Advanced Networking

From Phobos Wiki
Jump to: navigation, search


There are many thing that GWS(The Configuration Software for Telem-GW6) can't do. For instance NTP, VLAN and OpenVPN configuration. If something extra is needed then in general user's should create Linux scripts and copy them to Telem-GW6. Sometimes a change of an existing script is enough. Example scripts can be found from Telem-GW6 /usr/local/bin/ folder.

</br> As of new firmware and gws.exe it is possible to configure NTP, VLANs and etc with gws.exe by using setup version 4 instead on setupt version 3. Setup version 4 is used by TELEM-GWM.

Location of Startup Scripts


Scripts in this folder are run at system startup.

/etc/network/if-ud.d/ and /etc/network/if-down.d/

Scripts in this folder are run when an interface(for instance ethernet interface eth0) becomes available or unavailable. These scripts are needed(used) for instance for configuring the firewall or routing.

/etc/ppp/ip-up or /etc/ppp/ip-down

Scripts in this folder are run when an PPP interface becomes available or unavailable. These scripts are needed(used) for instance for configuring the firewall or routing.

Application Software


busybox [1] The Swiss Army Knife of Embedded Linux

root@telem-gw6-com8$ busybox
BusyBox v1.17.4 (2011-10-17 18:03:09 EEST) multi-call binary.
Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.

Usage: busybox [function] [arguments]...
   or: function [arguments]...

	BusyBox is a multi-call binary that combines many common Unix
	utilities into a single executable.  Most people will create a
	link to busybox for each function they wish to use and BusyBox
	will act like whatever it was invoked as.

Currently defined functions:
	[, [[, addgroup, adduser, ar, arping, ash, awk, basename, bunzip2, bzcat, cat, catv, chattr, chgrp, chmod, chown, chroot, chrt, chvt, cksum, clear, cmp, cp, cpio, crond, crontab, cut, date, dc, dd,
	deallocvt, delgroup, deluser, devmem, df, diff, dirname, dmesg, dnsd, dnsdomainname, dos2unix, du, dumpkmap, echo, egrep, eject, env, ether-wake, expr, false, fdflush, fdformat, fgrep, find, fold,
	free, freeramdisk, fsck, fuser, getopt, getty, grep, gunzip, gzip, halt, hdparm, head, hexdump, hostid, hostname, hwclock, id, ifconfig, ifdown, ifup, inetd, init, insmod, install, ip, ipaddr, ipcrm,
	ipcs, iplink, iproute, iprule, iptunnel, kill, killall, killall5, klogd, last, length, less, linux32, linux64, linuxrc, ln, loadfont, loadkmap, logger, login, logname, losetup, ls, lsattr, lsmod,
	lspci, lsusb, lzcat, lzma, makedevs, md5sum, mdev, mesg, microcom, mkdir, mkfifo, mknod, mkswap, mktemp, modprobe, more, mount, mountpoint, mt, mv, nameif, netstat, nice, nohup, nslookup, od, openvt,
	passwd, patch, pidof, ping, pipe_progress, pivot_root, poweroff, printenv, printf, ps, pwd, rdate, readlink, readprofile, realpath, reboot, renice, reset, resize, rm, rmdir, rmmod, route, run-parts,
	runlevel, sed, seq, setarch, setconsole, setkeycodes, setlogcons, setsid, sh, sha1sum, sha256sum, sha512sum, sleep, sort, start-stop-daemon, strings, stty, su, sulogin, swapoff, swapon, switch_root,
	sync, sysctl, syslogd, tail, tar, tee, telnet, test, tftp, time, top, touch, tr, traceroute, true, tty, udhcpc, umount, uname, uniq, unix2dos, unlzma, unxz, unzip, uptime, usleep, uudecode, uuencode,
	vconfig, vi, vlock, watch, watchdog, wc, wget, which, who, whoami, xargs, xz, xzcat, yes, zcat

For instance vconfig for creating VLAN's, iptunnel for configuring IPv4 tunnels.


OpenSSH [2] is a FREE version of the SSH connectivity tools that technical users of the Internet rely on.

root@telem-gw6-com8$ ssh -v
OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-I pkcs11] [-i identity_file]
           [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]


iptables [3] is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset.

root@telem-gw6-com8$ iptables -V
iptables v1.4.10

With filter, nat and mangle tables.


OpenVPN [4] providing SECURE ACCESS ANYWHERE in the World.

root@telem-gw6-com8$ openvpn --version
OpenVPN 2.1.4 arm-linux [SSL] [LZO2] [EPOLL] built on Oct 17 2011
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <>


A good example that is in use in production systems is NTP or PPP. Both are located at /usr/local/bin.

NTP for RTAA 501

In order to enable NTP you need to be root.

To start ntp daemon at boot add

server IP-address-of-ntp-server burst iburst

to /etc/ntp.conf using vi editor.


Use the following command to write to /etc/ntp.conf

echo "server IP-address-of-ntp-server burst iburst" > /etc/ntp.conf


echo "server burst iburst" > /etc/ntp.conf

MarkTomm 23. september 2015, kell 14:36 (EEST)


In order to enable NTP you need to be root, cd to /user/local/bin/ntp and invoke script install.

su -
cd /usr/local/bin/ntp

At this point NTP will start after reboot. If you want to use NTP without reboot issue /etc/init.d/S49ntp start. Default configuration for NTP enables server only, clock is not syncronized from external sources. In order to sync from external servers add

server IP-address-of-ntp-server burst iburst

to /etc/ntp.conf.

MarkTomm 23. september 2015, kell 14:36 (EEST)


For instane a script like this:

# Script to show creation of VLAN's
# Copy it to /etc/network/if-up.d and change file permissions to make it executable.
if [ "$IFACE" = "eth0" ]
    logger "vlan_enable for interface:$IFACE"

    # So that from ifconfig we see vlan30 not eth0:30
    vconfig set_name_type VLAN_PLUS_VID_NO_PAD

    # If vlan 30 exists remove it
    vconfig rem vlan30

    # Create vlan 30, with vlan id of 30
    vconfig add eth0 30

    # Set ethernet priorities
    vconfig set_egress_map vlan30 0 7
    vconfig set_ingress_map vlan30 0 7

    # Bring new network interface up, that is make it ready for new connections
    ifconfig vlan30 netmask txqueuelen 1000 up

    # Add entry to routing table, is router at vlan 30
    route add default gw vlan30

makes a single VLAN called vlan30.

IPv4 Tunneling

For instance at Ubuntu issue:

sudo iptunnel add rtu_to_scada1 mode ipip remote local
sudo ifconfig rtu_to_scada1 netmask pointopoint up

and from Telem-GW6 issue:

iptunnel add rtu_to_scada1 mode ipip remote local
ifconfig rtu_to_scada1 netmask pointopoint up

to get an tunnel from Telem-GW6 to host running Ubuntu.

Securing SCADA Communication with SSH

For instance if executing:

ssh -v -N -L 2404:localhost:2404 -l scada1

from Ubuntu host(probably any other "Unix like" machine) redirects Telem-GW6(located at SCADA port 2404 over SSH. Provided that Telem-GW6 has an account scada1 and port 22 for SSH is open at substation and Telem-GW6 firewall. In the command:

  -v - verbouse, that is debug messages
  -N - no commands on remote machine
  -L - local port forwarding
  -l - which user to use at remote host


For troubleshooting:

  • tcpdump [5]: A powerful command-line packet analyzer.
root@telem-gw6-com8$ tcpdump --help
tcpdump version 4.1.1
libpcap version 1.1.1
Usage: tcpdump [-aAbdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
		[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
		[ -i interface ] [ -M secret ] [ -r file ]
		[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
		[ -y datalinktype ] [ -z command ] [ -Z user ]
		[ expression ]
  • netstat [6]: Is a command-line tool that displays network connections.
root@telem-gw6-com8$ netstat --help
BusyBox v1.17.4 (2011-10-17 18:03:09 EEST) multi-call binary.

Usage: netstat [-laentuwxr]

Display networking information

	-l	Display listening server sockets
	-a	Display all sockets (default: connected)
	-e	Display other/more information
	-n	Don't resolve names
	-t	Tcp sockets
	-u	Udp sockets
	-w	Raw sockets
	-x	Unix sockets
	-r	Display routing table