Brief Description

My purpose was to test this transmitter/receiver pair to see how far i could go and still reliably transmit data. I used my protoboard to transmit. The reciever was attached to a uart to rs232 converter then to the db9 port on my computer and i watched the input from hyperterminal.

Equipment

• ProtoBoard
• rct-433-as transmitter Mouser Part # 509-RCT-433-AS
• rcr-433 reciever Mouser Part #509-RCR-433-RPR
• A transistor and some 10K resistors for Conversion
• A few 4.7uF and .01uF Filter Capacitors
  

Prelab

Get and study data sheets for the transmitter and reciever. Brush up on rs-232 and ttl signaling levels.

Procedure

The first thing i did was get the Conversion circuit working. I’ve found that the other circuit i have listed does not work well with the 2N3904/6 transistors that i have on hand. I was only able to get the uart to rs232 portion to work, as soon as i plugged in the capacitor or the line going to rs-232 RX the circuit would stop working. So I only hooked up half of the ciruit using a 2N3906 and three 10K resistors. You can do that or use the other one way circuit. You should be comfortable enough with the signalling levels by this point to do this easily, if not i suggest you go back to those sections.

After thats hooked up connect it to the tx pin on the pic to make sure its transmitting correctly. Then hook up the reciever and put the data out line where your pic was connected (before the 10K going into the base of the transistor). You can get the data sheets for the reciever and transmitter in the links that i posted above in the equipment bullets. Hooking up the reciever is really simple, its just ground and power lines and a data out. I hook up all the ground and power lines just to be sure, and when in doubt remember vsS = “sink” so its the ground.

I hooked the transmitter into my “protoboard”.

There is a program on the pic that just transmits a number like 10 times and then does a newline. That way i can print out lots of data and see what number it messed up on. I used the lowest setting i could for the pic, since it has a 20Mhz clock i can use any baud rate slower than 1200.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

#include <16F877.h>
#device adc=8
#use delay(clock=20000000)
#fuses NOWDT,HS,NOPUT,NOLVP
#use rs232(baud=1200,parity=E,xmit=PIN_C6,rcv=PIN_C7,bits=8)
int i =0;
int j=0;
void main()
{
   setup_adc_ports(NO_ANALOGS);
   setup_adc(ADC_OFF);
   setup_psp(PSP_DISABLED);
   setup_spi(FALSE);
   setup_timer_0(RTCC_INTERNAL|RTCC_DIV_1);
   setup_timer_1(T1_DISABLED);
   setup_timer_2(T2_DISABLED,0,1);
 
   output_b(0xFF);
 
   printf("\f \f \f \r \f \f \f \r \f \f \f \r");
   printf("Start");
   while(1){
      for (j=0;j<10;j++){
      printf(".%i",i);
      }
      printf("\r\n");
      i++;
 
   }
 
}

Filter Capacitors
In the datasheet for both the transmitter and reciver it says you should use a “bypass” and “filter” cap. I noticed a great improvement of signal quality when i installed these. Pretty much for both of them i just connected them between ground and power in close proximity to the chip, I did this on both the tx and rx ends. You should be able to make it out from the pictures.

Antenna
There is some weird calculation to get “1/4″ of the wave or soemthing like that to calculate the optimum lenght of the antenna. Other people calculated it to 17cm. POST LINK HERE So, I just used a 17cm peice of telephone wire.

Conclusions

The pair works pretty good going at 1200 baud, I was able to transmit through walls. I transmitted at least 20 feet away through walls without loosing any info. This was only after installing the filter capacitors though.

In the datasheets it recommends that you invert the output signal on both ends. This allows you to only transmit when you are actually transmitting, if you dont do this to hold the line without sending data you have to send a ‘1′, but if you invert before it hits the transmitter and then invert coming out of the reciever then you wont need to waste power. If you are transmitting from the pic then you need to set the INVERT option in your program, or you can just invert after that. I didnt implement this part but i might later on.

When you are not transmitting the reciever picks up some weird square wave that does strange things. Then, when you start to transmit some of this weird square wave is picked up in the beggining of your signal, this almost always makes the first part of a string of data get garbled. You can get around this by just constantly transmitting data, which might not be efficent. Possibly you could create some kind of circuit to filter this out, or maybe by inverting the singal it would help ? Just something to consider.

Depending on the needed applications of this it seems to be a very nice way to transmit data, I plan on making a RC car, for that it should work just fine.

This is a continuation of articles “using iptables on your linux router“  and “how to setup your slackware linux box as a router“. This is the script that im pretty much finished with and how it works.

Hardware Setup

This is a basic diagram of my network setup. Crossover cables are denoted with ‘C’. This does not represent the actual spacing between items at all, for instance PC 2 is about 100ft away from the hub, the hub is right on top of the server.

Eth1 Network (192.168.10.0)
Very Un-trusted !
Only allow ports 80, and 22
PC1 can be allowed samba ports also

Eth2 Network(192.168.1.0)
Very trusted
All Packets are passed directly through

Firewall Script Flow Chart

This is a flow chart that explains how the firewall handles packets.

After making all this i realized that everything goes differently, packets go to see if its pc3 then to see if eth1 then they go to the firewall table to see if established/related, that is of course if they made it that far. If they were eth1 then they would have gone to net two. So please realize this above diagram is not exactly like my script, but very similar.

For simplicity I don’t include the “firewall” table which just accepts all local loopback and then goes to the trusted table. Really I should eliminate the “firewall” table, feel free to. The “NETTWO” table is dedicated to the unsecure network, It only allows port 80, 22 and PC1. PC1 is also pretty restricted. The table “NETTWO” hooks into the wifi router, which I am VERY weary of, I do further security on that router, its just a old Linksys wireless router. Its actually the router that I replaced my linux box with.

Anyway without further a due here is the actual script.

#!/bin/bash
 
RETVAL=0
external_int="eth0"
external_ip="`ifconfig $external_int | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
 
# start the firewall
start() {
 
	# set all default behaviour to accept
	iptables -P INPUT ACCEPT
	iptables -P OUTPUT ACCEPT
	iptables -P FORWARD ACCEPT
 
	# create new chains for firewall and trusted filtering
	iptables -N FIREWALL
	iptables -N TRUSTED
	iptables -N NETTWO # temp? tables for subnetwork of wifi, luis and garage computer
 
	# Log chain
	iptables -N LOG_DROP
	iptables -A LOG_DROP -j LOG --log-prefix '[IPTABLES DROP] : '
	iptables -A LOG_DROP -j DROP
 
	# allow established and related incoming connetions only
	iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
	# Allow self communication
	iptables -A FIREWALL -i lo -j ACCEPT
	iptables -A FIREWALL -o lo -j ACCEPT
	# send all package to the trusted chain
	iptables -A FIREWALL -j TRUSTED
	# drop all other packets
	iptables -A FIREWALL -j LOG_DROP
 
	############################
	# Prerouting, to speed up things
	############################
 
	# give the ubuntu pc a green light to do whatever, compleatly trusted ! (to firewall only)
	# ubuntu pc is connected to eth2 and has static ip of 192.168.1.11
	iptables -A INPUT   -j ACCEPT -p all -s 192.168.1.11 -i eth2
	iptables -A OUTPUT  -j ACCEPT -p all -d 192.168.1.11 -o eth2
	# for the subnetwork that has luis and wifi we send it to its own table
	iptables -A INPUT -i eth1 -j NETTWO
	# send all input packets to the firewall chain
	iptables -A INPUT -j FIREWALL
 
	############################
	# Begin Forward Table and Inet sharing
	############################
 
	# forward all traffic coming from eth1 to eth 0 ( make all eth1's stuff go to the net)
	iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
	# forward only established or related connections from eth0 to eth1 ( so only stuff a local lanputer has started)
	iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
	# same as above but for eth2 (gigabit connection)
	iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
	iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
	# forward all sof2mp test stuff to this computer (take all connections to server)
	iptables -A FORWARD -i eth0 -o eth2 -p udp -m udp --dport 20100:20112 -j ACCEPT
	# broadcast the sof2 mp test server
	iptables -A FORWARD -i eth0 -o eth2 -p tcp -m tcp --dport 20100:20112 -j ACCEPT
	# any packets that get to this point are logged then dropped
	iptables -A FORWARD -j LOG_DROP
	# masquerade the ip's so they look like they are "all from one" machine
	iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
	# turn forwarding on "tell the kernel"
	echo 1 > /proc/sys/net/ipv4/ip_forward
 
	############################
	# network two routing table, for subnetwork with luis and wifi
	# only port 80 and 22 are allowed, the rest are logged/dropped
	############################
 
	iptables -A NETTWO -p tcp -m tcp --dport 80 -j ACCEPT
	iptables -A NETTWO -p tcp -m tcp --dport 22 -j ACCEPT
	#iptables -A NETTWO -m mac --mac-source "pc2's mac" -p tcp -m tcp --dport 137:139 -j ACCEPT
	#iptables -A NETTWO -m mac --mac-source "pc2's mac" -j ACCEPT
	iptables -A NETTWO -j LOG --log-prefix '[NETTWO DROP] : '
	iptables -A NETTWO -j DROP
 
	############################
	# Begin Trusted Table
	############################
 
	# Allow http, the eth+ defines "all" ethernet devices
	iptables -A TRUSTED -i eth+ -p tcp -m tcp --dport 80 -j ACCEPT
 
	# Allow http, the eth+ defines "all" ethernet devices
	iptables -A TRUSTED -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
 
	# Allow https
	iptables -A TRUSTED -o eth0 -p udp -m udp --dport 443 -j ACCEPT
	iptables -A TRUSTED -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
 
	# Allow SSH
	iptables -A TRUSTED -i eth+ -p tcp -m tcp --dport 22 -j ACCEPT
 
	# sof II test
	iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 20100 -j ACCEPT
	iptables -A TRUSTED -i eth0 -p udp -m udp --dport 20100 -j ACCEPT
 
	# Nexuiz
	iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 26000 -j ACCEPT
	iptables -A TRUSTED -i eth0 -p udp -m udp --dport 26000 -j ACCEPT
 
	# teamspeak
	iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 8767  -j ACCEPT
	iptables -A TRUSTED -i eth0 -p udp -m udp --dport 8767 -j ACCEPT
 
	# allow samba server for print and files to local nics only
	iptables -A TRUSTED -i eth1 -p tcp -m tcp --dport 137:139 -j ACCEPT
	iptables -A TRUSTED -i eth2 -p tcp -m tcp --dport 137:139 -j ACCEPT
	iptables -A TRUSTED -i eth1 -p tcp -m tcp --dport 445 -j ACCEPT
	iptables -A TRUSTED -i eth2 -p tcp -m tcp --dport 445 -j ACCEPT
 
	# log and drop all packets going through the trusted chain that make it this far
	iptables -A TRUSTED -j LOG_DROP
 
	# end message
	echo "- Iptables Script ran, security enabled"
 
	RETVAL=0
}
# open everything and forward everything
dumb() {
	# set all default behaviour to accept
	iptables -P INPUT ACCEPT
	iptables -P OUTPUT ACCEPT
	iptables -P FORWARD ACCEPT
	# now forward everything
	# forward all traffic coming from eth2to eth 0 (all ubuntu's computer goes to net)
	iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
	# forward all traffic from eth0 to eth2, all traffic from net to ubuntu computer
	iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT
	# same as above but for eth1 (local lan slow)
	iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
	iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
 
	iptables -t nat -A PREROUTING -p udp -i eth0 -d $external_ip --dport 20100:20112 -j DNAT --to-destination 192.168.1.11
	iptables -t nat -A PREROUTING -p tcp -i eth0 -d $external_ip --dport 20100:20112 -j DNAT --to-destination 192.168.1.11
 
	# masquerade the ip's so they look like they are "all from one" machine
	iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
	# turn forwarding on "tell the kernel"
	echo 1 > /proc/sys/net/ipv4/ip_forward
	echo "+ everything accepted, everything forwarded";
}
 
# stop the firewall (everything is open !)
stop() {
	# set the default policy
	iptables -P INPUT ACCEPT	# accept all incoming packets
	iptables -P FORWARD ACCEPT	# forward all packets to other puters (flood)
	iptables -P OUTPUT ACCEPT	# accept all outgoing packets and send them
 
	# set default policy for the NAT table
	iptables -t nat -P PREROUTING ACCEPT
	iptables -t nat -P POSTROUTING ACCEPT
	iptables -t nat -P OUTPUT ACCEPT
 
	# delete all old rules
	iptables -F 			# flush
	iptables -t nat -F		# flust nat table
 
	# delete all chains
	iptables -X
	iptables -t nat -X
 
	echo "+ All tables flushed"
	RETVAL=0
}
lockdown() {
	echo "locking down everything"
	iptables -t nat -P PREROUTING DROP
	iptables -t nat -P POSTROUTING DROP
	iptables -t nat -P OUTPUT DROP
	iptables -t nat -P PREROUTING DROP
	iptables -t nat -P POSTROUTING DROP
	iptables -t nat -P OUTPUT DROP
	echo "itz locked down"
}
# case statement to call the correct function, exept status which is in the case
case $1 in
   start)
     start
     ;;
   dumb)
	 stop
     dumb
     ;;
   stop)
     stop
     ;;
   restart)
     stop
     start
     ;;
   status)
     iptables -L
     iptables -t nat -L
     RETVAL=0
     ;;
   lockdown)
	stop
	lockdown
	;;
   *)
echo "Usage: Firewall (start|stop|restart|status)"
esac
 
exit

Thats pretty much it. I’m still kinda dumb when it comes to the forwarding part, so be careful of that part. Also when i allow pc2 to connect to samba ports i use its mac addres so replace “pc2 mac” with the mac address without quotes. Like this 00:00:00:00:00

Im dropping packets like there is no tommorrow. I’ve found that pc1 has something on it that is always sending packets to weird ports/ip’s they are all getting blocked.

Please comment if you know how i can improve this, or can point out any errors.

Another note, if you have email coming out from your server be sure to enable port 25, or whatever port you use. I just did that to mine.

I’ve been wanting to organize my findings in a easy to read/reference way. So, I’ll be using a standard lab journal format for most of the things that i start as of now. Of course, it does not apply to everything. I’ve done so much stuff that i never wrote down anywhere, i want to be sure i can look back at stuff i do from now on. Anyway the standard format ill be using (thanks to my teachers)

Standard Lab Format

The following is a description of the standard lab format to be used:

I. Each lab entry should start with the title of the experiment and a brief description

II. The equipment to be used should be listed; leave some room below the initial list to add additional equipment and parts.

III.A prelab section (when applicable) should include any preliminary work to be done prior to coming to the lab.

IV. The procedure section describes the activities done in the lab.  The reader of your journal should be able to follow your description without referring to a manual or handout, but you may summarize  in your own words.  Record your data, figures, sketches and observations.  Be sure to label everything.

V. In the conclusions, you should write in a narrative style.  Summarize your results and condense data when appropriate.  Answer all questions asked.

Abstract

Even though I have studied this subject several times it still continues to annoy me.  This will be a in depth disscussion (kinda for myself) of the signal levels and such. Im wondering if CCS C is inverting the signal coming out of the pic so that its ready for consumption by the db9.

This straight out sort of conversion works off of the fact that most rs232 with short range cables can work just fine with +/- 3 volts. So if you use a transistor to invert the pic signal and a resistor to sink the current when the line is 0 you will get +/-3 volts to drive the rs232 line.  So basically we invert the data coming out of the pic and add a resistor to that so when the pic outputs a 1 it is inverted to a 0 then sunk to the resistor to make -3 ish. This is best looked at with a table

Table 1

Pic out | RS-232 In
0volt    | +3volt
5volt     | -3volt

This is because for the pic a ‘1′ is 5v and for the rs-232 a ‘1′ is less than -3volts, likewize for the pic a ‘0′ is 0v and for rs-232 it is above 3v. So its pretty easy (in theory) to convert from the pic to rs-232, converting from rs-232 to pic levels is more tricky though. But, enough theory and such lets see what we actually get through the scope.

Results

Here I will show you (and myself) the results i get from rs232 and pic while sending the same characters.  Hopefully after looking at everything and putting it in perspective we will be able to clearly see whats going on, or we will realize what we are doing wrong.

Setting the scope (soundcard scope)

I’m going to send ‘A’ then ‘a’ at 1200 baud via the pic, and via rs-232, we will be using eight bits with one stop bit. This makes 9 bits total so 1200/9 gives ~133 Hz for each bit. A less confusing way of figuring this out is: we have 1200 bits per second so thats 1/1200 8.3e-4 seconds or (*1000) .83 milliseconds for each bit. We know that we are getting 9 bits so to see the “whole thing” we use .83ms*9bits= 7.5ms.  When i set my scope to 8ms i see nothing so i will just use about 60ms then zoom in.

Getting the shot

If you turn on your speakers and your using the soundcard scope you will be able to “hear” the bits go through. I use this as a metronome and i hit the run/stop button to get a good shot of what was sent. Then in the mid bottom i go to the “measure” setting and put it on cursor time. Then i get the blue lines and drag them from the start till about 130hz. This is what i get

So where i have the blue lines is the first char ‘A’ and the rest is the second char ‘a’. From http://www.asciitable.com/ we know that ‘A’ is 65D or 1000001 in binary. Looking at the output we can see we have something like 10???01, we know those four bits so the rest must be 9-4=5. But, I think there is always a “start” bit so that would make it 10 bits we really have so 10-4=6, and that chunk in the middle is all 1’s so 1011111101 is what we have which looks like

start bit | (data)’ | stop bit

I know we cant tell with this one but the data is sent lsb first, and yes that is the inverse of the data. So, where there was a 1 there is a 0 and so forth. This is what we get out of the pic, there is no manipulation its just “putc(‘A’)” so either it should be inverted, or ccs c is inverting it for us. Looking at the ‘a’ we see it is 1100001, and we are getting 10???001. Since we can make out 5 bits, 5 are left that chunk is 1’s so we get 1011111001. Which is just like before start/stop bits and lsb first inverted data.  You dont have to figure out just by looking at it what the bits are you can start from the first bit and set f=134/9 and see what each bit is if need be.

Doing the same thing with RS232

It wasnt as easy to get the shot with rs232 but i opened hyperterminal set bits to 8 stop bits to one and baud to 1200. Then while hitting ‘A’ i hurried up and hit run/stop to get this.

From before we know that ‘A’ is 1000001, and yes all that below the red line is negative so we get “1011111101″, assuming that second bit is supposed to be above 3v (what else?). Also i already inverted everything from rs232 to ttl in my head. So we see that here too we get the data portion inverted.

Well, this is what we are getting, but according to sites like http://www.winpicprog.co.uk/pic_tutorial7.htm we should be getting something compleatly different, mainly inverted stuff. But im going to see terminator “salvation” in a hour so ill have to come back to this

This is my second attempt at making a general purpose board for my pic 877’s. This time the plan was dont connect anything. So the only connectors on the board are iscp, power, and a 40 pin header.

My idea behind the 40 pin header was to be able to connect this board through a normal ide cable to other stuff. I had planned a nice clean structure for the pins, but after soldering things went wrong. Its very confusing when everything is backwards and upside down. None the less its mostly consistent.

So far its working well. The only problem i have had is shorting the +- and blowing up a pic, also the ide cables for more than one drive dont seem to work with it. I dont think ide cables that go to more than one drive are “straight through”.

For anyone curious about version 0.1 you can see a picture here, its in a box ill pull it out and do something useful with it one day, its pretty stable. Its just too big.

I’ll write more about this as i use it, im kinda in a hurry now. I want to do a little more and write a little less, but i also want to document everything i do. Even if I’m brief.

This is a tool any engineer needs ! We cant all go out and buy a $1000 scope, but we can use some old pc to look at just about anything.

The soundcards in todays pc’s are able to read signal data and display it on your scree. Big suprise right ? This works just like your visualization for winamp or windows media player, a sound/signal goes through and something displays peaks and pits on the screen.

There is software that does this very well, the one i use is made in lab view. It works very well and i have become accustomed to it, but I did not pick it for any good reason other than it was the first one to come up in my google search. It was created with labview, but it is a normal program like any other. You can find it here http://www.zeitnitz.de/Christian/index.php?sel=scope_en

Dont Fry your soundcard !

One consideration that must be made is how do you hook stuff into your microphone without burning it up. You CANNOT just hook 5v into your soundcard and expect it to work. The max you can send to your soundcard is about 1v. What I did was use a voltage divider, R1=100K R2=10K. Using the equation for a voltage divider i get Vout = R2/(R1+R2)*Vin => 10/110*Vin which is about 1/11*Vin. So for 5volt logic level i get .45 and for 12v i get 1.09 which is about as high as i want to go. To tell you the truth i only use this for ttl voltage levels and sometimes rs-232, i would never plug this directly into a power supply or something.

There you go, for about 4 resistors and a 1/16 cable you have a soundcard Scope.

The only disadvantage is that you cant see the voltage of the incoming signal, but since we have a right and left signal you can connect the left signal to a +5v and use that for comparison. Also on the bottom where it says measure it allows you to measure the exact fq of bits and such. There isnt much that i cant do with this scope that i can do with the scopes at school. Also this is free and you can use your mouse and take screen shots easily.

In the top screen shot im recording the input and output of a rf system (backspace). And in this screenshot below im doing the same thing, the red lines are the reciever and the green lines are the transmitter. Im sending a “tab” which in ascii is 9 decimal or 1001 binary. If you look at the green one you can see the input is 101101111 which is nine bits. There is startbit | data` | stopbit. The data is inverted, not sure if it should be but thats the way i saw it come out of the pic too. Anyway the main reason is to show that i can clearly see the two signals and compare them to each other to make sure im getting what i should.

Ever wonder what happens if you run too much current through a pic ?

Ever wonder what happens if you connect the power supply backwards?

Ever wonder what happens when you accidentally short pos/neg?

You get to see the inside of the chip ! Thats if your eyes where out of the way of the piece of glass like silicone that goes blasting out of the pic.

Needless to say

• the chip does not work anymore
• this could cut you or hit you in the eye
• be careful, wear glasses
• when you start thinking “just a little more power” STOP

Intro

‘This article covers my experience in converting from rs-232 signal levels to ttl signal levels. I have done it several different ways, there are hard ways and easy ways to do this.

I find myself frequently converting from ttl to rs232 to allow devices using ttl datalevels to communicate with the computer through the rs232 port. And im not archaic in doing so, a lot of devices that we use nowadays still use the same technology, you just dont see it.

What uses rs232 anymore ?

Lots of things plug into the usb port, but somewhere down the line there is a usb to uart or a usb to rs232 converter. I know that on most Microchip ® pic programmers there is a little 32 pin surface mount chip that converts the usb into a serial interface, it has FTDI on it in my case. These are the same type of chips you will find in the “usb to rs232″ cables around. And hidden in lots of devices there is this same “middle man” to allow the same old technology to look new.

If you already know how to plug your own devices into your computers comm port to communicate, just imagine if you buy a “usb to serial” converter for $3 rip the chip out and solder it to your board, then you can connect directly to the usb port. I just use the cable myself, I’m not trying to fool anyone.  Anything you plug in via usb that then makes a “virtual serial port” is doing this, also other devices may do this but their drivers dont let you see whats going on.

The Easy way to convert

I have used this adapter before, it works very well and is the best design i have found anywhere. The original maker of this design (great guy!) has a webpage at http://picprojects.org.uk and the actual page for this project can be found at http://picprojects.org.uk/projects/simpleSIO/ssio.htm he has tons of info on how to do lots of neat stuff on that page. I recommend you read it.

This is the circuit.

Simple RS232 conversion

I’m a lazy person, and found that in my case the circuit works without the capacitors. Also i used 2N3904 and 2N3906 transistors in place of the BC ones he has listed in the circuit. I used all surface mount components, here is my finished product.

A harder Way (but better for long distances, or back to back connections)

This solution is much easier than the MAX-232 implementation, I wont even discuss that much here. But if you want a commercial grade product you want to look into the MAX232 chip. It allows two connections to go through it at the same time for a total of 4 devices, but it uses lots of electrolytic capacitors.

What if you are just transmitting one way ?

If you are just converting from uart to rs232 and you dont care about the pic receiving data from the rs232 then you can just use one transistor.

This was much harder to find. There is a guy who like me is just making stuff, this is his page (where i got this info/schematic) http://members.cox.net/berniekm/card.html

He is making a card reader that communicates with the computer via rs232. This is a very good application, turn your computer into a cash register

Of course you dont have to worry about anything except the three wires coming out of the db9 connector.  So that amounts to three resistors and a transistor. You should NOTE i could not get this circuit to work until i removed the connection from the tx pin on the db9. So my circuit only connected to the ground and pin2 (the RX pin). Not sure why it didnt work like the schematic, but if yours dont work try unplugging pin 3 on the db9 see if that fixes it.

We used this second design for a lab project, you can read about that here http://zonemikel.com/wordpress/?p=133

Best of wishes, hopefully these simpler designs will result in less time debugging your circuits.

This goes along with my other article on how to setup a router/gateway in slackware. After you have setup that router you will need to be able to open up ports. I found small quick fixes for this, but i didnt really make anything that i understood till a few days later and lots of reading. That is why i’m totally rewriting this article.

The best way to think of iptables/chains is kinda like chains (go figure) the packets go from link to link until they reach their destination or are dropped/rejected. One chain link can have several links atached to it so the packet could go out several different ways, lenghts of chain can be short or long.

Iptables in two paragraphs

So just for a example lets say we have a router that just accepts http or ssh traffic (which mine does). The chain would start at the first link, it would say “is it http?” if no, next link “is it ssh” if no next link. If there is no other link the “default policy” will take effect. The default policy can be drop or accept. So if we had a policy of accept the packet would get accepted if it was not a http or ssh packet, if we had a default drop policy it would get dropped. To avoid confusion we would have another link that would “drop” the packet if its not what we want.

There are 3 main sections of chain that you can mess with, INPUT, OUTPUT and FORWARD. The input chain/table is for packets coming in, the output for packets going out and the forward for packets getting forwarded. Really hard huh ? We are mostly concerned with packets coming in, the packets we send out should not be limited in most cases, and forwarding is its own thing.

An Example

The most basic configuration of my server allows only two ports open, I believe this to be secure, or at least better than the dozen that were open before I did this. The two ports that are open are ssh (22) and http (80). This way i can remote admin my server and allow my webserver to go through (which is on the same machine).

So that all has to do with packets coming in, lets add links to the INPUT table

# (link 1) Allow http, the eth+ defines "all" ethernet devices
iptables -A INPUT -i eth+ -p tcp -m tcp --dport 80 -j ACCEPT
# (link 2) Allow SSH
iptables -A INPUT -i eth+ -p tcp -m tcp --dport 22 -j ACCEPT
# (link 3) throw everything else away
iptables -A INPUT -j DROP

The comments are preceded by # so they are just saying whats going on. Basically we added three links “-A” for “append”. Ill leave the rest of the syntax up to you to figure out, but this is the main syntax that is used in most of the statements for iptables, these are very common lines.

The first link checks all eth nics (eg. eth+) and if they are passing port 80 data (http) we Accept it. Same goes for link two, except we are using port 22. Then link three just drops everything, this makes it like “stealth” mode, they cant figure out if its closed or open. Our server returns no response on “drop” if you want to report the port as closed use “REJECT”.

You should note that ORDER MATTERS, if we were to put the drop link in first it would drop all packets first. So add all the ports you want to allow before you put your Drop portion.

Another Example

I’ve just done this to my home network. Since i have wifi and my bro-in law hooked up to my subnetwork 192.168.10.0 im very weary of that connection. I’m almost positive that my bro in law has spyware or something that is trying to communicate with god knows what at all hours of the day. I know this by looking at the log files.

This subnetwork is hooked up to eth1, so simple enough only traffic on port 80 is allowed on that interface. To accomplish this i send all the traffic from that port to its own chain. The chain is very short it just allows port 80 and logs/drops everything else.

    iptables -N NETTWO  # create table
    iptables -A NETTWO -p tcp -m tcp --dport 80 -j ACCEPT    # is it port 80 ?
    iptables -A NETTWO -j LOG --log-prefix '[NETTWO DROP] : '   #if no log/drop
    iptables -A NETTWO -j DROP

and then add it as one of the first lines of your input table for eth1. So if anything is coming to/from eth1 we send it to this table. That way if you have another table with more complicated checking for tons of ports it does not have to check all of them before dumping the stuff on odd ports.

#first line of my input table, if eth1 jmp nettwo
 
iptables -i eth1 -j NETTWO

I know this works well because i was editing the script in windows over the samba share on the wifi. When i clicked back over to copy my code for the page it was froze because i closed the samba ports.

Also this provides a nice way to see all the stuff being dropped by differnet parts of the network, because looking through the log files is very difficult.

Links to other links of chain

A great way of doing this is to have a list/links/chain that you make yourself, then you can add that like a link into the input chain. For instance I made a “TRUSTED” chain/table and append all the ports i want to accept into it. Then my “input” table first sends the packet to the “trusted” table and then drops it. But, first i also do a little preliminary checking and send it to another table called firewall. So its INPUT -> FIREWALL -> TRUSTED -> DROP

# create two chains, one for fw other is trusted (for clean script?)
iptables -N FIREWALL
iptables -N TRUSTED
# allow established and related incoming connections only
iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow self communication
iptables -A FIREWALL -i lo -j ACCEPT
iptables -A FIREWALL -o lo -j ACCEPT
# send all package to the trusted chain
iptables -A FIREWALL -j TRUSTED
# drop all other packets
iptables -A FIREWALL -j DROP

The -N makes a new table, then i use state matching “-m” to see if its a established or related packet, then i automatically accept local loopback, from there i append the trusted chain then append the drop link. So, basically instead of having one long chain we have one chain link that connects to several chains, but they are all pretty short. I’m sure this helps speed up things a lot. Like for instance if you know 90% of your packets are going to one machine you can filter them out in your first link before your server even starts to think about it. Thats what the “established, related” does, I’ve we’ve already established a link to a webpage or game server there is no need to check every single packet after that, its the “new” connections that we want to worry about.

All the stuff we want to keep out we append to the firewall table before the appending of the “trusted” table. This way we see if its somone we dont like, if so we drop them if not we see if its somone we do like if so let them pass if not drop them. Pretty simple stuff, but it takes a while to get used to the syntax and such.

There is no one script for everyone

This stuff is unique to every machine, if you dont wanna learn iptables get firestarter, firewallbuilder, guarddog or any of the other gui tools out there. I only tried one, and it was just as complicated as learning this, except when you learn iptables it allows you to do everything you want. But there is no copy/paste script that you can use (that i know of) belive me i tried a lot of them, they didnt work for me and i had no idea what i was doing. If you want good security thats in your hands read the material and practice with your iptables. You can use webpages like this one to see which ports you have open, close them open them and such and make sure you have iptables down.

I got most of this information from a really good tutorial i found, you might wanna check it out. http://ubuntuforums.org/showthread.php?t=159661&highlight=iptables

I barley feel comfortable with my iptables now, and i can write it from scratch. Until you get to the point where you KNOW what is going on and can write your iptables syntax, I would not feel secure.

Checking IPTABLES -L (use “iptables -L -v” instead)

This was confusing me forever, you type “iptables -L” and it shows you the rules but all the source and destination are anywhere anywhere. So, it looks like everything is going trough. What we need is a better way of seeing whats going on. If you want the best way to see whats going on try tcpdump, but for our purposes the command “iptables -L -v” works great. That “-v” part makes it print out alot more detail. The most useful part of that command is that it shows you how many packets it has sent to each part, so you can easily test ports and see where everything is going. For example, check it then go do something on that port and then check it again, if the number of packets through that port has not changed something is wrong, or right

Other Stuff

There is of course much more to it than this, there is the “forwarding” part. How do you want to handle the forwarding of your internet access to the machines on your local lan. That part is still pretty fuzzy for me, the main thing im wondering is do i need to filter out stuff for the forwarding part or is that already handled by the input part. Im pretty sure the input table filters stuff before it even gets to your forwarding table, but you might want to check up on that. Anyway this is what i do to forward to all my other machines, straight simple,

# enable port forwarding
iptables -A FORWARD -j ACCEPT
# hide computers behind the firewall
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

I was messing with that for a while trying to get it to just forward stuff on port 80 but i think the filtering stuff does not work the same in the forward table. I recommend having a basic firewall on the other systems on your lan to ensure safety.

Script ?

The best thing about all this is you can make it into one big script. I made mine into a executable in my /etc/rc.d/ folder i can access it like most of the other executables in that folder with ./firewall start or ./firewall restart and such. For instance when I know ill be playing games or hosting a server i can have special functions inside the script just for that like ./firewall gamenight or something. You could even use this to turn on/off interenet connections like if you have kids or something and you want your inet to turn off at a certain time you can just call the script ./firewall stop or ./firewall start at certain times. The possiblilites are endless, as they should be with linux. Here is the core of my bash script so you can make your own

# case statement to call the correct function, exept status which is in the case
case $1 in
   start)
     start
     ;;
   stop)
     stop
     ;;
   restart)
     stop
     start
     ;;
   status)
     iptables -L
     iptables -t nat -L
     RETVAL=0
     ;;
   lockdown)
	stop
	lockdown
	;;
   *)
echo "Usage: Firewall (start|stop|restart|status)"
esac
 
exit

Then above that you just need to make your fucntions like this is my “stop” function, you should note it calls the stop function before it resets. This pretty much opens my firewall up and enables forwarding. It illustrates the use of functions in bash, this should be above the code i have above, just like in C you cant call functions unless they are above the thing that is calling them.

# stop the firewall (everything is open !)
stop() {
	echo "Remvoing all Iptables rules: "
	echo "Everything on the network will be open !!!"
 
	# set the default policy
	iptables -P INPUT ACCEPT	# accept all incoming packets
	iptables -P FORWARD ACCEPT	# forward all packets to other puters (flood)
	iptables -P OUTPUT ACCEPT	# accept all outgoing packets and send them
 
	# set default policy for the NAT table
	iptables -t nat -P PREROUTING ACCEPT
	iptables -t nat -P POSTROUTING ACCEPT
	iptables -t nat -P OUTPUT ACCEPT
 
	# delete all old rules
	iptables -F 			# flush
	iptables -t nat -F		# flust nat table
 
	# delete all chains
	iptables -X
	iptables -t nat -X
 
	# setup port forwarding
	echo "Enabling forwarding from eth0 to everyone"
	iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
	echo "All tables flushed, all connections accepted/forwarded"
	RETVAL=0
}

If your interested in more of that look at this tutorial, almost everything in this article was adapted from that tutorial and the advanced one linked to on that page.

Helpful links

http://www.speedguide.net/analyzer.php? (Analize your internet connection)

https://www.grc.com/x/ne.dll?bh0bkyd2 (tests what ports are open on your computer)

http://www.speedtest.net/ ( a fast internet speed tester)

http://linux.die.net/man/8/iptables (excellent quick reference, when you already know how)

Slackware Router/Nat/Fileserver/Webhost etc.

Get rid of your router and use a linux webserver instead. My server has always been up but it was just a webhosting server before, with some files on it. I’m using a old version of slackware on my server and xp or ubuntu on my clients.

The diagram explains a lot but my main goals were

• Use gigabit Ethernet without having to buy a router (pc to pc)
• Give the slackware box more control over my internet ip and such
• Separate low speed and high speed networks
• Learn stuff

(all cables are straight through except the one that says crossover)

Stuff you will need !

If you are setting up a gateway as I am you will need your isp’s gateway and your isp’s dns servers. You can find this info on your current router by looking in the status page. If worst comes to worse just call your isp and ask them. You need this info and cannot make a nat/gateway without it. If your not worried about internet then don’t worry about this.

To find your isp’s dns servers just connect your linux box and when your modem assigns it a ip it will edit the /etc/resolv.conf and add your dns’s. To get your ISP gateway the only way i know is plug in your router and look at the status page. You can also do all this by plugging your cable modem directly into a windows pc then when it connects to your modem go to the connections->status and the dns’s will be in there along with the gateway. Write all this info somewhere for future reference.

If you are connecting “like devices” such as pc to pc or hub to hub you will need a crossover cable. You can easily make a adapter for your current cables. See “further reading” for links on how crossover cables are setup.

Setting up the Server

Ip Forwarding and Masquerading

This stuff is way beyond me. In a nutshell what I gather we are doing is setting eth0 to forward all packets to eth1 and eth2, and eth1 and eth2’s packets are forwarded out to the net. I may be wrong about this though. The full tutorial (and where I got all my info for this part) was at http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html , it is a very good tutorial, read the whole thing. Since I had two Ethernet cards I had a extra line but aside from that the iptables is the same one on that site for the dsl/cable router.

How to do it ?

Setting up your iptables script

1. Log into your slackware server as root
2. create a file in your /etc/rc.d/ folder called rc.iptables like this “vi /etc/rc.d/rc.iptables” or you can use gedit or kedit if your in a gui.
3. Add these lines to it, in my config eth0 goes to the internet and eth1 and eth2 goes to the local network that I am providing with internet. Add the below script and save it.

   # Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
   iptables --flush
   iptables --table nat --flush
   iptables --delete-chain
   iptables --table nat --delete-chain
    
   # Set up IP FORWARDing and Masquerading
   iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
   iptables --append FORWARD --in-interface eth2 -j ACCEPT
   iptables --append FORWARD --in-interface eth1 -j ACCEPT
   echo 1 > /proc/sys/net/ipv4/ip_forward

4. Now make it executable “chmod +x /etc/rc.d/rc.iptables”
   NOTE: that should make it run every time on startup; however, mine never does I have to run it manually every time I restart my server. I don’t mind though, your server should not restart often. You can run it by going to the rc.d directory and typing “./rc.iptables”