Hide the local static LAN IP adresses on WAN side

nat-hide-lan-side-on

#1

Hi,
We have a Felxy 3101 with additional WAN card. The WAN is configured as DHCP and is connected on a factory. On the LAN side, we have several PC’s with static IP addresses. Our costumer asks us if it is poosible to hide the IP addresses on the LAN side, so that the customer only can see the WAN IP address - do you have a tutorial on this?
Thank you
Regards
Olavur


#2

Hi @oko77,

I don’t really understand what you are asking to accomplish here. a FLX 1301 is a WAN card. Do you have multiple 1301 cards on your Flexy? Only one 3101 card will work with the Flexy at a time.

On the LAN side of the Flexy the LAN ports are just an unmanaged switch and we do not have the ability to hide other devices on the LAN.

You can restrict what LAN devices are accessible though eCatcher though properties > configure LAN devices.

Deryck


#4

Hi,
Thank you fo looking in to this.

Yes, we do only have one WAN card!

The WAN is connected to our costumers local net, and is configured DHCP. Our customer wants us to hide our PC’s that are connected to the LAN ports. When our customer is scanning the network for users on the WAN, he can see our PC’s that are connected on the LAN side.

He mentioned something about NAT, and I can see there are some configurations on ecatcher, but I am not sure how to use the NAT function.

Regards

Olavur

-------- Oprindelig besked --------


#5

#6

What IP addresses are they seeing are they seeing? Are they seeing LAN IP addresses? Did you make any changes to the eWon to allow internet access though the eWon?

Did you set up NAT 1:1 on the ewon?

Deryck


#7

Hi,
Yes, they are seeing the LAN IP adresses.

No, I don’t think so - the PC’s on LAN do not have access to internet.

I have not set NAT up on ewon - this is why I contacted you, if you had any tutorial on configurating NAT on ewon, or what would be the best solution on this issue.

Regards

Olavur

-------- Oprindelig besked --------


#8

The eWon LAN and WAN are separate interfaces and you should not see the LAN devices on the WAN though the cosy unless you had set up lan to wan pass though.
Make sure the following settings are set:
NatItf = 3
VPNRedirect = 0
FwrdToWAN = 0
WANItfProt = 3

Deryck


#9

Hi,
Ok, thank you very much.

Then it must be set up as pass thru.

I will try this later today or tomorrow, and will get back to you.

-------- Oprindelig besked --------


#11

Hi Deryck,

This did not change anything.

It is still possible to see the equipment behind the eWon

I have attached (a very bad) printscreen from a network scanner on the wan side. There you can see the name Schneider, which is equipment on the LAN side.

Regards

Olavur


#12

Hi Olavur,

This might help:

Go to eCatcher and right click on your device and go to properties. Then go to LAN & Firewall and click Configure LAN Devices & Firewall. From here you can go to Add LAN Device and choose which devices you want people to have access to when connected to the Flexy.

restrict2

You’ll need to disconnect from the device on eCatcher and reconnect before this will take effect.


#13

Hi Tim,

Thank you for this.

I will try this out.

But, if I do this, will I still be able to reach all devices thru ecatcher? Or do this also affect users on ecatcher, as well as users connected to the WAN network?

Best Regards

Olavur


#14

Hello,

You’ll be able to reach any device that you white list by doing the method above. Anything else on the network will not be reachable. The users that connect to this device through either eCatcher Mobile, eCatcher, or M2Web will only be able to see the devices that you white list.

-Tim


#15

You can also limit if you want these to be visible on M2Web and specify which protocols you want to support


#16

Hi,
The thing is that I don’t want anything to be visible at all, for users on the WAN side of the eWon. The equipment connected on the LAN shall only be visible for us, that connect to the eWon with eCatcher.

Regards

Olavur

-------- Oprindelig besked --------


#18

Hi @oko77,
Are you able to trace the route to the devices? do you see it going though the ewon? If you have the settings as I described above but are still seeing the LAN devices on the WAN you might have a cabling issue. You might have a cable bridging the LAN and the WAN.

Deryck


#19

Hi Deryck,
Ok, yes, I understand.

I will check the cables.

I will get back to you next week.

Regards

Olavur

-------- Oprindelig besked --------