User Configuration Guide for user.cfg
The user.cfg
file is used to configure various settings for the RockREMOTE Mini. This configuration file allows users to control settings related to networking, serial communication, I/O options, and firewall rules. It can be updated via TFTP or AT serial commands (which are not documented here). Below is a description of the fields and how users can customize them to suit their needs.
Further details and instructions for transferring the configuration file to the Mini can be found here: Software and Config Update Process
LAN Configuration
The LAN
section configures the local area network settings, including IP address, DHCP, and DNS servers.
- tftpEnabled: Enables or disables the TFTP server on the Mini.
true
to enable,false
to disable.
- dhcpEnabled: Configures whether DHCP is enabled to automatically assign IP addresses to devices on the LAN.
true
to enable,false
to disable.
- dhcpStart: The starting IP address for DHCP leases. The IP address is in the format
[192,168,250,100]
. - dhcpEnd: The ending IP address for DHCP leases. The IP address is in the format
[192,168,250,199]
. - dhcpLease: The duration (in minutes) for which an IP address is leased.
- sntpEnabled: Configures whether SNTP (Simple Network Time Protocol) is enabled.
true
to enable,false
to disable.
- Address: The static IP address of the Mini on the LAN (e.g.,
[192,168,250,1]
). - Mask: The subnet mask for the LAN (e.g.,
[255,255,255,0]
). - Gateway: The gateway IP address, typically the same as the Mini's LAN IP.
- Dns1: Primary DNS server (e.g.,
[8,8,8,8]
). - Dns2: Secondary DNS server (e.g.,
[8,8,4,4]
).
If any DNS server is set, a outbound rule will be applied atomically for UDP Port 53 for that DNS Server IP. This is so LAN devices can perform DNS queries.
Serial Communication
The Serial
section configures serial communication settings for the Mini AT interface.
- mode: Serial communication mode, typically set to
RS232
. - baud: Baud rate for serial communication (e.g.,
19200
). - parity: Parity setting for serial communication, such as
NONE
,EVEN
, orODD
. - bits: Number of data bits (typically
8
). - stop: Number of stop bits (
1
or2
).
IO Configuration
The IO
section allows for configuration of I/O options.
- IOtype: Defines the type of I/O. Not currently used and set to
NONE
.
IMT Configuration
The Imt
section handles the IMT (Iridium Messaging Transport topic) configuration.
- defaultTopic: Sets the default IMT topic (e.g.,
244
, a.k.a RAW IMT Topic).
Sleep Mode
The SleepMode
section configures the Mini's external sleep pin behavior.
- SleepMode: Defines the sleep mode. Not currently used and set to
NONE
.
Users Configuration
The Users
section allows for user management. It is currently empty and used.
Firewall Configuration
The Firewall
section is essential for controlling inbound and outbound traffic rules. It defines which TCP, UDP, and ICMP connections are allowed or blocked based on specified parameters. This feature was added from v0.7
.
Outbound Rules
These rules govern the outgoing traffic from the Mini to external networks. These rules are limited to 10 rules per protocol, if there are more than 10 rules listed the remaining rules will be ignored. If any rules have invalid ports or IPs they will be parsed but the rules will not work a expected.
-
TCP: Specifies allowed outbound TCP connections. Each rule has:
- destAddr: The destination IP address (e.g.,
"destAddr": [0,0,0,0]
with"destSubnet": 0,
means any destination). - destSubnet: The subnet mask in CIDR notation for the destination IP. (e.g.,
destAddr [0,0,0,0]
with"destSubnet": 0
means any destination). - portStart: The starting port for the allowed range (e.g.,
80
for HTTP). - portEnd: The ending port for the allowed range (e.g.,
80
for HTTP).
The example below will allow HTTP and HTTPS for any destination:
- destAddr: The destination IP address (e.g.,
"TCP": [
{
"destAddr": [0,0,0,0],
"destSubnet": 0,
"portStart": 80,
"portEnd": 80
},
{
"destAddr": [0,0,0,0],
"destSubnet": 0,
"portStart": 443,
"portEnd": 443
}
]
-
UDP: Specifies allowed outbound UDP connections.
- Similar structure to TCP, with destination address, subnet, and port range.
-
ICMP: Specifies allowed outbound ICMP (ping) traffic.
- destAddr: Destination IP address (e.g.,
[8,8,8,8]
). - destSubnet: Subnet mask for the destination (e.g.,
32
).
The example below will allow pings to
8.8.8.8
: - destAddr: Destination IP address (e.g.,
"ICMP": [
{
"destAddr": [8,8,8,8],
"destSubnet": 32
}
Inbound Rules - Port Forwarding
These rules control incoming traffic from external networks to the LAN. These rules are limited to 10 rules per protocol, if there are more than 10 rules listed the remaining rules will be ignored.
If any rules have JSON syntax errors they will not be parsed and will be ignored.
If any rules have invalid ports or IPs they will be parsed but the rules will not work as expected.
-
TCP: Defines the allowed inbound TCP connections to the LAN.
- lanAddr: The local LAN IP address that the traffic will be forwarded to (e.g.,
[192,168,250,51]
). - wanPort: The external WAN port that the traffic is coming from.
- lanPort: The internal LAN port that the traffic is forwarded to. This can be the same as
wanPort
.
The example below will forward inbound HTTP and HTTPS to LAN device
192.168.250.51
- lanAddr: The local LAN IP address that the traffic will be forwarded to (e.g.,
"TCP": [
{
"lanAddr": [192,168,250,51],
"wanPort": 80,
"lanPort": 80
},
{
"lanAddr": [192,168,250,51],
"wanPort": 443,
"lanPort": 444
}
],
In the example user.cfg (link below) all inbound rules are set to zero - these will need to be edited in order to successfully enable port forwarding.
- UDP: Defines the allowed inbound UDP connections to the LAN.
- Similar to TCP, with the local LAN address and WAN-to-LAN port mapping.
Example user.cfg
Example user.cfg can be downloaded here
For our initial BETA FW releases, only serial baud is configurable the other serial settings are hard coded as:
Serial - 8 data bits, No parity, No flow control. RS232 Only.