We can't get the proxy working

We are trying to connect Balena behind a proxy at some client’s office. The structure looks something like this:

The device keeps saying “offline” on balena cloud, and the proxy server doesn’t show any log.

Systemctl shows that redsocks service is working.

it’s worth noticing we can get curl working by simply exporting the url of the proxy:
export https_proxy=http://128.1.1.49:8080. Then curl works (returns the expected response from our servers), and the proxy server logs the request.

Proxy config:

# redsocks.conf
base {
  log_debug = off;
  log_info = on;
  daemon = off;
  redirector = iptables;
}

redsocks {
  type = http-connect;
  ip = 128.1.1.49;
  port = 8080;
  local_ip = 0.0.0.0;
  local_port = 12345;
}

And static ip config, as the client doesn’t have a DHCP server:

# balena-sample
[connection]
id=my-ethernet
type=ethernet
interface-name=eth0
permissions=
secondaries=

[ethernet]
mac-address-blacklist=

[ipv4]
address1=128.1.95.114/24,128.1.98.10
dns=8.8.8.8;8.8.4.4;
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

We’ll greatly appreciate any help, I’m sure this can work with Balena but we are unable to determine exactly why the OS can’t reach the proxy server.

Hola @lucas first of all apologizes for the delay replying your message. Afterthat, let me welcome you to the balena community!

Were you able to fix your issue? Did you read this? Network Setup on balenaOS - Balena Documentation

Hello @mpous , thank you for the response, we weren’t able to fix it yet, we have the client waiting on us to finish this setup, it would be really helpful if you could give us some insight, thank you!

More info about the issue:

this is our updated redsocks file

base {
  log_debug = on;
  log_info = on;
  log = "file:/tmp/redsocks.log";
  daemon = off;
  redirector = iptables;
}

redsocks {
  type = socks5;
  ip = 128.1.1.49; // CLIENT'S OFFICES PROXY
  port = 8080;
  local_ip = 10.114.103.1; // if we change this we get a redsocks warning
  local_port = 12345;
}

dnsu2t {
  local_ip = 10.114.103.1; // balena default, we can't change this right?
  local_port = 5313;

  remote_ip = 192.168.0.1; // CLIENT'S OFFICES DNS
  remote_port = 53;
}

and balena-sample

[connection]
id=my-ethernet
type=ethernet
interface-name=eth0
permissions=
secondaries=

[ethernet]
mac-address-blacklist=

[ipv4]
address1=128.1.95.114/16,128.1.98.10
dns=192.168.0.1,192.168.0.2;
dns-search=
method=manual

First of all, are configuring the dns correctly? look how we are using the same dns ip for both files.

We’ve noticed that using nslookup is not working, it is trying to use the dns defined in resolv.conf (127.0.0.2), is this expected? how can we make sure we are configuring dns correctly?

We also can’t reach the 123 port of the client’s server (it is working when we try telnet from other PC).

Hey @lucas thanks for your patience here and for sharing so much context.

I think when looking at your diagram I assumed the the gateway would be performing NAT, but then noticed that the IP ranges in use aren’t private ones. The ranges and subnets mentioned on the diagram are a bit confusing - it looks like you’re using 128.1.0.0/16, so everything spanning from 128.1.0.0 to 128.1.255.255, is that right?

I noticed I can actually ping the IP address that you have listed for your device, which I’m assuming isn’t the actual device given it’s having connectivity issues.

Are the devices that you’re describing at the client’s office physically on site or are they cloud services? As far as I can tell these addresses are owned by https://www.zenlayer.com/

If your device has an IP privately which is conflicting with another one on the internet, I expect it could cause issues?

Either way if you can clarify a bit more on what’s going on here, we’ll continue to help :slight_smile:

1 Like

Thank you for the response!

These are private ip ranges, that ip that you are getting response from, it is not related with the ip they assiged to us…

And yes, these devices are physically on site.

The concern we have is we aren’t seeing any logs on the proxy, as we can get if we use curl with the https_proxy variable…