KR102214550B1 - Air conditioning system comprising constructing routing apparatus - Google Patents

Abstract

The present invention relates to an air conditioning system including a routing device (100) capable of constructing a firewall in a small embedded Linux system to access only a specific Internet site using a USB-type wireless LTE modem for supporting mobile communication which can be connected to the Internet in a security network or a wired modem connected to the Internet. The air conditioning system of the present invention comprises: a routing device (100) constructed to activate IP forwarding through an Orange-Pi board operating based on an embedded Linux system, registering a domain address to be accessed, and implementing and executing a packet filtering process; a USB-type wireless LTE modem or wired modem (200) connected to the routing device (100) to be accessed to an Internet site; a server device (300) connected to the routing device (100) to obtain weather forecast data of a national weather service, and having TCP/IP, MAC and Ethernet; and an air conditioner (400) for receiving the weather forecast data of the national weather service from the server device (300) to predict a heating/cooling load of a building, and adjusting the temperature and volume of air generated in an air conditioner or controlling on/off of the air conditioner to maintain the temperature within an input target indoor temperature on the basis of the received weather forecast data of the national weather service.

Description

Air conditioning system comprising a routing device that builds a firewall so that only specific sites of the Internet can be accessed.

The present invention relates to an air conditioning system including a routing device that builds a firewall so that only specific sites of the Internet can be accessed, and more particularly, a USB type wireless LTE modem supporting mobile communication that can be connected to the Internet network in a security network. It relates to an air conditioning system including a routing device capable of constructing a firewall in a small embedded Linux system so that only specific Internet sites can be accessed using a wired modem connected to the Internet or Internet network.

Even information systems operating in a security network environment where the internal network and the external network are separated may need to obtain data in real time by accessing a specific site through an external Internet network.

For example, in the case of an air conditioning system that predicts the cooling and heating load of a building using weather forecast data from the Meteorological Agency, weather data is required in real time, so it is essential to access the Meteorological Agency site of an external Internet network to download the weather data.

In this case, by using a separate wireless LTE modem or a wired modem, the information system in the security network can acquire data on a specific Internet site.

However, since such a separate Internet connection has a risk factor that threatens security in a separate security network, there arises a problem in that attempts to access other sites other than a specific site through an external Internet network must be blocked in advance.

1 is a configuration diagram of a conventional system when a routing system is not installed. Referring to FIG. 1, an information system in a security network is connected to an external Internet network through a USB type wireless LTE modem (hereinafter referred to as a wireless LTE modem) or a wired modem. At this time, application applications other than the information system may try to access an unintended Internet site through a wireless LTE modem or a wired modem, so it is necessary to block this.

For example, in order to acquire meteorological data from the Meteorological Administration in real time, the user should only be able to access the National Weather Service website (www.weather.go.kr) of the Meteorological Administration. Even if you try to access the site (www.naver.com), you can be connected without being blocked.

In order to solve this problem, it is very difficult to construct a routing device by changing a software structure inside a wireless LTE modem or a wired modem.

In addition, in the prior art, a number of methods for blocking specific sites, for example, harmful sites, etc. are known, but a technology for accessing only specific sites is not yet known, and thus research is urgently required.

Korean Patent Laid-Open Patent No. 10-2003-0078204 "A device for blocking access to harmful sites for juveniles" (published on October 8, 2003) Korean Patent Registration No. 10-0608286 "Wireless Internet access method through mobile phone" (registered on July 26, 2006)

The present invention has been conceived to solve the above problems, and is to provide an air conditioning system including a routing device for constructing a firewall capable of accessing only specific sites in an Internet environment connected through a wireless LTE modem or a wired modem.

The objects of the embodiments of the present invention are not limited to the above-mentioned objects, and other objects not mentioned will be clearly understood by those of ordinary skill in the technical field to which the present invention belongs from the following description. .

In order to achieve this object, an air conditioning system including a routing device 100 that builds a firewall so that only a specific site of the Internet can be accessed according to an embodiment of the present invention is an orange system operated based on an embedded Linux system. A routing device 100 configured to activate IP forwarding through an Orange Pi board, register a domain address to be accessed, and implement and execute a packet filtering process; A USB type wireless LTE modem or wired modem 200 connected to the routing device 100 to enable access to an Internet site; The routing device 100 is connected to obtain weather forecast data from the Meteorological Agency in real time, and includes a server device 300 including TCP/IP, MAC and Ethernet; And the temperature and air volume of the air generated by the air conditioner to be maintained within the target indoor temperature input based on the received meteorological forecast data, by receiving the meteorological forecast data from the server device 300, predicting the cooling and heating load of the building. Includes; air conditioning device 400 for controlling to adjust or to turn on / off the air conditioner,

The air conditioner 400 may include a data receiving unit 410 for receiving current season information and time information from the routing device 100; An operation unit 420 that determines an appropriate temperature mode inside the building based on the current season information and time information received by the data receiving unit 410; An air conditioner control unit 430 that generates an air conditioner control signal to operate the air conditioner according to the temperature mode received from the operation unit 420; And an air conditioner 440 installed for air conditioning in a building.

In an air conditioning system including a routing device 100 that builds a firewall so that only a specific site of the Internet according to an embodiment of the present invention can be accessed, the routing device 100 is configured to connect to a specific port from the outside through the Internet. An IP forwarding activation unit 110 for activating IP forwarding in the embedded Linux kernel in order to unconditionally pass a packet to a specific device in the internal network for an incoming request; A domain address registration unit 120 for registering domain addresses of Internet sites to be accessed; A packet filtering implementation unit 130 that implements packet filtering by creating a first shell script program that builds a net filter that facilitates network address translation, packet filtering, and packet decomposition as a network-related framework inside the embedded Linux kernel. ; USB device operation setting unit 140 that adds an execution mode to the second shell script program so that the USB device operates after the embedded Linux system is booted, and links the second shell script program with the execution mode added to the execution directory path. ); A shell script program execution unit 150 that repeats the first shell script program generated by the packet filtering implementation unit 130 at predetermined time intervals; A wired/wireless network address setting unit 160 for setting a network address of an embedded Linux system; And a routing system static IP allocation unit 170 that allocates a static IP to the interface of the routing device 100 through a Dynamic Host Configuration Protocol (DHCP) server.

In the air conditioning system including the routing device 100 for building a firewall so that only a specific site of the Internet according to an embodiment of the present invention can be accessed, the packet filtering implementation unit 130 is connected to a wireless LTE modem. An iptables script program definition unit 131 defining a routing system as'eth0' and defining'usb0' when a device connected to the external Internet is a wireless LTE modem, and'eth1' when a wired modem is used; Remove the rules for packets passing through the firewall, change the rules to allow translation of the destination address when sending packets from the external Internet to the internal network, and translating the source address when sending packets from the internal network to the external network. A firewall initialization unit 132 that changes the rule to allow and changes the rule to allow address translation when a packet destined for the firewall is output; A computer connected to a network device connected to the external Internet includes a firewall packet allowing unit 133 for adding a rule to enable connection to the external Internet and deleting a rule of a packet passing through the firewall; A packet output allower 134 of a specific site for activating a loopback device, allowing IP access of a domain address to be accessed, activating a DNS server, and activating a local network; A packet output rejection unit 135 other than the access site for adding a rule rejecting all output packets; And a routing table modification unit 136 that deletes a default gateway address of the interface of the routing device 100 from the routing table.

As described above, the air conditioning system including the routing device 100 that constructs a firewall to allow access to only specific sites on the Internet according to an embodiment of the present invention provides an optimal solution for use as a routing device for special purposes. can do.

In addition, according to the present invention, the routing device can be miniaturized, security can be easily secured, maintenance is easy, and the device structure is simple, so that the lifespan is long.

In addition, the present invention can be widely applied to the increasing Internet of Things, and provides an optimal operating structure by linking real-time information data to a system such as an air conditioner.

In addition, the present invention eliminates the inconvenience of manually operating the air conditioning system whenever the user needs by automatically controlling the air conditioning system of the building according to the current season and time, and automatically controlling the air conditioning system to control the temperature and humidity in the building. You can keep your back constant.

1 is a configuration diagram of a conventional system in which a routing system is not installed.
2 is a block diagram of an air conditioning system including a routing device 100 for constructing a firewall so that only specific sites of the Internet can be accessed according to an embodiment of the present invention.
3 is a detailed configuration diagram of the air conditioning device 400 in an air conditioning system including a routing device 100 that constructs a firewall so that only specific sites of the Internet can be accessed according to an embodiment of the present invention.
4 is a configuration diagram of the routing device 100 in an air conditioning system including a routing device 100 that constructs a firewall so that only a specific site of the Internet can be accessed according to an embodiment of the present invention.
5 is a detailed configuration showing the packet filtering implementation unit 130 in an air conditioning system including a routing device 100 that constructs a firewall so that only specific sites of the Internet can be accessed according to another embodiment of the present invention Is also.
6 is a configuration diagram of the server device 300 in an air conditioning system including a routing device 100 for building a firewall so that only specific sites of the Internet can be accessed according to another embodiment of the present invention.

Advantages and features of the embodiments of the present invention, and a method of achieving them will become apparent with reference to the embodiments described later in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in a variety of different forms, and only these embodiments make the disclosure of the present invention complete, and are common knowledge in the technical field to which the present invention pertains. It is provided to completely inform the scope of the invention to those who have, and the invention is only defined by the scope of the claims. The same reference numerals refer to the same components throughout the specification.

In describing the embodiments of the present invention, if it is determined that a detailed description of a known function or configuration may unnecessarily obscure the subject matter of the present invention, a detailed description thereof will be omitted. In addition, terms to be described later are terms defined in consideration of functions in an embodiment of the present invention, which may vary according to the intention or custom of users or operators. Therefore, the definition should be made based on the contents throughout this specification.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

2 is a configuration diagram of an air conditioning system including a routing device 100 for building a firewall so that only specific sites of the Internet can be accessed according to an embodiment of the present invention, and FIG. 3 is A detailed configuration diagram of the air conditioning device 400 in the air conditioning system including the routing device 100 that constructs a firewall so that only specific sites of the Internet can be accessed.

As shown in Figs. 2 and 3, the air conditioning system including the routing device 100 for constructing a firewall so that only a specific site of the Internet can be accessed according to an embodiment of the present invention so that access attempts can be blocked. , A routing device 100 configured to activate IP forwarding through an Orange Pi board operated based on an embedded Linux system, register a domain address to be accessed, and implement and execute a packet filtering process; A USB type wireless LTE modem or wired modem 200 connected to the routing device 100 to enable access to an Internet site; The routing device 100 is connected to obtain weather forecast data from the Meteorological Agency in real time, and includes a server device 300 including TCP/IP, MAC and Ethernet; And the temperature and air volume of the air generated by the air conditioner to be maintained within the target indoor temperature input based on the received meteorological forecast data, by receiving the meteorological forecast data from the server device 300, predicting the cooling and heating load of the building. It includes; an air conditioning device 400 for controlling to adjust or to turn on/off the air conditioner.

In detail, as shown in FIG. 3, the air conditioner 400 basically includes a data receiving unit 410, an operation unit 420, an air conditioner control unit 430, and an air conditioner 440.

The data receiving unit 410 receives current season information and time information from the routing device 100.

The operation unit 420 determines an appropriate temperature mode inside the building based on the current season information and time information received by the data receiving unit 410. A total of 8 temperature modes (spring night/day, summer night/day, autumn night/day, winter night/day) are preset in consideration of the season and time.

The air conditioner control unit 430 generates a control signal for adjusting the temperature and air volume of the air generated from the air conditioner 440 so that the temperature inside the building matches the temperature mode according to the temperature mode received from the operation unit 420.

The air conditioner 440 is installed for air conditioning in a building. As a specific and non-limiting example, the air conditioner 440 may include an air supply duct serving as a passage for supplying outdoor air to the interior, an exhaust duct serving as a passage for discharging indoor air to the outside, and a passage between the air supply duct and the exhaust duct. It is installed in the air conditioning unit in which the supply fan and the exhaust fan are built in, and a natural ventilation opening which is installed on the wall of the building to open and close, and serves as a passage for exhausting indoor air and supplying outdoor air.

Meanwhile, the air conditioning apparatus 400 may further include an input means for receiving a user command and a temperature sensor for measuring the temperature inside the building so that the user can manually set the indoor temperature of the building desired by the user.

The routing device 100 is a small embedded Linux system such as Orange Pie that can utilize one Ethernet port and a number of USB ports, so that one Ethernet port is connected to an internal server computer and a wireless LTE modem using a USB port. Or, you can connect to a wired modem.

4 is a configuration diagram of the routing device 100 in an air conditioning system including a routing device 100 that constructs a firewall so that only a specific site of the Internet can be accessed according to an embodiment of the present invention.

Referring to FIG. 4, the routing apparatus 100 includes an IP forwarding activation unit 110, a domain address registration unit 120, a packet filtering implementation unit 130, a USB device operation setting unit 140, and a shell script program execution unit. 150, a wired/wireless network address setting unit 160 and a routing system static IP allocation unit 170 are included as a basis.

The IP forwarding activation unit 110 plays a role of activating IP forwarding in the embedded Linux kernel in order to unconditionally pass a packet to a specific device in the internal network for a request coming from the outside through the Internet to a specific port.

In detail, the IP forwarding activation unit may log in as root and change the line'net.ipv4.ip_forward=0' of the /etc/sysctl.conf file to'net.ipv4.ip_forward=1'.

The domain address registration unit 120 serves to register a domain address of an Internet site to be accessed.

In detail, the domain address registration unit 120 may insert a domain address of an Internet site to be accessed in the /boot/datafile.txt file.

As a specific and non-limiting example, the domain address registration unit 120 has a site to be accessed, the National Weather Service General Information Site (www.weather.go.kr), the Meteorological Administration's neighborhood forecast information inquiry service site (newsky2.kma.go). In the case of .kr), the contents shown in Table 1 below can be inserted.

[Table 1]

The packet filtering implementation unit 130 implements packet filtering by creating a first shell script program that builds a net filter that facilitates network address translation, packet filtering, and packet decomposition as a network-related framework within the embedded Linux kernel. Plays a role.

In detail, the packet filtering implementation unit 130 may include iptables, which is a command for building a net filter. iptables is a command to configure the firewall by controlling the netfilter packet filtering function in the Linux kernel in user space.

Referring to FIG. 5, in an air conditioning system including a routing device 100 for building a firewall so that only specific sites of the Internet can be accessed according to another embodiment of the present invention, the packet filtering implementation unit 130 It will be described in more detail.

5 is a detailed configuration showing the packet filtering implementation unit 130 in an air conditioning system including a routing device 100 that constructs a firewall so that only specific sites of the Internet can be accessed according to another embodiment of the present invention Is also.

As shown in FIG. 5, in an air conditioning system including a routing device 100 that builds a firewall so that only specific sites of the Internet can be accessed according to another embodiment of the present invention, the packet filtering implementation unit 130 ) Is an iptables script program definition unit 131, firewall initialization unit 132, firewall packet allow unit 133, all packet output allow unit 134 of a specific site, all packet output rejection unit 135 other than the access site, and A routing table modification unit 136 may be included.

The iptables script program definition unit 131 defines the routing system connected to the wireless LTE modem as'eth0', and if the device connected to the external Internet is a wireless LTE modem, it is'usb0', and if the wired modem is'eth1'. Each plays a defining role.

In detail, the iptables script program definition unit 131 may include a first script program represented in Table 2 below.

[Table 2]

(In Table 2 above, #!/bin/sh indicates that it is an iptables script program, LAN=eth0 defines the routing system connected to the wireless LTE modem as'eth0', and WAN=usb0 or eth1 is the external Internet. The device to be connected to is defined as'usb0' for a wireless LTE modem, and'eth1' for a wired modem, and IP_VALUE='[0-9]\{1,3\}\.[0-9]\{ 1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' is an IPv4 address, indicating that the address scheme is xxx.xxx.xxx.xxx Means that.)

The firewall initialization unit 132 removes the rule of the packet passing through the firewall, changes the rule to allow translation of the destination address when sending the packet from the external Internet to the internal network, and transfers the packet from the internal network to the external network. It changes the rule to allow translation of the source address when sending, and changes the rule to allow translation of the address when outputting a packet destined for the firewall as the first destination.

In detail, the firewall initialization unit 132 may include a second script program represented by Table 3 below.

[Table 3]

(In Table 3 above, iptables -F INPUT removes the packet input rule destined for the firewall as the final destination, iptables -F OUTPUT removes the packet output rule destined for the firewall as the first destination, and iptables -F FORWARD Is to remove the rule of packets passing through the firewall, iptables -t nat -P PREROUTING ACCEPT changes the rule to allow translation of the destination address when sending packets from the outside internet to the inside network, iptables -t nat -P POSTROUTING ACCEPT is to change the rule to allow translation of the source address when sending packets from the internal network to the external network, iptables -t nat -P OUTPUT ACCEPT is the address when outputting packets destined for the firewall first. It means changing the rule to allow it to convert.)

The firewall packet allowing unit 133 serves to add a rule so that a computer connected to a network device connected to the external Internet can connect to the external Internet, and delete a rule of a packet passing through the firewall.

In detail, the firewall packet allowing unit 133 may include a third script program represented in Table 4 below.

[Table 4]

(In Table 4 above, iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE is a network device connected to the external Internet, $WAN ('usb0' for a wireless LTE modem,'eth1' for a wired modem) The computer connected to is to add a rule to enable connection to the external Internet, and iptables -P FORWARDING DROP means to change the rule by deleting the rule of the packet passing through the firewall.)

The packet output allowing unit 134 of the specific site activates a loopback device, allows IP access of a domain address to be accessed, activates a DNS server, and activates a local network.

In detail, the packet output permission unit 134 of the specific site may include a fourth script program represented in Table 5 below.

[Table 5]

(In the # loopback device activation in Table 5 above, iptables -A OUTPUT -o lo -j ACCEPT is the basic network of the system and adds a rule that allows access to loopback, which is the interface of the local host, iptables -A OUTPUT- d 127.0.0.0/16 -j ACCEPT means adding a rule that allows access to the outgoing packet with the IP address '127.0.0.0 ~ 127.0.255.255' as the destination address.)

(In Table 5 above, in # Allow IP access to the domain address to be accessed, for j in `cat'/boot/datafile.txt'`; do and for i in `host $j | grep -e "$IP_VALUE" | awk'{print $4}'`; do reads all domain addresses registered in'/boot/datafile.txt' one by one and corresponds to the domain address using the DNS lookup utility with the'host' command It automatically finds the IP address to be used, and outputs the IP address found with the'grep' and'awk' commands in the format of'IP_VALUE' defined in the loopback device activation, iptables -A FORWARD -s $i/24 -j ACCEPT is to add a rule that allows packets from the network group of the found IP address'$i' as the source address to pass through the firewall, iptables -A OUTPUT -d $i/24 -j ACCEPT is the found IP address It means adding a rule that allows access to outgoing packets with'$i' as the destination address.)

(In # DNS server activation in Table 5 above, iptables -A FORWARD -s 168.126.63.0/24 -j ACCEPT allows packets with the IP address '168.126.63.0 ~ 168.126.63.255' as the source address to pass through the firewall. This is to add a rule, iptables -A OUTPUT -d 168.126.63.0/24 -j ACCEPT: Add a rule that allows access to the outgoing packet with the IP address '168.126.63.0 ~ 168.126.63.255' as the destination address. it means.)

(In # local network activation in Table 5 above, iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT allows packets with the IP address '192.168.0.0 ~ 192.168.255.255' as the source address to pass through the firewall. To add a rule, iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT adds a rule that allows access to outgoing packets with the IP address '192.168.0.0 ~ 192.168.255.255' as the destination address. it means.)

The packet output rejection unit 135 other than the access site adds a rule for rejecting all output packets.

In detail, the packet output rejection unit 135 other than the access site may include a fifth script program represented in Table 6 below.

[Table 6]

(In Table 6, iptables -A OUTPUT -j REJECT means adding a rule that rejects all output packets.)

The routing table modification unit 136 serves to delete the default gateway address of the interface of the routing device 100 from the routing table.

In detail, the routing table modification unit 136 may include a sixth script program represented by Table 7 below.

[Table 7]

(In Table 7, route del default gw 192.168.2.1 $LAN means that '192.168.2.1', which is the default gateway address of $LAN ('eth0'), which is an interface of the routing system, is deleted from the routing table.)

Meanwhile, the packet filtering implementation unit 130 aggregates the above-described first, second, third, fourth, fifth, and sixth script programs into one, and a first shell script program whose file name is'smartben_firewall.sh'. It may include a collecting unit for generating.

On the other hand, in the air conditioning system including the routing device 100 to build a firewall so that only a specific site of the Internet according to an embodiment of the present invention can be accessed, the USB device operation setting unit 140 is After booting, an execution mode is added to the second shell script program so that the USB device operates, and the second shell script program added with the execution mode is linked to the execution directory path.

In detail, the USB device operation setting unit 140 may include a second shell script program represented in Table 8 below.

[Table 8]

(In Table 8,'chmod' means to change the file system mode of files or directories,'+x' means to change the mode by adding an execution mode, and'update-rc.d' means that the program is a symbolic link. It means hanging in the execution stage directories, and in order to run the program as a daemon, it must be located in /etc/init.d, so the location is specified.)

The shell script program execution unit 150 serves to repeat the first shell script program generated by the packet filtering implementation unit 130 at predetermined time intervals.

In detail, the shell script program execution unit 150 may include a script program represented in Table 9 below at the bottom of the /etc/crontab file so that the smartben_firewall.sh, which is the first shell script program, is executed once every hour. have.

[Table 9]

The wired/wireless network address setting unit 160 serves to set the network address of the embedded Linux system.

In detail, the wired/wireless network address setting unit 160 is an IP address of /etc/network/interfaces, a subnet mask address (netmask), a default DNS server address (network), and a broadcast address to set a static IP address. (broadcast), it plays the role of modifying the default gateway address (gateway).

In more detail, the wired/wireless network address setting unit 160 may set a static IP address of the routing device 100 to the interface'eth0' as shown in Table 10 below.

[Table 10]

In addition, the wired/wireless network address setting unit sets the fixed IP address of the wired modem in the interface'eth1', and can be set as shown in Table 11 below. However, the network address of'eth1' can be changed according to the subnet.

[Table 11]

The routing system static IP allocation unit 170 serves to allocate a static IP to the interface of the routing device 100 through a Dynamic Host Configuration Protocol (DHCP) server.

In detail, the routing system static IP allocation unit 170 is at the bottom of the /etc/dhcpcd.conf file in order for a DHCP (Dynamic Host Configuration Protocol) server to allocate a static IP to'eth0', an interface of the routing system. It may include the contents of Table 12.

[Table 12]

Meanwhile, in the case of a wired modem, the contents of Table 13 may be included at the bottom of the /etc/dhcpcd.conf file in order to allocate a static IP to the interface'eth1'.

[Table 13]

6 is a configuration diagram of the server device 300 in an air conditioning system including a routing device 100 for building a firewall so that only specific sites of the Internet can be accessed according to another embodiment of the present invention.

6, the server device 300 includes a routing system and an Internet network connection unit 310, a routing system and a server system connection unit 320, a TCP/IP property setting unit 330 of a server system, and a routing system. A boot and modem initialization unit 340 and a routing system operation unit 350 may be included.

The routing system and the Internet network connection unit 310 serves to connect the above-described routing device 100 and an external Internet network. In a wireless environment, a wireless LTE modem and the routing device 100 may be connected to access an external Internet network.

The routing system and the server system connection unit 320 serves to connect the routing device 100 and a server system including an application, TCP/IP, MAC, and Ethernet.

The TCP/IP property setting unit 330 of the server system serves to set the TCP/IP property of the server device 300. Specifically, TCP/IP may be TCP/IPv4. At this time, you can set the IP address to 192.168.2.2, the default gateway address to 192.168.2.1, and the DNS server address to 168.126.63.1.

The routing system booting and modem initialization unit 340 plays a role of waiting for the USB type wireless LTE modem or wired modem 200 to be initialized by connecting the power of the routing device 100 to boot.

The routing system operation unit 350 serves to operate the routing device 100 on which a firewall capable of accessing only specific Internet sites is built.

As a specific and non-limiting example, the routing system operation unit 350 accesses the Meteorological Agency site through an external Internet network to obtain weather forecast data from the Meteorological Agency in real time, and connects to an air conditioning system that predicts the cooling and heating load of the building. To provide information.

Accordingly, the air conditioning system including the routing device 100 for building a firewall so that only a specific site of the Internet according to the present invention can be accessed, the above-described routing device 100, a USB type wireless LTE modem or a wired modem 200 ), by including the server device 300 and the air conditioning device 400, the information system operated in a security network environment in which the internal network and the external network are separated is also connected to the Meteorological Administration site through an external Internet network, Is obtained in real time, and information is provided to the air conditioner 400 that predicts the cooling and heating load of the building, and the temperature and air volume of the air generated from the air conditioner are adjusted to be maintained within the target indoor temperature input based on the provided information. You can control the air conditioner to turn on/off.

In the above description, various embodiments of the present invention have been presented and described, but the present invention is not necessarily limited thereto, and those of ordinary skill in the art to which the present invention pertains, within the scope of the technical spirit of the present invention. It will be easy to see that branch substitutions, modifications and changes are possible.

100: routing device 110: IP forwarding activation unit
120: domain address registration unit 130: packet filtering implementation unit
131: iptables script program definition unit
132: firewall initialization unit
133: firewall packet allowed part
134: Part to allow output of all packets of a specific site
135: All packet output rejection unit other than the access site
136: Routing table modification
140: USB device operation setting unit
150: Shell script program execution unit
160: wired/wireless network address setting unit
170: routing system static IP allocation unit
200: USB type wireless LTE modem or wired modem
300: server device 310: routing system and Internet network connection
320: Routing system and server system connection
330: TCP/IP property setting unit of server system
340: Routing system boot and modem initialization unit
350: Routing system operation unit
400: air conditioning device 410: data receiving unit
420: operation unit 430: air conditioner control unit
440: air conditioner

Claims (3)

A routing device 100 configured to enable IP forwarding through an Orange Pi board operated based on an embedded Linux system, register a domain address to be accessed, and implement and execute a packet filtering process;
A USB type wireless LTE modem or wired modem 200 connected to the routing device 100 to enable access to an Internet site;
The routing device 100 is connected to obtain weather forecast data from the Meteorological Agency in real time, and includes a server device 300 including TCP/IP, MAC and Ethernet; And
Receive weather forecast data from the Meteorological Agency from the server device 300, predict the heating and cooling load of the building, and calculate the air temperature and air volume generated by the air conditioner to be maintained within the target indoor temperature input based on the received weather forecast data Includes; an air conditioning device 400 that controls or controls the air conditioner to turn on/off,
The air conditioning device 400,
A data receiving unit 410 for receiving current season information and time information from the routing device 100;
An operation unit 420 that determines an appropriate temperature mode inside the building based on the current season information and time information received by the data receiving unit 410;
An air conditioner control unit 430 for generating an air conditioner control signal to operate the air conditioner according to the temperature mode received from the operation unit 420; And
It includes an air conditioner 440 installed for air conditioning in the building,
The routing device 100,
An IP forwarding activation unit 110 for activating IP forwarding in the embedded Linux kernel in order to unconditionally pass a packet to a specific device in the internal network for a request coming from the outside through the Internet to a specific port;
A domain address registration unit 120 for registering domain addresses of Internet sites to be accessed;
A packet filtering implementation unit 130 that implements packet filtering by creating a first shell script program that builds a net filter that facilitates network address translation, packet filtering, and packet decomposition as a network-related framework inside the embedded Linux kernel. ;
USB device operation setting unit 140 that adds an execution mode to the second shell script program so that the USB device operates after the embedded Linux system is booted, and links the second shell script program with the execution mode added to the execution directory path. );
A shell script program execution unit 150 that repeats the first shell script program generated by the packet filtering implementation unit 130 at predetermined time intervals;
A wired/wireless network address setting unit 160 for setting a network address of an embedded Linux system; And
Includes a routing system static IP allocation unit 170 for allocating a static IP to the interface of the routing device 100 through a DHCP (Dynamic Host Configuration Protocol) server,
The packet filtering implementation unit 130,
An iptables script program definition unit that defines the routing system connected to the wireless LTE modem as'eth0', and defines as'usb0' if the device connected to the external Internet is a wireless LTE modem, and'eth1' if the wired modem is used (131 );
Remove the rules for packets passing through the firewall, change the rules to allow translation of the destination address when sending packets from the external Internet to the internal network, and translating the source address when sending packets from the internal network to the external network. A firewall initialization unit 132 that changes the rule to allow and changes the rule to allow address translation when a packet destined for the firewall is output;
A computer connected to a network device connected to the external Internet includes a firewall packet allowing unit 133 for adding a rule to enable connection to the external Internet and deleting a rule of a packet passing through the firewall;
A packet output allower 134 of a specific site for activating a loopback device, allowing IP access of a domain address to be accessed, activating a DNS server, and activating a local network;
A packet output rejection unit 135 other than an access site for adding a rule rejecting all output packets; And
Including a routing table modification unit 136 for deleting the default gateway address of the interface of the routing device 100 from the routing table,
The packet filtering implementation unit 130 implements packet filtering by creating a first shell script program that builds a net filter that facilitates network address translation, packet filtering, and packet decomposition as a network-related framework within the embedded Linux kernel. The packet filtering implementation unit 130 includes iptables, which is a command for constructing a net filter capable of setting a firewall by controlling a net filter packet filtering function in a user space on the Linux kernel. Air conditioning system including a routing device that builds a firewall so that only access is possible. delete delete

Images