Installing GalilTools 1.6.4 on Ubuntu 12.04 & 14.04

Install GalilTools Software Package

This section covers the installation of the GalilTools 64 bit software package. After installing the GalilTools software package, additional configuration is necessary. Any previous installations of GalilTools must be removed before installing the latest version.

Before using a PCI based controller, the GalilTools PCI driver must be installed and user permissions must be modified.
Before using a USB or RS232 based controllers, user permissions must be modified.
Before using an Ethernet based controller, the firewall must be configured.

This document will outline the complete setup of GalilTools for all controller communication interfaces.

Open a terminal by opening the Dash Home, typing terminal, then clicking the icon. Alternatively the <ctrl> + <alt> + T keyboard shortcut can be used.

Get the GalilTools package and install it with the package manager.

12.04
$ wget http://galil.com/download/software/galiltools/linux/ubuntu_12.04/galiltools_1.6.4_amd64.deb

14.04
$ wget http://galil.com/download/software/galiltools/linux/ubuntu_14.04/galiltools_1.6.4_amd64.deb

$ sudo dpkg -i galiltools_1.6.4_amd64.deb
[sudo] password for username:

GalilTools can be launched from the terminal with the command "galiltools" or from the Dash Home by searching for "galil".

Install the GalilTools PCI Driver

If GalilTools is to be used with a PCI based controller, the GalilTools PCI driver must be installed. If GalilTools will not be used with a PCI based controller, this section can be skipped. If the GalilSuite PCI driver has been previously installed, it must be removed before installing the GalilTools PCI driver. While there is limited support for the GalilSuite PCI driver in GalilTools, it is strongly recommended that the GalilTools PCI driver is used with GalilTools.

Open a terminal by opening the Dash Home, typing terminal, then clicking the icon. Alternatively the <ctrl> + <alt> + T keyboard shortcut can be used.

Get the Galil public key and import it.

$ wget http://www.galil.com/download/software/galilsuite/linux/galil_public_key.asc
$ gpg --no-default-keyring --keyring trustedkeys.gpg --import galil_public_key.asc

Download the required packages for the build process.

$ sudo apt-get install build-essential autoconf automake autotools-dev dh-make debhelper devscripts fakeroot xutils lintian pbuilder
[sudo] password for username:

Download the Linux PCI driver Debian source control file and source file from the Galil website.

$ wget http://galil.com/download/software/galiltools/linux/galiltools-pci_1.6.4.dsc
$ wget http://www.galil.com/download/software/galiltools/linux/galiltools-pci_1.6.4.tar.gz

Extract the source and verify integrity of source package.
```
$ dpkg-source -x galiltools-pci_1.6.4.dsc
```
Move the newly extracted source directory and build the driver.
```
$ cd galiltools-pci-1.6.4
$ dpkg-buildpackage -uc -b
```
Return to the parent directory where the deb installer file is located and install the deb installer file.
```
$ cd ..
$ sudo dpkg -i galiltools-pci_1.6.4_amd64.deb
```

Set User Permissions

To connect to Galil controllers over the USB, RS232 or PCI interfaces, a user must have the proper permissions to access the device. If a standard user intends to connect to a Galil controller over USB, RS232, or PCI, the following instructions must be followed. If a standard user wishes only to connect to Ethernet based controllers, this section can be skipped.

Open a terminal by opening the Dash Home, typing terminal, then clicking the icon. Alternatively the <ctrl> + <alt> + T keyboard shortcut can be used.
Issue the following command to add users to the dialout group. The dialout group members have permission to use serial ports. Such permission is necessary for communication with Galil controllers over RS232 or USB. Make sure to replace "username" with the desired username.
```
$ sudo usermod -a -G dialout username
[sudo] password for username: 
```
Issue the following command to add users to the galil group. The galil group members have permission to use Galil PCI based controllers. Make sure to replace username with the desired username. Note that the galil group will not exist unless a Galil PCI driver has been previously installed.
```
$ sudo usermod -a -G galil username
[sudo] password for username: 
```
The process may be repeated to modify other users.
For the updated permissions to take effect, the modified user must logout then log back in.

Configure the Firewall

If a firewall is in place, two exceptions must be included in the firewall settings. Furthermore, on Linux machines, standard users cannot typically listen on any port less than 1024. This makes a redirect necessary.

Accepting UDP traffic on port 50000 allows for the connection to Galil controllers over Ethernet.
Accepting UDP traffic on port 60001 through 60007 allows the host to receive Data Record and unsolicited messages from the controller.
The port redirection of port 67 to port 1067 allows standard users to assign IP addresses to controllers. Note that as a result port 1067 must accept udp traffic.

Three possible firewall configurations will be outlined below. Please review each one to see which is right for the target system.

Standard User without Uncomplicated Firewall (UFW)

If no firewall is in use, setting firewall exceptions for ports 1067, 50000, and 60001 through 60007 are not necessary. Ubuntu does not install with a set of firewall rules so only the port forward will be necessary here. This example will only setup the port forward so standard users can assign IP addresses to controllers.

The following changes allow standard users to assign IP addresses to controllers using GalilTools.

Open a terminal by clicking Applications>Accessories>Terminal.
First a configuration file will be created at /etc/iptables.rules. This will be loaded by iptables-restore on the network interface pre-up to load the required iptables rules automatically.
```
$ sudo gedit /etc/iptables.rules
[sudo] password for username:
```

Add the following lines to the newly created /etc/iptables.rules file.

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -s 0.0.0.0/32 -p udp -m udp --dport 67 -j DNAT --to-destination 0.0.0.0:1067
COMMIT

Next the /etc/network/interfaces file will be modified.

$ sudo gedit /etc/network/interfaces
[sudo] password for username:

At the end of the network related lines for the interface that the controller will utilize, add the line that is highlighted in green in the example below.
```
auto lo
iface lo inet loopback
  pre-up iptables-restore < /etc/iptables.rules
```
The firewall settings from /etc/iptables.rules will now be applied each time the interface comes up. To apply the new settings now, reset the interface or reboot the system.

Standard User with Uncomplicated Firewall (UFW)

For Ubuntu system that use UFW, the default firewall configuration tool for Ubuntu, this example will demonstrate how to create the required exceptions and setup the port forward so standard users can assign IP addresses to controllers. It will be assumed that UFW is running with the default set of rules (profile).

Open a terminal by clicking Applications>Accessories>Terminal.

First the ufw configuration file will be modified.

$ sudo gedit /etc/ufw/before.rules
[sudo] password for username:

Insert the following text at the bottom of the file.

# GalilTools firewall rules 
*filter
-A ufw-before-input -p udp -m udp --dport 1067 -j ACCEPT
-A ufw-before-input -p udp -m udp --dport 50000 -j ACCEPT
-A ufw-before-input -p udp -m udp --dport 60001:60007 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p udp --src 0.0.0.0 --dport 67 -j DNAT --to 0.0.0.0:1067
COMMIT

To apply the new settings now restart ufw or reboot the machine.

$ sudo ufc disable
[sudo] password for username:
$ sudo ufc enable
[sudo] password for username:

Root User without Uncomplicated Firewall (UFW)

If standard users do not need to assign IP addresses to controllers, the redirection of port 67 to port 1067 is not necessary but the "-bootps 67 -bootpc 68" command line switch must be used to tell GalilTools to listen on port 67 instead of the default 1067. The following is an example of how to launch GalilTools from the terminal to allow a privileged user to assign an IP address to a controller without setting up the operating system to redirect port 67 to 1067.

$ sudo galiltools -bootps 67 -bootpc 68
[sudo] password for username: