Installing GalilTools on Red Hat 5.8

Install GalilTools Software Package

This section covers the installation of the GalilTools 64 bit software package. If the target operating system is a 32 bit operating system, replace "x86_64" with "i386" in all of the commands seen below. After installing the GalilTools software package, additional configuration is necessary. Any previous installations of GalilTools must be removed before installing the latest version.

• Before using a PCI based controller, the GalilTools PCI driver must be installed and user permissions must be modified.
• Before using a USB or RS232 based controllers, user permissions must be modified.
• Before using an Ethernet based controller, the firewall must be modified.

This document will outline the complete setup of GalilTools for all controller communication interfaces.

1. Open a terminal by clicking Applications>Accessories>Terminal.
2. Get the GalilTools package and install it with the package manager.

   $ wget http://www.galil.com/support/downloads/software/galiltools/linux/galiltools.x86_64.rpm
   $ su -c 'rpm -i galiltools.x86_64.rpm'
   Password:

3. GalilTools can be launched from the terminal with the command "galiltools" or from the system menu at Applications>Programming>GalilTools.

Install the GalilTools PCI Driver

If GalilTools is to be used with a PCI based controller, the GalilTools PCI driver must be installed. If GalilTools will not be used with a PCI based controller, this section can be skipped. If the GalilSuite PCI driver has been previously installed, it must be removed before installing the GalilTools PCI driver. While there is limited support for the GalilSuite PCI driver in GalilTools, it is strongly recommended that the GalilTools PCI driver is used with GalilTools.

1. Open a terminal by clicking Applications>Accessories>Terminal.
2. Get the Galil public key and import it.

   $ wget http://www.galil.com/support/downloads/software/galilsuite/linux/galil_public_key.asc
   $ su -c 'rpm --import galil_public_key.asc'
   Password:

3. Download the required packages for the build process.

   $ su -c 'yum install rpm-build kernel-devel kernel-headers kernel-xen gcc glib'
   Password:

4. Prepare the build environment.

   $ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
   $ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

5. Download the Linux PCI driver from the Galil website.

   $ wget http://www.galil.com/support/downloads/software/galiltools/linux/galiltools-pci.src.rpm

6. Rebuild the GalilTools PCI driver using rpmbuild.

   $ rpmbuild --rebuild galiltools-pci.src.rpm

7. Move the newly built package into the working directory.

   $ mv ~/rpmbuild/RPMS/x86_64/galiltools-pci.x86_64.rpm .

8. Install the newly built package.

   $ su -c 'rpm -i galiltools-pci.x86_64.rpm'

Set User Permissions

To connect to Galil controllers over the USB, RS232 or PCI interfaces, a user must have the proper permissions to access the device. If a standard user intends to connect to a Galil controller over USB, RS232, or PCI, the following instructions must be followed. If a standard user wishes only to connect to Ethernet based controllers, this section can be skipped.

Red Hat Method 1: Using the command line

1. Open a terminal by clicking Applications>Accessories>Terminal.
2. Issue the following command to add users to the uucp group. The uucp group members have permission to use serial ports. Such permission is necessary for communication with Galil controllers over RS232 or USB. Make sure to replace "username" with the desired username.

   $ su -c '/usr/sbin/usermod -a -G uucp username'
   Password:

3. Issue the following command to add users to the galil group. The galil group members have permission to use Galil PCI based controllers. Make sure to replace username with the desired username. Note that the galil group will not exist unless a Galil PCI driver has been previously installed.

   $ su -c '/usr/sbin/usermod -a -G galil username'
   Password:

4. The process may be repeated to modify other users.
5. For the updated permissions to take effect, the modified user must logout then log back in.

Red Hat Method 2: Using the Graphical Administration Tools

1. Open Users and Groups by clicking System>Administration>Users and Groups.
2. Input the root password into the Root Password Prompt.
   

   Root Password Prompt

3. The Users and Groups Window should now appear.
   

   Users and Groups Window

4. Select the user that will be modified to communicate with Galil controllers over USB, RS232 or PCI by clicking on the username in the Users and Groups Window.
5. Click the "Properties" button in the Users and Groups Window toolbar. The User Properties Window will open.

   User Properties Window

6. Select the Groups tab in the User Properties Window. The User Properties Group Tab should now be visible.

   User Properties Group Tab showing the uucp group check box

   

   User Properties Group Tab showing the galil group check box

7. In the User Properties Group Tab, tick the check boxes next to uucp to give the user access to serial ports. This is necessary for communications with Galil controllers over RS232 or USB.
8. In the User Properties Group Tab, tick the check marks next to galil to give the user permissions to communicate with Galil PCI based controllers. Note that the galil group will not exist unless a Galil PCI driver has been previously installed.
9. Click the OK button. The process may be repeated to modify other users. After all desired modifications have been made, close out of the User Management tool.
10. For the updated permissions to take effect, modified users must logout then log back in.

Configure the Firewall

By default, during installation, Red Hat installs and enables a firewall. Furthermore, on Linux machines, standard users cannot typically listen on any port less than 1024. This makes a redirect necessary.

1. Accepting UDP traffic on port 50000 allows for the connection to Galil controllers over Ethernet
2. Accepting UDP traffic on port 60001 through 60007 allows the host to recieve Data Record and unsolicited messages from the controller.
3. The port redirection of port 67 to port 1067 allows standard users to assign IP addresses to controllers. Note that, as a result, port 1067 must accept udp traffic.

If no firewall is in use, setting firewall exceptions for ports 1067, 50000, and 60001 through 60007 are not necessary. If standard users require permission to assign IP addresses to controllers, the port redirection must still be applied.

The following changes allow GalilTools to communicate with controllers while a firewall is enabled and allow standard users to assign IP addresses to controllers.

1. Open a terminal by clicking Applications>Accessories>Terminal.
2. Assuming that the firewall is enabled, a file similar to the following can be found at "/etc/sysconfig/iptables". Open this file for editing.

   $ su -c 'gedit /etc/sysconfig/iptables'
   Password:
   

3. If the file opened by the previous command is blank, you must re-enable the Red Hat firewall or build a custom set of rules. Modifications to the iptables file may have been previously made for services like windows file sharing. The unmodified version is given only for demonstration purposes.

   $ su -c 'gedit /etc/sysconfig/iptables'
   Password:
   # Firewall configuration written by system-config-securitylevel
   # Manual customization of this file is not recommended.
   *filter
   :INPUT ACCEPT [0:0]
   :FORWARD ACCEPT [0:0]
   :OUTPUT ACCEPT [0:0]
   :RH-Firewall-1-INPUT - [0:0]
   -A INPUT -j RH-Firewall-1-INPUT
   -A FORWARD -j RH-Firewall-1-INPUT
   -A RH-Firewall-1-INPUT -i lo -j ACCEPT
   -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
   -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
   -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
   -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
   -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
   -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
   -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
   COMMIT

4. Modify the "/etc/sysconfig/iptables" file to include the lines that are highlighted in the listing below. These lines include exceptions that allow for the connection to Galil controllers over Ethernet and the ability to find and assign IP addresses to Ethernet based controllers.

   # Firewall configuration written by system-config-securitylevel
   # Manual customization of this file is not recommended.
   *filter
   :INPUT ACCEPT [0:0]
   :FORWARD ACCEPT [0:0]
   :OUTPUT ACCEPT [0:0]
   :RH-Firewall-1-INPUT - [0:0]
   -A INPUT -j RH-Firewall-1-INPUT
   -A FORWARD -j RH-Firewall-1-INPUT
   -A RH-Firewall-1-INPUT -i lo -j ACCEPT
   -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
   -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
   -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
   -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
   -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
   -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
   -A RH-Firewall-1-INPUT -p udp -m udp --dport 1067 -j ACCEPT
   -A RH-Firewall-1-INPUT -p udp -m udp --dport 50000 -j ACCEPT
   -A RH-Firewall-1-INPUT -p udp -m udp --dport 60001:60007 -j ACCEPT
   -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
   COMMIT
   *nat
   :PREROUTING ACCEPT [0:0]
   -A PREROUTING -p udp --src 0.0.0.0 --dport 67 -j DNAT --to 0.0.0.0:1067
   COMMIT

5. The addition of the NAT module will require restarting the iptables service.

   $ su -c '/sbin/service iptables restart'
   Password:
   

If standard users do not need to assign IP addresses to controllers, the redirection of port 67 to port 1067 is not necessary but the "-bootps 67 -bootpc 68" command line switch must be used to tell GalilTools to listen on port 67 instead of the default 1067. The following is an example of how to launch GalilTools from the terminal to allow a privledged user to assign an IP address to a controller without setting up the operating system to redirect port 67 to 1067.

$ su -c 'galiltools -bootps 67 -bootpc 68'
Password: