13 Replies Latest reply on Feb 7, 2016 3:00 AM by AlexT_Intel

    Problems to implement iptables in intel edison with yocto

    neuberfran

      Hi guys

       

      I create two files:

      1) in /lib/systemd/system (name:iptables.service)

       

      [Unit]

      Description=iptables

      After=network.target

       

      [Service]

      ExecStart=/usr/bin/iptables.sh

      Restart=always

      RestartSec=10s

      Environment=NODE_ENV=production

       

      [Install]

      WantedBy=multi-user.target

       

      2) in /usr/bin (name: iptables.sh)

       

      iptables -A INPUT -p tcp -m tcp -s neuberxxx.dyndns.xxz --dport 9999 -j ACCEPT

       

      iptables -t nat -A PREROUTING --dst neuberxxx.dyndns.xxz --proto tcp --dport 8$

       

      iptables -t nat -A POSTROUTING --proto udp --src 192.168.1.999 -j MASQUERADE

       

      But after I run node.js aplication in 9999 port, The nmap command said:

       

      nmap -p 9999 to 192.168.1.199 (LOCALHOST)  - OPEN (TCP)

      nmap -p 9999 to neuberxxx.dyndnz.xxz - CLOSED (TCP)

        • 1. Re: Problems to implement iptables in intel edison with yocto
          Intel_Peter

          Hello neuberfran,

           

          Is the issue appearing only when executing the service? I mean, if you run the iptables commands manually does the project work or do you have issues anyway?

          If the commands work manually that might suggest that the issue is related to the service you created. I noted that on both files you did not add the line "#!/bin/sh" in their beginning. Is this just on the post or on the actual files? If this line is missing something might not work correctly.

          Also, when are you trying to run a Node.JS application? Is it after boot? If so, did you enable the service?

          The node application that you are running might also help, can you share it?

           

          Peter.

          • 2. Re: Problems to implement iptables in intel edison with yocto
            neuberfran

            Hi Intel_Peter,


            Tnak's

             

            µCast #17: Control Hardware Remotely With Socket.IO - YouTube

            The node.js part  (html) is work in localhost:9999 or in other pc with 192.168.1.199:9999. This based in this tutorial.

             

            I realy forgot  "#!/bin/sh"  in sh.

             

            But now it appeared a new problem (photos) after I implement services. The command : iptables -A INPUT -p tcp -m tcp -s neuberxxx.dyndns.xxxz --dport 9999 -j ACCEPT

            don't work more. They were working.

            neuber1.png

            neuber2.png

            • 3. Re: Problems to implement iptables in intel edison with yocto
              Intel_Peter

              That output seems weird. From those messages it looks like something is consuming all of your Edison's memory and therefore the OS starts to kill all the processes running. Is there any setting you changed? I mean, you mentioned that the "iptables" command was working before but not anymore. Did you make any changes before it stopped working?

               

              Peter.

              • 4. Re: Problems to implement iptables in intel edison with yocto
                neuberfran
                Hi

                 

                I solved this prolbem in screen. I had duplication ddclient services.

                I solved iptables problem ( I guess). I said "I guess" Because I don't have more nmap in my pc (ubuntu) and node.js together.

                Nowi I have problem with ddclient service. Please review the service for me:

                 

                file ddclient.service in : /lib/systemd/system

                 

                [Unit]
                Description=ddclient
                After=network.target
                
                [Service]
                ExecStart=/usr/bin/ddclient.sh
                Restart=always
                RestartSec=10s
                Environment=NODE_ENV=production
                
                [Install]
                WantedBy=multi-user.target
                

                 

                file ddclient.sh in /usr/bin

                 

                #!/bin/bash
                #
                # ddclient      This shell script takes care of starting and stopping
                #              ddclient.
                #
                # chkconfig: 2345 65 35
                # description: ddclient provides support for updating dynamic DNS services.
                


                CONF=/etc/ddclient.conf

                program=ddclient

                 

                [ -f $CONF ] || exit 0
                
                system=unknown
                if [ -f /etc/fedora-release ]; then
                    system=fedora
                elif [ -f /etc/redhat-release ]; then
                    system=redhat
                elif [ -f /etc/debian_version ]; then
                    system=debian
                fi
                
                PID=''
                if [ "$system" = "fedora" ] || [ "$system" = "redhat" ]; then
                    . /etc/init.d/functions
                    PID=`pidofproc $program`
                else
                    PID=`ps -aef | grep "$program - sleep" | grep -v grep | awk '{print $2}'`
                fi
                
                PATH=/usr/sbin:/usr/local/sbin:${PATH}
                export PATH
                
                # See how we were called.
                case "$1" in
                  start)
                  # Start daemon.
                    DELAY=`grep -v '^\s*#' $CONF | grep -i -m 1 "daemon" | awk -F '=' '{print $2}'`
                    if [ -z "$DELAY" ] ; then
                        DELAY="-daemon 300"
                    else
                        DELAY=''
                    fi
                  echo -n "Starting ddclient: "
                    if [ "$system" = "fedora" ] || [ "$system" = "redhat" ]; then
                        daemon $program $DELAY
                    else
                    ddclient $DELAY
                    fi
                  echo 
                  ;;
                  stop)
                  # Stop daemon.
                  echo -n "Shutting down ddclient: "
                    if [ -n "$PID" ] ; then
                        if [ "$system" = "fedora" ] || [ "$system" = "redhat" ]; then
                            killproc $program
                        else
                        kill $PID
                        fi
                    else
                        echo "ddclient is not running"
                    fi
                  echo
                  ;;
                  restart)
                  $0 stop
                  $0 start
                  ;;
                  status)
                    if [ "$system" = "fedora" ] || [ "$system" = "redhat" ]; then
                        status $program
                    else
                    if test "$PID"
                    then
                    for p in $PID
                    do
                    echo "$program (pid $p) is running"
                    done
                    else
                    echo "$program is stopped"
                        fi
                  fi
                  ;;
                  *)
                  echo "Usage: ddclient {start|stop|restart|status}"
                  exit 1
                esac
                
                
                exit 0
                


                in /etc/ file name: ddclient.conf

                 

                # Configuration file for ddclient generated by debconf
                #
                # /etc/ddclient.conf
                
                protocol=dyndns2
                use=web, web=checkip.dyndns.com, web-skip='IP Address'
                server=members.dyndns.org
                login=neuberxxxx
                password='999999'
                neuberfrxxx.dyndns.xxy
                
                • 5. Re: Problems to implement iptables in intel edison with yocto
                  Intel_Peter

                  I will take a look at it. But, it would really help if you let us know what the problem you are getting is. Can you post a screenshot?

                   

                  Peter.

                  • 6. Re: Problems to implement iptables in intel edison with yocto
                    neuberfran

                    Hi,

                    root@neuberfran:/lib/systemd/system# systemctl status ddclient.service

                    ● ddclient.service - ddclient

                      Loaded: loaded (/lib/systemd/system/ddclient.service; enabled)

                      Active: activating (auto-restart) (Result: exit-code) since Mon 2016-01-25 19:47:41 UTC; 622ms ago

                      Process: 500 ExecStart=/usr/bin/ddclient.sh (code=exited, status=1/FAILURE)

                    Main PID: 500 (code=exited, status=1/FAILURE)

                     

                    Jan 25 19:47:41 neuberfran.dyndns.blz systemd[1]: Unit ddclient.service enter...

                    Hint: Some lines were ellipsized, use -l to show in full.

                     

                    root@neuberfran:/lib/systemd/system# ddclient -v

                    -bash: ddclient: command not found

                    root@neuberfran:/lib/systemd/system# /usr/bin/ddclient.sh

                    ps: invalid option -- 'a'

                    BusyBox v1.22.1 (2015-06-19 07:36:41 CEST) multi-call binary.

                     

                    Usage: ps

                     

                    Usage: ddclient {start|stop|restart|status}

                     

                    root@neuberfran:/lib/systemd/system# ddclient -v

                    -bash: ddclient: command not found

                     

                    root@neuberfran:/usr/bin# ddclient.sh -v

                    ps: invalid option -- 'a'

                    BusyBox v1.22.1 (2015-06-19 07:36:41 CEST) multi-call binary.

                     

                     

                    Usage: ps

                     

                     

                    Usage: ddclient {start|stop|restart|status}

                    root@neuberfran:/usr/bin# ddclient.sh

                    ps: invalid option -- 'a'

                    BusyBox v1.22.1 (2015-06-19 07:36:41 CEST) multi-call binary.

                     

                     

                    Usage: ps

                     

                     

                    Usage: ddclient {start|stop|restart|status}

                     

                     

                    e.g. CONF=/etc/ddclient.conf

                    program=ddclient    part of the code of the file: /usr/bin/ddclient.sh.

                    The code ddclient.sh it will have 89 lines and not 80 or 7 lines


                    • 7. Re: Problems to implement iptables in intel edison with yocto
                      Intel_Peter

                      Hi @neuberfran,

                       

                      Let me see  if I can understand what's happening, I'll do some tests and get back to you.

                       

                      Peter.

                      • 8. Re: Problems to implement iptables in intel edison with yocto
                        neuberfran

                        Hi

                        Intel_Peter ,

                         

                        Re: how to access my home network from outside

                         

                        About this topic above I need access my home network from outside I decide to use ddclient to this.

                        I need, frist, solution the problem with ddclient and after test iptables in edison with yocto image.

                        Ddclient until this moment gives the errors mentioned in my latest posts

                        • 9. Re: Problems to implement iptables in intel edison with yocto
                          Intel_Peter

                          Does ddclient work when you start it manually? Is the issue only present when running it as a service?

                          I don't have any previous experience with ddclient. Is ddclient dependent of any other Linux service? If it is, then the service might be crashing when it finds that a dependent service is not available.

                           

                          Peter.

                          • 10. Re: Problems to implement iptables in intel edison with yocto
                            neuberfran

                            Hi

                            Intel_Peter,

                             

                            No. ddclient don’t worked manually and don’t worked when running it as a service.

                            ddclient is a perl application

                            I've been working with ddclient 4 years in debian with a raspberry

                            Do you know about perl?

                            • 11. Re: Problems to implement iptables in intel edison with yocto
                              Intel_Peter

                              Then we can determine that the issue is not directly related to the service. We have to find out what's going on with ddclient before we can proceed to create a service. Try to run it manually, what's its behavior? Does it throw any error messages? What do they say?

                               

                              Peter.

                              • 12. Re: Problems to implement iptables in intel edison with yocto
                                neuberfran
                                Hi1

                                 

                                To test ddclient (after instalation) in debian is easy (ddclient -v)

                                In yocto I followed this tutorial (GitHub - wimpunk/ddclient: Fork of the original ddclient code).

                                But there are differences:

                                One of them: cp ddclient /usr/sbin/

                                in yocto I put ddclient.sh in /usr/sbin/ or /usr/bin or /lib/systemd/system but don't worked


                                root@neuberfran:~# cd /usr/sbin

                                root@neuberfran:/usr/sbin# ./ddclient.sh

                                ps: invalid option -- 'a'

                                BusyBox v1.22.1 (2015-06-19 07:36:41 CEST) multi-call binary.

                                Usage: ps

                                Usage: ddclient {start|stop|restart|status}

                                 

                                e.g.: very important Re: how to access my home network from outside

                                 

                                and: in this site: GitHub - wimpunk/ddclient: Fork of the original ddclient code

                                I need transpose this commands to yocto


                                ## enable automatic startup when booting
                                rc-update add ddclient
                                ## make sure you have perl installed
                                apk add perl
                                ## start the first time by hand
                                rc-service ddclient start

                                • 13. Re: Problems to implement iptables in intel edison with yocto
                                  AlexT_Intel

                                  I've added ddclient 3.8.3 package into the repo per your request. I haven't modified ddclient itself to work as a service in the systemd environment (vs initV it expects), but that is "left to the reader" as they say. If you configure it as a service, feel free to submit a pull request for meta-alext-edison and I'll include it into the package.