Moxa Technologies EM-1240-LX User Manual
Page 38
EM-1240-LX User’s Manual
Configuring EM-1240-LX
4-5
The EM-1240-LX supports the following sub-modules. Be sure to use the module that matches
your application.
ip_conntrack ipt_MARK ipt_ah
ipt_state
ip_conntrack_ftp ipt_MASQUERADE
ipt_esp
ipt_tcpmss
ipt_conntrack_irc ipt_MIRROT
ipt_length
ipt_tos
ip_nat_ftp ipt_REDIRECT
ipt_limit ipt_ttl
ip_nat_irc ipt_REJECT
ipt_mac ipt_unclean
ip_nat_snmp_basic ipt_TCPMSS
ipt_mark
ip_queue ipt_TOS ipt_multiport
ipt_owner
NOTE
The EM-1240-LX does NOT support IPV6 and ipchains.
Use iptables, iptables-restore, iptables-save to maintain the database.
NOTE
IPTABLES supports packet filtering or NAT. Take care when setting up the IPTABLES rules. If
the rules are not correct, remote hosts that connect via a LAN or PPP may be denied access. We
recommend using the Serial Console to set up IPTABLES.
Click on the following links for more information about iptables.
Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have
divided our discussion of the various rules into three categories: Observe and erase chain rules,
Define policy rules, and Append or delete rules.
Observe and erase chain rules
Usage:
# iptables [-t tables] [-L] [-n]
-t tables:
Table to manipulate (default: ‘filter’); example: nat or filter.
-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.
-n:
Numeric output of addresses and ports.
# iptables [-t tables] [-FXZ]
-F: Flush the selected chain (all the chains in the table if none is listed).
-X: Delete the specified user-defined chain.
-Z: Set the packet and byte counters in all chains to zero.
Examples:
# iptables -L -n
In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table.
Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted
automatically, and all connections are accepted without being filtered.
#iptables –F
#iptables –X
#iptables –Z