Configure Ethernet Interface

Set Fixed MAC Address

Some target devices (e.g., mangOH, or the SWI Dev Kit) do not have a dedicated MAC address set. Every time you reboot the device it will grab a new IP address and may be confusing to connect to.

To configure the MAC address to a static address use targetToolsSetNet. This will set the MAC address to the current address:

$ minicom -D /dev/ttyUSB0          # Log in as an administrator

# setNet macfixed
# ifconfig                      # check that the MAC address and IP address are set
# legato restart                # reboots the target device

Check Firewall Rules

Upon upgrading to Legato 16.10.0+ SSH is disabled on all network interfaces except usb0.

IPTable rules have been added to DROP any SSH (port 22) traffic on all interfaces except usb0.

Rule configuration is stored in /etc/iptables. rules.v4 (IPV4) and rules.v6 (IPV6) contain the following default configuration:

IPV4 Config:

# less /etc/iptables/rules.v4        # or rules.v6 to check the IPv6 rules


# Allow traffic on already established connections
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Allow DNS replies
-A INPUT -p udp -m udp --sport 53 -j ACCEPT

# Allow PING replies
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT

# Allow incoming SSH connections and PING requests over ECM interface
-A INPUT -i usb0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i usb0 -p icmp -m icmp --icmp-type 8 -j ACCEPT

# Create more custom rules here, e.g.:
# Allow incoming TCP connections for service port <port> on interface <if>
# -A INPUT -i <if> -p tcp -m tcp --dport <port> -j ACCEPT

COMMIT

Editing Firewall Rules

Create custom rules to enable ssh on more than just the USB interface (e.g., enable SSH over eth0) by adding rules to the Custom section.

# Create more custom rules here, e.g.:
# Allow incoming TCP connections for service port <port> on interface <if>
# -A INPUT -i <if> -p tcp -m tcp --dport <port> -j ACCEPT

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

To apply the updated rules reboot your target.

Setting up IPv6 over Ethernet

Check to see if IPv6 is enabled on your dev machine and target.

ip -6 address show <interface>

If there is no IPv6 address add config for the interface

$ sudo cp /etc/network/interfaces /etc/network/interfaces.backup
$ sudo vi /etc/network/interfaces

Add the following lines (modify for your interface, and IP address you wish to use)

auto <interface>
iface <interface> inet6 static
    address <desired ip address>
    netmask 127

Restart the networking on your device:

Dev Machine: 

$ sudo systemctl restart networking

Target: Reboot your device

Test by pinging your Target Device from your dev machine on the IP address assigned:

$ ping6 <ipv6 address>

Troubleshooting

Connectivity Issues

  • If you are having issues connecting over IP on the Target device try connection over USB or Serial Cable and bring the interface up and down, or reboot the device.
# ifdown eth0
# ifup eth0

Developer Studio Connectivity

If the Target is not being recognized in Developer Studio:

Check to see if devMode is running

# app status devMode

Start developer mode (restart if needed)

# app stop devMode
# app start devMode

For further help with Developer Studio see the Developer Studio Guide within the Help section of Developer Studio.

Copyright (C) Sierra Wireless Inc.