Version 12 (modified by sreuter, 7 years ago) (diff)

notebook setup: iptables - open ports 32768:61000 for ros

Carologistics Robotino Laptop Setup

For the Thinkpad X230 laptop that are put onto the Robotino certain setup steps are required.

System Installation and Configuration

System Services

Enable the SSH service by executing (as root):

systemctl enable sshd.service


You need to open several ports for incomig connections in the firewall-config in /etc/sysconfig/iptables. First, allow Multicast DNS (mDNS). This enables automated service discovery to detect Fawkes instances on the local network. Next add the following custom ports:

  • 8088 / tcp: Webview web interface
  • 1910 / tcp: Fawkes network protocol, e.g. plugin loading, config listing, or blackboard access.
  • 2208 / tcp: Firestation network protocol, e.g. image transfer
  • 11311 / tcp: ROS communication


-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 4444 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2208 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1910 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8088 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3632 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 11311 -j ACCEPT
# ROS incoming connections to publishers on ephemeral port
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32768:61000 -j ACCEPT
-A FORWARD -m tcp -p tcp --dport 3632 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A PREROUTING -m tcp -p tcp --dport 3632 -j DNAT --to-destination

Stabilize Ethernet Communication

The auto negotiation of Ethernet configuration parameters causes trouble between the laptop and the Robotino. Hence it must be disabled. To do so create the file /etc/NetworkManager/dispatcher.d/01-disable-autoneg as an executable file with the following content:


INTERFACE=$1 # The interface which is brought up or down
STATUS=$2 # The new state of the interface

if [ "$INTERFACE" != "em1" ]; then

case "$STATUS" in
    'up') # $INTERFACE is up
        /sbin/ethtool -s $INTERFACE speed 100 autoneg off
    'down') # $INTERFACE is down

To run the script on fedora startup add a call to the script in /network/init.c/network :

cd /etc/NetworkManager/dispatcher.d/
. ./01-disable-autoneg

Network Setup

To provide network access to the robotino platform, the wired network settings of the lenovo notebook has to be configured to share its connection. In the GUI of the "Network Settings" set:

  • wired->options->IPv4 Setting->"Method" has to be set to "Shared to other computers"

Specifying this method, (indicating that this connection will provide network access to other computers) the ethernet interface is assigned the IP= and a DHCP and forwarding DNS server are started, and the interface is NAT-ed to the current default network connection (which is the wlan).

The internal Acces-Point of the robotino is not necessary anymore and has to be unplugged. The robotino-basis is directly connected to the lenovo-notebook.

  • Plug the cable coming from the mainboard directly into the RJ45 connector at the front of the robotino-basis).

The etc/network/interfaces of the robotino-bas has to be configured as following:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
   address      # where 25 has to be replaced by the robotino-id

From the lenovo notebook the robotino-basis can be accessed via the IP= Make sure this IP is mapped to the hostname robotino-base in /etc/hosts.

From the robotino-basis the lenovo notebook can be accessed via the IP=

Power Setup

To stop the laptop from suspending when its lid is closed, we have to modify /etc/systemd/logind.conf : Switch the value of HandleLidSwitch from suspend to ignore