Changes

[1] For simplicity, secondary interface has been implemented with an USB/Ethernet adapter (TBDMOSCHIP 7830/7832/7730 usb-NET adapter) connected to USB port. For a real-world production environment, it is recommended the use of both iMX6UL Ethernet MAC controllers. To do that, a plugin board connected to the one piece connector (J45/J52) can be used. For more details please refer to [mailto:sales@dave.eu sales department].

TBDMake sure to correctly setup static IP for the two ethernet interfaces on SBC Lynx:<pre>root@sbc-lynx:~# ifconfig eth0 192.168.0.209root@sbc-lynx:~# ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:50:C2:B9:CF:82 inet addr:192.168.0.209 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::250:c2ff:feb9:cf82/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64117 errors:0 dropped:0 overruns:0 frame:0 TX packets:19470 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25075518 (23.9 MiB) TX bytes:3398088 (3.2 MiB) root@sbc-lynx:~# ifconfig eth1 192.168.11.209root@sbc-lynx:~# ifconfig eth1eth1 Link encap:Ethernet HWaddr 00:D0:10:03:26:0A inet addr:192.168.11.209 Bcast:192.168.11.255 Mask:255.255.255.0 inet6 addr: fe80::2d0:10ff:fe03:260a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3541 errors:0 dropped:186 overruns:0 frame:0 TX packets:2023 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1840061 (1.7 MiB) TX bytes:555670 (542.6 KiB) </pre> Before proceding on port forwarding rules setting, the forwarding capability must be enabled on both ''eth0'' and ''eth1'' interfaces:<pre>root@sbc-lynx:~# sysctl net.ipv4.conf.eth0.forwarding=1net.ipv4.conf.eth0.forwarding = 1root@sbc-lynx:~# sysctl net.ipv4.conf.eth1.forwarding=1net.ipv4.conf.eth1.forwarding = 1</pre> The following ''iptables'' commands are used to enable 192.168.0.209:80 <-> 192.168.11.241:80 port forwarding:<pre>iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.11.241:80iptables -A FORWARD -p tcp -d 192.168.11.241 --dport 80 -j ACCEPTiptables -t nat -A POSTROUTING -p tcp --dport 80 -d 192.168.11.241 -o eth1 -j SNAT --to-source 192.168.11.209</pre> And the following enables 192.168.0.209:80 <-> 192.168.11.241:80 port forwarding:<pre>iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to-destination 192.168.11.239:80iptables -A FORWARD -p tcp -d 192.168.11.239 --dport 80 -j ACCEPTiptables -t nat -A POSTROUTING -p tcp --dport 80 -d 192.168.11.239 -o eth1 -j SNAT --to-source 192.168.11.209</pre> In details the 192.168.0.209:80 <-> 192.168.11.241:80 port forwarding rules are:* <code>iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.11.241:80</code>** All TCP packets on port 80 in input from ''eth0'' interface are modified with destination ip adddress ''192.168.11.241'' port 80* <code>iptables -A FORWARD -p tcp -d 192.168.11.241 --dport 80 -j ACCEPT</code>** This rule tells forward chain in the filter table to accept TCP packets on port 80 with destinadion IP address equal to ''192.168.11.241''. This rule is not strictly neccessary, because by default filter tables accepts all packets. But it is usefull for logging and packet statistic (see [[XUELK-WP001:_Configuring_SBC_Lynx_as_industrial_router#Enabling_logging | Enabling_logging]])* <code>iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 192.168.11.241 -o eth1 -j SNAT --to-source 192.168.11.209</code>** This rules translate the source IP address of all the TCP packets on port 80 in output on ''eth1'' interface with destination IP address equal to ''192.168.11.241'' Now on the PC side (192.168.0.28) it is possible to get access to either managed switch and access point web servers by using an web browser.