sudo apt get update 17
- Sudo vi etc apt sources list 17
- Tc 6110 linux user s manual basic platform configuration 17
- Using apt to install and remove software 17
- Attention 18
- Cleaning out the package cache 18
- Determining available drive space 18
- Managing communications 19
- Attention 20
- Configuring a persistent network interface naming order 20
- Configuring network interfaces 20
- Dynamic ip address using dhcp 21
- Etc networ 21
- Etc network interfaces 21
- Etc network sudo vi interfaces 21
- Etc networking interface 21
- Ethernet interface configuration 21
- Static ip address 21
- Sudo service networking restart 21
- Tc 6110 linux user s manual managing communications 21
- The loopback network interface auto lo iface lo inet loopback the primary network interface auto eth0 iface eth0 inet dhcp address 192 68 27 netmask 255 55 55 broadcast 192 68 55 21
- The loopback network interface auto lo iface lo inet loopback the primary network interface auto eth0 iface eth0 inet static address 192 68 27 netmask 255 55 55 broadcast 192 68 55 auto eth1 iface eth1 inet static address 192 68 27 netmask 255 55 55 broadcast 192 68 55 21
- Adjusting ip addresses with ifconfig 22
- Etc network interface 22
- Point to point over ethernet pppoe configuration 22
- Pppoeconf 22
- Sudo ifconfig eth0 192 68 22
- Tc 6110 linux user s manual managing communications 22
- The easy way pppoeconf 22
- Etc resolve con 23
- Tc 6110 linux user s manual managing communications 23
- The difficult way manually 24
- Attention 25
- Cat etc resolv conf resolv conf this file is the resolver configuration file see resolver 5 nameserver 168 5 nameserver 139 75 0 0 etc 25
- Configuring a point to point connection 25
- Moxa moxa ifconfig ppp 25
- Moxa moxa kill 9 pppd 25
- Moxa moxa pppd eth0 25
- Nameserver 168 5 nameserver 139 75 0 0 25
- Nameserver ip_addr_of_first_dns_server nameserver ip_addr_of_second_dns_server 25
- Tc 6110 linux user s manual managing communications 25
- Connecting to a ppp server over a hardwired link 26
- Moxa moxa pppd connect chat v atdt5551212 connect login username password password dev ttym0 115200 debug crtscts modem defaultroute 192 7 26
- Moxa moxa pppd connect chat v atdt5551212 connect user username password password dev ttym0 115200 crtscts modem 26
- Moxa moxa pppd connect chat v noipdefault dev ttym0 19200 crtscts 26
- Tc 6110 linux user s manual managing communications 26
- Checking the connection 27
- Method 1 pppd dial in with pppd commands 28
- Method 2 pppd dial in with pppd script 28
- Setting up a machine for incoming ppp connections 28
- Attention 29
- Configuring the os hostname 29
- Disabling a telnet ftp tftp server 29
- Dns utilities 29
- Enabling a telnet ftp or tftp server 29
- Telnet ftp tftp server 29
- Configuring the dns resolver 30
- Configuring the name service switcher 30
- Etc cat resolv conf resolv conf this file is the resolver configuration file see resolver 5 nameserver 192 68 6 nameserver 140 15 1 nameserver 140 15 36 0 nameserver 168 5 30
- Etc hostname 30
- Etc nsswitch conf example configuration of gnu name service switch functionality if you have the glibc doc reference and info packages installed try info libc name service switch for information about this file passwd compat group compat shadow compat 30
- Etc resolv con 30
- Hostname your preferred hostname 30
- Moxa moxa ntpdate time stdtime gov tw 30
- Resolv conf 30
- Sudo etc init d hostname sh start 30
- Tc 6110 linux user s manual managing communications 30
- Apache web server 31
- Attention 31
- Configuring the common gateway interface cgi 31
- Default homepage 31
- Setting up cgi 31
- Attention 32
- Disabling cgi 32
- Etc apache2 sites available defaul 32
- Etc sudo vi etc apache2 sites avaliable default 32
- Media usb 32
- Moxa moxa sudo mount 32
- Moxa moxa vi etc apache2 sites enabled 000 default 32
- Saving web pages to a usb storage device 32
- Sudo service apache2 restart 32
- Tc 6110 linux user s manual managing communications 32
- Var ww 32
- Attention 33
- Netfilter iptables 33
- Attention 34
- Building the firewall writing filter rules 34
- Ip tables and ip chains 34
- Overview of basic netfilter architecture 34
- Setting up nat 34
- Tc 6110 linux user s manual managing communications 34
- The nat table 34
- Tc 6110 linux user s manual managing communications 35
- The filter table 35
- The five built in rule chains 35
- The mangle table 35
- Attention 36
- Moxa moxa iptables n tcp iptables n udp 36
- Tc 6110 linux user s manual managing communications 36
- Understanding basic traffic flows 36
- User defined chains 36
- Attention 37
- Netfilter hierarchy for incoming packets 37
- Tc 6110 linux user s manual managing communications 37
- Command arguments 38
- Connection tracking 38
- Moxa moxa iptables t tables p policy chain target policy accept drop etc 38
- Moxa moxa sbin service iptables save 38
- Policies setting default firewall behavior 38
- Setting firewall policies 38
- Tc 6110 linux user s manual managing communications 38
- Warning 38
- Moxa moxa iptables p forward drop 39
- Moxa moxa iptables p input drop 39
- Moxa moxa iptables p output accept 39
- Moxa moxa iptables t nat p output accept 39
- Moxa moxa iptables t nat p postrouting accept 39
- Moxa moxa iptables t nat p prerouting accept 39
- Netfilter policy examples 39
- Policy arguments 39
- Tc 6110 linux user s manual managing communications 39
- Viewing and manipulating rulesets 39
- Delete a user generated chain 40
- Etc sysconfig iptables sav 40
- Flush a current rule chain or delete a user specified chain 40
- List current rule chains for a target table or for all tables 40
- Moxa iptables l z n chain rulenum 40
- Moxa iptables t table or multiple tables l chain n 40
- Moxa iptables t table or tables fxz 40
- Moxa iptables x chain 40
- Moxa moxa iptables 40
- Moxa moxa sbin service iptables save 40
- Tc 6110 linux user s manual managing communications 40
- Warning 40
- Zero out the packet and byte counters for a rule chain 40
- Examples 41
- Iptables a input i lo j accept 41
- Iptables a input m conntrack ctstate invalid j drop 41
- Iptables a input m conntrack ctstate related established j accept 41
- Iptables a input p tcp dport 22 j accept 41
- Iptables a input p tcp dport 443 j accept 41
- Iptables a input p tcp dport 80 j accept 41
- Iptables a input p udp dport 53 j accept 41
- Moxa iptables t table ai input output forward io interface p tcp udp icmp all s ip network sport ports d ip network dport ports j accept drop 41
- Moxa moxa iptables a input i lo j accept 41
- Tc 6110 linux user s manual managing communications 41
- Warning 41
- Writing rulechains 41
- Attention 42
- Etc modprobe conf 42
- Iptables a input i eth0 p all m mac mac source 01 02 03 04 05 06 j drop 42
- Iptables a input i eth0 p all m mac mac source 02 03 04 05 06 07 j accept 42
- Iptables a input i eth0 p tcp dport 21 j accept 42
- Iptables a input i eth0 p tcp dport 25 j log 42
- Iptables a input i eth0 p tcp s 192 68 24 j accept 42
- Iptables a input i eth0 p tcp s 192 68 4 dport 137 139 j accept 42
- Iptables a input i eth0 p tcp s 192 68 5 j drop 42
- Iptables a input i eth0 p tcp s 192 68 j accept 42
- Iptables a input p 41 j accept 42
- Iptables a input p udp m conntrack ctstate new j udp iptables a input p tcp syn m conntrack ctstate new j tcp 42
- Iptables a tcp p tcp dport 80 j accept iptables a tcp p tcp dport 443 j accept iptables a tcp p tcp dport 22 j accept iptables a udp p udp dport 53 j accept 42
- Moxa moxa modprobe ipt_mac 42
- Rule examples applying user defined chains 42
- Tc 6110 linux user s manual managing communications 42
- To make a module load across reboots you may add it to the etc modprobe conf file using this command 42
- Which is overwrite 42
- Attention 43
- Enabling nat masquerading 43
- Etc sysconfig iptables moxa moxa sbin service iptables save 43
- Ip tables nat policies 43
- Iptables t nat p prerouting accept iptables t nat p postrouting accept iptables t nat p output accept 43
- Moxa moxa modprobe ipt_masquerade 43
- Nat network address translation 43
- Saving the firewall 43
- Source nat snat and destination nat dnat 43
- Tc 6110 linux user s manual managing communications 43
- Attention 44
- Etc fsta 44
- Etc modprobe conf 44
- Iptables t nat a postrouting o eth0 s 555 66 77 88 24 j masquerade 44
- Moxa moxa mkdir p home nfs public 44
- Moxa moxa mount t nfs o nolock 192 68 home public home nfs public 44
- Moxa moxa showmount e host 44
- Proc sys net ipv4 ip_forward 44
- Setting up a networked file system nfs 44
- Setting up a vpn 44
- Tc 6110 linux user s manual managing communications 44
- Attention 45
- Configuring openvpn a 45
- Dev tap0 port 1194 secret etc openvpn secrouter key 45
- Etc openvpn secrouter ke 45
- Etc openvpn tap0 br con 45
- Ethernet bridges linking indepdent subnets over the internet 45
- Moxa moxa 45
- Moxa moxa openvpn genkey secret secrouter key 45
- Moxa moxa scp etc openvpn secrouter key xxx xxx x xxx etc openvpn 45
- Point to the peer remote 192 68 74 45
- Tc 6110 linux user s manual managing communications 45
- Configuring openvpn b 46
- Etc openvpn tap0 br con 48
- Ethernet bridging for private networks on the same subnet 48
- Point to the peer remote 192 68 74 dev tap0 secret etc openvpn secrouter key cipher des ede3 cbc auth md5 tun mtu 1500 tun mtu extra 64 ping 40 up etc openvpn tap0 br sh comp lzo 48
- Routed ip tunnels 48
- Tc 6110 linux user s manual managing communications 48
- File overview 50
- Hot swap daemon customization 50
- Setting up hot swap for block storage 50
- Disk n p 51
- Etc init d mxhtspd s 51
- Etc mxhtspd mxhtspd con 51
- Handling an event with mxhtspd moxa hot swap daemon 51
- Media disk n p 51
- Media disk1p 51
- Mount point usage limit media disk2p1 90 media disk1p1 90 51
- Moxa moxa mount rootfs on type rootfs rw none on sys type sysfs rw nosuid nodev noexec relatime none on proc type proc rw nosuid nodev noexec relatime udev on dev type tmpfs rw relatime size 10240k mode 755 dev hda1 on type ext2 ro relatime errors remount ro tmpfs on lib init rw type tmpfs rw nosuid relatime mode 755 usbfs on proc bus usb type usbfs rw nosuid nodev noexec relatime tmpfs on dev shm type tmpfs rw nosuid nodev relatime 51
- Start echo starting mxhtspd daemon sleep 1 mxhtspd v 51
- Tc 6110 linux user s manual managing communications 51
- Devpts on dev pts type devpts rw nosuid noexec relatime gid 5 mode 620 ptmxmode 000 none on tmp type tmpfs rw relatime dev hda2 on home type ext2 rw relatime errors continue dev sda1 on media disk2p1 type ext3 rw relatime errors continue data ordered dev sda2 on media disk2p2 type ext3 rw relatime errors continue data ordered dev sdb1 on media disk1p1 type ext3 rw relatime errors continue data ordered dev sdb2 on media disk1p2 type ext3 rw relatime errors continue data ordered 52
- Etc initta 52
- Etc mxhtspd action btn presse 52
- Etc mxhtspd action disk unplugge 52
- Etc mxhtspd action part over usag 52
- Etc mxhtspd mxhtspd con 52
- Media disknp 52
- Moxa moxa sudo runlevel n 2 52
- Setting up hot swap daemon logging 52
- Tc 6110 linux user s manual managing communications 52
- Warning 52
- A sample mxhtspd setup 53
- Add parameter if necessary mxhtspd l 3 53
- Attention 53
- Bin sh file basename 0 num 1 add your commands here home log_application echo file button num is pressed 53
- Etc init d mxhtspd s 53
- Moxa etc rc2 d mv n10rsyslog s10rsyslog 53
- Tc 6110 linux user s manual managing communications 53
- The default runlevel id 2 initdefault 53
- Uncomment below lines for mxhtspd with local 0 daemon var log mxhtspd log 53
- Bin sh file basename 0 num 1 add your commands here kill 9 pidof x log_application internal operation mxhtspd remove disk num 54
- Dev ttyacm 54
- Moxa moxa apt get install gps 54
- Moxa moxa cat dev ttyacm0 gpgsv 1 1 04 24 28 123 37 21 09 054 31 19 52 213 23 47 270 74 gpgga 061824 2458 35139 n 12133 55835 e 1 05 19 103 m 14 gprmc 061824 a 2458 35139 n 12133 55835 e 290710 a 68 gpgsa a 3 24 21 06 31 16 25 19 18 29 gpvtg t m 0 n 0 k 4e 54
- Moxa moxa killall cat 54
- Retrieving gps data 54
- Setting up gps 54
- Tc 6110 linux user s manual managing communications 54
- Awk f gpgga print strftime y m d 2 substr 3 0 2 substr 3 3 60 4 substr 5 0 3 substr 5 4 60 6 10 fflush dev ttyacm0 55
- Etc default gps 55
- Moxa apt get install gpsd clients 55
- Moxa moxa cgps 55
- Moxa moxa dpkg reconfigure gpsd 55
- Moxa moxa sudo etc init d gpsd start 55
- Tc 6110 linux user s manual managing communications 55
- Moxa s rcore software packages 57
- Initial check 58
- Installing the predictive maintenance diagnostic tool 58
- Moxa predictive maintenance diagnostic tool 58
- Moxa rcore predictive maintenance diagnostic tool 58
- Overview 58
- Etc mxsensor con 59
- Moxa moxa sudo etc init d mx_safeguard restart 59
- Moxa moxa sudo vi etc mx_sensor conf 59
- Tc 6110 linux user s manual moxa s rcore software packages 59
- The accelerometer g sensor log 59
- The t sensor log 59
- Moxa moxa dpkg r moxa safeguard tc 6110 60
- Moxa moxa sudo etc init d mx_safeguard restart 60
- Moxa moxa sudo vi etc mx_sensor conf 60
- Removing the moxa predictive maintenance diagnostic tool 60
- Tc 6110 linux user s manual moxa s rcore software packages 60
- Moxa synmap oids list 61
- Moxa synmap package 61
- Overview 61
- Tc 6110 linux user s manual moxa s rcore software packages 61
- Tc 6110 linux user s manual moxa s rcore software packages 62
- Force al 63
- Installing moxa synmap 63
- Moxa moxa sudo dpkg force all i moxa snmp tc 6110 1 de 63
- Tc 6110 linux user s manual moxa s rcore software packages 63
- Configuring the programmable leds 64
- Moxa moxa snmpwalk v 2c c public 192 68 xx xxx 1 691 7 64
- Tc 6110 linux user s manual moxa s rcore software packages 64
- Using moxa synmap oids snmpwalk snmpget 64
- Attention 65
- Checking g sensor 65
- Checking t sensor 65
- Checking voltage sensor 65
- Dev ple 65
- Tc 6110 linux user s manual moxa s rcore software packages 65
- Enabling the watchdog 66
- Tc 6110 linux user s manual moxa s rcore software packages 66
- Programming guide 67
- Desktop management interface dmi 68
- Programmable leds 68
- Rtc real time clock 68
- How the wdt works 69
- Introduction 69
- Turning on or off the leds 69
- Turning on or off the leds on a sata board 69
- Watch dog timer wdt 69
- Etc watchdog con 70
- Init d watchdog 70
- Tc 6110 linux user s manual programming guide 70
- The watchdog device ioctl commands 70
- Watchdog device dev watchdog interval 60 realtime yes priority 10 70
- Documentation format 71
- Example hotswa 71
- Examples 71
- Function documentation 71
- Hot swapping block drives 71
- Int main void int fd open dev watchdog o_wronly int ret 0 if fd 1 perror watchdog exit exit_failure while 1 ret write fd 0 1 if ret 1 ret 1 break sleep 10 close fd return ret 71
- Tc 6110 linux user s manual programming guide 71
- Attention 72
- Moxa safeguard 72
- Tc 6110 linux user s manual programming guide 72
- Define i2c_gsensor1_addr 0x1d define i2c_gsensor2_addr 0x53 73
- Examples 73
- Function documentation 73
- Tc 6110 linux user s manual programming guide 73
- System recovery 75
- Overview setting up the recovery environment 76
- Recovery da 682a lx_recovery clonezill 76
- Step 1 prepare the usb drive 76
- Tc 6110 linux user s manual system recovery 76
- Tuxboot windows 23 ex 76
- Tc 6110 linux user s manual system recovery 77
- Two types of recovery base install and fully configured 77
- Attention 78
- Media cd0 recovery os_imag 78
- Media usb0 home partima 78
- Moxa moxa cp media cd0 recovery os_image media usb0 home partimag 78
- Step 2 opt recovering to a stock os 78
- Step 3 setting the bios to boot via usb 78
- Tc 6110 linux user s manual system recovery 78
- F home partimag 79
- Step 4 opt create a custom system image 79
- Tc 6110 linux user s manual system recovery 79
- Home partima 80
- Tc 6110 linux user s manual system recovery 80
- Warning 80
- Step 5 performing a system recovery 81
- Tc 6110 linux user s manual system recovery 81
- Tc 6110 linux user s manual system recovery 82
- Step 6 reset the bios to its original state 83
- Tc 6110 linux user s manual system recovery 83
- Tc 6110 linux user s manual system recovery 84
- A software components 85
- Software components 85
- Tc 6110 linux user s manual software components 86
- Tc 6110 linux user s manual software components 87
- Tc 6110 linux user s manual software components 88
- Tc 6110 linux user s manual software components 89
- Tc 6110 linux user s manual software components 90
- Tc 6110 linux user s manual software components 91
- Tc 6110 linux user s manual software components 92
- Tc 6110 linux user s manual software components 93
- Tc 6110 linux user s manual software components 94
- B moxa mib file for tc 6110 lx 95
- Moxa mib file for tc 6110 lx 95
- C sample scripts firewall rules 114
- Sample scripts firewall rules 114
- A sample initialization script 115
- Tc 6110 linux user s manual sample scripts firewall rules 115
- Tc 6110 linux user s manual sample scripts firewall rules 116
- A sample firewall 117
Похожие устройства
- Moxa TC-6110-W7E Инструкция по эксплуатации
- Moxa TC-6110-W7E Руководство по аппаратной части
- Moxa TC-6110-W7E Технические характеристики
- Moxa TC-6110-W7E Руководство по быстрой установке
- Moxa TC-6110-W7E Руководство по программной части (Linux)
- Moxa TC-6110-T-W7E Инструкция по эксплуатации
- Moxa TC-6110-T-W7E Руководство по аппаратной части
- Moxa TC-6110-T-W7E Технические характеристики
- Moxa TC-6110-T-W7E Руководство по быстрой установке
- Moxa TC-6110-T-W7E Руководство по программной части (Linux)
- Moxa TC-6110-CT-LX Инструкция по эксплуатации
- Moxa TC-6110-CT-LX Руководство по аппаратной части
- Moxa TC-6110-CT-LX Технические характеристики
- Moxa TC-6110-CT-LX Руководство по быстрой установке
- Moxa TC-6110-CT-LX Руководство по программной части (Linux)
- Moxa TC-6110-CT-T-LX Инструкция по эксплуатации
- Moxa TC-6110-CT-T-LX Руководство по аппаратной части
- Moxa TC-6110-CT-T-LX Технические характеристики
- Moxa TC-6110-CT-T-LX Руководство по быстрой установке
- Moxa TC-6110-CT-T-LX Руководство по программной части (Linux)