Ping from LAN to WAN or vice versa

How do I reach a PLC (by pinging) which is connected to WAN port of teltonika RUT 300.
Setup will be something like this. PC (or another PLC in the same network) will be connected to the LAN port of RUT300. and PLC will be connected to the WAN port of RUT300. When I ping from any PC which is connected with the LAN port of the RUT300 I should get a response from the PLC.

IP’s will look like this. PLC- 195.165.148.130, PC: 195.165.148.200, (or another PLC in LAN port with IP: 195.165.148.230) LAN Port IP: 195.165.148.10, WAN Port IP: 195.165.148.11.
I have already tried with ICMP echo request (also tried by selecting any) but nothing is working at this moment.

Also I’m unable to create any ticket and my previous tickets are also missing from the account. Anyone knows at least how to contact Daumantas G?
Thanks

Hello Rakib,

Since your setup is all in the same network, you need to configure the WAN port of RUT300 as LAN. Because by default, it is acting as a WAN port, which is used to connect to an internet souce.

Kindly follow the instructions in our wiki link on how to configure it. Setting up WAN as LAN - Teltonika Networks Wiki

Once done, your PLC and your pc will be on the same LAN now and should be able to reach each other.

Hope this helps.

Best regards,
Robert

Hello Robert,

Thank you for the reply. The problem is even though I’m using same subnet, the system should be working in a way that new PLC (195.165.148.130) should not be able to reach any of the devices in the network. On the other hand, old PLC (195.165.148.230) should be able to ping the new PLC. So, it would be some kind of one way traffic. Other side should be blocked anyway. As you have mentioned about using WAN as LAN, I have already tried that method. However, in this way all the devices are accessible to each other. Which is not the main objective of this whole system. Any suggestion on how to execute this thing?

Hello,

For allowing a one-way Ping only between PLC devices, would be possible by creating a custom firewall rule. Note that if the other LAN ports of the RUT300 are not used, we could just utilize it to connect all the PLCs to it and avoid the WAN port. If a WAN port is needed, as mentioned configure it as LAN.

Below are the instructions you could follow to configure a new firewall rule based on your setup (assuming they’re all connected to the LAN ports).
PLC1 with IP: 195.165.148.130
PLC2 with IP: 195.165.148.230

  1. Make sure your router is in ‘Advanced Mode’



  2. Navigate to NetworkFirewallTraffic Rules



  3. Scroll down, then add a new instance. Select the ‘Add new forward rule’ as Add type, then click the Add button.



  4. In the pop-up window, enable the instance, and put the source IP address (the PLC’s IP that you don’t want to access other PLC/devices). In the destination address, select all the IPs you don’t want it to reach. Note if the IP is not listed in the drop-down menu, you could put it manually by clicking the ‘Add new’ button.
    Save and Apply



  5. Drag the newly created rule to the top to ensure it will get prioritized.

This way, it will drop all the traffic coming from the specified source IP address. If ping is the only thing you wanted to block, you could modify the rule to choose ICMP only in the protocol field.
Note that the Zone varies based on your setup (if WAN port is used, then choose the WAN as zone etc).

Hope this helps, let me know the results.

Best regards,
Robert

This topic was automatically closed after 15 days. New replies are no longer allowed.