Changes

Jump to: navigation, search

XUELK-TN-001: Configuring SBC Lynx as industrial router

2,043 bytes added, 08:10, 11 August 2016
no edit summary
Mar 6 03:04:56 sbc-lynx user.debug kernel: FORWARD-Filter: IN=eth0 OUT=eth1 MAC=00:50:c2:b9:cf:82:90:b1:1c:69:58:80:08:00 SRC=192.168.0.28 DST=192.168.11.241 LEN=484 TOS=0x00 PREC=0x00 TTL=127 ID=28619 DF PROTO=TCP SPT=57230 DPT=80 WINDOW=16425 RES=0x00 ACK PSH URGP=0
</pre>
 
===Init Script===
<code>Iptables</code> init script is used to make <code>iptables</code> rules persistent and to automatically loading them at boot.
 
The init script must be saved in the XUELK rfs as <code>/etc/init.d/iptables</code>. From SBC Lynx the followings commands can be used to create and edit the file:
<pre>
root@sbc-lynx:~# touch /etc/init.d/iptables
root@sbc-lynx:~# chmod +x /etc/init.d/iptables
root@sbc-lynx:~# vi /etc/init.d/iptables
</pre>
 
Here is the content of the script:
<pre>
#! /bin/bash
### BEGIN INIT INFO
# Provides: iptables
# Required-Start: mountkernfs $local_fs
# Required-Stop: mountkernfs $local_fs
# X-Start-Before: networking
# X-Stop-After: networking
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Iptables
# Description: Init script for iptables
### END INIT INFO
 
function do_start {
if [ -e "/etc/iptables.rules" ]; then
echo "Starting iptables service"
iptables-restore < /etc/iptables.rules
else
echo "No rules saved for iptables"
fi
}
 
function do_stop {
echo "Stopping iptables service"
for chain in INPUT FORWARD OUTPUT
do
iptables -P $chain ACCEPT
done
for param in F Z X; do iptables -$param; done
for table in $(cat /proc/net/ip_tables_names)
do
iptables -t $table -F
iptables -t $table -Z
iptables -t $table -X
done
}
 
function do_save {
echo "Saving iptables rules"
iptables-save > /etc/iptables.rules
}
 
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
save)
do_save
;;
restart)
do_stop
do_start
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop|restart|save}"
exit 1
;;
esac
 
exit 0
 
</pre>
 
Install the <code>iptables</code> init script by simply issuing this command:
<pre>
update-rc.d iptables defaults
</pre>
 
To save the current <code>iptables</code> rules and make them persistent type this command:
<pre>
root@sbc-lynx:~# /etc/init.d/iptables save
Saving iptables rules
</pre>
 
Now at the next boot the saved <code>iptables</code> rules are automatically loaded.
U0004
136
edits
Retrieved from "https://wiki.dave.eu/index.php/Special:MobileDiff/5298"

Navigation menu