Korenix JetBox5400 series Скачать руководство пользователя страница 28

Страница: 28 / 73

Network Feature | Korenix

iptables splits the packet handling into three different tables, each of which contain a number

of chains. The firewalling rules, which we create, are included within a particular chain. The

three tables are:

filter

: used for packet filtering

nat

: used to provide packet modification capabilities; NAT/PAT and IP masquerading

mangle

: used for setting packet options and marking packets for further filtering or

routing

The

filter

table is the default table for any rule. It is where the bulk of the work in an iptables

firewall occurs. This table contains three chains:

INPUT: used for traffic which is entering our system and belongs to an IP address which
is on our local machine

OUTPUT: used for traffic which originated on the local system, otherwise known as the
firewall

FORWARD: used for traffic which is being routed between two network interfaces on
our firewall

There are three main targets for a rule within the filter table.

ACCEPT: allows the packet to be passed through the firewall without any noticeable

interaction

DROP: simply drops the packet as if it has never been in the system

REJECT: drops the packet then sends a ICMP reply back to the client telling it why the

connection failed

Example:
Add rules

The basic syntax of an iptables command is:

iptables -A INPUT -s 192.168.20.0/24 -j ACCEPT

This would add a rule into the INPUT chain, which matches any packet with a source address in
the 192.168.20.0 subnet. If a packet matches this criteria, then it would use the ACCEPT target,

which simply allows the packet on through.

Remove rules

To delete the first rule in the chain, we would do:

iptables -D INPUT 1

List rules

To list the rules we have on our system use:

iptables -L

Содержание JetBox5400 series

Страница 1: ...JetOS95 User Manual www korenix com...

Страница 2: ...in this document is for product information only and is subject to change without notice While reasonable efforts have been made in the preparation of this document to assure its accuracy Korenix assu...

Страница 3: ...s over the Network 12 2 3 Test Program Developing Hello c 13 2 3 1 Installing the Toolchain Linux 14 2 3 2 Compiling Hello c 14 2 3 3 Uploading test to JetBox9500 and Running the Program 15 Chapter 3...

Страница 4: ...4 Poecfg 54 Chapter 6 Programmer s Guide 55 6 1 Toolchain Introduction 55 6 1 1 Compiling Applications and Libraries 56 6 1 2 Tools Available in the Host Environment 56 6 2 Device API 57 6 3 RTC 57 6...

Страница 5: ...Korenix Overview 5...

Страница 6: ...ial layer 3 router with power over Ethernet technology and Linux computing It is a gateway to connect different network groups Ethernet fieldbus serial or IO control in a complex networking architectu...

Страница 7: ...JetBox console utility This method is particularly useful when using JetBox for the first time The signal is transmitted over a direct serial connection so you do not need to know either of JetBox s I...

Страница 8: ...below Default IP address Netmask LAN 192 168 10 1 255 255 255 0 WAN DHCP Default IP address and Netmask Use a cross over Ethernet Cable to connect directly from your PC to JetBox 8100 You should firs...

Страница 9: ...ell Configuration instructions are given in the next section 2 1 3 SSH Console Start from firmware v1 3 JetBox9500 supports an SSH Console to offer users with better security options Click on the link...

Страница 10: ...Modifying Network Settings with the Serial Console In this section we use the serial console to modify JetBox9500 s network settings Change Network Configuration Follow the instructions given in a pr...

Страница 11: ...ow 4 fields must be modified address netmask broadcast and network The default IP addresses are 192 168 10 1 iface lan inet static address 192 168 10 1 netmask 255 255 255 0 broadcast 192 168 10 255 n...

Страница 12: ...gateway For example iface wan inet static address 192 168 1 2 netmask 255 255 255 0 broadcast 192 168 1 255 network 192 168 1 0 gateway 192 168 1 1 This will set default gateway to 192 168 1 1 on WAN...

Страница 13: ...Developing Hello c In this section we use the standard Hello programming example to illustrate how to develop a program for the JetBox9500 In general program development involves the following seven...

Страница 14: ...e proper place tar jxvf jetbox9500 toolchains tar bz2 C NOTE To install the Toolchain you must grant root permission Toolchains used to not be relocatable You must install them in the location they we...

Страница 15: ...ox9500 via FTP 1 From the PC type ftp xxx xxx xxx xxx 2 Use bin command to set the transfer mode to Binary mode and the put command to initiate the file transfer ftp bin ftp put test root server ftp 1...

Страница 16: ...ata connection for helloworld 226 Transfer complete 4455 bytes sent in 4 1e 05 secs 108658 54 Kbytes sec ftp exit 221 Goodbye 3 From the JetBox9500 console type chmod x helloworld helloworld The word...

Страница 17: ...rsion numbers of your JetBox s hardware kernel and user file system Contact Korenix to determine the hardware version You will need the Production S N Serial number which is located on the JetBox9500...

Страница 18: ...tory is the repository for all available init scripts The etc rc n d only contains links to the etc init d Here is an example of starting and stopping the ssh daemon You can start the service by addin...

Страница 19: ...nd in etc rc3 d NOTE Scripts are run in file name lexical order Just use ls l to find out the start order 3 4 Setting System Time The JetBox9500 has two time settings One is the system time and the ot...

Страница 20: ...idea for devices that run ntpd The ntpd program changes the clock gradually whereas ntpdate sets the clock no matter how great the difference between a device s current clock setting and the correct...

Страница 21: ...e clock s natural drift allowing it to maintain a reasonably correct setting even if it is cut off from all external time sources for a period of time To start the server execute the command ntpd To c...

Страница 22: ...le like below removes the tmp files from tmp each day at 6 30 PM 30 18 rm tmp 3 7 Connect Peripherals While plug in a USB mass storage or a SD card use dmesg command can help showing USB storage devic...

Страница 23: ...the media sd0 folder To un mount the usb storage execute umount mount path For example issue umount media sd0 can un mount the previous mounted directory NOTE To be able to unmount a device you have...

Страница 24: ...etd conf The default is to enable the Telnet server telnet stream tcp nowait root usr sbin telnetd telnetd i l bin login Disabling the Telnet server Disable the daemon by typing in front of the first...

Страница 25: ...sa_key etc ssh_host_rsa_key pub etc init d S50sshd restart 4 3 FTP Service name proftpd Description A Highly configurable FTP server Config files etc proftpd conf Start file etc init d S50proftpd Star...

Страница 26: ...r command For example add the following line to etc resolv conf if the DNS server s IP address is 168 95 1 1 nameserver 168 95 1 1 Figure 4 5 nameserver 4 5 Web Server Service name webs Description we...

Страница 27: ...ctory with the following command export WEB_HOME YOUR WEB DIRECTORY 4 6 IPTABLES program name iptables Description A NFS client Usage iptables AD chain rule specification options iptables RI chain rul...

Страница 28: ...cal system otherwise known as the firewall 3 FORWARD used for traffic which is being routed between two network interfaces on our firewall There are three main targets for a rule within the filter tab...

Страница 29: ...apping one IP address space into another A basic NAT scenario The 2 interfaces concerned will be WAN and LAN WAN This will be the interface connected to the Internet LAN This interface will be connect...

Страница 30: ...emon Config files etc options etc pap secrets etc chap secrets Start file Start command Stop command Support command pppd chat pppdump Default down PPP Point to Point Protocol is used to run IP Intern...

Страница 31: ...and password from your Internet provider Second filled in these parameters to pppoe setup dialog Ethernet Interface wan User name from your ISP Activate on demand No Primary DNS 168 95 1 1 Firewallin...

Страница 32: ..._Address directory mount point Example A NFS server export it s root directory with IP address 192 168 1 10 want to mount to JetBox s mnt directory mount t nfs o nolock 192 168 1 10 root mnt NOTE Read...

Страница 33: ...subject smtp korenix com sender korenix com home mail content 4 12 SNMP Service name snmpd Description SNMP Daemon Config files etc snmp snmpd conf Start file Start command Stop command Support comman...

Страница 34: ...ice name ipsec Description A full featured IPSec VPN Config files etc ipsec conf Start file etc init d ipsec Start command etc init d ipsec start Stop command etc init d ipsec stop Default down Usage...

Страница 35: ...ptions pppd options Or using pppd s pty option pppd pty pptp hostname nolaunchpppd pptp options Available pptp options phone number Pass number to remote host as phone number nolaunchpppd Do not launc...

Страница 36: ...ORD In the steps below substitute these values manually Edit the config file etc ppp options pptp which sets options common to all tunnels lock noauth nobsdcomp nodeflate Add authentication informatio...

Страница 37: ...crets etc ppp options pptpd Start file etc init d pptpd Start command etc init d pptpd start Stop command etc init d pptpd stop Default down pptpd is the Poptop PPTP daemon which manages tunneled PPP...

Страница 38: ...specify other config file using the f options when starting the daemon Check the log files for proper operation For example you can type less f var log zebra log to check the zebra log Keep in mind t...

Страница 39: ...twork Feature 39 3 Query for supported command with 4 Display the current running config sh run 5 Enter config mode JetBox config terminal 6 Change hostname to KorenixRouter JetBox confg hostname Kore...

Страница 40: ...file This disables the default config file you must specify a c after the last C to have it read a config file too p controller port Start a controller session on the given TCP port P file set locati...

Страница 41: ...rule options D rulenum delete fastpath rule rulenum Options s source ip address d destination ip address Example Start fastpath fastpath start FastPath auto ipv4 routing start Stop fastpath fastpath s...

Страница 42: ...ontrol path As a result higher level stack services such as HTTP DHCP etc can still be provided via the CPU path while still maintaining throughput performance consistently using the fast path NOTE Th...

Страница 43: ...e specified configuration file Default is etc keepalived keepalived conf keepalived dump conf d Dump the configuration data keepalived log console l Log message to local console keepalived log detail...

Страница 44: ...the Master and the other becomes a Backup when the VRRP protocol starts up Election of the Master is based on the configuration file Both Master and Backup have identical Virtual IP Addresses When Ma...

Страница 45: ...P definition block notify_master specify a shell script to be executed during transition to master state path notify_backup specify a shell script to be executed during transition to backup state path...

Страница 46: ...MASTER interface wan virtual_router_id 151 priority 150 advert_int 1 authentication auth_type PASS auth_pass 1111 virtual_ipaddress 192 168 3 1 24 brd 192 168 3 255 dev wan vrrp_instance VI_WAN state...

Страница 47: ...y stats D display stats in csv format R record data about sync packets in a file x do not reset the clock if off by more than one second O do not reset the clock if offset is more than NUMBER nanoseco...

Страница 48: ...of key record then exit Example Start ptpd in slave mode ptpd g Stop ptpd in master mode preferred clock ptpd p The PTP daemon PTPd implements the Precision Time protocol PTP as defined by the releva...

Страница 49: ...ESS also send uni cast to ADDRESS e run in ethernet mode level2 h run in End to End mode l NUMBER NUMBER specify inbound outbound latency in nsec o NUMBER specify current UTC offset i NUMBER specify P...

Страница 50: ...ature Korenix relevant IEEE 1588 standard PTP Version 1 implements IEEE 1588 2002 and PTP Version 2 implements IEEE 1588 2008 PTP was developed to provide very precise time coordination of LAN connect...

Страница 51: ...CP First pri 0 7 Port default frame priority cos QUEUE_ID COS_ID dscp QUEUE_ID DSCP_ID ethtool p DEVNAME get vlan pvid ethtool P DEVNAME set vlan pvid pvid N ethtool t DEVNAME reset statistic ethtool...

Страница 52: ...N port Usage Options add interface name vlan_id tag port_id untag port_id example vconfig add lan 2 tag 1 2 3 untag 4 rem vlan name show Display Vlan Table set_flag interface name flag num 0 1 set_egr...

Страница 53: ...sage diocfg g PORT_NUM get DIO status diocfg s PORT_NUM 0 1 set DO OFF ON diocfg T PORT_NUM 0 1 set DIO Type Output Input diocfg S Save Config diocfg r Read Config diocfg c Clean Config Example Get st...

Страница 54: ...Config Example Get POE status on port 1 without PD on port 1 poecfg g 1 PoE Port 1 control status is On power delivery status is Off Get POE status on port 4 PD on port 4 and power is 48 voltage poecf...

Страница 55: ...e build environment must be running Linux and install with the Jetbox9500 Toolchain We have confirmed that the following Linux distributions can be used to install the tool chain Fedora Core 9 Centos...

Страница 56: ...meb linux g C compiler armeb linux gcc C compiler armeb linux gprof Display call graph profile data armeb linux ld Linker armeb linux nm Lists symbols from object files armeb linux objcopy Copies and...

Страница 57: ...gument to ioctl is traditionally named char argp Most uses of ioctl however require the third argument to be a caddr_t or an int An ioctl request has encoded in it whether the argument is an in argume...

Страница 58: ...omputer at least during normal operation The ioctl API Pinging the watchdog using an ioctl WDIOC_KEEPALIVE This ioctl does exactly the same thing as a write to the watchdog device so the main loop in...

Страница 59: ...rogrammer s Guide 59 Starting with the Linux 2 4 18 kernel it is possible to query the current timeout using the GETTIMEOUT ioctl ioctl fd WDIOC_GETTIMEOUT timeout printf The timeout was is d seconds...

Страница 60: ...tbox95 20100916 bin Where media sd0 is the usb mounted directory and Jetbox95 20100916 bin is the firmware name 7 2 JetView 7 2 1 Overview The JetView is a device management utility which support vari...

Страница 61: ...r idVender product idProduct 7 4 Change RS485 mode on JetCard 1608 Before you start using JetCard 1608 RS 422 485 configure the DIP Switch settings of each port DIP Switch can configure RS 422 4 wire...

Страница 62: ..._ON card 1608 setserial a dev ttyS1 mode 485_4W_OFF card 1608 7 5 Software Specification Item Protocol Notes JetBox 9500 Boot Loader Red boot Kernel 2 6 20 ARP x PPP x CHAP x IPv4 x IPv6 x PAP x ICMP...

Страница 63: ...pciutils PCI PCI utilities 2 2 10 setserial RS 232 serial port setting tool 2 17 usbmount USB automatically mounts USB mass storage devices 0 0 14 1 usbutils USB USB utilities 0 72 Network related SW...

Страница 64: ...ocol 0 99 9 wireless tools 802 11 Tools of WLAN card 29 Graphic and Multimedia jamvm JAVA Virtual Machine 1 5 0 Linux tool chain Gcc C C PC Cross Compiler 4 2 4 uClibc POSIX standard C library 0 9 29...

Страница 65: ...Korenix Appendix 65 pwd display now file directly df list now file system space mkdir make new directory rmdir delete directory...

Страница 66: ...input from a pipeline xargs execute a specified command on every item from standard input Archival Utilities bzip2 bunzip2 Compress Uncompress bzip FILE cpio Extract or list files from a cpio archive...

Страница 67: ...and configure network interfaces traceroute trace route tftp Trivial File Transfer Protocol client telnet Telnet client ftp FTP client Others dmesg dump kernel log message stty stty is used to change...

Страница 68: ...68 Appendix Korenix http www busybox net downloads BusyBox html...

Страница 69: ...2net conf C config line Handle a single configuration line This may be specified multiple times for multiple lines This is just like a line in the config file This disables the default config file you...

Страница 70: ...ovides a simple interface for controlling the ports and viewing their status To accomplish this it has the following commands showport TCP port Show information about a port If no port is given all po...

Страница 71: ...ls are DTRHI DTRLO Turns on and off the DTR line RTSHI RTSLO Turns on and off the RTS line setportenable tcp port enable state Sets the port operation state Valid states are off to shut the TCP port d...

Страница 72: ...TSCTS turns on off hardware flow control LOCALignores checks the modem control lines DCD DTR etc HANGUP_WHEN_DONE lowers does not lower the modem control lines DCD DTR etc when the connection closes N...

Страница 73: ...ts_access 5 Known Problems None Author Corey Minyard minyard acm org 7 8 Revision history V0 0 9 by 2011 3 8 update for JetOS93 v1 3 release 7 9 Customer Service Korenix Technology Co Ltd Business ser...

Результаты поиска

Содержание JetBox5400 series

Отзывы:

Korenix JetBox5400 series, Руководство пользователя, Страница: 28 / 73

Результаты поиска

Содержание JetBox5400 series

Отзывы: