Bureaucrats, dave_user, Administrators
8,148
edits
Changes
no edit summary
{{InfoBoxTop}}
{{AppliesToAXELULite}}
{{AppliesToAXEL ULite TN}}
{{AppliesToSBCLynx}}
{{InfoBoxBottom}}
|August 2016
|First public release
|-
|{{oldid|5301|1.1.0}}
|August 2016
|Added section about persistent rules
|-
|1.1.1
|August 2016
|Added sysctl persistent settings
|-
|1.1.2
|May 2017
|Fix sysctl parameter
|-
|}
==Introduction==
Thanks to the dual Ethernet interface, SBC Lynx allows to implement non-trivial network configurations. As an example of this flexibility, this article shows how to configure SBC Lynx to implement a Linux-powered router that manages data packet forwarding between two different LANs. This task can be performed in parallel with the other application-specific activities (typically field bus communications, monitoring, control etc.). This solution allows to reduce significantly overall infrastructure costs in many industrial environments where Ethernet networking is popular nowadays.
*192.168.0.209:80 <-> 192.168.11.241:80
*192.168.0.209:8080 <-> 192.168.11.239:80
[1] For simplicity, secondary interface has been implemented with an USB/Ethernet adapter (MOSCHIP 7830/7832/7730 usb-NET adapter) connected to USB port. For a real-world production environment, it is recommended the use of both iMX6UL Ethernet MAC controllers. To do that, a plugin board connected to the one piece connector (J45/J52) can be used. For more details please refer to [mailto:sales@dave.eu sales department].
Before proceeding on port forwarding rules setting, the forwarding capability must be enabled on both <code>eth0</code> and <code>eth1</code> interfaces:
<pre>
root@sbc-lynx:~# sysctl -w net.ipv4.conf.eth0.forwarding=1
net.ipv4.conf.eth0.forwarding = 1
root@sbc-lynx:~# sysctl -w net.ipv4.conf.eth1.forwarding=1
net.ipv4.conf.eth1.forwarding = 1
</pre>
Mar 6 03:04:56 sbc-lynx user.debug kernel: FORWARD-Filter: IN=eth0 OUT=eth1 MAC=00:50:c2:b9:cf:82:90:b1:1c:69:58:80:08:00 SRC=192.168.0.28 DST=192.168.11.241 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=28618 DF PROTO=TCP SPT=57230 DPT=80 WINDOW=16425 RES=0x00 ACK URGP=0
Mar 6 03:04:56 sbc-lynx user.debug kernel: FORWARD-Filter: IN=eth0 OUT=eth1 MAC=00:50:c2:b9:cf:82:90:b1:1c:69:58:80:08:00 SRC=192.168.0.28 DST=192.168.11.241 LEN=484 TOS=0x00 PREC=0x00 TTL=127 ID=28619 DF PROTO=TCP SPT=57230 DPT=80 WINDOW=16425 RES=0x00 ACK PSH URGP=0
</pre>
===Make <code>iptables</code> configuration persistent===
<code>iptables</code> init script is used to make rules persistent in order to load them automatically on boot.
The init script must be saved in the target's root file system as <code>/etc/init.d/iptables</code>. From SBC Lynx the following commands can be used to create and edit the file:
<pre>
root@sbc-lynx:~# touch /etc/init.d/iptables
root@sbc-lynx:~# chmod +x /etc/init.d/iptables
root@sbc-lynx:~# vi /etc/init.d/iptables
</pre>
Here is the content of the script:
<pre>
#! /bin/bash
### BEGIN INIT INFO
# Provides: iptables
# Required-Start: mountkernfs $local_fs
# Required-Stop: mountkernfs $local_fs
# X-Start-Before: networking
# X-Stop-After: networking
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Iptables
# Description: Init script for iptables
### END INIT INFO
function do_start {
if [ -e "/etc/iptables.rules" ]; then
echo "Starting iptables service"
iptables-restore < /etc/iptables.rules
else
echo "No rules saved for iptables"
fi
}
function do_stop {
echo "Stopping iptables service"
for chain in INPUT FORWARD OUTPUT
do
iptables -P $chain ACCEPT
done
for param in F Z X; do iptables -$param; done
for table in $(cat /proc/net/ip_tables_names)
do
iptables -t $table -F
iptables -t $table -Z
iptables -t $table -X
done
}
function do_save {
echo "Saving iptables rules"
iptables-save > /etc/iptables.rules
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
save)
do_save
;;
restart)
do_stop
do_start
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop|restart|save}"
exit 1
;;
esac
exit 0
</pre>
Install the <code>iptables</code> init script by simply issuing this command:
<pre>
update-rc.d iptables defaults
</pre>
To save the current <code>iptables</code> rules and make them persistent type this command:
<pre>
root@sbc-lynx:~# /etc/init.d/iptables save
Saving iptables rules
</pre>
At the next boot the saved <code>iptables</code> rules will be automatically loaded.
----
Please note that <code>sysctl</code> settings (e.g. the ones used to enable packet forwarding) are not persistent across reboots. To apply sysctl settings at boot time automatically, just add them to [http://linux.die.net/man/5/sysctl.conf <code>/etc/sysctl.conf</code>] as <code>token = value</code>:
<pre>
root@sbc-lynx:~# tail /etc/sysctl.conf
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
#kernel.shmmax = 141762560
net.ipv4.conf.eth0.forwarding=1
net.ipv4.conf.eth1.forwarding=1
</pre>
sysctl.conf settings are applied with init script during network configuration (see <code>/etc/init.d/networking</code>)
To check sysctl.conf syntax user can apply those settings also manually with the following command:
<pre>
root@sbc-lynx:~# sysctl -p /etc/sysctl.conf
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth1.forwarding = 1
</pre>
