Manualshelf

User manual

ManualsBrandsAmer ManualsComputer equipmentWAP123N
31323334353637383940
Chapter 4 Configuration
Page 35 Dec 2009
Internet stack and to start up the data traffic.
• In data traffic mode (Socket Mode, SKTM), the client can send/receive a raw data stream which will be
encapsulated in the previously configured TCP / IP packets which will be sent to the other side of the network and
vice versa. Control plane of ongoing socket connection is
deployed internally to the module.
Defining the Internet Peer that can contact this device (firewall settings)
The ELPRO 605M-D1 has an internal Firewall that controls the behaviour of the incoming connections to the module.
The firewall applies for INCOMING (listening) connections, OUTGOING connections will be always done regardless
of the firewall settings.
Firewall General policy is DROP, therefore all packets that are not included into an ACCEPT chain rule will be
silently discarded.
When packet incomes from the IP address <incoming IP>, the firewall chain rules will be scanned for matching with
the following criteria:
<incoming IP> & <net mask> = <ip_address> ?
if the result is yes, then the packet is accepted and the rule scan is finished, otherwise the next chain is taken into
account until the end of the rules when the packet is silently dropped if no matching was found.
For example, let assume we want to accept connections only from our devices which are on the IP addresses
ranging from:
197.158.1.1 to 197.158.255.255
We need to add the following chain to the firewall:
AT#FRWL=1,"197.158.1.1","255.255.0.0"
Request the socket connection to be opened in listen
With the command #SKTL (socket Listen) the TCP request to start listening for connection
requests is executed:
- ELPRO 605M-D1opens a listening socket on the port specified, waiting for incoming TCP
connections (depending on the parameter request) with the internet hosts
The parameters that shall be specified are the local port where packets shall be received, the type of socket and the
closing behaviour.
Receiving connection requests
Once the connection request is received, the module reports an indication of connection with an
unsolicited code +CONN FROM: <remote address>
- then connection is accepted and once it is up the module reports the code:
CONNECT From this moment the data incoming in the serial port is packet and sent to the Internet host, while the
data received from the host is serialized and flushed to the Terminal Equipment.
Note that the connections request are FIRST screened in the firewall, then if they are accepted they pass to the
listening socket; therefore only hosts that are in the ACCEPT chain rules of the firewall can induce a connection
request, the other host requests will be silently discarded without any indication to the remote host (for security
reasons).
Once the connection is received and closed, the socket is not anymore in listen. If the application needs again to be
in listen, then it shall send again the socket listen #SKTL command.
NOTE: this command differently from the AT#SKTOP DOES NOT automate all the process of
activating the GPRS, if no GPRS is active the command reports ERROR; therefore before issuing this command the
GPRS shall be activated with AT#GPRS=1 command.