EVOK TCP-Modbus only responding to loopback address
-
Hi!
After enabling "allow_register_access" I can access port 502 with telnet locally, but all other connections are not responded to. This used to work, but after an upgrade it seems to binding to the loopback interface only.
evok.conf:[NEURON_1] global_id = 1 ; Mandatory, REQUIRED TO BE UNIQUE allow_register_access = True scan_frequency = 10 ; Optional, 10 default, scanning frequency in [Hz] scan_enabled = True
Output from netstat -lptu
root@L513-sn24:/home/pi# netstat -lptu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 1001/nginx: master tcp 0 0 0.0.0.0:http-alt 0.0.0.0:* LISTEN 773/python tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 997/sshd tcp 0 0 localhost:502 0.0.0.0:* LISTEN 867/unipi_tcp_serve tcp6 0 0 [::]:http-alt [::]:* LISTEN 773/python tcp6 0 0 [::]:ssh [::]:* LISTEN 997/sshd udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 982/dhcpcd udp 0 0 0.0.0.0:48767 0.0.0.0:* 899/avahi-daemon: r udp 0 0 0.0.0.0:mdns 0.0.0.0:* 899/avahi-daemon: r udp6 0 0 [::]:mdns [::]:* 899/avahi-daemon: r udp6 0 0 [::]:58202 [::]:* 899/avahi-daemon: r
-
BTW: Version is Repository:evok ActiveBranch:[master] PrecedingRelease:v.2.0.7b PrecedingRevision:326(aacb3a9) LatestCommit:Mon Sep 10 11:39:34 CEST 2018
-
Hello @alydersen
yes, this a security feature, because ModbusTCP doesn't have any autentization.The unipitcp service is maintained by systemd and the startup parameters are defined in /lib/systemd/system/unipitcp.service. You can modify the ExecStart attribut in this file and add
-l 0.0.0.0
to start the service listening on all IP address, not just default loopback.The result should look like this:
[Unit] Description=Unipi Neuron/Axon Modbus/Tcp Server Before=mervisrt.service Before=evok.service [Service] Type=simple Environment="FIRMWARE_UPDATE=1" EnvironmentFile=-/etc/default/unipi-modbus-tools ExecStartPre=/bin/sh -c 'if [ "${FIRMWARE_UPDATE}" = "1" ]; then /opt/unipi-bin/fwspi --auto; fi' ExecStart=/opt/unipi-bin/unipi_tcp_server -p 502 -l 0.0.0.0 TimeoutStopSec=3 SyslogLevel=debug SyslogIdentifier=unipi WorkingDirectory=/opt/unipi-bin Restart=always [Install] WantedBy=unipispi.target
Then reload the systemd:
systemctl daemon-reload
And reload the unipitcp service:systemctl restart unipitcp
Regards,
Martin -
@martin-kudláček Thanks! That worked! Maybe you could update your docs?
-
@alydersen That will be a tough decision where to put it, but I'll think of something.
Thanks for the feedback,
Martin -
@martin-kudláček Already noted on the prepared knowledge base.