Manualshelf

User`s manual

ManualsBrandsMoxa ManualsComputersUC-7408
51525354555657585960
UC-7408 User’s Manual Managing Communication
4-8
UC-7408 supports the following sub-modules. Be sure to use the module that matches your
application.
ip_conntrack ipt_MARK ipt_ah ipt_state
ip_conntrack_ftp ipt_MASQUERADE ipt_esp ipt_tcpmss
ipt_conntrack_irc ipt_MIRROT ipt_length ipt_tos
ip_nat_ftp ipt_REDIRECT ipt_limit ipt_ttl
ip_nat_irc ipt_REJECT ipt_mac ipt_unclean
ip_nat_snmp_basic ipt_TCPMSS ipt_mark
ip_queue ipt_TOS ipt_multiport
ipt_LOG ipt_ULOG ipt_owner
NOTE UC-7408 does NOT support IPV6 and ipchains.
The basic syntax to enable and load an IPTABLES module is as follows:
#lsmod
#modprobe ip_tables
#modprobe iptable_filter
Use
lsmod
to check if the ip_tables module has already been loaded in the UC-7408. Use
modprobe
to insert and enable the module.
Use the following command to load the modules (iptable_filter, iptable_mangle, iptable_nat):
#modprobe iptable_filter
NOTE IPTABLES plays the role of packet filtering or NAT. Take care when setting up the IPTABLES
rules. If the rules are not correct, remote hosts that connect via a LAN or PPP may be denied
access. We recommend using the Serial Console to set up the IPTABLES.
Click on the following links for more information about iptables.
http://www.linuxguruz.com/iptables/
http://www.netfilter.org/documentation/
HOWTO//packet-filtering-HOWTO.html
Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have
divided our discussion of the various rules into three categories: Observe and erase chain rules,
Define policy rules, and Append or delete rules.
Observe and erase chain rules
Usage:
# iptables [-t tables] [-L] [-n]
-t tables: Table to manipulate (default: ‘filter’); example: nat or filter.
-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.
-n: Numeric output of addresses and ports.
# iptables [-t tables] [-FXZ]
-F: Flush the selected chain (all the chains in the table if none is listed).
-X: Delete the specified user-defined chain.
-Z: Set the packet and byte counters in all chains to zero.