Moxa Technologies UC-7110 User Manual

Page 38

Advertising
background image

UC-7110 Series User’s Manual

Configuring UC-7110

4-6

NOTE

IPTABLES plays the role of packet filtering or NAT. Take care when setting up the IPTABLES
rules. If the rules are not correct, remote hosts that connect via a LAN or PPP may be denied
access. We recommend using the Serial Console to set up the IPTABLES.

Click on the following links for more information about iptables.

http://www.linuxguruz.com/iptables/

http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html

Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have
divided our discussion of the various rules into three categories: Observe and erase chain rules,
Define policy rules, and Append or delete rules.

Observe and erase chain rules

Usage:

# iptables [-t tables] [-L] [-n]

-t tables:

Table to manipulate (default: ‘filter’); example: nat or filter.

-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.
-n:

Numeric output of addresses and ports.

# iptables [-t tables] [-FXZ]

-F: Flush the selected chain (all the chains in the table if none is listed).
-X: Delete the specified user-defined chain.
-Z: Set the packet and byte counters in all chains to zero.

Examples:

# iptables -L -n

In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table.
Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted
automatically, and all connections are accepted without being filtered.

#iptables –F
#iptables –X
#iptables -Z

Define policy for chain rules

Usage:

# iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING]
[ACCEPT, DROP]

-P:

Set the policy for the chain to the given target.

INPUT:

For packets coming into the UC-7110.

OUTPUT: For

locally-generated packets.

FORWARD:

For packets routed out through the UC-7110.

PREROUTING:

To alter packets as soon as they come in.

POSTROUTING:

To alter packets as they are about to be sent out.

Examples:

#iptables –P INPUT DROP
#iptables –P OUTPUT ACCEPT
#iptables –P FORWARD ACCEPT
#iptables –t nat –P PREROUTING ACCEPT
#iptables –t nat –P OUTPUT ACCEPT
#iptables -t nat –P POSTROUTING ACCEPT

In this example, the policy accepts outgoing packets and denies incoming packets.

Advertising
Popular Brands
Popular manuals