DA-681 Series Linux User`s Manual v1
Contents
1. NAT Table OUTPUT Chain Filter Table OUTPUT Chain NAT Table POSTROUTING Chain Outgoing Packets 3 11 DA 681 Series Linux User s Manual Managing Communications IPTABLES Modules A ATTENTION The DA 681 LX supports the following sub modules Be sure to use the module that matches your application arptable_filter ko arp_tables ko arpt_mangle ko iptable_ filter ko aas mangle ko ipabie nat ko PEDE raw ko p_tables ko ____ ipt_addrtype ko ipt ah ko TL CLUSTERIP ko ipt_dscp ko ipt_DSCP ko ipt ecn ko iot ECN ko ipt_hashlimit ko pt iprange ko pt LOG ko lis MASQUERADE k ipt_NETMAP ko ipl owner ko pt recentko Jp REDIRECT ko ipt_ REJECT ko ipt SAME ko ipt TCPMSS ko ipt_TOS ko ipt_tt ko ipt TTL ko ipt_ULOG ko The basic syntax to enable and load an IPTABLES module is as follows Ismod modprobe ip_tables modprobe iptable_filter Use Ismod to check if the ip_tables module has already been loaded in the DA 681 LX Use modprobe to insert and enable the module Use the following command to load the modules iptable_filter iptable_mangle iptable_nat modprobe iptable_filter Use iptables iptables restore iptables save to maintain the database IPTABLES plays the role of packet filtering or NAT Be careful when setting up the IPTABLES tules If the rules are not correct remote hosts that connect via a LAN or PPP may be denied We recommend using the VGA console to set up the IPTABLES Cli2. DA 681 Series Linux User s Manual Introduction Gap 5 2 3 Tetch4 NET SNMP Simple Network Management Protocol Apps The telnet client 17 21 The GNU time program for measuring cpu resource usage 1 4a12 21 Traces the route taken by packets over a TCP 2008e letch3 Time Zone and Daylight Saving Time Data ucf 2 0020 Update Configuration File preserves user changes to config files 0 105 4 dev and hotplug management daemon 4 27 0 5 inetd conf updater DA 681 Series Linux User s Manual Introduction 7 0 122 letch3 Vi IMproved enhanced vi editor compact version 051 51 WWW browsable pager with excellent tables frames support 1 10 2 2 Retrieves files from the web 0 52 2 10 Displays user friendly dialog boxes from shell scripts 4 7 20 The GNU whois client zliblg 1 2 3 13 Compression library runtime 2 Software Configuration In this chapter we explain how to operate a DA 681 LX computer directly or from a PC near you There are three ways to connect to the DA 681 LX computer through VGA monitor by using Telnet over the network or by using an SSH console from a Windows or Linux machine This chapter describes basic Linux operating system configurations The advanced network management and configuration will be described in the next chapter Managing Communications This chapter covers the following topics QO Starting from a VGA Console Q Connecting from a Telnet Console Q Connecting
3. P Set the policy for the chain to the given target INPUT For packets coming into the DA 681 I LX OUTPUT For locally generated packets FORWARD For packets routed out through the DA 681 I LX PREROUTING To alter packets as soon as they come in POSTROUTING To alter packets as they are about to be sent out Examples iptables P INPUT DROP iptables P OUTPUT ACCEPT iptables P FORWARD ACCEPT iptables t nat P PREROUTING ACCEPT iptables t nat P OUTPUT ACCEPT iptables t nat P POSTROUTING ACCEPT In this example the policy accepts outgoing packets and denies incoming packets 3 13 DA 681 Series Linux User s Manual Managing Communications Append or Delete Rules Usage iptables t table AI INPUT OUTPUT FORWARD io interface p tcp udp icmp all s IP network sport ports d IP network dport ports j ACCEPT DROP A Append one or more rules to the end of the selected chain I Insert one or more rules in the selected chain as the given rule number i Name of an interface via which a packet is going to be received o Name of an interface via which a packet is going to be sent p The protocol of the rule or of the packet to check s Source address network name host name network IP address or plain IP address sport Source port number d Destination address dport Destination port number j Jump target Specifies the target of the rules i e ho
4. console tools 1 4 DA 681 Series Linux User s Manual Introduction debconf il8n 1 5 1letch1 Full internationalization support for debcon 2007 07 31 etc GnuPG archive keys of the Debian archive keyring Miscellaneous utilities specific to Debian dhcp3 client 3 0 4 13 DHCP Client e2fslibs oe IE 11 14 dfsg 2etch1 ext2 filesystem libraries 2006 libraries The GNU C compiler gcc 4 1 1 15 The GNU C compiler The GNU C compiler The GNU Compiler Collection base package dhcp3 common 3 0 4 13 Common files used by all the dhcp3 packages 0 70 10 Common utilities for spelling dictionary tools Rename network interfaces based on various static ifrename 28 1 etchnhalf BE criteria High level tools to configure network interfaces initramfs tools Tools for generating an initramfs 2 86 ds1 38 et Scripts for initializing and shutting down the system kernels Administration tools for packet filtering and NAT iptables 1 3 6 0debian1 netfilter and iptables provide a Linux kernel framework for stateful and stateless packet filtering 1 5 DA 681 Series Linux User s Manual Introduction Component Version Description a ia network and port address translation and other IP packet manipulation The framework is the successor to ipchains libblkid1 Rea A0 WIP 11 14 dfsg 2etch1 block device id library 1 0 3 6 Small statically linked utilities built with klibe 2 3 6 ds1 13etch5 GNU C Library Shared librarie
5. and y y y y is determined by the remote machine Connecting to a PPP Server over a Hard wired Link If a username and password are not required use the following command note that noipdefault is optional pppd connect chat v noipdefault dev ttyM0 19200 crtscts If a username and password is required use the following command note that noipdefault is optional and root is both the username and password pppd connect chat v user root password root noipdefault dev ttyM0 19200 crtscts Checking the Connection Once you have set up a PPP connection there are some steps you can take to test the connection First type sbin ifconfig Depending on your distribution the command might be located elsewhere After executing the command you should be able to see all of the network interfaces that are UP ppp0 should be one of them and you should recognize the first IP address as your own and the P t P address point to point address the address of your server The output is similar to the following Link encap Local Loopback inet addr 127 0 0 1 Bcast 127 255 255 255 Mask U UP LOOPBACK RUNNING MTU 2000 Metric 1 RX packets 0 errors 0 dropped 0 overrun 0 pppod Link encap Point to Point Protocol inet addr 192 76 32 3 P t P 129 67 1 165 Mask 255 255 2550 UP POINTOPOINT RUNNING MTU 1500 Metric 1 RX packets 33 errors 0 dropped 0 overrun 0 TX packets 42 errors 0 dropped 0 over
6. 00 E E a E O ON ONE E NE OO one a a ad ai ail SOO GOO O OO T T T OO O T ET LS LS R US 5 15 AS A I VV VV o S VV VV 5 10 00 s var run acpid socket 1 0 Feb18 G Feb18 TIME 00 UU 00 00 ZUD 00 00 00 00 00 00 00 00 00 00 00 kseriod 00 00 00 00 00 00 00 00 CMD inie 2 migration 0 ksoftirqd_0 events 0 khelper kthread kblockd 0 kacpid 01 00 00 00 ele 00 00 00 00 00 00 00 pdt Lush pdflush kswapd0 aio 01 khubd scsi_eh_0 usb storage udevd daemon kpsmoused kmirrord sbin portmap 00 eke 00 00 root tcps2 To set the Linux run level and execution priority of a program use the following command because the root file system is mounted in Read only mode we need to re mount it with write permission Moxa mount o remount rw dev hdal Edit a shell script to execute root tcps2 release and save to teps2 as an example This program can be found in Example Directory in CD ROM cd etc rc2 d ln s etc root teps2 S60tcps2 2 9 DA 681 Series Linux User s Manual Software Configuration or ln s etc root teps2 k30tcps2 Moxa cd etc rc2 d Moxa etc rc2 d Moxa etc rc2 d ls S19nfs common S25nfs user server S99showreadyled S20snmpad S55ssh S24pcmcia S99rmnologin Moxa etc rc2 Moxa etc rc2 s root tcps2 release S60tcps2
7. Moxa apt get remove openswan Moxa b For a complete package removal Moxa apt get remove openswan purge Moxa 6 Ifthe installation is complete remember to umount the root directory back to read only mode Moxa umount Moxa 2 15 DA 681 Series Linux User s Manual Software Configuration A ATTENTION The APT cache space etc cache apt is located in tmpfs If you need to install a huge package link etc cache apt to USB mass storage or mount it to an NFS space to generate more free space Use df h to check how much free space is available on tmpfs Moxa df h Filesystem Use Mounted on rootfs 30 udev 1 dev dev hdb1 30 dev hdb1 30 dev static dev tmpfs 0 dev shm none 6 tmp dev mtdblock0 16 home Moxa A ATTENTION You can free up the cache space with the command apt get clean Moxa apt get clean Moxa 2 16 3 Managing Communications The DA 681 LX ready to run embedded computer is a network centric platform designed to serve as a front end for data acquisition and industrial control applications This chapter describes how to configure the various communication functions supported by the Linux operating system This chapter covers the following topics m Ooo DU U U U Changing the Network Settings gt Changing the interfaces Configuration File gt Adjusting IP Addresses with ifconfig T
8. Moxa etc rc2 S19nfs common S25nfs user server S99rmnologin S20snmpd S55ssh S99showreadyled S24pcmcia S60tcps2 Moxa etc rc2 The command SxxRUNFILE has the following meaning S Start the run file while Linux boots up XX A number between 00 99 The smaller number has a higher priority RUNFILE The script file name The command KxxRUNFILE has the following meaning K Start the run file while Linux shuts down or halts XX A number between 00 99 The smaller number has a higher priority RUNFILE The script file name To remove the daemon remove the run file from etc rc2 d by using the following command rm f etc rc2 d S60tcps2 After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode Moxa umount 2 10 DA 681 Series Linux User s Manual Software Configuration Cron Daemon for Executing Scheduled Commands The Cron daemon will search ete crontab for crontab files which are named after accounts in etc passwd Cron wakes up every minute and checks each command to see if it should be run in that minute When executing commands output is mailed to the owner of the crontab or to the user named in the MAILTO environment variable in the crontab if such a user exists Modify the file etc crontab to set up your scheduled applications Crontab files have the following format fmm fa dom mon dow coer command os
9. gt to move it up or lt gt to move it down the list Press lt ESC gt to exit this menu 4 8 DA 681 Series Linux User s Manual System Recovery mo fp oO From the setup menu use ft or to select the DOM or CompactFlash device Press to move the selection up to the first priority and press Esc to exit the setup menu Select Exit gt Save amp Exit Setup and then press Enter Choose Y to save to the CMOS and then exit Wait a few minutes for the system to boot When the recovery process is finished you will again be able to see the Linux desktop 4 9
10. 174 dev tap0 secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 up etc openvpn tap0 br sh comp lzo 5 Next modify the routing table in the etc openvpn tap0 br sh script file bin sh value after net is the subnet behind the remote peer route add net 192 168 4 0 netmask 255 255 255 0 dev bro And then configure the bridge interface in etc openvpn bridge 3 27 DA 681 Series Linux User s Manual Managing Communications bin bash Create global variables Define Bridge Interface br br0 Define list of TAP interfaces to be bridged for example tap tap0O tapl tap2 tap tapo Define physical ethernet interface to be bridged with TAP interface s above eth ethi eth_ip 192 168 8 173 eth_netmask 255 255 255 0 eth_broadcast 192 168 8 255 gw 192 168 8 174 Start the bridge script file to configure the bridge interface etc openvpn bridge restart 6 On machine OpenVPN B modify the remote address in configuration file etc openvpn tap0 br conf point to the peer remote 192 168 8 173 dev tap0 secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 up etc openvpn tap0 br sh comp lzo 7 Next modify the routing table in etc openvpn tap0 br sh script file bin sh value after net is the subnet behind the remote route add ne
11. 192 168 8 K 2955942957255 U etho 3 33 4 System Recovery The DA 681 LX is installed with the Embedded Linux operating system which is located in the Flash DOM CompactFlash card shipped with the DA 681 LX computer Although it happens rarely you may find on occasion that operating system files and or the disk file system are damaged This chapter describes how to recover the Linux operating system This chapter covers the following topics Recovery Environment Q Recovery Procedure DA 681 Series Linux User s Manual System Recovery Recovery Environment The recovery environment includes the DA 681 LX embedded computer and a bootable USB disk with the recovery programs and system image file DA 681 LX Bootable USB DISK recovery programs USB Port and system image file included Recovery Procedure Step 1 Format an Empty USB Disk Prepare a USB disk that has at least a 256 MB capacity b Format your USB disk with the HP USB Disk Format Tool Open the utility and select the device and FAT file system You need empty disk only DO NOT check the option Create a DOS startup disk c Click Start HP USB Disk Storage Format Tool 2 0 6 R Device File system olume label KINGSTON Format options F Quick Format C a DOS startup disk E E d 0 EE ee 4 2 DA 681 Series Linux User s Manual System Recovery A ATTENTION The HP USB Disk Storage Format Tool
12. 40 UP POINTOPOINT RUNNING MTU 1500 Metric 1 RX packets 33 errors 0 dropped 0 overrun 0 TX packets 42 errors 0 dropped 0 overrun 0 10 If you want to disconnect it use the kill command to kill the pppd process NFS Network File System Client The Network File System NFS is used to mount a disk partition on a remote machine as if it were on a local hard drive allowing fast seamless sharing of files across a network NFS allows users to develop applications for the DA 681 LX without worrying about the amount of disk space that will be available The DA 681 LX supports only NFS client protocol 3 23 DA 681 Series Linux User s Manual Managing Communications A ATTENTION Click on the following links for more information about NFS http www tldp org HOWTO NFS HOWTO index html http nfs sourceforge net nfs howto client html The following procedures illustrate how to mount a remote NFS Server 1 Scan the NFS Server s shared directory showmount e HOST showmount Show the mount information of an NFS Server e Show the NFS Server s export list HOST IP address or DNS address 2 Establish a mount point on the NFS Client site mkdir p home nfs public 3 Mount the remote directory to a local directory mount t nfs 192 168 3 100 home public home nfs public This is where 192 168 3 100 is the example IP address of the NFS server SNMP Simple Network Management Protocol The DA 681 LX comes w
13. RTC time or set a new RTC time Use the following command to set the system time date MMDDhhmmYYYY MM Month DD Date hhmm Hour and Minute YYYY Year Use the following command to write the current system time to the RTC hwclock w date Fri Jun 23 23 30 31 CST 2000 hwclock 23 23 30 35 2000 0 557748 seconds date 120910002004 ic 10700700 CST 2004 hwclock w date hwclock G He 9 OW CST 2004 9 10 01 08 2004 0 933547 seconds NTP Client The DA 681 LX has a built in NTP Network Time Protocol client that is used to initialize a time request to a remote NTP server Use ntpdate to update the system time ntpdate time stdtime gov tw hwclock w Visit http www ntp org for more information about NTP and NTP server addresses 2 5 DA 681 Series Linux User s Manual Software Configuration Moxa date hwclock Sat Jan 1 00 00 36 CST 2000 Sat Jan 1 00 00 37 2000 0 772941 seconds Moxa Moxa ntpdate time stdtime gov tw 9 Dec 10 58 53 ntpdate 207 step time server 220 130 158 52 offset 155905087 9 84256 sec Moxa Moxa hwclock w Moxa date hwclock Thu Dec 9 10 59 11 CST 2004 Thu Dec 9 10 59 12 2004 0 844076 seconds Moxa A ATTENTION Before using the NTP client utility check your IP address and network settings to make sure an Internet connection is available Updating the Time Automatically This section describes how to use a shell script to u
14. USEtSi cissgtie nis tain a EE IAEE E E dees an 2 4 Adjusting the System Times 225 cas nich iena e aia Ai baa ieee ate 2 5 Set ng the TA TTT 2 5 NIP Chent at cocie eee oii deen E EE E aber tity 2 5 Updating the Time Automatically sss sese 2 6 Enabling and Disabling Daemomnss cccceeccessseesceesceeeceseceseceaeceaecaaecaeecaeeeaeeeneeeeceeseeereneeeeaees 2 7 Settinsithe R n Level TTT 2 9 Cron Daemon for Executing Scheduled Conmmands sss esse esse sese 2 11 Inserting an SATA Hard Drive into the Computer sss ee ee eee eee ee ee eee eee 2 12 Inserting a USB Storage Device into the Computers esse sese eee eee 2 13 Inserting a CompactFlash Card into the Computer sese ee eee eee ee eee eee 2 14 Checking the Lin x Versiones ip eE tenis S E E NI NEE E its 2 14 APT Installing and Removing Packages sse esse eee 2 15 Managing Communications sssessssssssssseeeessseeessseee reseve essere esse cesser essere 3 1 Changing the Network Settings araneses nenene a O e ee eaa e AE E eaka E aipee oers 3 2 Changing the interfaces Configuration Fle sss esse sese 3 2 Adjusting IP Addresses with ifconfig sss ee eee eee eee 3 3 Telnet Servet a2 teach op cielo T 3 4 FERS OLV GD aE EEE E EEEE E E EE cs SE E EEEE 3 5 DNS Chent i ar RE R a ee A EAER 3 5 Apache WebServer uenee a E r thease E E E E EN eee 3 7 Default Homepage sisi cota ie eh die eal eho ad bie th kee 3 7 Saving Web Pages to a USB Storage Device sees eee 3 8 IPTA
15. a e support hostname way stats hostname oa OUTBOUND connections username hinet net is the username obtained from the ISP to log in to the ISP account password is the corresponding password for the account 3 21 DA 681 Series Linux User s Manual Managing Communications 5 Edit the file ete ppp options and add the following line plugin rp pppoe received Note it is not advisable to use this option with the persist option without the demand option If the active filter option is given data packets which are rejected by the specified activity filter also count as the link being idle idle lt n gt Specifies how many seconds to wait before re initiating the link after it terminates This option only has any effect if the persist or demand option is used The holdoff period is not applied if the link was terminated because it was idle holdoff lt n gt Wait for up n milliseconds after the connect script finishes for a valid PPP packet from the peer At the end of this time or when a valid PPP packet is received from the peer pppd will commence negotiation by sending its first LCP packet The default value is 1000 1 second This wait period only applies if the connect or pty option is used connect delay lt n gt Load the pppoe plugin plugin rp pppoe so lt End of File gt 6 Ifyou use LANT to connect to the ADSL modem add file etc p
16. can be downloaded from many web sites Do a search on HP USB Disk Storage Format Tool from any search engine to locate the tool Step 2 Create a Linux Bootable USB Disk a You can find the firmware directory in the Recovery CD shipped with the DA 681 LX computer b Configure Windows Explorer to show hidden files including protected operating system files c Copy all files in the firmware directory to the root directory of your USB disk d Opena DOS prompt and type M syslinux exe M to create a bootable Linux disk In this example M is the USB Disk drive number Step 3 Set up the BIOS to Boot from a USB Disk a Insert the USB disk b Power on and press DEL to enter the bios setup menu c Select Advanced gt Hard Disk Boot Priority and then press Enter First Boot Device DA 681 Series Linux User s Manual System Recovery d From the setup menu use YPP or to select the USB device Hard Disk Boot Priority Item Help Menu Level gt 2 Pri Slave AFAYA CF 256M 3 Bootable Add in Cards Use lt f gt or lt 4 gt to select a device then press lt gt to move it up or lt gt to move it down the list Press lt ESC gt to exit this menu Press to move the selection up to the first priority and press Esc to exit the setup menu Make sure the first boot device is Hard Disk If not press Enter to change it Select Exit gt Save amp Exit Setup and then press Enter
17. device and then configure the Apache web server s DocumentRoot to open these pages The files used in this example can be downloaded from Moxa s website 1 Prepare the web pages and then save the pages to the USB storage device Click on the following link to download the web page test suite http www w3 org MarkUp Test HTML401 zip 2 Uncompress the zip file to your desktop PC and then use FTP to transfer it to the DA 681 LX s media usb0 directory 3 Mount the root file system with write permission Moxa mount o remount rw dev hdal 4 Type vi etc apache2 sites available default to edit the configuration file Moxa etc vi etc apache2 sites available default 5 Change the DocumentRoot directory to the USB storage directory media usb0 www 3 8 DA 681 Series Linux User s Manual Managing Communications lt VirtualHost 80 gt DocumentRoot media usb0 www lt Directory gt Options FollowSymLinks AllowOverride None lt Directory gt ScriptAlias cgi bin media usb0 www cgi bin lt Directory media usb0 www cgi bin gt AllowOverride None Options ExecCGI MultiViews SymLinksIfOwnerMatch Order allow deny Allow from all lt Directory gt lt VirtualHost gt lt VirtualHost 443 gt DocumentRoot media usb0 www lt Directory gt Options FollowSymLinks AllowOverride None lt Directory gt ScriptAlias cgi bin media usb0 www cgi bin lt Directory media usb0 wwwz c
18. rootfs rw none on sys type sysfs rw none on proc type proc rw udev on dev type tmpfs rw dev hdal on type ext2 rw dev hdal on dev static dev type ext2 rw tmpfs on dev shm type tmpfs rw nosuid nodev devpts on dev pts type devpts rw nosuid noexec none on tmp type tmpfs rw dev mtdblockO on home type jffs2 rw Moxa 2 edit boot grub menu Ist Change the device name of DOM from root dev hda gt root dev sdb and then save the file Debian GNU Linux kernel 2 6 18 5 6 kernel initrd savedefault Debian GNU Linux kernel 2 6 18 5 68 single user mode kernel V 2 t dev sdbi ro single initrd edefault 2 12 DA 681 Series Linux User s Manual Software Configuration 3 Edit etc fstab file and change the selected hard disk for system bootup etc fstab static file system information lt file system gt lt mount gt point gt lt type gt lt options gt lt dump gt lt pass gt Proc proc proc defaults U 0 dev sdb1 ext2 ro defaults errors remount ro 0 t Mount the CF dev hdbl on mnt You should edit this line dev hdb1 mnt ext3 defaults errors remount ro 0 none tmp tmpfs defaults U al dev hda2 home ext2 defaults 0 dev hdc media cdrom0O udf iso9660 user noauto dev f d0 media floppy0 auto rw user nauto 0 4 Shut down the computer 5 Remove the top cover of the DA 681 and then add the hard drive into the computer 6 Reboot
19. the computer to finish 7 If you would like to uninstall the SATA hard drive simply reverse the above procedures Inserting a USB Storage Device into the Computer Since mounting USB storage devices manually can be difficult a program named usbmount to mount the USB drivers automatically usbmount is a small application that relies on udev to mount USB storage devices automatically at certain mount points The USB storage devices will be mounted on media usb0 media usb1 etc Moxa mount dev hdal on type ext2 rw errors remount ro tmpfs on lib init rw type tmpfs rw nosuid mode 0755 proc on proc type proc rw noexec nosuid nodev sysfs on sys type sysfs rw noexec nosuid nodev procbususb on proc bus usb type usbfs rw udev on dev type tmpfs rw mode 0755 tmpfs on dev shm type tmpfs rw nosuid nodev devpts on dev pts type devpts LEW noexec nosuid gid 5 mode 620 dev hdb2 on home type ext2 rw nfsd on proc fs nfsd type nfsd rw rpc_pipefs on var lib nfs rpc_pipefs type rpc_pipefs rw dev sdal on media usb0 type vfat rw noexec nodev sync noatime gid 25 dmask 0007 fmask 0117 dev sdb1 on media usbl type vfat rw noexec nodev sync noatime gid 25 dmask 0007 fmask 0117 Moxa A ATTENTION Remember to type the command sync before you disconnect the USB storage device If you do not issue the command you may lose data 2 13 DA 681 Series Linux User s Manual S
20. 2 10 1 3 Library to read temperature voltage fan sensors libsepol1 1 14 2 Security Enhanced Linux policy library for changing policy binaries libsigc 2 0 0c2a 2 0 17 2 Type safe Signal Framework for C runtime libslang2 The S Lang programming library runtime version libslp1 1 2 1 6 2 OpenSLP libraries i NET SNMP Simple Network Management libsnmp base 5 2 3 7etch2 Protocol MIBs and Docs NET SNMP Simple Network Management libsnmp3 S Protocol MIBs and Docs 1 39 1 40 WIP 11 14 dfsg 2etch1 command line interface parsing libss2 2006 library libss10 9 8 0 9 8c 4etch1 SSL shared libraries libsspO GCC stack smashing protection library libstdc 6 4 N ey aN D a ran N eS libtasn1 3 0 3 6 2 Manage ASN 1 structures runtime libtasn1 3 bin Manage ASN 1 structures binaries N T E N n Lez a A aN aia ae 2 6 18 dfsg 1 17 Linux 2 6 18 image on PPro Celeron PII PIL P4 linux kernel headers 2 6 18 7 Linux Kernel Headers for development locales 2 3 6 ds1 13etch5 GNU C Library National Language locale data support 1 8 DA 681 Series Linux User s Manual Introduction Component Version Description MIME files mime types amp mailcap and support programs Descriptions of common terminal pes Descriptions of common terminal types common terminal types net tools 60 The NET 3 networking toolkit pop oaas PoinsoPone Pol PPP daemon 1 9
21. 5 respawn pppd call dialin gt gt etc inittab Moxa umount 3 20 DA 681 Series Linux User s Manual Managing Communications PPPoE The following procedure is for setting up PPPoE 1 Connect the DA 681 LX s LAN port to an ADSL modem with a cross over cable HUB or switch Log in to the DA 681 LX as the root user Edit the file etc ppp chap secrets and add the following username hinet net password Secrets for authentication using CHAP Client server secret IP addresses PPPOE example if you want to use it you need to unmark it and modify it username hinet net password k username hinet net is the username obtained from the ISP to log in to the ISP account password is the corresponding password for the account 4 Edit the file etc ppp pap secrets and add the following username hinet net N password ATTENTION The definitions here can allow users to login without a password if you don t use the login option of pppd The mgetty Debian package already provides this option make sure you don t change that INBOUND connections Every regular user can use PPP and has to use passwords from etc passwd KS hostname a x username hinet net x password UserIDs that cannot use PPP at all Check your etc passwd and add any other accounts that should not be able to use pppd guest hostname een master hostname S S root hostname
22. 81 Series Linux User s Manual Managing Communications Ethernet Bridging for Private Networks on the Same Subnet 1 Set up four machines as shown in the following diagram local net OpenVPNA LAN2 192 168 2 173 LANI 192 168 2 171 LAN1 192 168 8 173 Internet LAN1 192 168 8 174 LANI 192 168 2 172 LAN2 192 168 2 174 Host B OpenVPN B local net 2 The configuration procedure is almost the same as for the previous example The only difference is that you will need to comment out the parameter up in etc openvpn tap0 br conf of OpenVPN A and etc openvpn tap0 br conf of OpenVPN B point to the peer remote 192 168 8 174 dev tap0 secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 up etc openvpn tap0 br sh comp 1zo0 3 31 DA 681 Series Linux User s Manual Managing Communications Routed IP 1 Set up four machines as shown in the following diagram local net Host A OpenVPN A LAN2 192 168 2 173 LANI 192 168 2 171 LANI 192 168 8 173 Internet LANI 192 168 8 174 LANI 192 168 4 172 LAN2 192 168 4 174 Host B local net 2 On machine OpenVPN A modify the remote address in configuration file etc openvpn tun conf point to the peer remote 192 168 8 174 dev tun secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun m
23. BLES icc eign ashe in a EE R ERS 3 10 IPTABLES Hjerarc TTT 3 11 IPTABLES Mod l s merim en i a Ania ohn neni a A aia 3 12 Observe and Erase Chain R lES sisri erein drd peade oant seese eieiei aip eeek Sp 3 13 Define Policy for Chain Rules 00 0 0 ccessesssecseesscseeeecssecaeesecneeseenaseeesaecesesecneseeenaeenes 3 13 Append or Delete HT 3 14 NAT Network Address Translation sss sese sees 3 15 NAT Example se siseces EEEE E ES etesadess EEE 3 15 Enabling NAT at Boot azezas carex Vei cT hin nin een TGT SONT EEE cies 3 16 PPP Point to Point Protocol eessen e E E T 3 16 Connecting to a PPP Server over a Simple Dial up Connection sees sese ee ee 3 17 Connecting to a PPP Server over a Hard wired LIK ee eee sese eee 3 18 Checking the ee STT 3 18 Chapter 4 PPPOE spree ipa eek eas ee EEA Pe ast eee ete 3 21 NFS Network File System Client sese eee eee 3 23 SNMP Simple Network Management Protocol sss sese eee 3 24 OpenVPN APENE OS EEE E os avieg supe bons os auee sopedt EEE EEE 3 26 Ethernet Bridging for Private Networks on Different Subnets sees sees ee ee eee 3 26 Ethernet Bridging for Private Networks on the Same Subnet ee ee ee eee ee 3 31 Rovted IP ra e bed ai el oh Aiki Rin SR areas els 3 32 DVSIEMFECOVENY acicdetinancetaneteavaccvactscncancs ccvancedcuwdenandesanacsdiauscvarncenceaducsiaaze 4 1 Recovery Environment 450 atacun E E A E E A E A 4 2 Recovery Proceduter sisarseura NTT a ivan re oboe EAT Ta 4 2 1 Introduct
24. Choose Y to save to the CMOS and then exit ro o Step 4 Recover the Linux system from a USB Disk a Ifthe BIOS setup is correct it will boot from the USB disk Follow the steps below to set up recovery parameters This tool can be used to both backup a Ghost like image of your hard disk and to restore your hard disk from such an image Please be aware that if you choose to restore your hard disk All the data contained on this computer might be lost during the restoration You man choose to abort now by stopping the computer now DA 681 Series Linux User s Manual System Recovery b Choose OK to go to the next step c Choose shut down the DA 680 LX when the restoration is finished When the job is completed do you want ta Get a shell root Reboot the system Shutdown lt Can d Choose restore image from Local disk partition Where do you want to save restore your image to from Network share ocal disk partition lt Cancel gt DA 681 Series Linux User s Manual System Recovery e Choose Choose THIS if you want a restoration Note that you cannot restore a partition to itself So every partition but one the destination can be checked Use SPACE to SELECT an entry hda1 Linux lost found home etc media cdrom usr L hda2 Linux sda1 lt Cancel gt f Choose the restoration source device sdal hda1 Linux lost found home etc medi
25. DA 681 Series Linux User s Manual First Edition January 2009 www moxa com product MOXA 2009 Moxa Inc All rights reserved Reproduction without permission is prohibited DA 681 Series Linux User s Manual The Moxa software described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agreement Copyright Notice Copyright 2009 Moxa Inc All rights reserved Reproduction without permission is prohibited Trademarks MOXA is a registered trademark of Moxa Inc All other trademarks or registered marks in this manual belong to their respective manufacturers Disclaimer Information in this document is subject to change without notice and does not represent a commitment on the part of Moxa Moxa provides this document as is without warranty of any kind either expressed or implied including but not limited to its particular purpose Moxa reserves the right to make improvements and or changes to this manual or to the products and or the programs described in this manual at any time Information provided in this manual is intended to be accurate and reliable However Moxa assumes no responsibility for its use or for any infringements on the rights of third parties that may result from its use This product might include unintentional technical or typographical errors Changes are periodically made to the information herein to correct such errors a
26. HHH HH HIHHH FRE THREE THEE TH For further information check http www moxa com Mount user file system Moxa Connecting from a Telnet Console The DA 681 LX computer comes with 6 10 100 Mbps Ethernet ports named LANT to LAN6 The default IP addresses and netmasks of the network interfaces are as follows Default IP Address Netmask LAN 1 192 168 3 127 255 255 255 0 LAN 2 192 168 4 127 255 255 255 0 LAN 3 192 168 5 127 255 255 255 0 LAN 4 192 168 6 127 255 255 255 0 LAN 5 192 168 7 127 255 255 255 0 LAN 6 192 168 8 127 255 255 255 0 2 2 DA 681 Series Linux User s Manual Software Configuration Before using the Telnet client you should change the IP address of your development workstation so that the network ports are on the same subnet as the IP address for the LAN port that you connect to For example if you connect to LAN 1 you could set your PC s IP address to 192 168 3 126 and the netmask to 255 255 255 0 If you connect to LAN 2 you can set your PC s IP address to 192 168 4 126 and the netmask to 255 255 255 0 Use a cross over Ethernet cable to connect your development workstation directly to the target computer or use a straight through Ethernet cable to connect the computer to a LAN hub or switch Next use a Telnet client on your development workstation to connect to the target computer After a connection has been established type the login name and password a
27. Read only mode Moxa umount KE Q DA 681 Series Linux User s Manual Managing Communications 4 Re configure the hostname Moxa etc init d hostname sh start 5 Check the new hostname Moxa hostname etc resolv conf This is the most important file that you need to edit when using DNS For example before you using ntpdate time nist goc to update the system time you will need to add the DNS server address to the file Ask your network administrator which DNS server address you should use The DNS server s IP address is specified with the nameserver command For example add the following line to etc resolv conf assuming the DNS server s IP address is 168 95 1 1 nameserver 168 95 1 1 Moxa etc cat resolv conf resolv conf This file is the resolver configuration file See resolver 5 nameserver 192 168 1 16 nameserver 168 95 1 1 nameserver 140 115 1 31 nameserver 140 115 236 10 Moxa etc etc nsswitch conf This file defines the sequence of files etc hosts or etc resolv conf to be read to resolve the IP address The hosts line in etc nsswitch conf means use etc host first and DNS service to resolve the address 3 6 DA 681 Series Linux User s Manual Managing Communications etc nsswitch conf Example configuration of GNU Name Service Switch functionality If you have the glibc doc reference and info packages installed try info lib
28. a cdrom usr hda2 Linux sda1 W95 FAT32 LBA DA680_V1 0 Build 08031316 lt Cancel gt 4 6 DA 681 Series Linux User s Manual System Recovery g Enter Y to choose the root directory of the restoration image lt Cancel gt h Choose DA680_V1 0_Build_08031316 for the restoration image Choose Create_New_Image if you want a ghost like images of your partitions Choose Backup_Local_Hard_Driver if prefer a zip archive A680_V1 0_ Build_08031316 Create_New_Image Backup_Local_Hard_Driver lt Cancel gt 4 7 DA 681 Series Linux User s Manual System Recovery i Choose Yes to start the restoration After the restoration is finished the system will halt and you will need to reboot to restart the restored system BIOS setting has been recorded on your image Do you want them to be restored No lt Cancel gt When operation is finished turn off the computer and remove the USB disk ATTENTION DO NOT turn off the power during system recovery as the system may crash Step 5 Set up the BIOS back to boot from DOM or CompactFlash Disk a Power on and press DEL to enter the bios setup menu b Select Advanced gt Hard Disk Boot Priority and then press Enter Hard Disk Boot Priority Item Help Menu Level gt USB HDD SD MMC Card Reader Che S AFAYA CF 256M Use lt t gt or lt 4 gt to Bootable Add in Cards select a device then press lt
29. ause the root file system is mounted in Read only mode you need to re mount it with write permission Moxa mount o remount rw dev hdal 2 Type cd etc to change directories Moxa cd etc 3 Type vi re local to edit the configuration file with vi editor Moxa etc vi rc local 4 Next add the application daemon that you want to run We use the example program teps2 release to illustrate and configure it to run in the background bin sh Add the daemon you want to run root tcps2 release amp 2 8 DA 681 Series Linux User s Manual Software Configuration 5 After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode Moxa umount 6 You should be able to find the enabled daemon after you reboot the system Moxa ps ef UID root root root root root root root 9 root 10 root 107 root 143 root 144 root 145 root 146 root 622 root 763 root ROD root ETTO root t527 OOt 1754 daemon 2094 root PASA usr sbin acpid c etc acpi evemts root 2318 usr sbin inetd root 2452 release Setting the Run Level PED PRID STIME Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 Feb18 00 00 00 00 00 00 00 00 00 00 00 00 0 0 00 00 0 07 00 00 00 00 00 00 00 00 00
30. c Name Service Switch for information about this file passwd compat group compat shadow compat hosts files dns networks files protocols db files services db files ethers db files FOC db files netgroup nis Apache Web Server Default Homepage The Apache web server s main configuration file is etc apache2 sites available default with the default homepage located at var www apache2 default index html Save your own homepage to the following directory var www apache2 default Save your CGI page to the following directory var www apache2 default cgi bin Add a main page file under cgi bin directory For example you may add a file called index cgi Before you modify the homepage use a browser such as Microsoft Internet Explore or Mozilla Firefox from your PC to test if the Apache web server is working Type the LAN1 IP address in the browser s address box to open the homepage For example if the default IP address 192 168 3 127 is still active type http 192 168 3 127 To test the default CGI page type http 192 168 3 127 cgi bin index cgi A ATTENTION When you develop your own CGI application make sure your CGI file is executable 3 7 DA 681 Series Linux User s Manual Managing Communications Saving Web Pages to a USB Storage Device Some applications may have web pages that take up a lot of memory space This section describes how to save web pages to the USB mass storage
31. ck on the following links for more information about IPTABLES http www linuxguruz com iptables http www netfilter org documentation HOWTO packet filtering HOWTO html Since the IPTABLES command is very complex to illustrate the IPTABLES syntax we have divided our discussion of the various rules into three categories Observe and erase chain rules Define policy rules and Append or delete rules DA 681 Series Linux User s Manual Managing Communications Observe and Erase Chain Rules Usage iptables t tables L n t tables Table to manipulate default filter example nat or filter L chain List List all rules in selected chains If no chain is selected all chains are listed n Numeric output of addresses and ports iptables t tables FXZ F Flush the selected chain all the chains in the table if none is listed X Delete the specified user defined chain Z Set the packet and byte counters in all chains to zero Examples iptables L n In this example since we do not use the t parameter the system uses the default filter table Three chains are included INPUT OUTPUT and FORWARD INPUT chains are accepted automatically and all connections are accepted without being filtered iptables F iptables X iptables Z Define Policy for Chain Rules Usage iptables t tables P INPUT OUTPUT FORWARD PREROUTING OUTPUT POSTROUTING ACCEPT DROP
32. cludes three chains PREROUTING chain transfers the destination IP address DNAT POSTROUTING chain works after the routing process and before the Ethernet device process to transfer the source IP address SNAT OUTPUT chain produces local packets Sub tables Source NAT SNAT changes the first source packet IP address Destination NAT DNAT changes the first destination packet IP address MASQUERADE a special form for SNAT If one host can connect to the Internet then the other computers that connect to this host can connect to the Internet when the computer does not have an actual IP address REDIRECT a special form of DNAT that re sends packets to a local host independent of the destination IP address Mangle Table includes two chains PREROUTING chain pre processes packets before the routing process OUTPUT chain processes packets after the routing process Mangle tables can have one of three extensions TTL MARK TOS 3 10 DA 681 Series Linux User s Manual Managing Communications IPTABLES Hierarchy The following figure shows the IPTABLES hierarchy Incoming Packets Mangle Table PREROUTING Chain NAT Table PREROUTING Chain Local Host Packets Mangle Table INPUT Chain Other Host Packets Mangle Table FORWARD Chain Filter Table INPUT Chain Local Process Mangle Table OUTPUT Chain Filter Table FORWARD Chain Mangle Table POSTROUTING Chain
33. describe generic objects fo r network interface sub layers SNMPv2 MIB sysORDescr 2 STRING The MIB module for SNMPv2 entities SNMPv2 MIB sysORDescr 3 STRING The MIB module for managing TCP implementatio SNMPv2 MIB snmpOutBadValues 0 SNMPv2 MIB snmpOutGenErrs 0 Counter32 0 U Counter32 0 SNMPv2 MIB snmpOutGetRequests 0 Counter32 0 SNMPv2 MIB snmpOutGetNexts 0 Counter32 0 SNMPv2 MIB snmpOutSetRequests 0 Counter32 0 SNMPv2 MIB snmpOutGetResponses 0 Counter32 540 SNMPv2 MIB snmpOutTraps 0 Counter32 0 SNMPv2 MIB snmpEnableAuthenTraps 0 INTEGER disabled 2 SNMPv2 MIB snmpSilentDrops 0 Counter32 SNMPv2 MIB snmpProxyDrops 0 Counter32 0 root jaredRH90 root AE ARE SNMP QUERY IR Ee H S L 3 25 DA 681 Series Linux User s Manual Managing Communications A ATTENTION Click on the following links for more information about RFC1317 RS 232 like group and RFC 1213 MIB II http www tldp org HOWTO NFS HOWTO index html http nfs sourceforge net nfs howto client html OpenVPN OpenVPN provides two types of tunnels for users to implement VPNS Routed IP Tunnels and Bridged Ethernet Tunnels An Ethernet bridge is used to connect different Ethernet networks together The Ethernets are bundled into one bigger logical Ethernet Each Ethernet corresponds to one physical interface or port that is connected to the bridge On each OpenVPN machine you should carry out configurat
34. ed in single quotes because pppd expects a one word argument for the connect option The options for chat are given below V verbose mode log what we do to syslog 66 c Double quotes don t wait for a prompt but instead do note that you must include a space after the second quotation mark ATDT5551212 Dial the modem and then CONNECT Wait for an answer Send a return null text followed by the usual return ogin username word password Log in with username and password Refer to the chat man page chat 8 for more information about the chat utility dev Specify the callout serial port 115200 The baud rate debug Log status in syslog crtscts Use hardware flow control between computer and modem at 115200 this is a must modem Indicates that this is a modem device pppd will hang up the phone before and after making the call defaultroute Once the PPP link is established make it the default route if you have a PPP link to the Internet this is probably what you want 3 17 DA 681 Series Linux User s Manual Managing Communications 192 1 1 17 This is a degenerate case of a general option of the form x x x x y y y y Here X x x X is the local IP address and y y y y is the IP address of the remote end of the PPP connection If this option is not specified or if just one side is specified then x x x x defaults to the IP address associated with the local machine s hostname located in etc hosts
35. ed temporarily with the ifconfig command Changing the interfaces Configuration File 1 Type cd etc network to change directory Moxa cd etc network 2 Type vi interfaces to edit the network configuration file with vi editor You can configure the DA 681 LX s Ethernet ports for static or dynamic DHCP IP addresses Moxa etc network vi interfaces Static IP Address As shown in the example shown below the default static IP addresses can be modified DA 681 Series Linux User s Manual Managing Communications The loopback network interface auto lo ethO ethl eth2 eth3 eth4 eth5 iface lo inet loopback The primary network interface allow hotplug etho iface ethO inet static address 192 168 3 127 netmask lt 255 32552 255 0 broadcast 192 168 3 255 allow hotplug ethl iface ethl inet static address 192 168 4 127 netmask 255 255 255 0 broadcast 192 168 4 255 allow hotplug eth2 iface eth2 inet static address 192 168 5 127 netmask 255 255 255 0 broadcast 192 168 5 255 Dynamic IP Address using DHCP To configure one or both LAN ports to request an IP address dynamically replace static with dhcp and then delete the rest of the lines The primary network interface allow hotplug etho iface ethO inet dhcp After modifying the boot settings of the LAN interface issue the following command to activate the LAN settings immediately etc init d networking restart Moxa etc init d ne
36. elnet Server DNS Client Apache Web Server gt Default Homepage gt Saving Web Pages to a USB Storage Device IPTABLES gt IPTABLES Hierarchy gt IPTABLES Modules gt Observe and Erase Chain Rules gt Define Policy for Chain Rules gt Append or Delete Rules NAT Network Address Translation gt NAT Example gt Enabling NAT at Bootup PPP Point to Point Protocol gt Connecting to a PPP Server over a Simple Dial up Connection gt Connecting to a PPP Server over a Hard wired Link gt Checking the Connection gt Setting up a Machine for Incoming PPP Connections PPPoE NFS Network File System Client SNMP Simple Network Management Protocol OpenVPN gt Ethernet Bridging for Private Networks on Different Subnets gt Ethernet Bridging for Private Networks on the Same Subnet gt Routed IP DA 681 Series Linux User s Manual Managing Communications Changing the Network Settings The DA 681 LX computer has 6 10 100 Mbps Ethernet ports named LANT to LAN6 The default IP addresses and netmasks of the network interfaces are as follows Default IP Address Netmask LAN 1 192 168 3 127 255 255 255 0 LAN 2 192 168 4 127 255 255 255 0 LAN 3 192 168 5 127 255 255 255 0 LAN 4 192 168 6 127 255 255 255 0 LAN 5 192 168 7 127 255 255 255 0 LAN 6 192 168 8 127 255 255 255 0 These network settings can be modified by changing the interfaces configuration file or they can be adjust
37. from an SSH Console gt Windows Users gt Linux Users Ld Adjusting the System Time gt Setting the Time Manually gt NTP Client gt Updating the Time Automatically Enabling and Disabling Daemons Setting the Run Level Cron Daemon for Executing Scheduled Commands Inserting an SATA Hard Drive into the Computer Inserting an SATA Hard Drive into the Computer Inserting a USB Storage Device into the Computer Inserting a CompactFlash Card into the Computer Checking the Linux Version APT Installing and Removing Packages DU U U DU DU C DU DU U DA 681 Series Linux User s Manual Software Configuration Starting from a VGA Console Connect the display monitor to the DA 681 LX VGA connector and then power it up by connecting it to the power adaptor It takes about 30 to 60 seconds for the system to boot up Once the system is ready a login screen will appear on your monitor To log in type the login name and password as requested The default values are both root Login root Password root login as root root 192 168 3 12 s password Last login Mon Jan 22 19 02 16 2007 from 192 168 3 120 HHHH HHH HHH HHH HHHH THH FREE FH HH HHH T HHH HHHH THH HHH HHE HH HHH HHH HH HHH HHH H H HH HHHH HHHH HHH HH HHH HHH HH HH HH HH HH HHH HH HH HHHH T HEHHE TR THE THE H HHHH TH HE HH H H HH HHH FE HH HH THE HE HHH HHHH H HE HH HH THE HHH HH HH HHH H HH HH THE HH HH Hit H HH HH HH Ha HH
38. gi bin gt AllowOverride None Options ExecCGI MultiViews SymLinksIfOwnerMatch Order allow deny Allow from all lt Directory gt lt VirtualHost gt 6 Use the following commands to restart the Apache web server cd etc init d apache2 restart 7 Open your browser and connect to the DA 681 LX by typing the current LAN 1 IP address in the browser s address box 8 After finishing modification or writing remember to execute umount to change the root directory back to Read only mode Moxa umount 9 Re start the apache server 3 9 DA 681 Series Linux User s Manual Managing Communications Moxa etc init d apache2 restart A ATTENTION Visit the Apache website at http httpd apache org docs for more information about setting up Apache servers IPTABLES IPTABLES is an administrative tool for setting up maintaining and inspecting the Linux kernel s IP packet filter rule tables Several different tables are defined with each table containing built in chains and user defined chains Each chain is a list of rules that apply to a certain type of packet Each rule specifies what to do with a matching packet A rule such as a jump to a user defined chain in the same table is called a target The DA 681 LX supports three types of IPTABLES Filter tables NAT tables and Mangle tables Filter Table includes three chains INPUT chain OUTPUT chain FORWARD chain NAT Table in
39. ince PPP is a peer to peer system the DA 681 LX can also use PPP to link two networks or a local network to the Internet to create a Wide Area Network WAN 3 16 DA 681 Series Linux User s Manual Managing Communications A ATTENTION Click on the following links for more information about PPP http tldp org HOWTO PPP HOWTO index html http axion physics ubc ca ppp linux html Connecting to a PPP Server over a Simple Dial up Connection The following command is used to connect to a PPP server by modem Use this command for old ppp servers that prompt for a login name replace username with the correct name and password replace password with the correct password Note that debug crtscts and defaultroute 192 1 1 17 are optional pppd connect chat v s ATDT5551212 CONNECT ogin username word password dev ttyM0 115200 debug crtscts modem defaultroute 192 1 1 17 If the PPP server does not prompt for the username and password the command should be entered as follows Replace username with the correct username and replace password with the correct password pppd connect chat v s ATDT5551212 CONNECT user username password password dev ttyM0 115200 crtscts modem The pppd options are described below connect chat etc This option gives the command to contact the PPP server The chat program is used to dial a remote computer The entire command is enclos
40. ion Thank you for purchasing the Moxa DA 681 Series of x86 ready to run embedded computers This manual introduces the software configuration and management of the DA 681 LX which runs the Linux operating system For hardware installation connector interfaces setup and upgrading the BIOS please refer to the DA 681 Series Hardware User s Manual Linux is an open scalable operating system that allows you to build a wide range of innovative small footprint devices Software written for desktop PCs can be easily ported to the embedded computer with a GNU cross compiler and a minimum of source code modifications A typical Linux based device is designed for a specific use and is often not connected to other computers or a number of such devices connect to a centralized front end host Examples include enterprise tools such as industrial controllers communications hubs point of sale terminals and display devices which include HMIs advertisement appliances and interactive panels This chapter covers the following topics Overview Product Features Software Specifications Read only Root File System Software Components DU D U DU U DA 681 Series Linux User s Manual Introduction Overview The DA 681 embedded computer is based on the Intel Celeron M processor and 910GMLE chipset which supports standard X86 VGA USB PS 2 keyboard mouse 6 10 100 Mbps LAN ports and SATA disk interface In addition the DA 681 supp
41. ions in the etc openvpn directory where script files and key files reside Once established all operations will be performed in that directory Ethernet Bridging for Private Networks on Different Subnets 1 Set up four machines as shown in the following diagram local net Host A LANI1 192 168 2 173 LANI 192 168 2 171 LAN2 192 168 8 173 Internet LAN2 192 168 8 174 LANI 192 168 4 172 LANI 192 168 4 174 local net Host A represents the machine that belongs to OpenVPN A and Host B represents the machine that belongs to OpenVPN B The two remote subnets are configured for a different range of IP addresses When this configuration is moved to a public network the external interfaces of the OpenVPN machines should be configured for static IPs or connected to another device such as a firewall or DSL box first 3 26 DA 681 Series Linux User s Manual Managing Communications 2 Generate a preset shared key by typing the command openvpn genkey secret secrouter key 3 Copy the file that is generated to the OpenVPN machine scp etc openvpn secrouter key 192 168 8 174 etc openvpn A ATTENTION A preshared key is located at etc openvpn secrouter key You can use it for testing purposes We suggest creating a new key for non testing purpose 4 On machine OpenVPN A modify the remote address in the configuration file etc openvpn tap0 br conf point to the peer remote 192 168 8
42. ith the SNMP V1 Simple Network Management Protocol agent software pre installed It supports RFC1317 RS 232 like group and RFC 1213 MIB II The following example shows an SNMP agent responding to a query from the SNMP browser on the host site 3 24 DA 681 Series Linux User s Manual Managing Communications TA SNMP QUERY STARTED ERREA root jaredRH90 root snmpwalk v 1 c public 192 168 30 128 more SNMPv2 MIB sysDescr 0 STRING Linux Moxa 2 6 18 5 686 1 SMP Mon Dec 24 16 41 07 UTC 2007 1686 SNMPv2 MIB sysObjectID 0 OID SNMPv2 SMI enterprises 8691 12 680 SNMPv2 MIB sysUpTime 0 Timeticks 134544 0 22 25 44 SNMPv2 MIB sysContact 0 STRING Moxa Inc SNMPv2 MIB sysName 0 STRING Moxa SNMPv2 MIB sysLocation 0 STRING F1 8 No 6 Alley 6 Lane 235 Pao Chiao Rd Shing Tien City Taipei Taiwan R O C SNMPv2 MIB sysORLastChange 0 Timeticks 12 0 00 00 12 SNMPv2 MIB sysSORID 1 OID IF MIB ifMIB SNMPv2 MIB sysORID OID SNMPv2 MIB snmpMIB SNMPv2 MIB sysORID OID TCP MIB tcpMIB SNMPv2 MIB sysORID OID IP MIB ip SNMPv2 MIB sysORID OID UDP MIB udpMIB SNMPv2 MIB sysORID OID SNMP VIEW BASED ACM MIB vacmBasicGroup SNMPv2 MIB sysORID 7 OID SNMP FRAMEWORK MIB snmpFrameworkMIBCompliance SNMPv2 MIB sySORID 8 OID SNMP MPD MIB snmpMPDCompliance SNMPv2 MIB sySORID 9 OID SNMP USER BASED SM MIB usmMIBCompliance SNMPv2 MIB sysORDescr 1 STRING The MIB module to
43. l interface for setting up a valid IP address EXNET 192 168 4 0 24 This is an internal network address Step 1 Insert modules Here 2 gt dev null means the standard error messages will be dump to null device modprobe ip_tables 2 gt dev null modprobe ip_nat_ftp 2 gt dev null modprobe ip_nat_irc 2 gt dev null modprobe ip_conntrack 2 gt dev null modprobe ip_conntrack_ftp 2 gt dev null modprobe ip_conntrack_irc 2 gt dev null Step 2 Define variables enable routing and erase default rules PATH bin sbin usr bin usr sbin usr local bin usr local sbin export PATH echo 1 gt proc sys net ipv4 ip_forward sbin iptables F sbin iptables X sbin iptables Z sbin iptables F t nat sbin iptables X t nat sbin iptables Z t nat sbin iptables P INPUT ACCEPT sbin iptables P OUTPUT ACCEPT sbin iptables P FORWARD ACCEPT sbin iptables t nat P PREROUTING ACCEPT sbin iptables t nat P POSTROUTING ACCEPT sbin iptables t nat P OUTPUT ACCEPT Step 3 Enable IP masquerade PPP Point to Point Protocol PPP Point to Point Protocol is used to run IP Internet Protocol and other network protocols over a serial link PPP can be used for direct serial connections using a null modem cable over a Telnet link and links established using a modem over a telephone line Modem PPP access is almost identical to connecting directly to a network through the DA 681 LX s Ethernet port S
44. mposed entirely of free software The Debian GNU Linux follows the standard Linux architecture making it easy to use programs that meet the POSIX standard In addition to Standard POSIX APIs device drivers for Moxa UART and other special peripherals are also included An example software architecture is shown below AP API Protocol Stack Linux Device Driver Kernel J Micro Kernel Memory Control Schedule Process Hardware A ATTENTION Refer to http www debian org and http www gnu org for information and documentation of the Debian GNU Linux and free software concept A ATTENTION The above software architecture is only an example Different models or different build revisions of the Linux operating system may include components not shown in the above graphic 1 3 DA 681 Series Linux User s Manual Introduction Read only Root File System The pre installed root file system is protected in a read only partition to prevent file system crash problems normally caused by power loss But some directories or files such as home root var etc network etc ppp ect openvpn and etc resolv conf which need write permission are located in another writable partition and formatted with the EXT2 file system You can read write above files or directories directly without re mounting it Software Components The DA 681 LX pre installed Debian Etch 4 0r2 Linux distribution has the following software components
45. nd these changes are incorporated into new editions of the publication Technical Support Contact Information Wwww moxa com support Moxa Americas Toll free 1 888 669 2872 Tel 1 714 528 6777 Fax 1 714 528 6778 Moxa Europe Tel 49 89 3 70 03 99 0 Fax 49 89 3 70 03 99 99 Moxa China Shanghai office Toll free 800 820 5036 Tel 86 21 5258 9955 Fax 86 10 6872 3958 Moxa Asia Pacific Tel 886 2 8919 1230 Fax 886 2 8919 1231 Chapter 1 Chapter 2 Chapter 3 Table of Contents Introd ctio _ sessesnawacichecscnansenaucbsovastevannauctsaccndanestunaassaduecasuncusvarsanensatess 1 1 OVEIVIEWS sites caitics aia ha Ae anand ote slo oii A bara ween 1 2 Product Features niorir nester eretar raea ap aS oe Ea Eo EERTE A STES LE EEEE Ee Te RESETE Eis s aaea 1 2 Software Specifications aaia aee e O E wae eG ovis 1 3 Read only Root Fil Systems soinen iiai a a E E E E E A oes 1 4 Software COMPOME DUS esses ssi nosed aetu iaie os roei aE oE ae E cates ree en Ebes EE ECES 1 4 Software Configuration s sssnesssunssnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn annn 2 1 Starting froma VGA Console ssia e a ncn EEE e EEEE E EEEE 2 2 Connecting from a Telnet Console sse esse eee eee 2 2 Connecting from an SSH Consoles v s s0 csussscnsseseecessseserpsotseeehssbeapsuseucieteashesspyeendesthnebassnvionststs 2 4 Windows Users 2iiachsestciiabiien Pie wile dibs N E ili Bee ae aah 2 4 Linux
46. net stream tcp nowait root bin telnetd After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode Moxa umount DA 681 Series Linux User s Manual Managing Communications FTP Server Refer to the following commands to enable or disable the FTP Server service Enabling the FTP Server Use the following command to enable the FTP server Moxa etc init d proftpd start Starting ftp server proftpd Use the following command to confirm if the FTP has been started Moxa ps auxgrep proftp If profptd string has appeared the FTP server has been started Disabling the FTP Server Use the following command to disable the FTP server Moxa etc init d proftpd stop Stopping ftp server proftpd To confirm if FTP has been disabled use the following command Moxa ps auxgrep proftp If profptd string has not appeared the FTP server has been disabled DNS Client The DA 681 LX supports DNS client but not DNS server To set up DNS client you need to edit three configuration files etc hostname etc resolv conf and etc nsswitch conf etc hostname p Mount the root file system with write permission Moxa mount o remount rw dev hdal 2 Edit etc hostname Moxa vi etc hostname Moxa W After you finish writing or modifying the code remember to execute umount to change the root directory back to
47. nux User s Manual Managing Communications 9 On each OpenVPN machine check the routing table by typing the command route Destination Gateway Genmsk Flags Metric Ref Use Iface 19251689450 WT D 255 259 U eth2 168 4 0 0 0 0 0 220535 U bro 168 3 0 0 0 0 0 203 etho BE e S O10 0 O s295 eth3 168 8 0 OOK TAD DS ional Interface eth1 and device tap0 both connect to the bridging interface and the virtual device tun sits on top of tap0 This ensures that all traffic coming to this bridge from internal networks connected to interface eth write to the TAP TUN device that the OpenVPN program monitors Once the OpenVPN program detects traffic on the virtual device it sends the traffic to its peer 10 To create an indirect connection to Host B from Host A you need to add the following routing item route add net 192 168 4 0 netmask 255 255 255 0 dev eth0 To create an indirect connection to Host A from Host B you need to add the following routing item route add net 192 168 2 0 netmask 255 255 255 0 dev eth0 Now ping Host B from Host A by typing ping 192 168 4 174 A successful ping indicates that you have created a VPN system that only allows authorized users from one internal network to access users at the remote site For this system all data is transmitted by UDP packets on port 5000 between OpenVPN peers 11 To shut down OpenVPN programs type the command killall TERM openvpn 3 30 DA 6
48. o fons fiat m2 Tans sade For example if you want to launch a program at 8 00 every day minute hour date month week user command 8 root path to your program The following example demonstrates how to use Cron to update the system time and RTC time every day at 8 00 1 Write a shell script named fixtime sh and save it to home bin sh ntpdate time nist gov hwclock w exit 0 2 Change mode of fixtime sh chmod 755 fixtime sh 3 Modify etc crontab file to run fixtime sh at 8 00 every day Add the following line to the end of crontab 8 root home fixtime sh DA 681 Series Linux User s Manual Software Configuration Inserting an SATA Hard Drive into the Computer The DA 681 offers one hard drive connector supporting a SATA based disk that can be added to the computer Follow the next step 1 Change the access right of the file system mount o remount rw dev hdal Then use mount command to check if the status has been changed from read only to read and write Moxa mount rootfs on type rootfs none on sys type sysfs none on proc type proc udev on dev type tmpfs dev hdal on type ext2 ro dev hdal on dev static dev type ext2 ro tmpfs on dev shm type tmpfs rw nosuid nodev devpts on dev pts type devpts rw nosuid noexec none on temp type tmpfs rw dev mtdblockO on home type jffs2 rw Moxa mount 0 remount rw dev hdal Moxa mount rootfs on type
49. oftware Configuration A ATTENTION Remember to exit the media usb0 or media usb1 directory when you disconnect the USB storage device If you stay in media usb0 or media usb1 the automatic un mount process will fail If that happens type umount media usb0 to un mount the USB device manually Inserting a CompactFlash Card into the Computer The CompactFlash card is treated as a local disk drive in the DA 681 LX computer It is identified as a block device at dev hdb You can add one line to ete fstab to force the CompactFlash card to mount automatically at boot time A ATTENTION The DA 681 Series Embedded Computer does not support the CompactFlash hot swap function You must remove the power source first before inserting or removing the CompactFlash card If you do not shut down the power source you could damage your CompactFlash card Moxa mount o remount rw dev hdal Moxa vi etc fstab etc fstab static file system information lt file system gt lt mount point gt lt type gt lt options gt lt dump gt lt pass gt Proc proc proc defaults U 0 dev hdal 4 ext2 ro defaults errors remount ro 0 none tmp tmpfs defaults U 1 dev hda2 home ext2 defaults U 2 dev hdc media cdrom0O udf iso9660 user noauto 0 dev fd0 media floppy0 auto rw user noauto 0 0 Moxa Moxa umount Moxa Checking the Linux Version The program uname which stands for Unix Name and is part of the Unix
50. operating system prints the name version and other details about the operating system running on the computer Use the a option to generate a response similar to the one shown below Moxa uname a Linux DA680 2 6 18 5 686 1 SMP Mon Dec 24 16 41 07 UTC 2007 i686 GNU Linux Moxa 2 14 DA 681 Series Linux User s Manual Software Configuration APT Installing and Removing Packages APT is the Debian tool used to install and remove packages Before installing a package you need to configure the apt source file etc apt sources list which is located in the read only partition 1 Mount the root file system with write permission Moxa mount o remount rw dev hdbl1 2 Next configure the etc apt sources list using vi editor Moxa vi etc apt sources list deb cdrom Debian GNU Linux 4 0 r2 _Etch_ Official i386 NETINST Binary 1 20080103 00 44 etch contrib main deb http ftp debian org debian etch main deb src http ftp debian org debian etch main deb http security debian org etch updates main contrib deb src http security debian org etch updates main contrib Moxa 3 Update the source list after you configure it Moxa apt get update Moxa 4 Once you indicate which package you want to install openswan for example type Moxa apt get install openswan Moxa 5 Use one of the following commands to remove a package a For a simple package removal
51. orts a CompactFlash Socket and pre installed embedded ready to run operating system Programmers will find the full function development kit a great benefit for developing software and building reliable communication applications The housing is a standard 1U 19 inch wide rack mounted rugged enclosure This robust rack mountable design provides the hardened protection needed for industrial environment applications Product Features The DA 681 Series Basic System has the following features e Intel Celeron M 1 GHz processor with 400 MHz FSB e Intel 9IOGMLE ICH6M chipset e 200 pin DDR2 SODIMM socket supporting DDR2 400 up to 1 GB built in 512 MB e 6 Ethernet ports for network redundancy e 1 CompactFlash socket e 1SATA connector for storage expansion e 4RS 232 and 8 RS 485 serial ports supports most nonstandard baudrates in this range e 2 USB 2 0 ports for high speed peripherals e 19 inch rackmount 1U high form factor e Fanless Design e 100 240 VAC VDC power input single power and dual power models available A ATTENTION Refer to section Baud Rate Speed for calculation of baud rate speed supported 1 2 DA 681 Series Linux User s Manual Introduction Software Specifications The Linux operating system pre installed on the DA 681 embedded computer is the Debian Etch 4 0r5 distribution The Debian project is a worldwide group of volunteers who endeavor to produce an operating system distribution that co
52. pd SNMP Agent Daemon e telnetd Telnet Server Client Daemon e inetd Internet Daemons e ftpd FTP Server Client Daemon e sshd Secure Shell Server Daemon e httpd Apache WWW Server Daemon Type the command ps ef to list all processes currently running 2 7 DA 681 Series Linux User s Manual Software Configuration Moxa ps ef UID PID PPID root root root root root root FOOR 9 root 10 root 107 root 143 root 144 OOE 145 root 146 root 622 root T3 root TED root 1119 root 1527 root 1754 daemon 2094 root 291 usr sbin acpid c etc acpi evemts s var run acpid socket root 2318 i 0 Feb18 00 00 usr sbin inetd STIME TIME CMD Feb18 OOS 0OS0T inte i2 Feb18 00 00 00 migration 0 Feb18 00 00 00 ksoftirgd_0 Feb18 00 00 00 events 0 Feb18 00 00 00 khelper Feb18 00 00 00 kthread Feb18 00 00 00 kblockd 0 Feb18 00 00 00 kacpid Feb18 00 00 00 kseriod Feb18 00 00 00 pdflush Feb18 00 00 00 pdflush Feb18 00 00 00 kswapd0 Feb18 00 00 00 aio 01 Feb18 00 00 00 khubd Feb18 00 00 00 scsi_eh_0 Feb18 00 00 00 usb storage Feb18 00 00 00 udevd daemon Feb18 00 00 00 kpsmoused Feb18 00 00 00 kmirrord Feb18 00 00 00 sbin portmap Feb18 00 00 00 O OU OO OO 0 OO OGO O OGOTO O OQO O OF U 1 1 1 1 1 6 6 6 6 6 6 6 6 6 6 1 6 S 1 1 VVYVN VV VV VV VV VV VV VV Viv 0 10 To run a private daemon you can edit the file re local as follows 1 Bec
53. pdate the time automatically Example shell script for updating the system time periodically bin sh ntpdate time nist gov You can use the time server s ip address or domain name directly If you use domain name you must enable the domain client on the system by updating etc resolv conf file hwclock w sleep 100 Updates every 100 seconds The min time is 100 seconds Change 100 to a larger number to update RTC less often Save the shell script using any file name For example fixtime How to run the shell script automatically when the kernel boots up Because the root file system is mounted in Read only mode we need to re mount it using writable permission mount o remount rw dev hda1 Copy the example shell script fixtime to directory etc init d and then use chmod 755 fixtime to change the shell script mode chmod 755 fixtime 2 6 DA 681 Series Linux User s Manual Software Configuration Next use vi editor to edit the file etc inittab vi etc inittab Add the following line to the bottom of the file ntp 2345 respawn etc init d fixtime After you finish writing or modifying the code remember to execute umount to change the root directory back to Read only mode umount Use the command init q to re initialize the kernel init q Enabling and Disabling Daemons The following daemons are enabled when the DA 681 LX boots up for the first time e snm
54. pp options eth0 If you use LAN2 to connect to the ADSL modem then add etc ppp options eth1 etc name username hinet net mtu 1492 mru 1492 defaultroute noipdefault etc ppp options ethO 5 lines 67 characters Type your username the one you set in the etc ppp pap secrets and etc ppp chap secrets files after the name option You may add other options as desired 3 22 DA 681 Series Linux User s Manual Managing Communications 7 Setup DNS If you are using DNS servers supplied by your ISP edit the file etc resolv conf by adding the following lines of code nameserver ip_addr_of_first_dns_server nameserver ip_addr_of_second_dns_server For example nameserver 168 95 1 1 nameserver 139 175 10 20 Moxa etc cat resolv conf resolv conf This file is the resolver configuration file See resolver 5 nameserver 192 168 1 16 nameserver 168 95 1 1 nameserver 139 175 10 20 nameserver 140 115 1 31 nameserver 140 115 236 10 Moxa etc 8 Use the following command to create a pppoe connection pppd eth0 The ADSL modem is connected to the LAN1 port which is named ethO If the ADSL modem is connected to LAN2 use eth etc 9 Type ifconfig ppp0 to check if the connection is OK If the connection is OK you should see the IP address of ppp0 Use ping to test the IP address 10303010 Link encap Point to Point Protocol inet addr 192 76 32 53 PStePe 29 26711652 Mask 29593299 259
55. run 0 Now type ping Z Z Z Z where z z z z is the address of your name server The output is similar to the following 3 18 DA 681 Series Linux User s Manual Managing Communications Moxa ping 129 67 1 165 PING 129 67 1 165 129 67 1 165 56 data bytes 64 bytes from 129 67 1 165 icmp_segq 0 tt1l 225 time 268 ms 64 bytes from 129 67 1 165 icmp_seg 1 tt1l 225 time 247 ms 64 bytes from 129 67 1 165 icmp_segq 2 tt1l 225 time 266 ms SG ZAI 29 67 1165 ping statistics 3 packets transmitted 3 packets received 0 packet loss round trip min avg max 247 260 268 ms Moxa Try typing netstat nr This should show three routes similar to the following Kernel routing table Destination Gateway Genmask Flags Metric Ref Use iface 129 67 1 165 0 0 0 0 2954 2990 25 904259 UH U pppod 127 0 0 0 0 0 0 0 DDD 129 67 1 165 pppo If your output looks similar but does not have the destination 0 0 0 0 line which refers to the default route used for connections you may have run pppd without the defaultroute option At this point you can try using Telnet ftp or finger bearing in mind that you will have to use numeric IP addresses unless you have configured etc resolv conf correctly Setting up a Machine for Incoming PPP Connections Method 1 pppd dial in with pppd commands This first example applies to using a modem and requiring authorization with a username and password pppd de
56. s libc6 dev 2 3 6 ds1 13etch5 ne C Library Development Libraries and Header libc6 1686 2 3 6 ds1 13etchS GNU C Library Shared libraries 1686 optimized libcap1 1 10 14 Support for getting setting POSIX 1e capabilities libedit2 evs 20050918 iain and history libraries An asynchronous event notification library libgc1c2 Conservative garbage collector for C and C libgcc1 4 1 1 21 GCC support library libgcrypt11 1 2 3 2 LGPL Crypto library runtime library 1 6 libgdbm3 1 8 3 3 GNU dbm database routines runtime version DA 681 Series Linux User s Manual Introduction Using libc functions for internationalization in Perl ee locking library includes dotlockfile libmysqlclientlSoff 5 0 32 7etch5 mysql database client library Shared libraries for terminal handling iaei 4 17 5etch3 File type determination library using magic numbers libneursesws 5 5 5 S Shared libraries for terminal handling wide character support libnet lite ftp perl 0 47 2 Perl FTP client with support for TLS libnet ssleay perl Perl module for Secure Sockets Layer SSL th an An nfs idmapping library Libraries for Heimdal Kerberos 1 7 DA 681 Series Linux User s Manual Introduction libsas12 2 1 22 dfsg1 8 Authentication abstraction library libsas 2 2 2 1 22 dfsg1 8 Authentication abstraction library libselinux 1 1 32 3 SELinux shared libraries libsemanage1 Shared libraries used by SELinux policy manipulation tools
57. s requested to log on to the computer The default values are both root Login root Password root cx Telnet 192 1 Moxa Embedded Linux Professional Edition Moxa login root Password Last login Thu Apr 16 16 43 66 2068 from 192 168 386 126 on pts HHHH HHHH HHHHHH HHHHHHH HEHEHHE Hit HHH HHHH HHH HHH HHHH HHHH HHH Hit HHH HHH HHH HHH HH HHH Hitt THH H H HHH it HHHH HHHH HH HHH Hitt HHR HH Hit HH HH HH HH HHH Hit HHHH Ht HH HHH HR HH HH Hit HHHH HHH tt HH HH HH Hit Hitt HHHHHHH Hit Hit i ii HHH THT HHHHH it tit HH HHH Hit HHH Hitt Hit HHH Hitt HH HHH tit tit Hit Hit Hitt tit Hit HH HHH Hit Hit Hit H HHH HH HHHHHH HHRHH HHHHHHHH THT HHH HHHH For further information check http wuww moxa com Mount user file system Moxa H ATTENTION If you cannot get connected on the first try re check the IP address and netmask settings and then unplug and re plug the DA 681 LX s power cord 2 3 DA 681 Series Linux User s Manual Software Configuration Connecting from an SSH Console The DA 681 LX computer supports an SSH Console to offer users with better security over the network compared to Telnet Windows Users Click on the link http www chiark greenend org uk sgtatham putty download html to download PuTTY free software to set up an SSH console for the DA 681 LX in a Windows environment The following screen shows an example of the configuration that is required ix P
58. t 192 168 2 0 netmask 255 255 255 0 dev br0O And then configure the bridge interface in etc openvpn bridge 3 28 DA 681 Series Linux User s Manual Managing Communications bin bash Create global variables Define Bridge Interface br bro Define list of TAP interfaces to be bridged for example tap tap0O tapl tap2 tap tapo Define physical ethernet interface to be bridged with TAP interface s above eth ethi eth_ip 192 168 8 174 eth_netmask 255 255 255 0 eth_broadcast 192 168 8 255 gw 192 168 8 173 Start the bridge script file to configure the bridge interface etc openvpn bridge restart A ATTENTION Select cipher and authentication algorithms by specifying cipher and auth To see which algorithms are available type openvpn show ciphers openvpn show auths 8 Start both OpenVPN peers on machine OpenVPN A and OpenVPN B openvpn config etc openvpn tap0 br conf amp If you see the line Peer Connection Initiated with 192 168 8 173 50000n each machine the connection between OpenVPN machines has been established successfully on UDP port 5000 A ATTENTION You can create link symbols to start the OpenVPN service at boot time In sf etc init d openvpn etc rc2 d S16openvpn To stop the service you should create these links In sf etc init d openvpn etc rc0 d K800penvpn In sf etc init d openvpn etc rc6 d K800penvpn 3 29 DA 681 Series Li
59. tu 1500 tun mtu extra 64 ping 40 ifconfig 192 168 2 173 192 168 4 174 up etc openvpn tun sh 3 Next modify the routing table in script file etc openvpn tun sh bin sh value after net is the subnet behind the remote peer route add net 192 168 2 0 netmask 255 255 255 0 gw 5 3 32 DA 681 Series Linux User s Manual Managing Communications 4 On machine OpenVPN B modify the remote address in configuration file etc openvpn tun conf point to the peer remote 192 168 8 173 dev tun secret etc openvpn secrouter key cipher DES EDE3 CBC auth MD5 tun mtu 1500 tun mtu extra 64 ping 40 Sa H L92 LOGAS TTA E R 1 TS up etc openvpn tun sh And then modify the routing table in script file etc openvpn tun sh bin sh value after net is the subnet behind the remote peer route add net 192 168 2 0 netmask 255 255 255 0 gw 5 The first argument of parameter ifconfig is the local internal interface and the second argument is the internal interface at the remote peer 5 is the argument that the OpenVPN program passes to the script file Its value is the second argument of ifconfig in the configuration file 5 Check the routing table after you run the OpenVPN programs by typing the command route Destination Gateway Genmsk Flags Metric Ref Use Iface 192 168 4 174 k 2554295 20572950H 0 U tuno 192 168 4 192 168 4 174 255729942995 U Lun U 192 168 2 x S 29 5 U etni
60. twork and the other is the outside network Typically the DA 681 LX connects several devices on a network and maps local inside network addresses to one or more global outside IP addresses and un maps the global IP addresses on incoming packets back into local IP addresses A ATTENTION Click on the following links for more information about NAT http www netfilter org documentation HOWTO packet filtering HOWTO html NAT Example The IP address of all packets leaving LAN1 are changed to 192 168 3 127 you will need to load the module ipt MASQUERADE IP Netmask 192 168 3 100 24 Gateway 192 168 3 127 PC Linux or Windows LAN1 192 168 3 127 24 LAN 192 168 4 127 24 PC2 Linux or Windows IP Netmask 192 168 4 100 24 Gateway 192 168 4 127 NAT Area Private IP ehco 1 gt proc sys net ipv4 ip_forward modprobe ipt MASQUERADE iptables t nat A POSTROUTING 0 eth0 j MASQUERADE 3 15 DA 681 Series Linux User s Manual Managing Communications Enabling NAT at Bootup In most real world situations you will want to use a simple shell script to enable NAT when the DA 681 LX boots up The following script is an example bin bash If you put this shell script in the home nat sh Remember to chmod 744 home nat sh Edit the rc local file to make this shell startup automatically vi etc rc local Add a line in the end of rc local home nat sh EXIF eth0 This is an externa
61. tworking restart Adjusting IP Addresses with ifconfig IP settings can be adjusted during run time but the new settings will not be saved to disk without modifying the file etc network interfaces For example type the command ifconfig eth1 192 168 1 1 to change the IP address of LAN1 to 192 168 1 1 Moxa ifconfig ethl 192 168 1 1 Moxa DA 681 Series Linux User s Manual Managing Communications Telnet Server In addition to supporting Telnet client server the DA 681 LX also supports SSH and sftp client server To enable or disable the Telnet server you need to edit the file etc inetd conf 1 Mount the root file system with write permission Moxa mount o remount rw dev hdal 2 Type cd etc to change the directory Moxa cd etc 3 Type vi inetd conf to edit the configuration file Moxa etc vi inetd conf Enabling the Telnet Server The following example shows the default content of the file etc inetd conf The default is to enable the Telnet server discard dgram udp wait root bin discard discard stream tcp nowait root bin discard telnet stream tcp nowait root bin telnetd Disabling the Telnet Server Disable the daemon by typing T in front of the first character of the row to comment out the line For example to disable the Telnet server use the following commands discard dgram udp wait root bin discard discard stream tcp nowait root bin discard tel
62. uTTY Configuration Category Session Basic options for your PuTTY session Logging Terminal Keyboard Jon you want to connect to fost Name or IP address Bell N92 168 3 127 Features Connection Ype Window ORaw OTelnet ORlogin SSH Serial Appearance at save or delete stored session Behaviour Translation Selection Saved Sessions 192 168 3 127 Colours z Defau F Connection 192 168 1 80 Data 1192 168 30 100 Proxy 192 168 30 109 Telnet 192 168 30 111 192 168 20 121 Rlogin 192 168 30 125 K SSH Serial S Close window on exit Odlways QO Never Only on clean exit Linux Users From a Linux machine use the ssh command to access the DA 681 I LX s console utility via SSH ssh 192 168 3 127 Select yes to open the connection root bee_notebook root ssh 192 168 3 127 The authenticity of host 192 168 3 127 192 168 3 127 can t be established RSA key fingerprint is B8b ee f f 384 41 25 fce cd 2a f2 92 8f cb 1f 6b 2f Are you sure you want to continue connection yes no yes_ DA 681 Series Linux User s Manual Software Configuration Adjusting the System Time The DA 681 LX has two time settings One is the system time and the other is provided by an RTC Real Time Clock built into the DA 681 LX s hardware Setting the Time Manually Use the date command to query the current system time or set a new system time Use hwclock to query the current
63. v ttyM0 115200 crtscts modem 192 168 16 1 192 168 16 2 login auth You should also add the following line to the file etc ppp pap secrets P P 6699 P The first star lets everyone login The second star lets every host connect The pair of double quotation marks indicates that the file etc passwd can be used to check the password The last star is to let any IP connect The following example does not check the username and password pppd dev ttyM0 115200 crtscts modem 192 168 16 1 192 168 16 2 Method 2 pppd dial in with pppd script Configure a dial in script etc ppp peer dialin 3 19 DA 681 Series Linux User s Manual Managing Communications You usually need this if there is no PAP authentication noauth auth login The chat script be sure to edit that file too init usr sbin chat v f etc ppp ppp ttyM0 chat Set up routing to go through this PPP link defaultroute Default modem you better replace this with dev ttySx dev ttyM0 Speed 115200 Keep modem up even if connection fails persist crtscts modem 192 168 16 1 192 168 16 2 debug detach Configure the chat script etc ppp ppp ttyM0 chat SAY Auto Answer ON n ta ATSO 1 Start the pppd dial in service pppd call dialin A ATTENTION If you hope to have auto dial in service you can respawn the dial in service in etc inittab Moxa mount o remount rw dev hdal Moxa echo p0 234
64. w to handle matched packets For example ACCEPT the packet DROP the packet or LOG the packet Examples Example 1 Accept all packets from the lo interface iptables A INPUT i lo j ACCEPT Example 2 Accept TCP packets from 192 168 0 1 iptables A INPUT i eth0 p tcp s 192 168 0 1 j ACCEPT Example 3 Accept TCP packets from Class C network 192 168 1 0 24 iptables A INPUT i eth0 p tcp s 192 168 1 0 24 j ACCEPT Example 4 Drop TCP packets from 192 168 1 25 iptables A INPUT i eth0 p tcp s 192 168 1 25 j DROP Example 5 Drop TCP packets addressed for port 21 iptables A INPUT i eth0 p tcp dport 21 j DROP Example 6 Accept TCP packets from 192 168 0 24 to DA 681 I LX s port 137 138 139 iptables A INPUT i eth0 p tcp s 192 168 0 24 dport 137 139 j ACCEPT Example 7 Log TCP packets that visit DA 681 I LX s port 25 iptables A INPUT i eth0 p tcp dport 25 j LOG Example 8 Drop all packets from MAC address 01 02 03 04 05 06 iptables A INPUT i eth0 p all m mac mac source 01 02 03 04 05 06 j DROP A ATTENTION In Example 8 remember to issue the command modprobe ipt_mac first to load the module ipt_mac DA 681 Series Linux User s Manual Managing Communications NAT Network Address Translation The NAT Network Address Translation protocol translates IP addresses used on one network into IP addresses used on a connecting network One network is designated the inside ne
Download Pdf Manuals
Related Search