IG 4 COMMAND LINE INTERFACE REFERENCE

DOCUMENT RELEASE 1.01

IG 4 Command Line Interface Reference

This is a reference guide of the commands available in the Command Line

Interface. This document is intended for system and network administrators
who will be configuring and administrating the IG 4.

Copyright © 2018 ANTlabs Pte Ltd

All rights reserved.
Connectivity Made Easy
2
TRADEMARKS AND ACKNOWLEDGEMENTS
The following trademarks and acknowledgments apply to:
The IG 4 system and Tru’Connect™ technology are products and
technologies of ANTlabs Pte Ltd, (ANTlabs). Windows and Microsoft are
registered trademarks of Microsoft Corporation. All other products
mentioned in this manual are trademarks of their respective owners.

DISCLAIMER
No part of this manual may be copied, distributed, transmitted,
transcribed, stored in a retrieval system or translated into any human or
computer language, in any form or by any means, electronic or
otherwise, without the express written permission of ANTlabs.

The software and accompanying written materials (including instructions

for use and this document) are provided “as is” without warranty of any
kind.

ANTlabs does not warrant, guarantee or make any representations

regarding the use, or the results of the use, of the software or written
materials in terms of correctness, accuracy, reliability, trend or
otherwise. ANTlabs reserves the right to make changes without further
notice to any products described herein to improve reliability, function
or design. This documentation is copyrighted and may not be altered
without written consent from ANTlabs.

ANTlabs reserves the right to prosecute companies or individuals who

make, distribute or use illegal copies of this software system and its
accompanying documentation.

Release Date: January 2018

Document Reference No: IG4-CLI-1.01

Connectivity Made Easy

3
 CONTENT

INTRODUCTION ........................................................................................ 6
Overview .............................................................................................. 6
Command Syntax .................................................................................. 6
Chapter 1 .................................................................................................. 8
NETWORK SERVICE COMMANDS ................................................................ 8
dns ...................................................................................................... 8
email .................................................................................................... 8
ip ......................................................................................................... 9
ntpd ..................................................................................................... 9
netpx_conf ......................................................................................... 10
syslog ................................................................................................ 14
webpx ................................................................................................ 14
websv ................................................................................................ 15
Chapter 2 ................................................................................................ 16
SYSTEM SECURITY COMMANDS ............................................................... 16
webadm ............................................................................................. 16
wadacc ............................................................................................... 16
enasup ............................................................................................... 17
passwd_sup ........................................................................................ 17
Chapter 3 ................................................................................................ 18
STATUS AND LOG COMMANDS ................................................................. 18
status ................................................................................................. 18
sessions ............................................................................................. 18
session_log......................................................................................... 19
show .................................................................................................. 19
usage_log........................................................................................... 19
users .................................................................................................. 19
Chapter 4 ................................................................................................ 20
SYSTEM COMMANDS................................................................................ 20
help ................................................................................................... 20
reboot ................................................................................................ 20
shutdown ........................................................................................... 20
restart ................................................................................................ 20
sshtun ................................................................................................ 21
check ................................................................................................. 21
exit .................................................................................................... 22
save_snapshot .................................................................................... 22
restore_firmware ................................................................................ 22
restore_snapshot ................................................................................ 22
Chapter 5 ................................................................................................ 23
UNIX SHELL COMMANDS .......................................................................... 23

Connectivity Made Easy

4
 PREFACE

AUDIENCE

This manual is intended for administrators who will be responsible for the
installation and configuration of the IG 4.

This manual describes the commands accessible via the Command Line
Interface.

Administrators are expected to have a good working knowledge of networks

and TCP/IP. Knowledge of the operating environment and characteristics of the
systems used in the deployed networks are also useful.

RELATED DOCUMENTATION

You may refer to the ANTlabs homepage at http://www.antlabs.com/ for

other related materials and documents released by ANTlabs.

FEEDBACK AND COMMENTS

ANTlabs welcomes all comments and suggestions on the quality and usefulness
of this document. Our users’ feedback is an important component of the
information used for improvement of this document.

Please include in your feedback:

• Name • Postal Address

• Title • Telephone Number
• Company • Document Title & Release No
• Department • Document Reference No.
• E-Mail • Comments/Feedback

Also, please include the chapter, section and/or page number when referring
to specific portions of the document.

Send your comments via email to [email protected]

Connectivity Made Easy

5
 INTRODUCTION

Overview
This documentation provides a reference for the various commands that are
available to aid in configuring the IG 4.

Each category of associated commands is described in individual chapters. The

various categories are as follows:

1. NETWORK SERVICE COMMANDS – Commands related to setting up

the IG 4 for operation on the network.

2. SYSTEM SECURITY COMMANDS – Commands that manage system

security such as the administrator account details like username,
password, etc.

3. STATUS AND LOG COMMADS – Commands that show the operational

status, various system settings and historical logs.

4. SYSTEM COMMANDS – System commands manage various system

functions such as optimization, services, database, etc.

In addition, the CLI also supports a subset of the Unix Shell commands which
are listed in chapter UNIX SHELL COMMANDS.

The IG 4 features 2 levels of CLI access; operator mode and supervisor

mode (see the enasup section). Commands available in the operator
mode are a subset of those available in the supervisor mode.

Command Syntax
The basic command syntax is as follows:

command keyword [option <arguments…>]

Some keywords are common throughout the majority of commands and are
described in the table below. The keywords apply to most commands except
for the show command, where the syntax is different. Also, some system
commands like shutdown, reboot and password do not have any options.

Connectivity Made Easy

6
 Keywords Description
show View the existing configurations.
show config View the existing configurations in command syntax.
set Modify the existing configurations.
enable Enable a feature that is already set.
disable Disable a feature, retaining the value set (if any).
delete Delete the logged reports (This keyword is specific to
the commands in reports section).

Connectivity Made Easy

7
 Chapter 1

NETWORK SERVICE COMMANDS

dns
Using this command, the parameters of the DNS, like the parent DNS to be
used by the IG 4 for name resolutions can be configured.

This command is only available in supervisor mode (see the enasup

section).

Usage: dns show

dns show config
dns set parent ‘address’

Example: dns show

dns show config
dns set parent 162.21.83.88

Using the keyword set, a list of space separated DNS values can be specified
and the command will update the DNS configurations to the new value(s):
dns set parent 192.168.124.8 8.8.8.8

Set Options Description

parent Configure the IP address of the parent DNS

email
Parameters of the SMTP server can be configured with this command.

This command is only available in supervisor mode (see the enasup

section).

Usage: email show

email show config
email set [admin_email ‘email’] [forward_to_ip
‘ip’]
email enable/disable [system_email] [forward_to_ip]

Example: email show

email show config
email disable system_email
email set admin_email [email protected]
email set forward_to_ip 207.125.222.21

Connectivity Made Easy

8
The IG 4 has its own SMTP server and therefore does not require any external
server. However, email forwarding to and external SMTP server is possible. The
IP address of the external SMTP server can be specified using the
forward_to_ip option with keyword set.

Set Options Description

admin_email Postmaster’s email account.
forward_to_ip IP address of the external SMTP server.

Enable/Disable Options
system_email Enable/disable use of system administrator’s
email (in place of postmaster’s email).
forward_to_ip Enable/disable email forwarding to the external
SMTP server.

ip
Using this command, the upstream interface of the IG 4 can be configured.

This command is only available in supervisor mode (see the enasup

section).

Usage: ip show [‘device1’ ‘device2’...]

ip show config
ip set device_name [ip ‘ip’] [netmask ‘nm’]
[gateway ‘gw’]

Example: ip show
ip show "WAN 2"
ip show config
ip set "WAN 2" ip 211.183.5.163 netmask
255.255.255.224 gateway 211.183.5.1

Set Options Description

ip Set the IP address of the Ethernet device.
netmask Set the net mask address of the Ethernet device.
gateway Set the gateway address of the Ethernet device.

ntpd
Using this command, the NTP server can be configured. This allows the IG 4 to
synchronize its time with this configured NTP server.

This command is only available in supervisor mode (see the enasup

section).

Connectivity Made Easy

9
Usage: ntpd show
ntpd show config
ntpd set server ‘address’
ntpd disable server

Example: ntpd show

ntpd show config
ntpd set server 192.453.22.34
ntpd disable server

The NTP server is enabled automatically when the IP address is set using the
set keyword.

Set Options Description

server Set the IP address of the NTP server.
Disable Options
server Disable the NTP server.

netpx_conf
This command allows you to configure a port forwarding service which can be
useful if you want to allow upstream access to downstream services.

For example, there may be a downstream host running an FTP service that
needs to be accessible to upstream users. But because the downstream
network might be a private network that is not visible to the upstream, there
will be no way for the upstream user to connect to the FTP service. For a
downstream private network, upstream users will only see the WAN IP of the
IG 4 and not the individual downstream hosts. Port forwarding allows you to
assign a Port Number on the IG 4 gateway's WAN interface so that a user
connecting to the IG 4 gateway's WAN IP + Port Number will actually have their
traffic forwarded to the downstream service.

Port forwarding can also be used as a means to conserve public IP addresses;

as opposed to assigning a public IP for each downstream service host.

To setup the net proxy, you will need to perform the following steps:

1. Setup the proxy environment – Configure the interface to listen for

incoming connections and general connection settings.

2. Create the proxy entries – Configure the entries for the hosts which
require the proxy service.

3. Create action filters – Configure filters that perform an action when

the filter criteria match the incoming connection attempt.

Connectivity Made Easy

10
The command syntax is first discussed here with subsequent examples to
illustrate its use according to the above steps.

Usage: netpx_conf <object> <command>

Where object:= { env | proxy_rule | filter | session }

command(env) := { get <key ...> | set <key>
<value> | list }
key := { proxy_device | tcp_timeout |
udp_timeout | tcp_max_conn | udp_max_conn |
filter_action }
command(proxy_rule) := { list <type> | clear
<type> | delete
<type> <port> | add <type> <port> <target_host>
<target_port> <device> }
command(filter) := { list <type> | insert
<filter_spec1> | append
<filter_spec1> | update <filter_spec1>| delete
<type> <position> |
delete_first <filter_spec2> | delete_all
<filter_spec2>
command(session) := { list <type> }
filter_spec1 := <type> <position> <action>
<snet> <sport>
<tport>
filter_spec2 := <type> <action> <snet> <sport>
<tport>
type := { tcp | udp }

Note: When specifying an IP address for the source network snet, you may
use CIDR format (e.g. 192.168.123.50/24 where “/24” is the subnet mask
prefix).

Example (netpx_conf env):

netpx_conf env list

netpx_conf env set tcp_timeout 3000
netpx_conf env set udp_timeout 30000
netpx_conf env get proxy_device tcp_timeout

Connectivity Made Easy

11
The above commands allow you to list/store/retrieve the proxy environment
variables and their associated settings. The environment variables are
explained here:

Variables Description
proxy_device The interface on which to listen for incoming
connections (Do not modify)
tcp_timeout Timeout (in seconds) for TCP connection
attempts.
udp_timeout Timeout (in seconds) for UDP connection
attempts.
Max TCP Connections Maximum number of TCP connections allowed.
Max UDP Connections Maximum number of UDP connections allowed.
filter_action The action applied on receipt of an incoming
connection attempt.

Example (netpx_conf session):

netpx_conf session list tcp

The above command lists the current active TCP net proxy sessions.

Example (netpx_conf proxy_rule):

netpx_conf proxy_rule list tcp

The above command lists the rules applied to TCP proxy connections.

netpx_conf proxy_rule add tcp 92 10.68.12.24 23 eth1

netpx_conf proxy_rule delete tcp 92

The first of the two above commands adds an entry to listen for incoming TCP
connections on port 92 and forward them to the host with IP address
10.68.12.24 on port 23 (telnet) which can be found on the network
accessible through interface eth1. The second command deletes the entry just
created.

netpx_conf proxy_rule clear udp

The above command clears all UDP connections entries currently applied.

Example (netpx_conf filter):

netpx_conf filter list tcp

Connectivity Made Easy

12
The above command lists all the filters currently applied to TCP proxy
connections. An example of the output generated by the above command is
shown here:

Filter 1:
Action : ACCEPT
Source Network : 123.123.123.0/24
Source Port : ANY
Target Port : ANY
Filter 2:
Action : ACCEPT
Source Network : 10.12.10.1
Source Port : 30
Target Port : 20

To add a filter to the sample list above you may formulate a command such as
the one below:

netpx_conf filter insert tcp 1 DENY 10.10.1.1 ANY 60

The above command inserts the filter before Filter 2. Using the sample output
above, the list of filters can be thought of as an array with position index 0
occupied by Filter 1 and position index 1 occupied by Filter 2. As such, the
above command will insert the filter before Filter 2, pushing Filter 2 to position
index 2 and automatically renamed to Filter 3. If you wish to use insert after
the position, use the append command instead.

Note: Because of the array-based representation described above, if you are

inserting the very first entry into an empty list, the position index should be 0
not 1.

This filter is matched when a host with IP address 10.10.1.1 attempts to

make a TCP connection to the IG 4 on port 60. When matched, the connection
is denied, as specified by the action. The order of precedence is simple; the
first filter matched is the one that is applied.

Note: While the system allows you to specify the source port, because most
outgoing connections use ephemeral ports, it is more common to set the source
port to ANY indicating that all connection attempts from 10.10.1.1 regardless
of its source port will match this filter.

netpx_conf filter append tcp 1 DENY 10.10.1.1 ANY 60

The command above appends a DENY filter rule for 10.10.1.1 from source ANY
to destination port 60 after position 2 (inserted at position 3)

Connectivity Made Easy

13
netpx_conf filter delete tcp 1

The command above deletes the TCP filter entry at position index 1.

netpx_conf filter delete_first tcp DENY 10.10.1.1

ANY 60
The command above deletes the first TCP filter entry that matches the criteria
specified. If you wish to delete all filter entries that match the criteria (i.e.
duplicate entries), use the delete_all command instead.

syslog
Using this command, remote logging of certain system events to a specified
syslog server can be configured.

This command is only available in supervisor mode (see the enasup

section).

Usage: syslog show

syslog show config
syslog set server ‘address’
syslog enable/disable server

Example: syslog show

syslog show config
syslog set server 192.136.112.1
syslog enable server
syslog disable server

The remote syslog machine must be configured to accept logs through email
delivery.

Set Options Description

Server Set IP address of the syslog server.

Enable/Disable Options
Server Enable/disable remote logging.

webpx
Using this command, the IG 4 can be configured to use either a direct
connection or specify a web proxy. A comma-separated list of valid proxies and
associated ports can be specified. Also, you can set the contact email address
presented to the user when a proxy error occurs.

This command is only available in supervisor mode (see the enasup

section).

Connectivity Made Easy

14
Usage: webpx show
webpx show config
webpx set [proxy ‘address’:'port'] [admin_email
‘email’]
webpx enable/disable [proxy] [system_email]

Examples: webpx disable proxy

webpx enable system_email
webpx set proxy proxy1.antlabs.com:8080
admin_email [email protected]

Set Options Description

proxy Comma separated list of proxy addresses of the
form addr1:port1, addr2:port2, addr3:port3…
admin_email Webmaster’s the email address for proxy errors.

Enable/Disable Options
proxy Enable/disable use of parent proxy.
system_email Enable/disable use of system administrator’s
email (in place of Webmaster’s email).

websv
Using this command, parameters for the web server can be configured.

This command is only available in supervisor mode (see the enasup

section).

Usage: websv show

websv show config
websv set email ‘email’
websv enable/disable system_email

Example: websv show

websv show config
websv set email ‘[email protected]’
websv enable system_email

Set Options Description

Email Webmaster’s email address for web server errors.

Enable/Disable Options
system_email Enable/disable use of system administrator’s
email (in place of Webmaster’s email).

Connectivity Made Easy

15
 Chapter 2

SYSTEM SECURITY COMMANDS

webadm
Using this command, the administrator’s account details such as user id, email
address and password for the web admin can be configured.

This command is only available in supervisor mode (see the enasup

section).

Usage: webadm show

webadm show config
webadm set [id ‘id’] [password] [email ‘address’]

Example: webadm show

webadm show config
webadm set id johntan password email
[email protected]

The default value for user id is root and password is admin.

Set Options Description

id Set system administrator’s user id.
password Set system administrator’s account password.
email Set the email address of the administrator.

wadacc
Restrictions on which IP addresses can have access to the web admin can be
setup here.

This command is only available in supervisor mode (see the enasup

section).

Usage: wadacc show

wadacc enable/disable [deny_downstream/ip_control]

Example: wadacc show

wadacc disable deny_downstream
wadacc enable ip_control 2192.168.0.0/
255.255.255.0

Connectivity Made Easy

16
 Set Options Description
ip_control Configure the IP addresses that are allowed to
access the web admin from the upstream.

Enable/Disable Options
deny_downstream Enable/disable access from downstream.
ip_control Enable/disable upstream IP access control list.

enasup
The IG 4 features 2 levels of CLI access; operator mode and supervisor mode.
Commands available in the operator mode are a subset of those available in
the supervisor mode.

This command enables the user to enter into the supervisor mode. After
entering the command, a prompt for a password will appear. The default
password is blank.

Usage: enasup

passwd_sup
This command changes the supervisor password. After entering the command,
it prompts you for the new password.

This command is only available in supervisor mode (see the enasup

section).

Usage: passwd_sup

Connectivity Made Easy

17
 Chapter 3

STATUS AND LOG COMMANDS

status
This command displays information about the current system status.

Usage: status show

Example:
status show
Appliance Status
----------------
Disk Availability : 544169 MB
Disk Used : 2593 MB
Memory Availability: 16199 MB
NIC : eth1:58021 RX 17559 TX
CON : unknown
Version : Antlabs SG4 model 4300 release 4.1.0
IP Address : 192.168.1.243
Netmask : 255.255.255.0
DNS : 8.8.8.8,8.8.4.4
Uptime : 2:47

sessions
This command displays the real-time information about the currently logged in
sessions.

Usage: sessions show

Example:
sessions show
Number #38
-----------------
Start Time : 2014-07-07 13:06:21
Stop Time : 1970-01-01 07:30:00
Service Type : fixed_duration
Status : active
Userid : qvies7 1
Hardware Address: C8:0A:A9:8B:FC:E5
IP Address : 1.2.3.1
IFIndex : 12
PPLI : eth0

Connectivity Made Easy

18
session_log
This command displays a historical trace of sessions that were previously active.
You can also delete the log.

Usage: session_log show

session_log delete

show
This command acts as a wrapper for displaying the configurations of all the
commands listed above.

The show settings command is equivalent to <command> show and the

show config command is equivalent to <command> show config as was
discussed in the Command Syntax section.

Usage: show settings [command_name]

show config [command_name]
show sessions
show users
show session_log
show usage_log
show status

Where command_name is one of the following:

dns email inetd ip ntpd

syslog wadacc webadm webpx websv

Example: show settings dns

show config webadm

usage_log
This command displays a device information and usage log of downstream
users.

Usage: usage_log show

usage_log delete

users
This command displays information about currently active downstream users.

Usage: users show

Connectivity Made Easy

19
 Chapter 4

SYSTEM COMMANDS

help
Displays the list of supported commands and provides a description for each
command.

Usage: help [command]

Example: help reboot

reboot
This command is used to reboot the IG 4. You will be prompted to confirm the
action.

This command is only available in supervisor mode (see the enasup

section).

Usage: reboot

shutdown
This command is used to shut down the IG 4. You will be prompted to confirm
the action.

This command is only available in supervisor mode (see the enasup

section).

Usage: shutdown

restart
Use this command to restart any service when troubleshooting.

This command is only available in supervisor mode (see the enasup

section).

Usage: restart [service_name]

Connectivity Made Easy

20
Where [service_name] is one of the following:
ant_auth_timer webserver
ant_auth_intupd dns
antmgr mail
arpd snmp

sshtun
In some network configurations, the IG 4 may reside in an internal scope and
therefore may be assigned a private IP address. In such a case, Internet bound
traffic originating from the IG 4 (and other clients from the internal scope) is
most likely Network Address Translated onto the Internet. In such a scenario,
an external host which may need to access the IG 4 from the Internet will not
be able to do so.

This command uses the port forwarding feature of SSH to create a tunnel from
the IG 4 (SSH client) to the external host (SSH server) so that the external
host’s applications can subsequently communicate with the IG 4 through the
tunnel.

Usage: sshtun userid remote-ip remote-port listen-port

Example: sshtun console 123.44.55.66 5468 1842

The above command specifies that port 5468 on the remote host 123.44.55.66
is to be forwarded to port 1842 on the IG 4. Once executed, applications on
the remote host can access the IG 4 gateway's HTTPS by connecting to port
5468 on the remote host.

check
This command checks on the status of the httpd and squid daemon processes
and then restarts them if they are not active currently or abnormally
terminated.

Usage: check system

This command also checks, repairs and optimizes all the mysql database tables.
It can be invoked occasionally to optimize the database performance.

Usage: check database

Connectivity Made Easy

21
exit
This command terminates the current CLI shell. When in supervisor mode,
exit will terminate the supervisor shell and return to operator mode shell.

Usage: exit

save_snapshot
Use this command to save a snapshot of the current state of the IG 4. Upon
executing this command, the IG 4 will reboot to save the snapshot.

This command is only available in supervisor mode (see the enasup

section).

Usage: save_snapshot <mode> [standalone/HA]

Set Options Description

standalone Use this option when the IG 4 is not connected to a
peer gateway in HA mode.
HA Use this option when a peer gateway is connected
in HA mode.

restore_firmware
Use this command to restore the IG 4 to its factory default state. Upon
executing this command, the IG 4 will reboot to perform the restoration.

This command is only available in supervisor mode (see the enasup

section).
This command is only available via the serial port connection.

Usage: restore_firmware

restore_snapshot
Use this command to restore the IG 4 to the previously saved snapshot. Upon
executing this command, the IG 4 will reboot to perform the restoration. If a
snapshot is not found, no changes will be made on the IG 4.

This command is only available in supervisor mode (see the enasup

section).

Usage: restore_snapshot

Connectivity Made Easy

22
 Chapter 5

UNIX SHELL COMMANDS

Listed below are the additional commands that are accessible via the interface.
Supervisor-Only commands are only available in supervisor mode. Operator
commands are available in both operator and supervisor mode.

Supervisor Only
Command Description
arp Manipulate the system ARP cache
chmod Change file access permissions
cp Copy files
edit Open a text editor
ln Make links between files
mailq List pending mails in the mail queue
menu Configure the system through a menu-based interface
mkdir Make new directories
mv Move (rename) files
passwd Change CLI operator password
rm Remove files or directories
rmdir Remove empty directories
touch Change file timestamps

Connectivity Made Easy

23
Operator
Command Description
cat Create and display short files
cd Change current working directory
clear Clear the display screen
df Report filesystem disk space usage
free Display information about free and used memory on the
system
head Display the first part of file
ifstat Display the Internet statistics
ls List directory contents
netstat Displays the network connections, routing tables, interface
statistics, masquerade connections, netlink messages and
multicast memberships
nslookup Query Internet name server non-interactively. The
interactive interface is disabled.
ping Send ICMP ECHO_REQUESTS packets to network hosts
vmstat Display high-level system performance overview
ps Report process status information
shd Show the current working directory
rz Receive files
sz Send one or more files
tail View the last part of the input file
tcpdump Dump traffic on a network
terminal Change terminal type
tracepath Traces path to a particular destination discovering MTU
along this path
traceroute Print the route packets take to network host
version Display version of the CLI
vlandump Display VLAN information

Connectivity Made Easy

24