PLCnext on LinkedInPLCnext on Instagram  PLCnext on YouTube Github PLCnext CommunityStore PLCnext Community

  1. angomez
  2. Container @ PLCnext (Docker, Moby, balena)
  3. Friday, 21 February 2020

Hello everyone,

I am trying to use the balena-engine as descripted in https://github.com/PLCnext/Docker_GettingStarted/blob/master/getting-started/README.md

On a fresh AXC F 2152, with firmware 2020.0, i can run containers but the containers dont have connectivity to the network. They only can reach the PLC ip.

The firewall is disabled.

In the picture you can see the preblem following the example (ping 8.8.8.8 from a debian image)

error docker

I think the problem is that the PLC can´t Forward packages from balena0 to eth0.

The ip_forwar aparently is active

ip forward

Networks in the PLC:

ifconfig PLC

and ping from container to PLC:

ping al PLC

Could you help me with this?

is there another configuration necesary??

 

Best regards.

 

Andrés.

Accepted Answer
Martin PLCnext Team Accepted Answer Pending Moderation
0
Votes
Undo

Hi Andrés,

It looks like nftables has not been set up correctly,.

I think the balena0 adapter must have an ip address in the network 172.18.0.0/16.

when you execute the command /etc/init.d/balena start, you should see the message:

loaded firewall rules for docker (/etc/init.d/balenafw start)
load firewall ruleset for balena

You can see in the balenafw script, the ruleset from the file /etc/nftables/balena.nft is loaded by nft.

You can check that this configuration is correct with the command:

nft list ruleset

The result should be:

table ip docker {
  chain docker_forward {
    type filter hook forward priority 0; policy drop;
    ip saddr 172.18.0.0/16 oif "eth0" accept
    ct state established,related accept
  }
  chain prerouting {
    type nat hook prerouting priority 0; policy accept;
  }
  chain postrouting {
    type nat hook postrouting priority 0; policy accept;
    ip saddr 172.18.0.0/16 oif "eth0" masquerade
  }
}

Is this what you see?

~ Martin.

 

Phoenix Contact Electronics Headquarters - PLCnext Runtime Product Management and Support

angomez Accepted Answer Pending Moderation
0
Votes
Undo

Thanks Martin,

I changed 

define balena_v4 = 172.18.0.0/16

for

define balena_v4 = 192.168.0.0/24

 

in /etc/nftables/balena.nft

 

and is working now

  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.