DA-682 Series Linux User`s Manual v1
Contents
1. LAN2 192 168 2 173 LANI 192 168 2 171 LANI 192 168 8 173 Internet LANI 192 168 8 174 LAN1 192 168 4 172 LAN2 192 168 4 174 Host B local net 2 On machine OpenVPN A modify the remote address in configuration file etc openvpn tun conf point to the peer remote 192 168 8 174 dev tun secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 ifconfig 192 168 2 173 192 168 4 174 up etc openvpn tun sh 3 Next modify the routing table in script file etc openvpn tun sh bin sh value after net the subnet behind the remote peer route add net 192 168 2 0 netmask 255 255 255 0 55 3 31 DA 682 Series Linux User s Manual Managing Communications 4 On machine OpenVPN B modify the remote address in configuration file etc openvpn tun conf point to the peer remote 192 168 8 173 dev tun secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 Lfconfig 192 0160 4 174 192 268222178 up etc openvpn tun sh And then modify the routing table in script file etc openvpn tun sh bin sh value after net is the subnet behind the remote peer route add net 192 168 2 0 netmask 255 255 255 0 55 The first argument of parameter ifconfig is the local internal interface and the second argument is the internal interface at the remote peer 52. 2 Software Configuration In this chapter we explain how to operate DA 682 LX computer directly or from a PC near you There are three ways to connect to the DA 682 LX computer through VGA monitor by using Telnet over the network or by using an SSH console from a Windows or Linux machine This chapter describes basic Linux operating system configurations The advanced network management and configuration will be described in the next chapter Managing Communications This chapter covers the following topics Starting from VGA Console Connecting from Telnet Console Connecting from an SSH Console Windows Users Linux Users Adjusting the System Time Setting the Time Manually NTPClient gt Updating the Time Automatically Enabling and Disabling Daemons Setting the Run Level Cron Daemon for Executing Scheduled Commands Inserting a USB Storage Device into the Computer Inserting a CompactFlash Card into the Computer Checking the Linux Version APT Installing and Removing Packages LDODCDUDLU DA 682 Series Linux User s Manual Software Configuration Starting from a VGA Console Connect the display monitor to the DA 682 LX VGA connector and then power it up by connecting it to the power adaptor It takes about 30 to 60 seconds for the system to boot up Once the system is ready a login screen will appear on your monitor To log in type the login name and password as requested Th
3. DA 682 Series Linux User s Manual Managing Communications IPTABLES Hierarchy The following figure shows the IPTABLES hierarchy Incoming Packets Mangle Table PREROUTING Chain NAT Table PREROUTING Chain Local Host Packets Mangle Table INPUT Chain Other Host Packets Mangle Table FORWARD Chain Filter Table INPUT Chain Local Process Mangle Table OUTPUT Chain Filter Table FORWARD Chain Mangle Table POSTROUTING Chain NAT Table OUTPUT Chain Filter Table OUTPUT Chain NAT Table POSTROUTING Chain Outgoing Packets 3 10 DA 682 Series Linux User s Manual Managing Communications IPTABLES Modules The DA 682 LX supports the following sub modules Be sure to use the module that matches your application arptable_filter ko arp_tables ko arpt_mangle ko cornices amanda ip_conntrack_ftp ko ip_conntrack_h323 ko ip conntrack netbios ns ip conntrack netlink ko lip conntrack pptp ko ssepe ko ip conntrack sipko conntrack tftp ko The basic syntax to enable and load an IPTABLES module is as follows Ismod modprobe ip_tables modprobe iptable filter Use Ismod to check if the tables module has already been loaded in the DA 682 LX Use modprobe to insert and enable the module Use the following command to load the modules iptable filter iptable mangle iptable nat modprobe iptable filter Use iptables iptables restore
4. etc openvpn tap0 br conf point to the peer remote 192 168 8 173 dev tap0 secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 up etc openvpn tap0 br sh comp 1zo 7 Next modify the routing table in etc openvpn tap0 br sh script file bin sh value after net is the subnet behind the remote route add net 192 168 2 0 netmask 255 255 255 0 dev And then configure the bridge interface in etc openvpn bridge 3 27 DA 682 Series Linux User s Manual Managing Communications bin bash Create global variables Define Bridge Interface br brO0 Define list of interfaces to be bridged for example tap tap0 tapl tap tapo Define physical ethernet interface to be bridged with TAP interface s above eth eth1 eth_ip 192 168 8 174 eth_netmask 255 255 255 0 eth broadcast 192 168 8 255 gw 192 168 8 173 Start the bridge script file to configure the bridge interface etc openvpn bridge restart ATTENTION Select cipher and authentication algorithms by specifying cipher and auth To see which algorithms are available type openvpn show ciphers openvpn show auths 8 Start both OpenVPN peers on machine OpenVPN A and OpenVPN openvpn config etc openvpn tap0 br conf amp If you see the line Peer Connection Initiated with 192 168 8 173 50000n each machine the conne
5. modprobe first to load the module ipt_mac DA 682 Series Linux User s Manual Managing Communications NAT Network Address Translation The NAT Network Address Translation protocol translates IP addresses used on one network into IP addresses used on a connecting network One network is designated the inside network and the other is the outside network Typically the DA 682 LX connects several devices on a network and maps local inside network addresses to one or more global outside IP addresses and un maps the global IP addresses on incoming packets back into local IP addresses Click on the following links for more information about http www netfilter org documentation HOWTO packet filtering HOWTO html NAT Example The IP address of all packets leaving LANI are changed to 192 168 3 127 you will need to load the module ipt MASQUERADE IP Netmask 192 168 3 100 24 Gateway 192 168 3 127 1 Linux or Windows LANI 192 168 3 127 24 LAN2 192 168 4 127 24 PC2 Linux or Windows IP Netmask 192 168 4 100 24 Gateway 192 168 4 127 NAT Area Private IP ehco 1 gt proc sys net ipv4 ip forward modprobe ipt MASQUERADE iptables nat A POSTROUTING o eth0 j MASQUERADE 3 14 DA 682 Series Linux User s Manual Managing Communications Enabling NAT at Bootup In most real world situations you will want to use a simple shell script to enabl
6. 3j Sw 3 J 2 DVD T z D le 5 RETEA 3 FE AIR Dy 22 BEER LIF lt EEE co uz d Open DOS prompt and type M syslinux exe M to create bootable Linux disk In this example M is the USB Disk drive number Step 3 Set up the BIOS to Boot from a USB Disk a Insert the USB disk b Power and press DEL to enter the bios setup menu c Select Advanced Hard Disk Boot Priority and then press Enter d From the setup menu use 17 or to select the USB device e Press to move the selection up to the first priority and press Esc to exit the setup menu f Make sure the first boot device is Hard Disk If not press Enter to change it g Select Exit gt Save amp Exit Setup and then press Enter h Choose Y to save to the CMOS and then exit DA 682 Series Linux User s Manual System Recovery First Boot Device 4 4 DA 682 Series Linux User s Manual System Recovery Step 4 Recover the Linux system from a USB Disk a Ifthe BIOS setup is correct it will boot from the USB disk Follow the steps below to set up recovery parameters This tool can be used to both backup a Ghost like image of your hard disk and to restore your hard disk from such an image Please be aware that if you choose to restore your hard disk All the data contained on this computer might be lost during the restoration You man choose to abort now
7. debug detach Configure the chat script etc ppp ppp ttyM0 chat SAY Auto Answer ON n Tut 50 1 Start the dial in service call dialin If you hope to have auto dial in service you respawn the dial in service in etc inittab DA682 mount remount rw dev hdal DA682 echo p0 2345 respawn pppd call dialin etc inittab DA682 umount 3 19 DA 682 Series Linux User s Manual Managing Communications The following procedure is for setting up PPPOE 1 Connect the DA 682 LX s LAN port to an ADSL modem with a cross over cable HUB or switch Log in to the DA 682 LX as the root user Edit the file etc ppp chap secrets and add the following username hinet net gt password Secrets for authentication using client server secret IP addresses PPPOE example if you want to use it you need to unmark it and modify it username hinet net password username hinet net is the username obtained from the ISP to log in to the ISP account password is the corresponding password for the account 4 Editthe file etc ppp pap secrets and add the following username hinet net password ATTENTION The definitions here can allow users to login without a password if you don t use the login option of pppd The mgetty Debian package already provides this option make sure you
8. iptables save to maintain the database IPTABLES plays the role of packet filtering Be careful when setting up the IPTABLES rules If the rules are not correct remote hosts that connect via a LAN or PPP may be denied We recommend using the VGA console to set up the IPTABLES Click on the following links for more information about IPTABLES http www linuxguruz com iptables http www netfilter org documentation HOWTO packet filtering HOWTO html Since the IPTABLES command is very complex to illustrate the IPTABLES syntax we have divided our discussion of the various rules into three categories Observe and erase chain rules Define policy rules and Append or delete rules DA 682 Series Linux User s Manual Managing Communications Observe and Erase Chain Rules Usage iptables t tables L n t tables Table to manipulate default filter example nat or filter L chain List List all rules in selected chains If no chain is selected all chains are listed n Numeric output of addresses and ports iptables t tables FXZ F Flush the selected chain all the chains in the table if none is listed X Delete the specified user defined chain Z Set the packet and byte counters in all chains to zero Examples iptables L n In this example since we do not use the t parameter the system uses the default filter table Three chains are include
9. 1 2 DA 682 Series Linux User s Manual Introduction Software Specifications The Linux operating system pre installed on the DA 682 embedded computer is the Debian Etch 4 0r2 distribution The Debian project is a worldwide group of volunteers who endeavor to produce an operating system distribution that composed entirely of free software The Debian GNU Linux follows the standard Linux architecture making it easy to use programs that meet the POSIX standard Program porting can be done with the GNU Tool Chain provided by Moxa In addition to Standard POSIX APIs device drivers for Moxa UART and other special peripherals are also included An example software architecture is shown below AP API 1 Protocol Stack Linux Device Driver Kernel Micro Kernel Memory Control Schedule Process Hardware Refer to http www debian org and http www gnu org for information and documentation of the Debian GNU Linux and free software concept ATTENTION The above software architecture is only an example Different models or different build revisions of the Linux operating system may include components not shown in the above graphic 1 3 DA 682 Series Linux User s Manual Introduction Journaling Flash File System JFFS2 pre installed root system is protected in read only partition to prevent system crash problems normally caused by power loss But
10. 192 168 3 127 can t be established RSA key fingerprint is 8b ee ff 84 41 25 fc cd 2a f2 92 8f ch 1f 6b 2f Are you sure you want to continue connection yes no yes_ 2 4 DA 682 Series Linux User s Manual Software Configuration Adjusting the System Time The DA 682 LX has two time settings One is the system time and the other is provided by an RTC Real Time Clock built into the DA 682 LX s hardware Setting the Time Manually Use the date command to query the current system time or set a new system time Use hwclock to query the current RTC time or set a new RTC time Use the following command to set the system time date MMDDhhmmYYYY MM Month DD Date hhmm Hour and Minute YYYY Year Use the following command to write the current system time to the RTC hwclock w DA682 date Fri Jun 23 23 30 31 CST 2000 DA682 hwclock Fri Jun 23 23 30 35 2000 0 557748 seconds DA682 date 120910002004 Thu Dec 9 10 00 00 CST 2004 DA682 hwclock w DA682 date hwclock Thu Dec 9 10 01 07 CST 2004 Thu Dec 9 10 01 08 2004 0 933547 seconds DA682 NTP Client The DA 682 LX has a built in NTP Network Time Protocol client that is used to initialize a time request to a remote NTP server Use ntpdate to update the system time ntpdate time stdtime gov tw hwclock w Visit http www ntp org for more information about NTP and NTP server addresses 2 5 DA 682 Series Linux User
11. Chain Rules Append or Delete Rules NAT Network Address Translation gt NAT Example gt Enabling NAT at Bootup PPP Point to Point Protocol gt Connecting to a PPP Server over a Simple Dial up Connection VVVV V gt Connecting to a PPP Server over a Hard wired Link gt Checking the Connection gt Setting up a Machine for Incoming PPP Connections PPPoE NFS Network File System Client SNMP Simple Network Management Protocol OpenVPN gt Ethernet Bridging for Private Networks on Different Subnets gt Ethernet Bridging for Private Networks on the Same Subnet gt Routed IP DA 682 Series Linux User s Manual Managing Communications Changing the Network Settings The DA 682 LX computer has four basic Gigabit Ethernet ports named LANI to The LAN Port Expansion Module supports an additional four 10 100 Mbps Ethernet ports named LANS to LANS The default IP addresses and netmasks of the network interfaces are as follows Default IP Address Netmask LAN 1 192 168 3 127 255 255 255 0 LAN2 192 168 4 127 255 255 255 0 LAN3 192 168 5 127 255 255 255 0 LANA 192 168 6 127 255 255 255 0 These network settings can be modified by changing the interfaces configuration file or they can be adjusted temporarily with the ifconfig command Changing the interfaces Configuration File 1 Type cd etc network to change directory DA682 cd etc network 2 Type vi interfaces to edit the
12. Consistency across power failures e No integrity scan fsck is required at boot time after normal or abnormal shutdown e Explicit wear leveling e Transparent compression Although JFFS2 is a journaling file system this does not preclude the loss of data The file system will remain in a consistent state across power failures and will always be mountable However if the board is powered down during a write then the incomplete write will be rolled back on the next boot but writes that have already been completed will not be affected Additional information about JFFS2 is available at http sources redhat com jffs2 jffs2 pdf http developer axis com software jffs http www linux mtd infradead org 1 4 DA 682 Series Linux User s Manual Introduction Software Components The DA 682 LX pre installed Debian Etch 4 0r2 Linux distribution has the following software components console tools DEDIT AR 2007 07 31 etch1 GnuPG archive keys of the Debian archive keyring 1 5 DA 682 Series Linux User s Manual Introduction dselect 1 e2fslibs 2 11 14 dfsg 2etch1 ext2 filesystem libraries mm 1 39 1 40 WIP 11 14 dfsg 2etch1 ext2 file system utilities and prog 2006 libraries amp e 7 findutils 4 2 28 letchl Utilities for finding files find xargs an ftp 0 17 16 The FTP client g 4 1 4 1 1 21 The GNU C compiler The GNU C compiler go gcc The GNU C compiler gcc
13. Host B from Host A by typing ping 192 168 4 174 A successful ping indicates that you have created VPN system that only allows authorized users from one internal network to access users at the remote site For this system all data is transmitted by UDP packets on port 5000 between OpenVPN peers 11 To shut down OpenVPN programs type the command killall TERM openvpn 3 29 DA 682 Series Linux User s Manual Managing Communications Ethernet Bridging for Private Networks on the Same Subnet 1 Setup four machines as shown in the following diagram local net OpenVPN A LAN2 192 168 2 173 LANI 192 168 2 171 1 192 168 8 173 Internet 1 192 168 8 174 LAN1 192 168 2 172 LAN2 192 168 2 174 Host B OpenVPN B local net 2 The configuration procedure is almost the same as for the previous example The only difference is that you will need to comment out the parameter up in etc openvpn tap0 br conf of OpenVPN A and etc openvpn tap0 br conf of OpenVPN B point to the peer remote 192 168 8 174 dev secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 fup etc openvpn tap0 br sh fcomp lzo 3 30 DA 682 Series Linux User s Manual Managing Communications Routed IP 1 Setup four machines as shown in the following diagram local net Host A OpenVPN A
14. Mask 0 UP LOOPBACK RUNNING MTU 2000 Metric 1 RX packets 0 errors 0 dropped 0 overrun 0 ppp0 Link encap Point to Point Protocol inet addr 192 76 32 3 P t P 129 67 1 165 Mask 255 255 255 0 UP POINTOPOINT RUNNING MTU 1500 Metric 1 RX packets 33 errors 0 dropped 0 overrun 0 TX packets 42 errors 0 dropped 0 overrun 0 Now type ping 7 7 7 7 where z z z z is the address of your name server The output is similar to the following 3 17 DA 682 Series Linux User s Manual Managing Communications DA682 ping 129 67 1 165 PING 129 67 1 165 129 67 1 165 56 data bytes 64 bytes from 129 67 1 165 0 tt1 225 time 268 ms 64 bytes from 129 67 1 165 1 tt1 225 time 247 ms 64 bytes from 129 67 1 165 seq 2 tt1 225 time 266 ms SE 129 67 1 65 ping statistics 3 packets transmitted 3 packets received 0 packet loss round trip min avg max 247 260 268 ms DA682 Try typing netstat nr This should show three routes similar to the following Kernel routing table Destination Gateway Genmask Flags Metric Ref Use iface T2967 ds LOS 2020050 2554255429542955 UH 0 199210 127 0 0 0 0 0 0 0 00020 129 67 1 165 199210 If your output looks similar but does not have the destination 0 0 0 0 line which refers to the default route used for connections you may have run pppd without the defaultroute option At this point you can try using Telnet ftp or fing
15. Time Automatically ss 2 6 Enabling and Disabling Daemons 2 7 S tunsithe ERE EE RU ERU Rte ERR 2 11 Cron Daemon for Executing Scheduled Commands 2 12 Inserting a USB Storage Device into the Computer 2 12 Inserting a CompactFlash Card into the Computer 2 13 Checking the Linux Versions tete FERE Tu er HER ie e Roten 2 14 APT Installing and Removing Packages 2 15 Managing Communications nee 3 1 Changing the Network Settings sise 3 2 Changing the interfaces Configuration File 3 2 Adjusting IP Addresses with ifconfig 3 3 Serial Operation Mode te b tege tee titi fe d 3 3 Telnet ETP SetVers cioe Odette ie epe deoa tle itt 3 4 DNS P de mn nn es ee teste rsp Es 3 5 Apache Web Server en en ne ii a ae aa TS 3 6 Default Homepages ntes prier aspe uit 3 6 Disabling the CGI Function seen 3 7 Saving Web Pages to a USB Storage Device 3 7 gun Dm NAME 3 9 IPTABLES Ferarchy coerente tire eter te ps nee eden 3 10 IPTABLES Modules 3 etas eed Pere ta ese De dores 3 11 Observe and Erase Chain Rules 3 12 Define Policy for Chain Rules ss 3 12 Append Delete tired ere pet rere egeris 3 13 NAT Network Address Translation us 3 14 NAT Exampl
16. by stopping the computer now b Choose OK to go to the next step c Choose shut down the DA 680 LX when the restoration is finished When the job is completed do you want tq Get a shell root Reboot the system lt OK gt lt Can lt OK gt DA 682 Series Linux User s Manual System Recovery d Choose restore image from Local disk partition Where do you want to save restore your image to from Network share ocal disk partition Cancel e Choose Choose THIS if you want a restoration Note that you cannot restore a partition to itself So every partition but one the destination can be checked Use SPACE to SELECT an entry Choose THIS if you want a restoration 2 hda1 Linux lost found home etc media cdrom usr 1 hda2 Linux sda1 Cancel 4 6 DA 682 Series Linux User s Manual System Recovery f Choose the restoration source device sdal hda1 Linux lost found home etc media cdrom usr hda2 Linux sda1 W95 FAT32 LBA DA680_V1 0_Build_08031316 lt Cancel gt g Enter to choose the root directory of the restoration image Cancel 4 7 DA 682 Series Linux User s Manual System Recovery h Choose DA680 V1 0 Build 08031316 for the restoration image Choose Create New Image if you want a ghost like images of your partitions Choose Backup Local Hard Driver if prefer a zip arc
17. cache space etc cache apt is located in tmpfs If you need to install a huge package link etc cache apt to USB mass storage or mount it to an NFS space to generate more free space Use df h to check how much free space is available on tmpfs DA682 df h Filesystem Used Avail Use Mounted on rootfs 219M 531M 30 udev 44K 10M 1 dev dev hdb1 219M 531M 30 dev hdb1 219M 531M 30 dev static dev tmpfs 0 248M 0 dev shm none 13M 236M 6 tmp dev mtdblockO0O 25M 136M 16 home DA682 You can free up the cache space with the command apt get clean DA682 apt get clean DA682 2 16 3 Managing Communications The DA 682 LX ready to run embedded computer is network centric platform designed to serve as a front end for data acquisition and industrial control applications This chapter describes how to configure the various communication functions supported by the Linux operating system This chapter covers the following topics Oooo Changing the Network Settings gt Changing the interfaces Configuration File gt Adjusting IP Addresses with ifconfig Serial Port Operation Mode Telnet FTP Server DNS Client Apache Web Server gt Default Homepage gt Disabling the CGI Function gt Saving Web Pages to a USB Storage Device IPTABLES IPTABLES Hierarchy IPTABLES Modules Observe and Erase Chain Rules Define Policy for
18. don t change that INBOUND connections Every regular user can use PPP and has to use passwords from etc passwd hostname 5 username hinet net password f UserIDs that cannot use PPP at all Check your etc passwd and add any other accounts that should not be able to use pppd guest hostname MA eA master hostname x root hostname E support hostname stats hostname NOR OUTBOUND connections username hinet net is the username obtained from the ISP to log in to the ISP account password is the corresponding password for the account 3 20 DA 682 Series Linux User s Manual Managing Communications 5 Edit the file etc ppp options and add the following line plugin rp pppoe received Note it is not advisable to use this option with the persist option without the demand option If the active filter option is given data packets which are rejected by the specified activity filter also count as the link being idle idle lt n gt Specifies how many seconds to wait before re initiating the link after it terminates This option only has any effect if the persist or demand option is used holdoff period is not applied if the link was terminated because it was idle holdoff n Wait for up n milliseconds after the connect script finishes for a valid PPP packet from the peer At the end of this time or when a valid PPP packet is
19. etc network interfaces For example type the command ifconfig eth1 192 168 1 1 to change the IP address of LANI to 192 168 1 1 DA682 ifconfig ethl 192 168 1 1 DA682 Serial Port Operation Mode The serial port expansion module has 8 serial ports named COMI COMS The ports support RS 232 RS 422 4 wire RS 485 and 4 wire RS 485 operation modes with baudrate settings up to 921600 bps By default the serial interface is set to RS 232 You can use the setinterface command to change the serial port operation mode as indicated below setinterface device node interface no device node dev ttyMn 0 1 2 interface no see following table interface no Operation Mode None Display current setting 0 RS 232 1 2 wire 5 485 2 RS 422 3 4 wire RS 485 For example use the following commands to set dev ttyM0 to RS 422 DA682 setinterface dev ttyMO 2 DA682 setinterface dev ttyMO Now setting is RS422 interface DA682 3 3 DA 682 Series Linux User s Manual Managing Communications Telnet FTP Server In addition to supporting Telnet client server and FTP client server the DA 682 LX also supports SSH and sftp client server To enable or disable the Telnet ftp server you need to edit the file etc inetd conf 1 Mount the root file system with write permission DA682 mount o remount rw dev hdal 2 Type etc to change the directory DA6
20. network configuration file with vi editor You can configure the DA 682 LX s Ethernet ports for static or dynamic DHCP IP addresses DA682 etc network vi interfaces Static IP Address As shown in the example shown below the default static IP addresses can be modified The loopback network interface auto lo eth0 ethl eth2 eth3 eth4 eth5 eth6 eth7 iface lo inet loopback The primary network interface allow hotplug eth0 iface eth0 inet static address 192 168 3 127 netmask 255252554255 0 broadcast 192 168 3 255 allow hotplug ethl iface ethl inet static address 192 168 4 127 netmask 255 255 255 0 broadcast 192 168 4 255 allow hotplug eth2 iface eth2 inet static address 192 168 5 127 netmask 255 255 255 0 broadcast 192 16825 2255 3 2 DA 682 Series Linux User s Manual Managing Communications Dynamic IP Address using DHCP To configure one or both LAN ports to request an IP address dynamically replace static with dhcp and then delete the rest of the lines The primary network interface allow hotplug eth0 iface eth0 inet dhcp After modifying the boot settings of the LAN interface issue the following command to activate the LAN settings immediately etc init d networking restart DA682 etc init d networking restart Adjusting IP Addresses with ifconfig IP settings can be adjusted during run time but the new settings will not be saved to the flash ROM without modifying the file
21. s Manual Software Configuration DA682 date hwclock Sat Jan 1 00 00 36 CST 2000 Sat Jan 1 00 00 37 2000 0 772941 seconds DA682 DA682 ntpdate time stdtion gov tw 9 Dec 10 58 53 ntpdate 207 step time server 220 130 158 52 offset 155905087 9 84256 sec DA682 DA682 hwclock w DA682 date hwclock Thu 9 10 59 11 CST 2004 Thu Dec 9 10 59 12 2004 0 844076 seconds DA682 Before using the NTP client utility check your address and network settings to make sure Internet connection is available Updating the Time Automatically This section describes how to use a shell script to update the time automatically Example shell script for updating the system time periodically bin sh ntpdate time nist gov You use the time server s ip address or domain name directly If you use domain name you must enable the domain client on the system by updating etc resolv conf file hwclock w sleep 100 Updates every 100 seconds The min time is 100 seconds Change 100 to a larger number to update RTC less often Save the shell script using any file name For example fixtime How to run the shell script automatically when the kernel boots up Because the root file system is mounted in Read only mode we need to re mount it using writable permission mount o remount rw dev hdal Copy the example shell script fixtime to directory
22. some directories or files such as home root var letc network etc ppp ect openvpn and etc resolv conf which need write permission are located in another writable partition and formatted with the 52 file system The formatting process places compressed file system in the Flash memory transparent to the user The Journaling Flash File System JFFS2 which was developed by Axis Communications in Sweden puts a file system directly on the flash instead of emulating a block device It is designed for use on flash ROM chips and recognizes the special write requirements of a flash ROM chip JFFS2 implements wear leveling to extend the life of the flash disk and stores the flash directory structure the RAM log structured file system is maintained at all times The system is always consistent even if it encounters crashes or improper power downs and does not require fsck file system check on boot up 52 15 the newest version of JFFS It provides improved wear leveling and garbage collection performance improved RAM footprint and response to system memory pressure improved concurrency and support for suspending flash erases marking of bad sectors with continued use of the remaining good sectors native data compression inside the file system design and support for hard links JFFS2 enhances the write life of the flash devices The key features of JFFS2 are e Targets the Flash ROM directly e Robustness
23. 0 1 3 Library to read temperature voltage fan sensors libsepol1 1142 Security Enhanced Linux policy library for changing policy binaries libsigc 2 0 0c2a 2 0 17 2 Type safe Signal Framework for C runtime libslang2 2 0 6 4 The S Lang programming library runtime version libslpl 1 2 1 6 2 OpenSLP libraries 5 5 NET SNMP Simple Network Management libsnmp base 5 2 3 Tetch2 Protocol MIBs and Docs NET SNMP Simple Network Management Protocol MIBs and Docs 1 39 1 40 WIP 11 14 dfsg 2etch1 command line interface parsing libss2 2006 library libssl0 9 8 0 9 8c 4etchl SSL shared libraries libsspO 4 1 1 21 stack smashing protection library libstdc 6 4 1 1 21 The GNU Standard C Library v3 libstde 6 4 1 dev 4 The GNU Standard C Library v3 development files libsysfs2 Interface library to sysfs libtasn1 3 bin Manage 5 1 structures binaries 1 2 1 0 1 95 N 1 21 libtasn1 3 Manage ASN 1 structures runtime 6 2 libtext charwidth perl 0 04 4 Get display widths of characters the term libtext iconv perl Converts between character sets in Perl libtext wrapil8n perl 0 06 5 Internationalized substitute of Text Wrap libusb 0 1 4 0 1 12 5 userspace USB programming library 5 4 dbs 13 1 libuuid1 22 11 14 dfsg 2etch1 universally unique id library libvolume idO libvolume id shared library libwrapO 7 6 dbs Wietse Venema s TCP wrappers library linux image 2 6 686
24. 2 6 18 6etch2 Linux kernel 2 6 image on 4 Bee 7 2 6 18 dfsg 1 17 Linux 2 6 18 image on PPro Celeron PII PIII P4 linux kernel headers 2 6 18 7 Linux Kernel Headers for development 2 3 6 ds1 13etch5 GNU C Library National Language locale data support D 0 1 10 Programs for locking and unlocking files and mailboxes 4 0 18 1 7 System login tools 1 9 DA 682 Series Linux User s Manual Introduction s mime types amp mailcap and support openssl SSL binary related pppconfig text menu based utility for configuring ppp DA 682 Series Linux User s Manual Introduction Suns 5 2 3 Tetch2 NET SNMP Simple Network Management Protocol Apps The telnet client 1721 The GNU time program for measuring cpu resource usage 1 4a12 21 Traces the route taken by packets over a TCP 2007j letchl Time Zone and Daylight Saving Time Data ucf 2 002 Update Configuration File preserves user changes to config files 0 105 4 dev and hotplug management daemon 4 27 0 5 inetd conf updater DA 682 Series Linux User s Manual Introduction 7 0 122 1etch3 Vi IMproved enhanced vi editor compact version 05 1 51 WWW browsable pager with excellent tables frames support 1 10 2 2 Retrieves files from the web 0 522 10 Displays user friendly dialog boxes from shell scripts 4 7 20 The GNU whois client zliblg 1 2 3 13 Compression library runtime
25. 4 1 4 1 1 21 The GNU compiler Rename network interfaces based on various static ifrename 28 criteria ifupdown High level tools to configure network interfaces initramfs tools 0 85h Tools for generating an initramfs initscripts 2 86 ds1 38 Scripts for initializing and shutting down the system iiobis 20061002 3 E tools to control the networking in Linux Administration tools for packet filtering and NAT netfilter and iptables provide a Linux kernel framework for stateful and stateless packet filtering network and port address translation and other IP packet manipulation The framework is the successor to ipchains 13 25 13 25 1 1 15 1 1 15 gcc 4 1 base 4 1 1 21 The GNU Compiler Collection base package 4 6 2 4 6 2 3 5 15 1 1 3 6 0debian1 5 es og 0 c 5 3 l ls 1 6 DA 682 Series Linux User s Manual Introduction libblkidl ug no LL 11 14 dfsg 2etch1 block device id library klibc 1 0 3 6 Small statically linked utilities built with klibc libc6 2 3 6 ds1 13etch5 C Library Shared libraries libc6 dev 2 3 6 ds1 13etch5 C Library Development Libraries Header libc6 1686 2 3 6 ds1 13etch5 GNU C Library Shared libraries 1686 optimized libcapl 1 10 14 Support for getting setting POSIX 1e capabilities libcomerr2 11 14 dfsg 2etchl common error description library libdb4 2 Berkeley v4 2 Database Libraries runtime libdb4 3 Berkeley v4 3 Database L
26. 82 cd etc 3 Type vi inetd conf to edit the configuration file DA682 etc vi inetd conf Enabling the Telnet FTP Server The following example shows the default content of the file etc inetd conf The default is to enable the Telnet ftp server discard dgram udp wait root bin discard discard stream tcp nowait root bin discard telnet stream tcp nowait root bin telnetd ftp stream tcp nowait root bin ftpd 1 Disabling the Telnet FTP Server Disable the daemon by typing in front of the first character of the row to comment out the line For example to disable the FTP server use the following commands discard dgram udp wait root bin discard discard stream tcp nowait root bin discard telnet stream tcp nowait root bin telnetd ftp stream tcp nowait root bin ftpd 1 After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode DA682 umount DA 682 Series Linux User s Manual Managing Communications DNS Client The DA 682 LX supports DNS client but not DNS server To set up DNS client you need to edit three configuration files etc hostname etc resolv conf and etc nsswitch conf etc hostname 1 Mount the root file system with write permission DA682 mount o remount rw dev hdal 2 Edit etc hostname DA682 vi etc hostname DA682 3 After you finish writing or modifying the code reme
27. A682 mount dev hdal on type ext2 rw errors remount ro tmpfs on lib init rw type tmpfs rw nosuid mode 0755 proc on proc type proc rw noexec nosuid nodev Sysfs on sys type sysfs rw noexec nosuid nodev procbususb on proc bus usb type usbfs rw udev on dev type tmpfs rw mode 0755 tmpfs on dev shm type tmpfs rw nosuid nodev devpts on dev pts type devpts rw noexec nosuid gid 5 mode 620 dev hdb2 on home type ext2 rw nfsd on proc fs nfsd type nfsd rw rpc pipefs on var lib nfs rpc pipefs type rpc pipefs rw dev sdal on media usb0 type vfat rw nodev sync noatime gid 25 dmask 0007 fmask 0117 dev sdb1 on media usbl type vfat rw nodev sync noatime gid 25 dmask 0007 fmask 0117 DA682 Remember to type the command sync before you disconnect the USB storage device If you do not issue the command you may lose data ATTENTION Remember to exit the media usb0 or media usb1 directory when you disconnect the USB storage device If you stay in media usb0 media usb1 the automatic un mount process will fail If that happens type umount media usb0 to un mount the USB device manually Inserting a CompactFlash Card into the Computer The CompactFlash card is treated as a local disk drive in the DA 682 LX computer It is identified as a block device at dev hdb You can add one line to etc fstab to force the CompactFlash car
28. DA 682 Series Linux User s Manual First Edition May 2008 www moxa com product MOXA 2008 Moxa Inc all rights reserved Reproduction without permission is prohibited DA 682 Series Linux User s Manual The Moxa software described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agreement Copyright Notice Copyright 2008 Moxa Inc rights reserved Reproduction without permission is prohibited Trademarks MOXA is a registered trademark of Moxa Inc other trademarks or registered marks in this manual belong to their respective manufacturers Disclaimer Information in this document is subject to change without notice and does not represent a commitment on the part of Moxa Moxa provides this document as is without warranty of any kind either expressed or implied including but not limited to its particular purpose Moxa reserves the right to make improvements and or changes to this manual or to the products and or the programs described in this manual at any time Information provided in this manual is intended to be accurate and reliable However Moxa assumes no responsibility for its use or for any infringements on the rights of third parties that may result from its use This product might include unintentional technical or typographical errors Changes are periodically made to the information herein to correct such errors and thes
29. IP Internet Protocol and other network protocols over a serial link PPP can be used for direct serial connections using a null modem cable over a Telnet link and links established using a modem over a telephone line Modem PPP access is almost identical to connecting directly to a network through the DA 682 LX s Ethernet port Since PPP is a peer to peer system the DA 682 LX can also use PPP to link two networks or a local network to the Internet to create a Wide Area Network WAN 3 15 DA 682 Series Linux User s Manual Managing Communications ATTENTION Click on the following links for more information about PPP http tldp org HOWTO PPP HOWTO index html http axion physics ubc ca ppp linux html Connecting to a PPP Server over a Simple Dial up Connection The following command is used to connect to a PPP server by modem Use this command for old ppp servers that prompt for a login name replace username with the correct name and password replace password with the correct password Note that debug crtscts and defaultroute 192 1 1 17 are optional pppd connect chat v ATDT5551212 CONNECT username word password dev ttyM0 115200 debug crtscts modem defaultroute 192 1 1 17 If the PPP server does not prompt for the username and password the command should be entered as follows Replace username with the correct username and replace password with the co
30. T Installing and Removing Packages APT is the Debian tool used to install and remove packages Before installing a package you need to configure the apt source file etc apt sources list which is located in the read only partition 1 Mount the root file system with write permission DA682 mount o remount rw dev hdb1 2 Next configure the etc apt sources list using vi editor DA682 vi etc apt sources list deb cdrom Debian GNU Linux 4 0 r2 Etch Official i386 NETINST Binary 1 20080103 00 44 etch contrib main deb http ftp debian org debian etch main deb src http ftp debian org debian etch main deb http security debian org etch updates main contrib deb src http security debian org etch updates main contrib 682 3 Update the source list after you configure it DA682 apt get update DA682 4 Once you indicate which package you want to install openswan for example type DA682 apt get install openswan DA682 5 Use one of the following commands to remove a package a For a simple package removal DA682 apt get remove openswan DA682 b For a complete package removal DA682 apt get remove openswan purge DA682 6 Ifthe installation is complete remember to umount the root directory back to read only mode DA682 umount DA682 2 15 DA 682 Series Linux User s Manual Software Configuration ATTENTION The APT
31. after you reboot the system DA 682 Series Linux User s Manual Software Configuration DA682 ps ef PID Uid root root root root root root root root root root root root root nobody nobody nobody nobody nobody bin root 105 root 109 root dev null 111 root 140 root 144 root 146 root l53 root 161 root 162 root 163 root 164 root 166 root 168 root 171 root 172 root 174 root DA682 VmSize 1296 C Cp CO 2 10 Stat Command init keventd ksoftirqgd kswapd bdflush kupdated mtdblockd khubd 52 gcd mtd3 ixp425_csr stdef usr sbin inetd usr sbin httpd usr sbin httpd usr sbin httpd usr sbin httpd usr sbin httpd usr sbin httpd sbin portmap root tcps2 release usr sbin rpc statd usr sbin snmpd s 1 usr sbin snmptrapd s sbin cardmgr usr sbin rpc nfsd usr sbin rpc mountd usr sbin sshd bin reportip bin massupfirm sbin getty 115200 ttyso sbin getty 115200 ttyS1 bin massupfirm bin massupfirm usr sbin sshd bash ps ef DA 682 Series Linux User s Manual Software Configuration Setting the Run Level To set the Linux run level and execution priority of a program use the following command because the root file system is mounted in Read only mode we need to re mount it with write permission DA682 mount r
32. ame Service Switch for information about this file passwd compat group compat shadow compat hosts files dns networks files protocols db files services db files ethers db files rpc db files netgroup nis Apache Web Server Default Homepage The Apache web server s main configuration file is etc apache2 sites available default with the default homepage located at var www apache2 default index html Save your own homepage to the following directory var www apache2 default Save your CGI page to the following directory var www apache2 default cgi bin Before you modify the homepage use a browser such as Microsoft Internet Explore or Mozilla Firefox from your PC to test if the Apache web server is working Type the LANI IP address in the browser s address box to open the homepage For example if the default IP address 192 168 3 127 is still active type http 192 168 3 127 To test the default CGI page type http 192 168 3 127 cgi bin w3mmail cgi 3 6 DA 682 Series Linux User s Manual Managing Communications Disabling the CGI Function The CGI function is enabled by default If you want to disable the function modify the file etc apache2 sites available default 1 Mount the root file system with write permission DA682 mount remount rw dev hdal 2 Type vi etc apache2 sites available default to edit the configuration file DA682 etc vi etc apache2 sites availabl
33. ate case of a general option of the form x x x x y y y y Here X X X X is the local IP address and y y y y is the IP address of the remote end of the PPP connection If this option is not specified or if just one side is specified then x x x x defaults to the IP address associated with the local machine s hostname located in etc hosts and y y y y is determined by the remote machine Connecting to a PPP Server over a Hard wired Link If a username and password are not required use the following command note that noipdefault is optional pppd connect chat noipdefault dev ttyM0 19200 crtscts If a username and password is required use the following command note that noipdefault is optional and root is both the username and password pppd connect chat v 4447 user root password root noipdefault dev ttyM0 19200 crtscts Checking the Connection Once you have set up a PPP connection there are some steps you can take to test the connection First type sbin ifconfig Depending on your distribution the command might be located elsewhere After executing the command you should be able to see all of the network interfaces that are UP ppp0 should be one of them and you should recognize the first IP address as your own and the P t P address point to point address the address of your server The output is similar to the following Link encap Local Loopback inet addr 127 0 0 1 Bcast 127 255 255 255
34. chine etc openvpn secrouter key 192 168 8 174 etc openvpn preshared key is located at etc openvpn secrouter key You can use it for testing purposes We suggest creating a new key for non testing purpose 4 On machine Open VPN modify the remote address in the configuration file letc openvpn tap0 br conf point to the peer remote 192 168 8 174 dev tap0 secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 up etc openvpn tap0 br sh comp 1zo 5 Next modify the routing table in the etc openvpn tap0 br sh script file bin sh value after net is the subnet behind the remote peer route add net 192 168 4 0 netmask 255 255 255 0 dev And then configure the bridge interface in etc openvpn bridge 3 26 DA 682 Series Linux User s Manual Managing Communications bin bash Create global variables Define Bridge Interface br bro Define list of TAP interfaces to be bridged for example tap tap0 tapl tap tapo Define physical ethernet interface to be bridged with TAP interface s above eth ethl eth ip 192 168 8 173 eth netmask 255 255 255 0 eth broadcast 192 168 8 255 gw 192 168 8 174 Start the bridge script file to configure the bridge interface etc openvpn bridge restart 6 On machine OpenVPN B modify the remote address in configuration file
35. ction between OpenVPN machines has been established successfully on UDP port 5000 ATTENTION You can create link symbols to start the OpenVPN service at boot time In sf etc init d openvpn etc rc2 d S16openvpn To stop the service you should create these links In sf etc init d openvpn etc rc0 d K80openvpn In sf etc init d openvpn etc rc6 d K80openvpn 3 28 DA 682 Series Linux User s Manual Managing Communications 9 On each OpenVPN machine check the routing table by typing the command route Destination Gateway Genmsk Flags Metric Ref Use Iface 192 168 5 0 0 0 0 0 255 255 U eth2 168 4 0 0 0 0 0 225 U bro 168 3 0 0 0 0 0 22554 etho 68 3 00 00 2555 eth3 168 8 0 4050 22555 brO Interface eth1 and device tap0 both connect to the bridging interface and the virtual device tun sits on top of tap0 This ensures that all traffic coming to this bridge from internal networks connected to interface eth1 write to the TAP TUN device that the Open VPN program monitors Once the OpenVPN program detects traffic on the virtual device it sends the traffic to its peer 10 To create an indirect connection to Host B from Host A you need to add the following routing item route add net 192 168 4 0 netmask 255 255 255 0 dev eth0 To create an indirect connection to Host A from Host B you need to add the following routing item route add net 192 168 2 0 netmask 255 255 255 0 dev eth0 Now ping
36. d INPUT OUTPUT and FORWARD INPUT chains are accepted automatically and all connections are accepted without being filtered iptables iptables iptables Z Define Policy for Chain Rules Usage iptables t tables P INPUT OUTPUT FORWARD PREROUTING OUTPUT POSTROUTING ACCEPT DROP P Set the policy for the chain to the given target INPUT For packets coming into the DA 682 I LX OUTPUT For locally generated packets FORWARD For packets routed out through the DA 682 I LX PREROUTING To alter packets as soon as they come in POSTROUTING To alter packets as they are about to be sent out Examples iptables P INPUT DROP iptables OUTPUT ACCEPT iptables P FORWARD ACCEPT iptables t nat P PREROUTING ACCEPT iptables t nat P OUTPUT ACCEPT iptables t nat P POSTROUTING ACCEPT In this example the policy accepts outgoing packets and denies incoming packets 3 12 DA 682 Series Linux User s Manual Managing Communications Append or Delete Rules Usage iptables t table AI INPUT OUTPUT FORWARD io interface p tcp udp icmp all s IP network sport ports d IP network dport ports j ACCEPT DROP A Append one or more rules to the end of the selected chain Insert one or more rules in the selected chain as the given rule number i Name of an interface via which a packet is going to be received Name of an interface via which a packe
37. d to mount automatically at boot time ATTENTION The DA 682 Series Embedded Computer does not support the CompactFlash hot swap function You must remove the power source first before inserting or removing the CompactFlash card If you do not shut down the power source you could damage your CompactFlash card 2 13 DA 682 Series Linux User s Manual Software Configuration DA680 mount remount rw dev hdal DA680 vi etc fstab etc fstab static file system information lt file system gt lt mount point gt type options dump pass proc proc proc defaults 0 0 dev hdal ext2 ro defaults errors remount ro 0 dev hdb1 mnt hdb ext2 defaults errors remount ro 0 2 none tmp tmpfs defaults 0 1 dev mtdblock0 home jffs2 defaults 0 2 dev hdc media cdromO0 udf iso9660 user noauto 0 0 dev fd0 media floppy0 auto rw user noauto 0 0 etc fstab 9 lines 534 characters DA680 DA680 umount DA680 Checking the Linux Version The program uname which stands for Unix Name and is part of the Unix operating system prints the name version and other details about the operating system running on the computer Use the a option to generate a response similar to the one shown below DA682 uname Linux DA680 2 6 18 5 686 1 SMP Mon Dec 24 16 41 07 UTC 2007 1686 GNU Linux DA682 2 14 DA 682 Series Linux User s Manual Software Configuration AP
38. e 3 14 Enabling NAT at Bootup ses 3 15 PPP Point to Point Protocol sise 3 15 Connecting to a PPP Server over a Simple Dial up Connection 3 16 Connecting to a PPP Server over a Hard wired Link sese 3 17 Checking the Connection aeter iere tree pce Peta hare 3 17 Chapter 4 PPPOE NU nn 3 20 NFS Network File System Client 3 22 SNMP Simple Network Management Protocol ss 3 23 tnt Rer e nt iet tetas 3 25 Ethernet Bridging for Private Networks Different Subnets 3 25 Ethernet Bridging for Private Networks on the Same 3 30 Ro ted IP eta betae ebore odes 3 31 Syst m RECOVERY Lene ioa 4 1 Recovery Environment aloe E metet atu Uere i ee ra d o CO 4 2 Recovery Procedures eee en ri E teense eee e AR VE dea 4 2 1 4 1 Introduction Thank you for purchasing the Moxa DA 682 Series of x86 ready to run embedded computers This manual introduces the software configuration and management of the DA 682 LX which runs the Linux operating system For hardware installation connector interfaces setup and upgrading the BIOS please refer to the DA 682 Series Hardware User s Manual Linux is an open scalable operating system that allows you to build a wide range of innovative small footprin
39. e NAT when the DA 682 LX boots up The following script is an example bin bash If you put this shell script in the home nat sh Remember to chmod 744 home nat sh Edit the rc local file to make this shell startup automatically vi etc rc local Add a line in the end of rc local home nat sh EXIF eth0 This is an external interface for setting up a valid IP address EXNET 192 168 4 0 24 This is an internal network address Step 1 Insert modules Here 2 dev null means the standard error messages will be dump to null device modprobe ip tables 25 dev null modprobe ip nat ftp 25 dev null modprobe nat irc 2 dev null modprobe ip conntrack 2 dev null modprobe ip conntrack ftp 2 dev null modprobe ip conntrack irc 25 dev null Step 2 Define variables enable routing and erase default rules PATH bin sbin usr bin usr sbin usr local bin usr local sbin export PATH echo 1 gt proc sys net ipv4 ip_forward sbin iptables F sbin iptables X sbin iptables Z sbin iptables F t nat sbin iptables X t nat sbin iptables Z t nat sbin iptables P INPUT ACCEPT sbin iptables P OUTPUT ACCEPT sbin iptables P FORWARD ACCEPT sbin iptables t nat P PREROUTING ACCEPT sbin iptables t nat P POSTROUTING ACCEPT sbin iptables t nat P OUTPUT ACCEPT Step 3 Enable IP masquerade PPP Point to Point Protocol PPP Point to Point Protocol is used to run
40. e changes are incorporated into new editions of the publication Technical Support Contact Information www moxa com support Moxa Americas Toll free 1 888 669 2872 Tel 1 714 528 6777 Fax 1 714 528 6778 Moxa Europe Tel 49 89 3 70 03 99 0 Fax 49 89 3 70 03 99 99 Moxa China Shanghai office Toll free 800 820 5036 Tel 86 21 5258 9955 86 10 6872 3958 Moxa Asia Pacific Tel 886 2 8919 1230 Fax 886 2 8919 1231 1 2 Chapter 1 Chapter 2 Chapter 3 Table of Contents Introd ctio share miss 1 1 OVeEIVIEW inane stb dant eei reet aote pel oit nn etes bara sets PR 1 2 Product Feat r s ee reete eet bet be e GB Oe Er b tbe RE sde 1 2 Software Specifications said te UD ER debt E RER Rare 1 3 Journaling Flash File System JFFS2 siennes 1 4 Software Components ee oe a oe acteurs 1 5 Software Configuration ier erepto retire esos 2 1 Starting froma VGA Console nee D pe ERA RES 2 2 Connecting from a Telnet Console sise 2 2 Connecting from n SSH Console cte eee RE te ER He 2 3 Windows USrS Pie Mn m d ebrei 2 3 2 4 Adjusting the System Times 225 cas Dn mune eie n Pa AE ette 2 5 Setting the Time Manually nee EUER epe 2 5 NIP Chent IER D SUPE 2 5 Updating the
41. e check the IP address and netmask settings and then unplug and re plug the DA 682 LX s power cord Connecting from an SSH Console The DA 682 LX computer supports an SSH Console to offer users with better security over the network compared to Telnet Windows Users Click on the link http www chiark greenend org uk sgtatham putty download html to download PuTTY free software to set up an SSH console for the DA 682 LX in a Windows environment The following screen shows an example of the configuration that is required 2 3 DA 682 Series Linux User s Manual Software Configuration ix PuTTY Configuration Category Session Basic options for your PuTTY session Logging Specify the destination you want to connect to Terminal K Host Name or IP address Port eyboard Bell 192 168 3 127 22 Features Connection type Window OBaw OTelnet Rlogn gt 55 Serial Behaviour 7 Translation Saved Sessions Selection 192 168 3 127 Colours B Connection Data Proxy Telnet 192 168 30 121 PRE Rlogin 192 168 30 125 SSH Close window on exit O lways Never clean exit Serial Load save or delete stored session Load Save Linux Users From a Linux machine use the ssh command to access the DA 682 I LX s console utility via SSH ssh 192 168 3 127 Select yes to open the connection root bee_notebook root ssh 192 168 3 127 The authenticity of host 192 168 3 127
42. e default 3 After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode DA682 umount 4 Recstart the apache server DA682 etc init d apache2 restart When you develop your own CGI application make sure your CGI file is executable Saving Web Pages to a USB Storage Device Some applications may have web pages that take up a lot of memory space This section describes how to save web pages to the USB mass storage device and then configure the Apache web server s DocumentRoot to open these pages The files used in this example can be downloaded from Moxa s website 1 Prepare the web pages and then save the pages to the USB storage device Click on the following link to download the web page test suite http www w3 org MarkUp Test HTML401 zip 2 Uncompress the zip file to your desktop PC and then use FTP to transfer it to the DA 682 LX s media usb0 directory 3 Mount the root file system with write permission DA682 mount remount rw dev hdal 4 vi etc apache2 sites available default to edit the configuration file DA682 etc vi etc apache2 sites available default 3 7 DA 682 Series Linux User s Manual Managing Communications 5 Change the DocumentRoot directory to the USB storage directory media usb0 www VirtualHost 80 DocumentRoot media usb0 www Directo
43. e default values are both root Login root Password root login as root root8192 168 3 12 s password Last login Mon Jan 22 19 02 16 2007 from 192 168 3 120 HHHH HHHH THHHHBE THHHHHHE THHHHHE HHH HHHH HHE THE HHH HA TH TRO HHHH HHHH HHA THHE HHH HH THE HH HF HA HHHH HEHHE THE HHHH HH HH OTHE H THE HHH HA HA THHHHE HE THE THO HA HE TH THE TH FRE 3 For further information check http www moxa com Mount user file system DA682 Connecting from a Telnet Console The DA 682 LX computer comes with four basic Gigabit Ethernet ports named LAN1 to LAN4 The default IP addresses and netmasks of the network interfaces are as follows Default IP Address Netmask LAN 1 192 168 3 127 255 255 255 0 LAN 2 192 168 4 127 255 255 255 0 LAN 3 192 168 5 127 255 255 255 0 LAN 4 192 168 6 127 255 255 255 0 Before using the Telnet client you should change the IP address of your development workstation so that the network ports are on the same subnet as the IP address for the LAN port that you connect to For example if you connect to LAN 1 you could set your PC s IP address to 192 168 3 126 and the ne
44. emount rw dev hdal Edit a shell script to execute root tcps2 release and save to teps2 as an example cd etc rc2 d fln s etc root tcps2 S60tcps2 Or fln s etc root tcps2 k30tcps2 DA682 cd etc rc2 d DA682 etc rc2 d DA682 etc rc2 d 15 S19nfs common S25nfs user server S99showreadyled S20snmpd S55ssh S24pcmcia S99rmnologin DA682 etc rc2 dd DA682 etc rc2 d ln s root tcps2 release S60tcps2 DA682 etc rc2 d ls S19nfs common S25nfs user server S99rmnologin S20snmpd S55ssh S99showreadyled S24pcmcia S60tcps2 DA682 etc rc2 d The command SxxRUNFILE has the following meaning S Start the run file while Linux boots up XX A number between 00 99 The smaller number has higher priority RUNFILE The script file name The command KxxRUNFILE has the following meaning K Start the run file while Linux shuts down or halts XX A number between 00 99 The smaller number has higher priority RUNFILE The script file name To remove the daemon remove the run file from etc rc2 d by using the following command rm f etc rc2 d S60tcps2 After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode DA682 umount DA 682 Series Linux User s Manual Software Configuration Cron Daemon for Executing Scheduled Commands The Cron daemon will search etc crontab for crontab files which are named after accounts in etc pa
45. er bearing in mind that you will have to use numeric IP addresses unless you have configured etc resolv conf correctly Setting up a Machine for Incoming PPP Connections Method 1 pppd dial in with pppd commands This first example applies to using modem and requiring authorization with username and password dev ttyM0 115200 crtscts modem 192 168 16 1 192 168 16 2 login auth You should also add the following line to the file etc ppp pap secrets 669 The first star lets everyone login The second star lets every host connect The pair of double quotation marks 47 indicates that the file etc passwd can be used to check the password The last star is to let any IP connect The following example does not check the username and password pppd dev ttyM0 115200 crtscts modem 192 168 16 1 192 168 16 2 Method 2 pppd dial in with pppd script Configure a dial in script etc ppp peer dialin 3 18 DA 682 Series Linux User s Manual Managing Communications You usually need this if there is no PAP authentication noauth fauth login The chat script be sure to edit that file too init usr sbin chat v f etc ppp ppp ttyMO chat Set up routing to go through this PPP link defaultroute f Default modem you better replace this with dev ttySx dev ttyMO Speed 115200 Keep modem up even if connection fails persist crtscts modem 192 168 16 1 192 168 16 2
46. etc init d and then use chmod 755 fixtime to change the shell script mode chmod 755 fixtime 2 6 DA 682 Series Linux User s Manual Software Configuration Next use vi editor to edit the file etc inittab vi etc inittab Add the following line to the bottom of the file ntp 2345 respawn etc init d fixtime After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode umount Use the command init q to re initialize the kernel init q Enabling and Disabling Daemons The following daemons are enabled when the DA 682 LX boots up for the first time snmpd SNMP Agent Daemon e Telnet Server Client Daemon e inetd Internet Daemons FTP Server Client Daemon e sshd Secure Shell Server Daemon httpd Apache WWW Server Daemon Type the command ps ef to list all processes currently running 2 7 DA 682 Series Linux User s Manual Software Configuration DA682 ps ef PID Uid VmSize Stat Command init keventd ksoftirqd_ CPUO root 1296 root root root root root root root root root root root root nobody nobody nobody nobody nobody bin T05 root 109 root TIT root 140 root 144 root 146 root 153 root 161 root 162 root 163 root 164 root 166 root 168 root Til root 172 root 174 root DA682 kswapd bdflush kupdated mtdblockd khubd 52 gcd mtd3
47. hive 680 1 0 Build 08031316 Create Image Backup Local Hard Driver Cancel i Choose Yes to start the restoration After the restoration is finished the system will halt and you will need to reboot to restart the restored system BIOS setting has been recorded on your image Do you want them to be restored No lt Cancel gt When operation is finished turn off the computer and remove the USB disk DO NOT turn off the power during system recovery as the system may crash Step 5 Set up the BIOS back to boot from DOM or CompactFlash Disk a Power on and press DEL to enter the bios setup menu 4 8 DA 682 Series Linux User s Manual System Recovery Select Advanced gt Hard Disk Boot Priority and then press Enter From the setup menu use 417 or to select the DOM or CompactFlash device Press to move the selection up to the first priority and press Esc to exit the setup menu Select Exit 2 Save amp Exit Setup and then press Enter Choose Y to save to the CMOS and then exit Wait a few minutes for the system to boot When the recovery process is finished you will again be able to see the Linux desktop
48. ibraries runtime Berkeley v4 4 Database Libraries runtime 1 7 DA 682 Series Linux User s Manual Introduction Component Version Description libisccfgl libiw28 libklibc libkrb53 libldap2 liblocale gettext perl liblockfilel liblwres9 liblzol liblzo2 2 libmagicl libmysglclientl5off libncurses5 libncursesw5 libnet lite ftp perl libnet ssleay perl libnet telnet perl libnewt0 52 libnfsidmap2 libopencdk8 libpam modules libpam runtime libpam0g libpcap0 8 libpci2 libpcre3 libpoptO libpq4 libreadline5 libroken16 heimdal librpcsecgss3 libsasl2 program 4 17 Setch File type determination library using magic numbers 5 0 32 5 mysql database client library Shared libraries for terminal handling S Shared libraries for terminal handling 5 5 5 wide character support 0 47 2 Perl FTP client with support for TLS 1 30 1 Perl module for Secure Sockets Layer SSL 3 03 1 Script telnetable connections 0 522 10 Not Erik S Windowing Toolkit text mode windowing with slang 0 18 0 An nfs idmapping library Open Crypto Development Kit OpenCDK runtime Pluggable Authentication Modules for PAM Runtime support for the PAM library 1 8 DA 682 Series Linux User s Manual Introduction libsas 2 2 2 1 22 dfsg1 8 Authentication abstraction library libselinux1 1 32 3 SELinux shared libraries libseianagel Shared libraries used by SELinux policy manipulation tools 2 1
49. ice and FAT file system You need empty disk only DO NOT check the option Create a DOS startup disk c Click Start HP USB Disk Storage Format Tool Y2 0 6 Device File system olume label KINGSTON Format options Quick Format C a DOS startup disk SS Css D ee 4 2 DA 682 Series Linux User s Manual System Recovery ATTENTION The HP USB Disk Storage Format Tool can be downloaded from many web sites Do a search on HP USB Disk Storage Format Tool from any search engine to locate the tool Step2 Create a Linux Bootable USB Disk a Youcan find the firmware directory in the Recovery CD shipped with the DA 682 LX computer b Configure Windows Explorer to show hidden files including protected operating system files c Copy all files in the firmware directory to the root directory of your USB disk HE RA RARE IAM HAH Q O 2 Ps Gex ALD FAMailEGBARICDIDA 682 LX firmware FAR 8 Marketing 2 6 80 V1 0 Build 08031316 PRANK E Menufacturing 15019 KB WinRAR Monthly Meeting isolinux bin 12KB BIN Pos E kernel 4 189 KB Technology 25 inux sys 12KB B Training Material Ca syslinux cfg 1KB Microsoft Office User Menu 7 syslinox exe 24KB R F WinCE RECYCLER 2 SourceBackup D System Volume Information Linux and Us G 9 se Disk2 4 H 3j Disk2 2 12
50. is connected to the LANI port which is named eth0 If the ADSL modem is connected to LAN2 use eth etc 9 Type ifconfig pppO to check if the connection is OK If the connection is OK you should see the IP address of ppp0 Use ping to test the IP address 1919916 Link Point to Point Protocol inet addr 192 76 32 3 PSt cE 29 26711652 Mask 255 255 2550 UP POINTOPOINT RUNNING MTU 1500 Metric 1 RX packets 33 errors 0 dropped 0 overrun 0 TX packets 42 errors 0 dropped 0 overrun 0 10 If you want to disconnect it use the kill command to kill the pppd process NFS Network File System Client The Network File System NFS is used to mount a disk partition on a remote machine as if it were on a local hard drive allowing fast seamless sharing of files across a network NFS allows users to develop applications for the DA 682 LX without worrying about the amount of disk space that will be available The DA 682 LX supports only NFS client protocol 3 22 DA 682 Series Linux User s Manual Managing Communications ATTENTION Click on the following links for more information about NFS http www tldp org HOWTO NFS HOWTO index html http nfs sourceforge net nfs howto client html The following procedures illustrate how to mount a remote NFS Server 1 Scan the NFS Server s shared directory showmount e HOST showmount Show the mount information of an NFS Server Show the 5 Server s export li
51. is the argument that the OpenVPN program passes to the script file Its value is the second argument of ifconfig in the configuration file 5 Check the routing table after you run the OpenVPN programs by typing the command route Destination Gateway Genmsk Flags Metric Ref Use Iface 192 168 4 174 255 255 255 255 UH 0 0 tun0 192 168 4 192 168 4 174 2555250255 0 tunO 192 168 2 2 55 2255 25 5 0 eth1 192 168 8 2554 2554255 0 etho 3 32 4 System Recovery The DA 682 LX is installed with the Embedded Linux operating system which is located in the Flash DOM CompactFlash card shipped with the DA 682 LX computer Although it happens rarely you may find on occasion that operating system files and or the disk file system are damaged This chapter describes how to recover the Linux operating system This chapter covers the following topics Recovery Environment Recovery Procedure DA 682 Series Linux User s Manual System Recovery Recovery Environment The recovery environment includes the DA 682 LX embedded computer and a bootable USB disk with the recovery programs and system image file DA 682 LX Bootable USB DISK recovery programs USB Port and system image file included Recovery Procedure Step1 Format an Empty USB Disk Prepare a USB disk that has at least a 256 MB capacity b Format your USB disk with the HP USB Disk Format Tool Open the utility and select the dev
52. ixp425_csr stdef usr sbin inetd usr sbin httpd usr sbin httpd usr sbin httpd usr sbin httpd usr sbin httpd usr sbin httpd sbin portmap usr sbin rpc statd usr sbin snmpd s 1 dev null usr sbin snmptrapd s sbin cardmgr usr sbin rpc nfsd usr sbin rpc mountd usr sbin sshd bin reportip bin massupfirm sbin getty 115200 ttyso sbin getty 115200 ttyS1 bin massupfirm bin massupfirm usr sbin sshd bash ps ef 0 C0 DA 682 Series Linux User s Manual Software Configuration To run a private daemon you can edit the file rc local as follows Because the root file system is mounted in Read only mode you need to re mount it with write permission DA682 mount o remount rw dev hdal 2 to change directories DA682 etc 3 vi rc local to edit the configuration file with vi editor DA682 etc vi rc local 4 Next add the application daemon that you want to run We use the example program teps2 release to illustrate and configure it to run in the background bin sh Add you want to run daemon root tcps2 release amp 5 After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode DA682 umount 6 You should be able to find the enabled daemon
53. led embedded ready to run operating system Programmers will find the full function development kit a great benefit for developing software and building reliable communication applications The housing is a standard 2U 19 inch wide rack mounted rugged enclosure This robust rack mountable design provides the hardened protection needed for industrial environment applications Product Features The DA 682 Series Basic System has the following features Intel Celeron M 1 GHz processor with 400 533 MHz FSB Intel 915GME ICH6M chipset e 200 pin DDR2 SODIMM socket supporting DDR2 400 533 up to 1 GB e 4 Gigabit Ethernet ports for network redundancy e 1 CompactFlash socket e 1 SATA connector for storage expansion e USB 2 0 ports for high speed peripherals e Two expansion module slots for flexible I O expansion e 19 inch rackmount 2U high form factor e Fanless Design 100 240 VAC VDC power inputs Special features of the DA 682 LX Linux model e Shipped with DDR2 512 MB of memory e Ready to run Linux 2 6 platform pre installed on a 1 GB flash disk module Features supported by expansion modules e 16 isolated or non isolated software selectable RS 232 422 485 serial ports e Serial port baudrate from 50 to 921 6 Kbps supports most nonstandard baudrates in this range e Additional 4 or 8 10 100 Mbps Ethernet ports Refer to section Baud Rate Speed for calculation of baud rate speed supported
54. mber to execute umount to change the root directory back to Read only mode DA682 umount 4 Re configure the hostname DA682 etc init d hostname sh start 5 Check the new hostname DA682 hostname etc resolv conf This is the most important file that you need to edit when using DNS For example before you using ntpdate time nist goc to update the system time you will need to add the DNS server address to the file Ask your network administrator which DNS server address you should use The DNS server s IP address is specified with the nameserver command For example add the following line to etc resolv conf assuming the DNS server s IP address is 168 95 1 1 nameserver 168 95 1 1 DA682 etc cat resolv conf resolv conf This file is the resolver configuration file See resolver 5 nameserver 192 168 1 16 nameserver 168 95 1 1 nameserver 140 115 1 31 nameserver 140 115 236 10 DA682 etc 3 5 DA 682 Series Linux User s Manual Managing Communications etc nsswitch conf This file defines the sequence of files etc hosts or etc resolv conf to be read to resolve the IP address The hosts line in etc nsswitch conf means use etc host first and DNS service to resolve the address etc nsswitch conf Example configuration of GNU Name Service Switch functionality If you have the glibc doc reference and info packages installed try info libc N
55. received from the peer pppd will commence negotiation by sending its first LCP packet The default value is 1000 1 second This wait period only applies if the connect or pty option is used connect delay lt n gt Load the pppoe plugin plugin rp pppoe so End of File 6 Ifyou use LANI to connect to the ADSL modem add file etc ppp options eth0 If you use LAN to connect to the ADSL modem then add etc ppp options eth1 etc name username hinet net mtu 1492 mru 1492 defaultroute noipdefault letc ppp options eth0 5 lines 67 characters Type your username the one you set in the etc ppp pap secrets and etc ppp chap secrets files after the name option You may add other options as desired 3 21 DA 682 Series Linux User s Manual Managing Communications 7 Set up DNS If you are using DNS servers supplied by your ISP edit the file etc resolv conf by adding the following lines of code nameserver ip addr of first dns server nameserver ip addr of second dns server For example nameserver 168 95 1 1 nameserver 139 175 10 20 DA682 etc cat resolv conf resolv conf This file is the resolver configuration file See resolver 5 nameserver 192 168 1 16 nameserver 168 95 1 1 nameserver 139 175 10 20 nameserver 140 115 1 31 nameserver 140 115 236 10 DA682 etc 8 Use the following command to create a pppoe connection pppd 0 The ADSL modem
56. rent tables are defined with each table containing built in chains and user defined chains Each chain is a list of rules that apply to a certain type of packet Each rule specifies what to do with a matching packet A rule such as a jump to a user defined chain in the same table is called a target The DA 682 LX supports three types of IPTABLES Filter tables NAT tables and Mangle tables Filter Table includes three chains INPUT chain OUTPUT chain FORWARD chain NAT Table includes three chains PREROUTING chain transfers the destination IP address DNAT POSTROUTING chain works after the routing process and before the Ethernet device process to transfer the source IP address SNAT OUTPUT chain produces local packets Sub tables Source NAT SNAT changes the first source packet IP address Destination NAT DNAT changes the first destination packet IP address MASQUERADE a special form for SNAT If one host can connect to the Internet then the other computers that connect to this host can connect to the Internet when the computer does not have an actual IP address REDIRECT a special form of DNAT that re sends packets to a local host independent of the destination IP address Mangle Table includes two chains PREROUTING chain pre processes packets before the routing process OUTPUT chain processes packets after the routing process Mangle tables can have one of three extensions TTL MARK TOS 3 9
57. rrect password pppd connect chat v ATDT5551212 CONNECT user username password password dev ttyM0 115200 crtscts modem The pppd options are described below connect chat etc This option gives the command to contact the PPP server The chat program is used to dial a remote computer The entire command is enclosed in single quotes because pppd expects a one word argument for the connect option The options for chat are given below V verbose mode log what we do to syslog ce ce Double quotes don t wait for a prompt but instead do note that you must include a space after the second quotation mark ATDT5551212 Dial the modem and then CONNECT Wait for an answer Send a return null text followed by the usual return ogin username word password Log in with username and password Refer to the chat man page chat 8 for more information about the chat utility dev Specify the callout serial port 115200 The baud rate debug Log status in syslog crtscts Use hardware flow control between computer and modem at 115200 this is a must modem Indicates that this is a modem device pppd will hang up the phone before and after making the call defaultroute Once the PPP link is established make it the default route if you have a PPP link to the Internet this is probably what you want 3 16 DA 682 Series Linux User s Manual Managing Communications 192 1 1 17 This is a degener
58. ry Options FollowSymLinks AllowOverride None lt Directory gt ScriptAlias cgi bin media usb0 www cgi bin Directory media usb0 www cgi bin AllowOverride None Options ExecCGI MultiViews SymLinksIfOwnerMatch Order allow deny Allow from all Directory VirtualHost VirtualHost 443 DocumentRoot media usb0 www Directory Options FollowSymLinks AllowOverride None Directory ScriptAlias cgi bin media usb0 www cgi bin Directory media usb0 wwwz cgi bin AllowOverride None Options ExecCGI MultiViews SymLinksIfOwnerMatch Order allow deny Allow from all Directory VirtualHost 6 Use the following commands to restart the Apache web server etc init d apache restart 7 Open your browser and connect to the DA 682 LX by typing the current LANI IP address in the browser s address box 8 After finishing modification or writing remember to execute umount to change the root directory back to Read only mode DA682 umount 3 8 DA 682 Series Linux User s Manual Managing Communications 9 Re start the apache server DA682 etc init d apache2 restart ATTENTION Visit the Apache website at http httpd apache org docs for more information about setting up Apache servers IPTABLES IPTABLES is an administrative tool for setting up maintaining and inspecting the Linux kernel s IP packet filter rule tables Several diffe
59. sswd Cron wakes up every minute and checks each command to see if it should be run in that minute When executing commands output is mailed to the owner of the crontab or to the user named in the MAILTO environment variable in the crontab if such a user exists Modify the file etc crontab to set up your scheduled applications Crontab files have the following format fmm fa dom mon me command os on For example if you want to launch a program at 8 00 every day minute hour date month week user command x 8 root path to your program The following example demonstrates how to use Cron to update the system time and RTC time every day at 8 00 1 Write a shell script named fixtime sh and save it to home bin sh ntpdate time nist gov hwclock w exit 0 2 Change mode of fixtime sh chmod 755 fixtime sh 3 Modify etc crontab file to run fixtime sh at 8 00 every day Add the following line to the end of crontab 8 root home fixtime sh Inserting a USB Storage Device into the Computer Since mounting USB storage devices manually can be difficult a program named usbmount to mount the USB drivers automatically usbmount 15 small application that relies on udev to mount USB storage devices automatically at certain mount points The USB storage devices will be mounted on media usb0 media usb1 etc 2 12 DA 682 Series Linux User s Manual Software Configuration D
60. st 5 address or DNS address 2 Establish a mount point on the NFS Client site mkdir p home nfs public 3 Mount the remote directory to a local directory mount t nfs 192 168 3 100 home public home nfs public This is where 192 168 3 100 is the example IP address of the NFS server SNMP Simple Network Management Protocol The DA 682 LX comes with the SNMP V1 Simple Network Management Protocol agent software pre installed It supports RFC1317 RS 232 like group and RFC 1213 MIB II The following shows example shows an SNMP agent responding to a query from the SNMP browser on the host site 3 23 DA 682 Series Linux User s Manual Managing Communications FUA SNMPHQUERY STARTED root jaredRH90 root snmpwalk v 1 c public 192 168 30 128 more SNMPv2 MIB sysDescr 0 STRING Linux Moxa 2 6 18 5 686 1 SMP Mon Dec 24 16 41 07 UTC 2007 1686 SNMPv2 MIB sysObjectID 0 OID SNMPv2 SMI enterprises 8691 12 680 SNMPv2 MIB sysUpTime 0 Timeticks 134544 0 22 25 44 SNMPv2 MIB sysContact 0 STRING Moxa Inc SNMPv2 MIB sysName 0 STRING Moxa SNMPv2 MIB sysLocation 0 STRING F1 8 No 6 Alley 6 Lane 235 Pao Chiao Rd Shing Tien City Taipei Taiwan R O C SNMPv2 MIB sysORLastChange 0 Timeticks 12 0 00 00 12 SNMPv2 MIB SysORID 1 OID IF MIB ifMIB SNMPv2 MIB SysORID OID SNMPv2 MIB snmpMIB SNMPv2 MIB SysORID OID TCP MIB tcpMIB SNMPv2 MIB SysORID OID IP MIB ip SNMP
61. t devices Software written for desktop PCs can be easily ported to the embedded computer with a GNU cross compiler and a minimum of source code modifications A typical Linux based device is designed for a specific use and is often not connected to other computers or a number of such devices connect to a centralized front end host Examples include enterprise tools such as industrial controllers communications hubs point of sale terminals and display devices which include HMIs advertisement appliances and interactive panels This chapter covers the following topics Overview Product Features Software Specifications Journaling Flash File System JFFS2 Software Components DA 682 Series Linux User s Manual Introduction Overview The Moxa DA 682 Series of x86 based rackmount embedded computers are designed for industrial data acquisition applications Their state of the art two expansion module design gives users a versatile combination of up to 16 RS 232 422 485 serial ports or up to 4 8 Ethernet ports This friendly design gives users the advantage of being able to swap out modules quickly and easily Additional expansion modules will be available soon The DA 682 main system is based on the Intel Celeron M processor and 915GME chipset which supports standard X86 VGA USB PS 2 keyboard mouse 4 Gigabit LAN ports and IDE SATA disk interface In addition the DA 682 supports a CompactFlash Socket and pre instal
62. t is going to be sent p The protocol of the rule or of the packet to check 5 Source address network name host name network IP address or plain IP address sport Source port number d Destination address dport Destination port number j Jump target Specifies the target of the rules i e how to handle matched packets For example ACCEPT the packet DROP the packet or LOG the packet Examples Example 1 Accept all packets from the lo interface iptables INPUT ilo ACCEPT Example 2 Accept TCP packets from 192 168 0 1 iptables A INPUT i eth0 p tcp s 192 168 0 1 j ACCEPT Example 3 Accept TCP packets from Class C network 192 168 1 0 24 iptables A INPUT i eth0 p tcp s 192 168 1 0 24 j ACCEPT Example 4 Drop TCP packets from 192 168 1 25 iptables A INPUT i eth0 p tcp s 192 168 1 25 j DROP Example 5 Drop TCP packets addressed for port 21 iptables A INPUT i p tcp dport 21 j DROP Example 6 Accept TCP packets from 192 168 0 24 to DA 682 I LX s port 137 138 139 iptables A INPUT i eth0 p tcp s 192 168 0 24 dport 137 139 j ACCEPT Example 7 Log TCP packets that visit DA 682 I LX s port 25 iptables A INPUT i eth0 p tcp dport 25 j LOG Example 8 Drop all packets from MAC address 01 02 03 04 05 06 iptables INPUT i eth0 all m mac mac source 01 02 03 04 05 06 DROP Example 8 remember to issue the command
63. tmask to 255 255 255 0 If you connect to LAN 2 you can set your PC s IP address to 192 168 4 126 and the netmask to 255 255 255 0 2 2 DA 682 Series Linux User s Manual Software Configuration Use a cross over Ethernet cable to connect your development workstation directly to the target computer or use a straight through Ethernet cable to connect the computer to a LAN hub or switch Next use a Telnet client on your development workstation to connect to the target computer After a connection has been established type the login name and password as requested to log on to the computer The default values are both root Login root Password root c Telnet 192 168 30 128 Embedded Linux Professional Edition Moxa login root Password Last login Thu Apr 10 10 43 00 2008 from 192 168 30 120 on pts THEE Ht HHH HHHH HHH HHH HHHH HHHH HHH HHH HHH HHH HHH HHH HHH Hitt HHHH id Lid it HHHH HHH HHH HH HHH Hit HHHH HH HH HH HH Hit HHHH HHH tt HH HH HH HHH tt HH Hitt Ht HH HHH Hit HHH HHH HH HHH Hit Hit HH HHH Hit Hit Hit HHHHHH HHH HHHHHHH HHHHHH For further information check http uuw moxa com Mount user file system Moxa EM ATTENTION If you cannot get connected on the first try r
64. unnels for users to implement VPNS Routed IP Tunnels and Bridged Ethernet Tunnels An Ethernet bridge is used to connect different Ethernet networks together The Ethernets are bundled into one bigger logical Ethernet Each Ethernet corresponds to one physical interface or port that is connected to the bridge On each OpenVPN machine you should carry out configurations in the etc openvpn directory where script files and key files reside Once established all operations will be performed in that directory Ethernet Bridging for Private Networks on Different Subnets 1 Set up four machines as shown in the following diagram local net Host A LANI1 192 168 2 173 LAN1 192 168 2 171 LAN2 192 168 8 173 Internet LAN2 192 168 8 174 LAN1 192 168 4 172 LANI 192 168 4 174 local net Host A represents the machine that belongs to OpenVPN A and Host B represents the machine that belongs to OpenVPN B The two remote subnets are configured for a different range of IP addresses When this configuration is moved to a public network the external interfaces of the OpenVPN machines should be configured for static IPs or connected to another device such as a firewall or DSL box first 3 25 DA 682 Series Linux User s Manual Managing Communications 2 Generate a preset shared key by typing the command openvpn genkey secret secrouter key 3 Copy the file that is generated to the OpenVPN ma
65. v2 MIB SysORID OID UDP MIB udpMIB SNMPv2 MIB SysORID OID SNMP VIEW BASED ACM MIB vacmBasicGroup SNMPv2 MIB SysORID 7 OID SNMP FRAMEWORK MIB snmpFrameworkMIBCompliance SNMPv2 MIB SysORID 8 OID SNMP MPD MIB snmpMPDCompliance SNMPv2 MIB SysORID 9 OID SNMP USER BASED SM MIB usmMIBCompliance SNMPv2 MIB sysORDescr 1 STRING The MIB module to describe generic objects fo network interface sub layers SNMPv2 MIB sysORDescr 2 STRING The MIB module for SNMPv2 entities SNMPv2 MIB sysORDescr 3 STRING The MIB module for managing TCP implementatio SNMPv2 MIB snmpOutBadValues 0 SNMPv2 MIB snmpOutGenErrs 0 Counter32 0 0 Counter32 0 SNMPv2 MIB snmpOutGetRequests 0 Counter32 0 SNMPv2 MIB snmpOutGetNexts 0 Counter32 0 SNMPv2 MIB snmpOutSetRequests 0 Counter32 0 SNMP v2 MIB snmpOutGetResponses 0 Counter32 540 SNMPv2 MIB snmpOutTraps 0 Counter32 0 SNMP v2 MIB snmpEnableAuthenTraps 0 INTEGER disabled 2 SNMPv2 MIB snmpSilentDrops 0 Counter32 SNMPv2 MIB snmpProxyDrops 0 Counter32 0 root jaredRH90 root AE ARE SNMP QUERY r RENESHED AREER 3 24 DA 682 Series Linux User s Manual Managing Communications ATTENTION Click on the following links for more information about RFC1317 RS 232 like group and RFC 1213 http www tldp org HOWTO NES HOWTO index html http nfs sourceforge net nfs howto client html OpenVPN OpenVPN provides two types of t
Download Pdf Manuals
Related Search