HowTo Kindle Networking

[knc1]

This thread is a continuation of the USBnetwork installation thread at:
http://www.mobileread.com/forums/sho...d.php?t=204450

Conditions:
You have already installed the USBnetwork, kindle-usbnet-0.7.N.zip package, as described in the prior thread.
The prior thread left you using the telnet to access your Kindle.
You made note of the sequence required to start/stop USBnetwork, which is repeated here:

Quote:

This order should work on all firmware versions.
Early firmwares, v-2 and v-3 may also work with the cable attached.

• un-plug cable (if still plugged in)
• toggle USBnetwork ON in launcher
• plug the cable
• kill any automation (or configure yours to do: )
• sudo ip link set up dev usb0 (It may already be up)
• sudo ip address add 192.168.15.201 peer 192.168.15.244 dev usb0
• use the networking until your done
• un-plug cable
• toggle USBnetwork OFF in launcher

You may or may not have configured your network automation to automatically bring up the link and set the point-to-point address that you are using on your host PC.
There are a number of network automation things used by the various Linux distributions, refer to your distribution information on how to set up yours (not here, your distro's help forum).

We knew from the prior thread that the networking over the USB cable was working.
We knew from the prior thread that telnet over USB was working.

Now telnet into the Kindle (telnet 192.168.15.244).

The prior thread used the ip utility to display network related information from the Linux host (your PC).
The Kindle also has a (limited) version of ip installed as part of the Busybox build.

Examine the routing setup on the Kindle:

Code:

[root@kindle root]# ip route
192.168.15.0/24 dev usb0  src 192.168.15.244

Examine the network addressing setup on the Kindle:

Code:

[root@kindle root]# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
6: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether ee:19:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.244/24 brd 192.168.15.255 scope global usb0

Now get a verbose report on the firewall setup:

Code:

[root@kindle root]# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere            tcp dpt:40317 
    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere            state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  wlan0  any     anywhere             anywhere            state RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  wlan0  any     anywhere             anywhere            state ESTABLISHED 
    0     0 ACCEPT     udp  --  ppp0   any     anywhere             anywhere            state ESTABLISHED 
    0     0 ACCEPT     udp  --  ppp0   any     anywhere             anywhere            udp spt:40317 
    0     0 ACCEPT     udp  --  ppp0   any     anywhere             anywhere            udp spt:49317 
    0     0 ACCEPT     udp  --  ppp0   any     anywhere             anywhere            udp spt:33434 
 1973 2260K ACCEPT     all  --  lo     any     localhost.localdomain  anywhere            
 5224  303K ACCEPT     all  --  usb0   any     anywhere             anywhere            
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3826 packets, 246K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1973 2260K ACCEPT     all  --  any    lo      anywhere             localhost.localdomain

Magic decoder notes to that header:
target : what to do with the matching packet
prot : Protocol
opt : Options
{in,out} : Interface
{source, destination} : IP address(es)
dpt : Destination port
spt : Source port

Interfaces shown:
ppp0 : 3G (this device does not have 3G - forget about those for this machine)
wlan0 : WiFi (got that, but at the moment, its down (airplane mode enabled) )
lo : localhost (IP: 127.0.0.0/8 - every networked machine has one)
usb0 : Guess what.

Protocol: icmp - that is, among other things, 'ping packets'

All of the firewall rules shown above are in the kernel's dynamic memory.
You can add/delete/change them (in memory) with the iptables utility.
These rules will be restored from a configuration file in the /etc/sysconfig directory at the next system boot.

For the curious, here is what is in the Kpw-5.3.3 /etc/sysconfig directory:

Spoiler:

Off-topic here, but to be complete:

Code:

[root@kindle root]# ls -l /etc/sysconfig
-rw-r--r--    1 root     root             0 Jan  8  2013 ALLOW_CVM_RESET
-rw-r--r--    1 root     root           546 Jan  8  2013 cpufreq
-rw-r--r--    1 root     root           541 Jan  8  2013 devtypes
-rw-r--r--    1 root     root           140 Jan  8  2013 fs
-rwxr-xr-x    1 root     root           982 Jan  8  2013 iptables
-rw-r--r--    1 root     root           369 Jan  8  2013 mntlog
-rw-r--r--    1 root     root           333 Jan  8  2013 mntus
-rw-r--r--    1 root     root            86 Jan  8  2013 nomkd
-rw-r--r--    1 root     root           112 Jan  8  2013 ntp
-rw-r--r--    1 root     root           772 Jan  8  2013 paths
-rw-r--r--    1 root     root           238 Jan  8  2013 srstlog

NOTE: It is strongly recommended that you do not mess with the system configuration files!
If you screw them up, your on your own, nobody here will fix your mess for you, forget that!

Since you have decided to become your own network admin person by installing this networking package, you need at least a minimum knowledge of the firewalling in Linux.

A quick review of the network interface states at the moment:

Code:

[root@kindle root]# ip -o link | cut -f 2,9 -d ' '
lo: UNKNOWN
usb0: UP

Note: ip with the -o{neline} option is intended for string processing such as shown above.

First, for this purpose, clean up the listing of the three main chains above (there are other tables, google iptables).
Knowing that this machine does not have 3G and that the single output rule is bogus (why? think a bit, lab126 didn't).

Code:

** Hand edited for this post **
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  wlan0  any     anywhere             anywhere            state RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  wlan0  any     anywhere             anywhere            state ESTABLISHED 
 1973 2260K ACCEPT     all  --  lo     any     localhost.localdomain  anywhere            
 5224  303K ACCEPT     all  --  usb0   any     anywhere             anywhere            
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3826 packets, 246K bytes)
 pkts bytes target     prot opt in     out     source               destination

Anything INPUT to the machine is subject to both the default policy and the rules of the INPUT chain.
Anything FORWARD(ed) or OUTPUT is subject to the default policy of those chains.

The states mentioned in the INPUT chain rules:
RELATED - a packet inbound that is related to a packet which was output, this is for protocols that use more than one port (such as ftp).
ESTABLISHED - A packet inbound that is a reply to a packet that originated on this machine.
There is no "RELATED" shown for the udp protocol because such a thing does not exist in the udp protocol.

Now you should be able to read your first rule (NOT THE first rule, A first rule).
INPUT - default policy: "DROP" - so unless allowed by a rule, this packet is going to the bit bucket.

Find the interface usb0
What are the restrictions? (ans: none)
What is the target of the packet? (ans: let it in)

What about packets forwarded or output to usb0?
(ans: only the default policy of the chains apply (no rules) - so let it pass the chain)

Now read your second rule (NOT THE second rule, A second rule).

Find the interface wlan0
What are the restrictions? (ans: INPUT chain only, only in response to something previously sent by the machine)
What is the target of the packet if it meets the restrictions? (ans: let it in)
What is the target of the packet if it fails to meet the restrictions? (ans: drop it on the floor)

What about packets forwarded or output to wlan0?
(ans: only the default policy of the chains apply (no rules) - so let it pass the chain)

Got all of that above? Now you are a junior net-admin! That's all you need to get started.

Now for your first network administration assignment:
What do you need to do to allow ssh over WiFi to your Kindle?
THINK! You can answer that assignment question now.

Ans:
The ssh protocol is identified by the "commonly used port", port number 22.
You have to add a rule to the INPUT chain, for the interface wlan0 and the destination port 22.

This is your lucky day - the USBnetwork package has that placed under the control of a "flag filename" for you. Just read the README_FIRST.txt file in the package for the directions on using that "flag filename".

Question: how to allow some other protocol than ssh over WiFi?
Same answer, different port number.

Question: how to allow some other protocol than those allowed already over 3G?
Same answer, different interface name and port number(s).

To have ssh communications with your Kindle, in addition to the networking, you need something to talk to.
In the USBnetwork package, that is an application called 'dropbear'.
So find out if it is running:

Code:

[root@kindle root]# ps -C dropbear
  PID TTY          TIME CMD
20446 ?        00:00:00 dropbear

Ans: It is up as process ID 20446.

PS: I do not want to ever again read a thread titled: "Connection Refused". Never! Ever!

For our next thread in this series, configuring ssh and some of the neat things you can do with it.

[twobob]

Two buttons...

BLOCK...

UNBLOCK...

Then the world would be golden..

Oh and a "magically configure" button would be nice for the tricky stuff

[knc1]

Quote:

Originally Posted by twobob

Two buttons...

BLOCK...

UNBLOCK...

Then the world would be golden

It is in the works.

[twobob]

Quote:

Originally Posted by knc1

It is in the works.

\o/ Yay.