Modbus Publisher on Port 502
Hi,
I tried to publish Modbus IP on port 502, however I get this error:
It works with any other ports greater than 1000, but port 502 is standard for Modbus. If I stop the Mango service and start it again with Sudo it accepts the port 502 as well. So definitely it's about system's permission level to use port 502.
Now my question is how I can make the Mango service to run as Sudo on the start-up, FYI I am using Mango GT. Any solution??
Thanks,
Saeed
Hi @skazemi
Do you have a Modbus data source that is bound to 502 as well?
@skazemi you have a few options, by default linux restricts access to ports below 1000 (which you have figured out).
I suggest you follow this procedure which will allow Mango to safely run with the proper privileges to access port 502: https://help.infiniteautomation.com/linux-installation
But for general reference you have other options:
You could use iptables to route traffic between ports. Here is an example of how we route traffic between 8080 <--> 80 https://help.infiniteautomation.com/linux-security
I can't remember if the GT support ipchains but you could try those with something like this
/sbin/ipchains -I input --proto TCP --dport 502 -j REDIRECT 5020
You could try setuid to allow the Mango process to access port 502
Hope that helps.
@craigweb said in Modbus Publisher on Port 502:
Hi @skazemi
Do you have a Modbus data source that is bound to 502 as well?
Yes, actually all my data sources are Modbus/TCP on port 502 which I don't have any issue to pull data from them. The only issue is publishing on Mango port 502.
@terrypacker said in Modbus Publisher on Port 502:
@skazemi you have a few options, by default linux restricts access to ports below 1000 (which you have figured out).
I suggest you follow this procedure which will allow Mango to safely run with the proper privileges to access port 502: https://help.infiniteautomation.com/linux-installation
The service is already installed and running on Mango GT and I couldn't find anything which can help with that, except this that I didn't know!!
"Note: Never run Mango as root, this is a security risk and will also result in files in /opt/mango having the incorrect owner."
But for general reference you have other options:
You could use iptables to route traffic between ports. Here is an example of how we route traffic between 8080 <--> 80 https://help.infiniteautomation.com/linux-security
I can't remember if the GT support ipchains but you could try those with something like this
/sbin/ipchains -I input --proto TCP --dport 502 -j REDIRECT 5020
For these two solutions, I need to put the rule somewhere like rc.local to run in startup, however it didn'twork! looks like Mango or something else overwritten the iptables after bootup. I already asked about this in another post, no answer yet:
https://forum.infiniteautomation.com/topic/4908/port-forwarding-issue-with-mango-gt
- You could try
setuidto allow the Mango process to access port 502Hope that helps.
I'll try this!
@Dave-Frazier Can you take a look at this.
@skazemi I have found a number of forum threads on the rasbian forum stating that the iptables do not persist. Most responces recommend using apt-get install iptables-persistent
@craigweb said in Modbus Publisher on Port 502:
@Dave-Frazier Can you take a look at this.
@skazemi I have found a number of forum threads on the rasbian forum stating that the iptables do not persist. Most responces recommend using
apt-get install iptables-persistent
Yes, iptables does not persis, that's why in rasbian I put the rules in rc.local, so every time they are added to the iptables after restarting OS. I can try iptables-persistent but I'm afraid that it interferes Mango service, because I saw this section in the ui and it means Mango also is working with iptables, is it the case??
@skazemi said in Modbus Publisher on Port 502:
t's why in rasb
What I was trying to say is that this is a rasbian issue and that I have found multiple threads where people have failed when putting rules in rc.local. https://blog.mxard.com/persistent-iptables-on-raspberry-pi-raspbian
Iptables-persistent is safe to use and will not interfere with the mango service. I have used it on several servers that use cloud connect. CC does not use iptable it does port forwarding with sshd
@craigweb
Thanks Craig for your help, it worked :-)
