Grott on Ubuntu Server routing issues about grott HOT 16 CLOSED

As far I understood the masquerade rule enables NAT and should enable the way back from the Growatt server to the Growatt inverter.

It might be possible to replace this with a more specific Masquerade or SNAT rule.

I am not very familar with these setting I will try to find out if there is more information availble.

from grott.

Sorry my intension was not to close it.

from grott.

Oke. I am not sure the masquerade NAT rule is the problem. But I see on internet that it might give some performance delays. I replaced these rule by a more specific SNAT rule. I do not expierence performance issue so I can not really verify if its helps. Maybe you can?

What I did:

Added the SNAT rule:
sudo iptables -t nat -A POSTROUTING -o wlan0 -j SNAT --to-source 192.168.0.206
wlan0, will be eth0 for your config and to source IP, 192.168.0.20, is the IP of your nuc.

After that I delete the masquerade rule:

Show de rules with linenummers:

• sudo iptables -t nat -L --line-numbers

Output:

And the deleted the masquerade rule:

• sudo iptables -t nat -D POSTROUTING 1

Hopefully this works...............

from grott.

No, having the data not going through is not oke. So the settings are not working for you.

There is no communication between the Inverter and Growatt so the "real data" is not send (and can not be processed bij Grott).

I do understand that you have more postrouting setting because of the docker environment. I am working at a Docker setup myself so I can test it.

from grott.

@Jeltel.
I published version 2.0.0 of Grott. This version has a proxy mode that does not require IP forwarding and is less resource intensive.

I think this mode will make it easier for you to run Grott on your Ubuntu server with Docker installed.

I will also enable docker container support in the near future. See the topic on Docker Support requirement for more information.

In the readme you can find information on how to use Version 2.0.0 and enabling the proxy mode.
The wiki will be updated later.

I am very interested in your opinion about this update,

from grott.

Is sudo iptables -t nat -A POSTROUTING -j MASQUERADE maybe a bit to wide? What does it do, and can't we limit this to the ip of the ShineWifi stick?

from grott.

Do you have both WLAN and Ethernet (Cable) enabled and connected on your NUC?

from grott.

Both enabled, but only connected on ethernet.

from grott.

Thanks for the research. I'll try it later and report back.

from grott.

Your network might be a little bit more complex (additional virtual adapters) because of the docker implementation. I have not found a lot information yet about the combination of IP forwording and the use of Docker.

I like to know if this works. Otherwise I finally have to set up a docker environment myself ;)

from grott.

Since this isn't running in docker, I don't think the dockers running on the same machine should matter. But I'll see, when I get to it ;)

from grott.

@johanmeijer don't you mean to use the IP of the Growatt Inverter and not the device running grott (raspberry Pi in your case, Nuc in mine?)

Added the SNAT rule:
sudo iptables -t nat -A POSTROUTING -o wlan0 -j SNAT --to-source 192.168.0.206
wlan0, will be eth0 for your config and to source IP, 192.168.0.20, is the IP of your nuc.

from grott.

@Jeltel: What I understood from the documentation (and what is working for me) is this the IP adrress of the used (physical) netwerkadapter of your NUC.

The Masquerade options means the system is looking dynamically which adapter should be used. With the SNAT rule you fix (=make static) that.

But be aware I am not running Docker containers. I looked at it on a other system with Docker and Docker containers can have there own virtual network interface (depends on the way you start it). You can see this with ifconfig. Docker also adds rules to iptables (e.g. a masquerade rule).

The network of a Linux environment with docker is more complex. I am not sure docker networking will work if you change (delete) the Masquerade rule.

I have created a grott docker container and it seem to be working (not fully tested yet). I will publish more about this later (in the other topic). Be aware when running grott in a docker container you still need to setup IP forwarding on base Linux level as described.

from grott.

I now have these entries:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    ....
2    DNAT       tcp  --  anywhere             anywhere             tcp dpt:5279 to:47.91.67.66:5279

...
Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    ...
21   SNAT       all  --  anywhere             anywhere             to:192.168.x.y

...

Where 192.168.x.y is my local server IP. I see Grott is receiving messages, but is not able to process them:

Grott Command line parameters processed:
	verbose:     	 True
	config file: 	 grott.ini
	output file: 	 <_io.TextIOWrapper name='/.../growatt/output.txt' mode='w' encoding='UTF-8'>
	nomqtt:      	 False
	trace:       	 False

Grott configuration file processed:

	minrecl:     	 100
	decrypt:     	 True
	compat:      	 True
	valueoffset: 	 26
	inverterid:  	 ...
	mqttip:      	 192.168.x.y
 	mqttport:    	 1883
	mqtttopic:   	 energy/growatt
	mqtttauth:   	 True
	mqttuser:    	 ...
	mqttpsw:     	 ...
 	growattip:   	 47.91.67.66
 	growattport: 	 5279

Grott value location offset:  26 	Compat mode:  True

Grott monitoring started

	 - TCP Segment Growatt:
		 - Source Port: 2937, Destination Port: 5279
		 - Source IP: 192.168.1.29, Destination IP: 47.91.67.66
		 - Sequence: 6509, Acknowledgment: 0
		 - Flags:
			 - URG: 0, ACK: 0, PSH: 0
			 - RST: 0, SYN: 1, FIN:0
	 - TCP Data less then minimum record length, data not processed
	 - TCP Segment Growatt:
		 - Source Port: 2937, Destination Port: 5279
		 - Source IP: 192.168.1.29, Destination IP: 47.91.67.66
		 - Sequence: 6509, Acknowledgment: 0
		 - Flags:
			 - URG: 0, ACK: 0, PSH: 0
			 - RST: 0, SYN: 1, FIN:0

... 
	 - TCP Segment Growatt:
		 - Source Port: 18348, Destination Port: 5279
		 - Source IP: 192.168.x.y, Destination IP: 47.91.67.66
		 - Sequence: 23603, Acknowledgment: 0
		 - Flags:
			 - URG: 0, ACK: 0, PSH: 0
			 - RST: 0, SYN: 1, FIN:0
	 - TCP Data less then minimum record length, data not processed
	 - TCP Segment Growatt:
		 - Source Port: 38089, Destination Port: 5279
		 - Source IP: 192.168.x.y, Destination IP: 47.91.67.66
		 - Sequence: 25231, Acknowledgment: 0
		 - Flags:
			 - URG: 0, ACK: 0, PSH: 0
			 - RST: 0, SYN: 1, FIN:0
	 - TCP Data less then minimum record length, data not processed

Also the data is not visible within the Shine server. So the data is not going through.

Are my settings correct?

from grott.

I setup a Raspberry PI with docker containers enabled but can not reproduce your problem.

I tried it with both the full masquerade rule and with the more specific SNAT rule and they both seems to work on a environment with docker installed (Grott in a container also works but I have to fine-tune that a little bit more).

Just to be sure I share my settings in the pictures below.

When I look at your rules I do not see real differences. I do not have a lot of docker containers running (only the grott one) so my configuration is not that complex. I can see that you have more post-routing chain rules than the 2 you shared (1 and 21, so there are 19 more I think). There might be a rule in there that prohibit the forwarding to the growatt server.

I used the IP address of the wlan0 interface because that is the only network interface being used. I supose you used the eth0 IP address (192.168.x.y) ? I fixed this address in my router (not using dynamic IP address for my servers).

from grott.

@johanmeijer installed version 2 on my nuc, copied settings over from the pizero and ran it.
Pointed the shinelan wifi stick to my nuc and voila. Worked immediately.

And if there is a problem with my nuc I will notice very soon (for far more important things stop working), so this proxy thing is a way easier setup. And more robust.

Thanks!

from grott.