Dear Sirs,
I know this is maybe the 1000th time that you read this kind of question but if we, the basic users, keep on make it is why things sometimes are not easy or not clear at all.
I have a brand new RUT300. Factory default except for the IP adresses given to LAN and WAN.
WAN address is 192.168.1.128/24. no gateway.
LAN address is 192.168.44.169. no gateway.
my PC is connected on WAN port. PC address is 192.168.1.10/24. Gateway is 192.168.1.1 (this is the factory gateway for internet access).
my PLC is connected on LAN1 port. PLC address is 192.168.44.1/24. gateway is 192.168.44.169 (LAN address of RUT300)
Scenario 1
the PC runs a OPC-UA client which must read/write some variable from PLC. usually protocol is TCP and port is 4840
the PLC has the OPC-UA server
Scenario 2
The PC runs Tia Portal (Siemens development tool) and need to connect to the PLC to maintain and debug software. usually protocol is TCP and port 102
Now, the question: is it possible?
if yes, can someone share the complete list of things I have to do to have it working properly?
when I say complete list I mean:
firewall settings
traffic rules settings
NAT, Routing, Port forwarding and/or whatever needed to make it work
If the starting conditions (described by the points 1 through 5) are wrong and I need to start with different connections and setup, that is not a problem, just tell me what I have to change and I will do it. The only thing we cannot change is the default gateway of the PC, which cannot be other than 192.168.1.1.
I have been strugling for almost two months reading the topics on forum without success. I also created a previous Topic which led to nothing.
I need to know it this device fits our needs because in that case we will apply it in all our PLCs instead of buying a very expensive PLC network card.
we were already communicating with each other on your old posting but
then came a week of holidays with my family and then I didn’t get to read
the forum for quite some time.
Let’s start from the beginning, with the ip settings from the current posting
(which are different from the last one).
I repeat all the settings, just for sake of completeness:
PLC: ip 192.168.44.1 mask 255.255.255.0 gate 192.168.44.169
Reset the RUT to factory defaults. then configure it like below.
no VLANs, no routing, no traffic rules, no firewall settings
RUT LAN: ip 192.168.44.169 mask 255.255.255.0
RUT WAN: ip 192.168.1.128 mask 255.255.255.0 gate 192.168.1.1
PC: ip 192.168.1.10 mask 255.255.255.0 gate 192.168.1.1
Now port forwardings in the RUT like this:
any external address/any port to any WAN ip port 4840 will be forwarded to 192.168.44.1 TCP port 4840
any external address/any port to any WAN ip port 102 will be forwarded to 192.168.44.1 TCP port 102
Also set NAT loopback to off on both forwards, and “TCP only”.
The PC has to communicate with the PLC at address 192.168.1.128
(the WAN address of the RUT) because the “real” PLC is hidden behind
the NAT done the RUT. Therefore the PC can’t ping the PLC directly.
Disconnect PLC, connect a PC/Notebook with ip settings exactly like
PLC and try to ping the gateway at 192.168.1.1 and the PC at 192.168.1.10
Reconnect PLC. Enter the CLI of the RUT and try to ping the gateway at
192.168.1.1, the PC at 192.168.1.10, and the PLC at 192.168.44.1
That should work.
If you want a transparent connection between the 192.168.1.x network and
the 192.168.44.x network then the RUT has to run in routing mode and a
static route has to be set on the PC to point to the PLC via the router. Is
also possible.
[a small comment: If I had to do it then I’d set the LAN of the RUT to
192.168.44.1 and the PLC to 192.168.44.2 or so. That’s “because the
routers always have the IP a.b.c.1”, but that is just my way of doing it]
Hi,
nice to read from you again.
Yes, this time the addresses are different (different machine) but as you may see the pain in the a** is always the same.
I think I already tested what you wrote but I will give it another try again, starting from a clean cfg.
I agree with you that a.b.c.1 is a more common address for a gateway but fortunately it is not a written rule so I can simply add the device to the already existing system without the need of reconfigure my hardware setup.
I hope this works but (just in case) I would prefer the completely transparent mode, as per my previous post.
Let’s see if I’ll be back with some good news.
Thank you.
Regards.
Hi,
finally we have something working!
I am abroad but I took the RUT with me, to make test at the hotel and today at the factory (same PLC as the example).
So, what we have is:
PLC working with development tool
PLC’s web page working (I decided to use port 81 along with IP and then rewriting to destination as 80)
I can also reach the RUT Web interface (which allows me to change the stuff also from the Wan port)
HMI sm@rtserver (kind of VNC) is reachable by the client
The only thing which does not work at this time is the HMI project update but I am still looking for the right ports to forward.
Did not test the OPC-UA server because this PLC does not have the server enabled but I am quite confident.
I think that my problem (in the previous tests was the “NAT loopbak” which I left enabled.
So, this is a very good starting point to finally integrate the RUT300 instead of an expensive PLC ethernet card.
Of course, if you can get the transparent routing working that would be absolutely perfect!
As soon as I get back to office I will try prepare a PDF with all standard setup needed to use the RUT with Siemens devices and share it via this forum.
I am quite sure this is something that will be appreciated by many customers, not only by me (and will increase the Teltonika businnes as well ).
So, I look foward for an answer on how using routing instead of port forwarding. I know you can do it.
Really appreciate all the time you dedicated to this topic. Really!
Dear timelapsesystems,
today morning at my office I had the chance to do further tests.
I found out that unfortunatelly, both PLC and HMI, to properly connect with the TiaPortal development tool to update the projects, need port 102 (HMI uses also some more ports but it seems that 102 must be open as well).
I added the two separate port forwards to the list but only PLC works correctly when both rules are enabled. The only way to reach the HMI is to disable the PLC rule. This is quite uncomfortable for obvious reasons.
The other problem is that OPC-UA does not work even if port 4840 is in the list. I tried disabling all other rules but without success. This is also quite annoying because I though it had to work without any problem.
Resuming I can say that Port Forwarding is working but it allows only a limited set of operations.
I am convinced that the only way to have full controll of the devices is to find out how to configure NAT1:1 or Routing for each device behind the router.
I look forward for your next miracle.
Regards.
Hi,
quick update: I found how to make the OPC-UA working. The problem is related to the address returned during the discovery/connection of the OPC Endpoint which was not matching with the one used for the call by the client.
Using a different tool (UA Expert) I advised the client that the answer was coming from a different address (the real PLC address) and it started working.
Anyway, I keep on feeling that transparent mode is better.
Regards.
).