Rainbow Electronics GT863-PY User Manual

Page 30

Advertising
background image




GT863-PY Terminal Product Description

80269ST10026a Rev. 0 - 27/09/06







Reproduction forbidden without Telit Communications S.p.A. written authorization - All Right reserved

page 30 of 50

The steps that will be required to open a socket in listen, waiting for connection requests from
remote hosts and accept these request connections only from a selected set of hosts, then close it
without closing the GRPS context are:

• configuring the GPRS Access
• configuring the embedded TCP/IP stack behaviour
• defining the Internet Peer that can contact this device (firewall settings)
• request the GPRS context to be activated
• request the socket connection to be opened in listen
• receive connection requests
• exchange data
• close the TCP connection while keeping the GPRS active


All these steps are achieved through AT commands.
As for common modem interface, two logical status are involved: command mode and data traffic
mode.

• In Command Mode (CM), some AT commands are provided to configure the Data Module

Internet stack and to start up the data traffic.

• In data traffic mode (Socket Mode, SKTM), the client can send/receive a raw data stream

which will be encapsulated in the previously configured TCP / IP packets which will be sent
to the other side of the network and vice versa. Control plane of ongoing socket connection
is deployed internally to the module.

3.1.4.1 Defining the Internet Peer that can contact this device (firewall

settings)

The GT863-PY has an internal Firewall that controls the behaviour of the incoming connections to
the module.
The firewall applies for INCOMING (listening) connections, OUTGOING connections will be always
done regardless of the firewall settings.
Firewall General policy is DROP, therefore all packets that are not included into an ACCEPT chain
rule will be silently discarded.

When packet incomes from the IP address <incoming IP>, the firewall chain rules will be scanned
for matching with the following criteria:

<incoming IP> & <net mask> = <ip_address> ?

if the result is yes, then the packet is accepted and the rule scan is finished, otherwise the next
chain is taken into account until the end of the rules when the packet is silently dropped if no
matching was found.

For example, let assume we want to accept connections only from our devices which are on the IP
addresses ranging from:
197.158.1.1 to 197.158.255.255

We need to add the following chain to the firewall:

Advertising
Popular Brands
Popular manuals