Advanced Networking
Overview
There are many thing that GWS(The Configuration Software for Telem-GW6) can't do. For instance NTP, VLAN and OpenVPN configuration. If something extra is needed then in general user's should create Linux scripts and copy them to Telem-GW6. Sometimes a change of an existing script is enough. Example scripts can be found from Telem-GW6 /usr/local/bin/ folder.
Location of Startup Scripts
/etc/init.d/
Scripts in this folder are run at system startup.
/etc/network/if-ud.d/ and /etc/network/if-down.d/
Scripts in this folder are run when an interface(for instance ethernet interface eth0) becomes available or unavailable. These scripts are needed(used) for instance for configuring the firewall or routing.
/etc/ppp/ip-up or /etc/ppp/ip-down
Scripts in this folder are run when an PPP interface becomes available or unavailable. These scripts are needed(used) for instance for configuring the firewall or routing.
Application Software
SSH
root@telem-gw6-com8$ ssh -v
OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
As SSH and IEC-104 port 2404 is enabled by default you can request port forwarding. For instance if executing:
ssh -v -N -L 2404:localhost:2404 192.168.12.1 -l scada1
from Ubuntu or any other Linux(Unix) machine redirects Telem-GW6(located at 192.168.12.1) SCADA port over SSH. Provided that Telem-GW6 has an account scada1. In the command:
-v - verbouse, that is debug messages -N - no commands on remote machine -L - local port forwarding -l - which user to use at remote host
Examples
A good example that is in use in production systems is NTP or PPP. Both are located at /usr/local/bin.
VLAN
For instane a script like this:
# Script to show creation of VLAN's
# Copy it to /etc/network/if-up.d and change file permissions to make it executable.
if [ "$IFACE" == "eth0" ]
then
logger "vlan_enable for interface:$IFACE"
# So that from ifconfig we see vlan30 not eth0:30
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
# If vlan 30 exists remove it
vconfig rem vlan30
# Create vlan 30, with vlan id of 30
vconfig add eth0 30
# Set ethernet priorities
vconfig set_egress_map vlan30 0 7
vconfig set_ingress_map vlan30 0 7
# Bring new network interface up, that is make it ready for new connections
ifconfig vlan30 172.22.101.196 netmask 255.255.255.240 txqueuelen 1000 up
# Add entry to routing table, 172.22.101.193 is router at vlan 30
route add default gw 172.22.101.193 vlan30
fi
makes a single VLAN called vlan30.
Troubleshooting
For troubleshooting:
- tcpdump [1]: A powerful command-line packet analyzer.
root@telem-gw6-com8$ tcpdump --help tcpdump version 4.1.1 libpcap version 1.1.1 Usage: tcpdump [-aAbdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ expression ]
- netstat [2]: Is a command-line tool that displays network connections.
root@telem-gw6-com8$ netstat --help BusyBox v1.17.4 (2011-10-17 18:03:09 EEST) multi-call binary. Usage: netstat [-laentuwxr] Display networking information Options: -l Display listening server sockets -a Display all sockets (default: connected) -e Display other/more information -n Don't resolve names -t Tcp sockets -u Udp sockets -w Raw sockets -x Unix sockets -r Display routing table