How to setup Networking for Embedded Linux Application Development
This article helps setting up a dedicated networking environment for Embedded Linux application development.
Having two networks on your development workstation, one to connect to your company network or Internet and one dedicated to connect to your embedded target provides a predicable and stable networking environment for development. You can setup the network to have constant and stable IP addresses in the network towards your target even with several development workstations using the same corporate network. Optionally you can have a TFTP and NFS server on your workstation to implement TFTP/NFS boot as explained here. By isolating the two network you protect your embedded target from being flooded by random traffic and maybe attacks from a public network while on the other hand traffic generated by your device does not load or block your corporate network.
Hardware Requirementsβ
- Developer Workstation with two Ethernet interfaces:
- Using a second physical Ethernet adapter (e.g. by using a USB to Ethernet adapter for notebooks)
- Alternatively reverting to a virtual Ethernet interface in conjunction with a managed switch configured for a separate target network VLAN
Network Setupβ
Install and configure the second network interface and give it a static IP address. In the example we will use the network address 192.168.10.0/24 with the workstation having the IP 192.168.10.1.
Install and configure a DHCP server and, depending on requirements, a TFTP and NFS server on your development workstation.
The instructions below have been tested with Ubuntu and Fedora, depending on the exact distribution version packages might be named differently, might need different configuration files or additional changes (such as firewall rules). If below documentation does not work as expected, please also consult your distributions documentation on what packages are needed and how they should be configured.
DHCP Serverβ
Install and configure a DHCP server.
For Ubuntu install DHCP server with the following command:
$ sudo apt-get install isc-dhcp-server
More information about isc-dhcp-server can be found here.
For Fedora use the following command:
$ sudo dnf install dhcp
Edit the DHCP configuration file specifying IP addresses and Ethernet interface (check ip link for the available interfaces). Make sure to choose a network interface which is connected to the module only to avoid disturbing the company network with a rogue DHCP server.
$ sudo vi /etc/dhcp/dhcpd.conf
Sample DHCP Configurationβ
# dhcpd.conf
# option definitions common to all served networks...
option domain-name "colibri.net";
option domain-name-servers ns1.example.org;
default-lease-time 600;
max-lease-time 7200;
# Use this to enable / disable dynamic dns updates globally.
ddns-update-style none;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
default-lease-time 86400;
max-lease-time 86400;
option broadcast-address 192.168.10.255;
option domain-name "colibri.net";
option domain-name-servers ns1.example.org;
option ip-forwarding off;
option routers 192.168.10.1;
option subnet-mask 255.255.255.0;
interface eth1;
range 192.168.10.32 192.168.10.254;
}
#MAC address dependent IP assignment, used for the toradex target device
host eval {
filename "zImage";
fixed-address 192.168.10.2;
hardware ethernet 00:14:2d:49:79:2c;
next-server 192.168.10.1;
option host-name "colibri";
option root-path "192.168.10.1:/srv/nfs/rootfs,wsize=1024,rsize=1024,v3";
}
Sample root-path for NFSv4
option root-path "rootfs,v4,tcp,clientaddr=0.0.0.0";
Note that βhost evalβ field is used for NFS boot. More information here.
Start and Stop DHCP Serviceβ
For Ubuntu use:
$ sudo service isc-dhcp-server start
$ sudo service isc-dhcp-server stop
For Fedora use:
$ systemctl enable dhcpd.service
$ systemctl start dhcpd.service
$ systemctl stop dhcpd.service
After saving changes to file dhcpd.conf, restart the service.
Note: For NFSv4, rootfs as given above is relative to the root path which is where exports has the option "fsid=root" set (see below).
Take care to only answer DHCP requests originating from your development network card. You won't make friends by providing addresses to clients on your corporate network!
TFTP Serverβ
To download files to the module, the Trivial File Transfer Protocol (TFTP) is used. U-Boot provides a TFTP Client, therefor the development host need to run a TFTP server.
Ubuntuβ
For Ubuntu, install TFTP Server with the following command:
$ sudo apt-get install tftpd-hpa
Configure the following file as neded:
$ sudo vi /etc/default/tftpd-hpa
Sample TFTP Configurationβ
# /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="[::]:69"
TFTP_OPTIONS="--secure"
Start and Stop TFTP Serviceβ
$ sudo service tftpd-hpa stop
$ sudo service tftpd-hpa start
To reload the configuration use:
$ sudo service tftpd-hpa force-reload
More information about TFTP installation on Ubuntu can be found here.
Create the directory /srv/tftp and change the group as follows:
$ sudo mkdir -p /srv/tftp/
$ sudo chown -R :nogroup /srv/tftp/
Fedoraβ
To install TFTP Server on Fedora install the following packages:
$ sudo dnf install tftp-server tftp xinetd
Note: On latest Fedora releases the use of xinetd is discouraged and resp. configuration is located at /lib/systemd/system/tftp.service.
Then edit the configuration file:
$ sudo vi /etc/xinetd.d/tftp
Sample Fedora TFTP Configuration fileβ
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /srv/tftp
disable = no
per_source = 11
cps = 100 2
}
Start and Stop Servicesβ
systemctl enable xinetd.service
systemctl start xinetd.service
systemctl stop xinetd.service
systemctl enable tftp.socket
systemctl start tftp.socket
systemctl stop tftp.socket
systemctl enable tftp.service
systemctl start tftp.service
systemctl stop tftp.service
Create the directory /srv/tftp and change the group as follows:
$ sudo mkdir -p /srv/tftp/
$ sudo chown -R nobody:nobody /srv/tftp/
NFS Server Configurationβ
For Ubuntu, install nfs server with the command:
$ sudo apt-get install nfs-kernel-server
NFSv3 Configurationβ
Create an export configuration:
#/etc/exports
/srv/nfs/rootfs 192.168.10.2(no_root_squash,no_subtree_check,rw)
NFSv4 Configurationβ
Remember to update the option root-path in your DHCP configuration as well.
Create an export configuration:
#/etc/exports
/srv/nfs 192.168.10.1/24(no_root_squash,no_subtree_check,rw,fsid=root)
Apply Configurationβ
Start/restart the relevant daemons.
E.g. on Ubuntu:
$ sudo service nfs-kernel-server restart
E.g. on Fedora:
$ sudo systemctl restart nfs-server.service
More information on NFS configuration for Ubuntu can be found here.
Routing: Connect the Developer Network to the Internetβ
If you want to connect your developer network to the Internet do the following steps on your development workstation:
Enable IP forwardingβ
sudo sysctl -w net.ipv4.ip_forward=1
or
sudo bash -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
Create new iptables Ruleβ
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
or
sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.56
NOTE: eth0 is connected towards the Internet and 192.168.1.56 is the IP address of that interface. NOTE: Search for the keywords NAT and masquerade in your distributions documentation for distro specific information.