Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

Modbus Publisher on Port 502


  • Hi,

    I tried to publish Modbus IP on port 502, however I get this error:
    0_1597816225690_7d37aacd-d2d9-46c3-aeed-2d3cf01f2b71-image.png

    It works with any other ports greater than 1000, but port 502 is standard for Modbus. If I stop the Mango service and start it again with Sudo it accepts the port 502 as well. So definitely it's about system's permission level to use port 502.
    Now my question is how I can make the Mango service to run as Sudo on the start-up, FYI I am using Mango GT. Any solution??

    Thanks,
    Saeed


  • Hi @skazemi

    Do you have a Modbus data source that is bound to 502 as well?


  • @skazemi you have a few options, by default linux restricts access to ports below 1000 (which you have figured out).

    I suggest you follow this procedure which will allow Mango to safely run with the proper privileges to access port 502: https://help.infiniteautomation.com/linux-installation

    But for general reference you have other options:

    1. You could use iptables to route traffic between ports. Here is an example of how we route traffic between 8080 <--> 80 https://help.infiniteautomation.com/linux-security

    2. I can't remember if the GT support ipchains but you could try those with something like this
      /sbin/ipchains -I input --proto TCP --dport 502 -j REDIRECT 5020

    3. You could try setuid to allow the Mango process to access port 502

    Hope that helps.


  • @craigweb said in Modbus Publisher on Port 502:

    Hi @skazemi

    Do you have a Modbus data source that is bound to 502 as well?

    Yes, actually all my data sources are Modbus/TCP on port 502 which I don't have any issue to pull data from them. The only issue is publishing on Mango port 502.

    @terrypacker said in Modbus Publisher on Port 502:

    @skazemi you have a few options, by default linux restricts access to ports below 1000 (which you have figured out).

    I suggest you follow this procedure which will allow Mango to safely run with the proper privileges to access port 502: https://help.infiniteautomation.com/linux-installation

    The service is already installed and running on Mango GT and I couldn't find anything which can help with that, except this that I didn't know!!
    "Note: Never run Mango as root, this is a security risk and will also result in files in /opt/mango having the incorrect owner."

    But for general reference you have other options:

    1. You could use iptables to route traffic between ports. Here is an example of how we route traffic between 8080 <--> 80 https://help.infiniteautomation.com/linux-security

    2. I can't remember if the GT support ipchains but you could try those with something like this
      /sbin/ipchains -I input --proto TCP --dport 502 -j REDIRECT 5020

    For these two solutions, I need to put the rule somewhere like rc.local to run in startup, however it didn'twork! looks like Mango or something else overwritten the iptables after bootup. I already asked about this in another post, no answer yet:
    https://forum.infiniteautomation.com/topic/4908/port-forwarding-issue-with-mango-gt

    1. You could try setuid to allow the Mango process to access port 502

    Hope that helps.

    I'll try this!


  • @Dave-Frazier Can you take a look at this.

    @skazemi I have found a number of forum threads on the rasbian forum stating that the iptables do not persist. Most responces recommend using apt-get install iptables-persistent


  • @craigweb said in Modbus Publisher on Port 502:

    @Dave-Frazier Can you take a look at this.

    @skazemi I have found a number of forum threads on the rasbian forum stating that the iptables do not persist. Most responces recommend using apt-get install iptables-persistent

    Yes, iptables does not persis, that's why in rasbian I put the rules in rc.local, so every time they are added to the iptables after restarting OS. I can try iptables-persistent but I'm afraid that it interferes Mango service, because I saw this section in the ui and it means Mango also is working with iptables, is it the case??

    0_1597908933587_913afcac-8895-4aef-bfac-c6f18332483c-image.png


  • @skazemi said in Modbus Publisher on Port 502:

    t's why in rasb

    What I was trying to say is that this is a rasbian issue and that I have found multiple threads where people have failed when putting rules in rc.local. https://blog.mxard.com/persistent-iptables-on-raspberry-pi-raspbian

    Iptables-persistent is safe to use and will not interfere with the mango service. I have used it on several servers that use cloud connect. CC does not use iptable it does port forwarding with sshd


  • @craigweb
    Thanks Craig for your help, it worked :-)