ROS2-Foxy: Dynamic Port Forwarding for 3 Devices in 2 Networks

asked 2023-05-21 05:22:45 -0500

scoeerg gravatar image

updated 2023-06-01 02:43:49 -0500

Same Question on stackexchange

My current Network looks like the following: Network Architecture

and all devices run Ubuntu 20.04 LTS and ROS2 Foxy. There exist 2 Networks red (Raspberry's wlan0) and green (Raspberry's eth0). Only the Raspberry is member of both. According to this pattern, i.e. the used ports are not fixed. Let us assume we only use Domain 1, i.e. the pattern is:

  • Port 7650 and 7651 for multicast
  • Port pairs (7660|7661), (7662|7663) ... (7898|7899) are used for any new node

What I have so far is on Raspberry's Crontab (runs on Boot) to be able to SSH Desktop -> Jetson:


# Based on

# First we disable autoconfigured network on the Pi
# based on    
sudo ip link set eth0 up
sudo ip addr add dev eth0
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -I FORWARD -i eth0 -o wlan0 -j ACCEPT
sudo iptables -I FORWARD -i wlan0 -o eth0 -j ACCEPT

# Forward Port 9001 from Raspberry to Jetson port 22
# to ssh onto the Jetson, now use:
# ssh jetson@RaspberryIP -p 9001
echo '1' | sudo tee /proc/sys/net/ipv4/conf/wlan0/forwarding
echo '1' | sudo tee /proc/sys/net/ipv4/conf/eth0/forwarding

sudo iptables -t nat -A PREROUTING -p tcp -i wlan0 --dport 9001 -j DNAT --to-destination
sudo iptables -A FORWARD -p tcp -d --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

How would I update the script to forward (Jetson/Raspberry)-green network ports 7650 and 7651 for multicast into the (Desktop/Raspberry)-red network ports 7650 and 7651? How would I update the script to safely forward the used ports (Jetson/Raspberry)-green network to (Desktop/Raspberry)-red network?

I think I might be ok (for not too many nodes to avoid collision) to forward green->red:

  • (7650|7651) -> (7650|7651)
  • (7660|7661) -> (7898|7899)
  • (7662|7663) -> (7896|7897)
  • ...

which would essentially half my available nodes in one domain. But this is definitely the end of my network voodoo. Help would be greatly appreciated.

edit retag flag offensive close merge delete


I am quite sure simple port-forwarding cannot work, since the multicast is the information of which ports are used in all nodes and re-mapping would change that. The nodes would not be found.

scoeerg gravatar image scoeerg  ( 2023-05-21 05:27:02 -0500 )edit

This might be unrelated, but If you want nodes available between 2 networks, check out husarnet VPN and see if that will simplify what you’re trying to do.

chased11 gravatar image chased11  ( 2023-06-01 14:48:24 -0500 )edit

@chased11 Any VPN will accomplish the intended result, essentially virtually setting up a network containing all participants. But it comes with the overhead cost of VPN, which is not acceptable for high-throughput data (lidar, camera etc.) or a vast number of participants.

scoeerg gravatar image scoeerg  ( 2023-06-28 03:32:02 -0500 )edit

Husarnet claims it has better latency than other VPNs at higher data rates. It could definitely simplify the issue without having to use public facing IPs or other networking challenges, especially with only 3 machines. That's why I prefaced with might be unrelated. Though not ideal, it did the job in my experience.

chased11 gravatar image chased11  ( 2023-06-28 18:14:31 -0500 )edit