Accessing Cosy 141 from Plant Network

The situation here is: we have an eWon Cosy 141. I have it set up on their network and in my eCatcher account, all that is working fine. They need to be able to FTP from their plant network into the PLC that is behind the eWon.
For another customer, I need that PLC to be able to send and receive SQL commands. I feel like any solution I reach for FTP could also be applied there.

I found this support article for the Cosy 131 that seems like a good solution: https://websupport.ewon.biz/sites/default/files/kb-0241-0-en_reach_a_device_behind_an_ewon_on_the_same_remote_site_but_from_two_different_networks.pdf
However, on the Cosy 141 I do not have this NAT 1:1 page in my Gateway wizard. When I go into the advanced COM settings, I see variables like NAT11In1 that seem to match the fields shown, but I’d need to know specifically what to change to mimic it, if the functionality exists. Also, is it possible for the Mapped IP I set up to be the same as the eWon’s WAN side IP? It would be nice if I didn’t have to use up two IPs on their network.

I also found an article for the 141 about just forwarding all traffic: https://websupport.ewon.biz/sites/default/files/kb-0068-0-en-access_internet_via_cosy_beside_talk2m_vpn_0.pdf
I guess the main reason I haven’t done this is the hope that the previous option could work with only one IP, because this option seems like both IPs would go on the network regardless. Also, there may be future machines where I have more than just the PLC on the internal LAN, and I would only want the PLC to get out. If the NAT won’t work out, I am willing to do this for now and get another model for such machines.

So if I could get instructions on how to achieve some sort of NAT or transparency where the PLC can get to the plant network and I only need to use up one IP, that would be great.
If not, and the traffic forwarding would work, I’ll go try that.

Thanks,
Corey

@CabbottVoorwood

The cosy 141 does not support NAT 1:1 however you should be able to allow all WAN to LAN traffic so that your LAN devices are accessible from the WAN.

You would use this knowledge base article to allow WAN to LAN traffic (same as the one you found):

The eWON’s WAN IP would be the gateway to your LAN devices after making these changes.
It’s worth noting that you will need to add a route to your PC’s routing table so that it can find the LAN device.

You can do this in command prompt, example below:

route add destination mask subnetmask gateway

Device’s LAN IP = 192.168.1.3
Device’s subnetmask - 255.255.255.0
eWON WAN IP = 10.0.0.100

route add -p 192.168.1.0 mask 255.255.255.0 10.0.0.100

–
"Also, is it possible for the Mapped IP I set up to be the same as the eWon’s WAN side IP?"
NAT 1:1 on the Cosy 131 (not supported on the 141) lets you map your device’s LAN IP to a reserved IP on the WAN network.

The eWON device will always need 2 IPs. One for the LAN (machine network) and one for the WAN (company network), and they cannot be in the subnet otherwise a conflict will occur.

I hope this helps clarify!

@CabbottVoorwood

Another option that you would have here would actually be proxying on the LAN (essentially port forwarding). As my colleague @hms_support mentioned, the COSY 141 does not support NAT 1:1 translations. What you could do however is forward FTP traffic to the LAN device via the WAN IP of the eWON.

In order to use this solution however you will need to ensure to make a few configuration changes.

Steps:

Security Settings

1. Navigate to the eWONs IP address -> Settings -> Maintenance -> Show Advanced Settings -> Edit Com Configuration
   
   

2. In the top right you should see a search bar. We will be using this a few times.
   
   

3. Search for the parameter: NATITF
   A. Set this value to 2
   B. Save
   
   

4. Next, search for the value: WANITFProt
   A. Set this value to: 2
   B. Save.
   
   

5. Next search for the value: FWRDToWAN
   A. Set this value to: 1
   B. Save
   
   

Proxy Settings

1. For this section we will be updating about 7 different parameters. Please repeat all of the same steps as you did above however substitute the corresponding values from the table below.
   
   

By using the values proposed in the steps and table above, you should be able to forward just FTP traffic or any other traffic as you define it.

EDIT:

As I was re-reading your topic I notice you also mention a SQL connection to the PLC. You could follow the exact same steps as outlined above except you would change two values.

For SQL :

ProxyProto1 = 2 (tcp)
ProxyPort1 = 3306 (SQL)
ProxySrvPort1 = 3306 (SQL)

Reference Documents:

Proxying On eWON Cosy - Link

eWON Comcfg.txt - Link

Accessing Data Behind eWON - Download

When I set it up as described, my FTP connections still just bump into the eWon. (I can put in the admin credentials and see the eWon files.)

However, I changed ProxyPort1 to 22, and now it works perfectly.

So marking this as solved; needing to use a port other than 21 is very minor, but feel free to add any methods for getting that functionality if they exist.

@CabbottVoorwood

Ah, you are correct. The eWON additionally hosts an FTP server. You can change the eWON FTP port to free it up for your connection by changing the following parameter via the same method as above.

IpsFtpP: 22 (Originally 21)

That will set the eWON FTP access to 22 as opposed to 21 and will free up 21 for your usage.