UDEV rules and forwarding rules

reinzor · September 30, 2019, 2:08pm

We are trying to migrate our current OS to BalenaOS but for me it is not clear where to put the following:

Custom UDEV rules:

SUBSYSTEM=="net", DEVPATH=="/devices/pci*/net/e*", NAME="lan0"

IP forwarding rules (net.ipv4.ip_forward=1) MASQUERADE for forwading external WIFI ports to internal devices connected via ethernet:

post-up iptables -t nat -A PREROUTING -p tcp --dport 2111 -j DNAT --to-destination 10.39.46.12:2111

Thanks in advance

samothx · September 30, 2019, 7:20pm

Hi @reinzor ,
The UDEV rules can go into config.json. The process is described here: https://jel.ly.fish/4592e980-3db9-4059-9aa8-dc4324b7f577.
The config.json file can be found on the running device in /mnt/boot or on the boot partition of your SD-card / flash image.
IPTables rules can be added from within an application container with host networking enabled (and possibly privileged mode too). You need be very careful to make sure you do not interfere with the IPtables rules set by docker.

samothx · September 30, 2019, 7:42pm

sorry accidentally copied a wrong link. Find the description of UDEV rules here: https://github.com/balena-os/meta-balena#udevrules

reinzor · October 1, 2019, 6:31am

Thanks a lot for the quick response! This clears things up!

nghiant2710 · October 1, 2019, 7:05am

Please let us know if you need further support!

reinzor · December 3, 2019, 7:32am

We managed to set-up the udev rules and system-connections properly:

Download image using balena os download
Mount partition and modify config.json + system-connections
Use resulting app_name_<version>.img for flashing our devices

Now the second question arises: how do we manage updates of our config.json file? I can imagine that we would like to add a new udev rule for example. We have the following questions:

Can we get a version / hash of the current config.json of a device?
Can we update the config.json of a device remotely? Is there an interface for this?

Thanks.

robertgzr · December 3, 2019, 9:31am

Being able to remotely modify config.json entries is something that we have on the todo list: https://github.com/balena-io/balena-supervisor/issues/998

Unfortunately at the moment you will have to go through the same process you outlined above and basically reflash the device every time.

Another option is this experimental project: https://github.com/balena-io-playground/configizer. If you decide to go with this, please be aware that it is not tested as extensively as we feel it should be. Which is the reason for it being in the “playground” org.
Make sure you try it in a dev environment first to ensure it fits your usecase.

reinzor · December 3, 2019, 1:51pm

Thanks for the clarification!