We have several sites that we access through a cellular modem. Each site has a PLC, HMI, VPN router, and of course the modem. We have been using a Cisco VPN router but wanted to try a Cosy 131 because we have been having issues with the Cisco. I have been able to configure the Cosy to do everything we need thus far with one exception, I need to be able to access the HMI using the public IP address without going through Talk2m. The Cisco allows us to set up port forwarding from the public static IP address to the IP address of the HMI on the LAN. I have already changed the settings in the Cosy that allows WAN to LAN but how do achieve the HTTP forwarding?
We normally accomplish this using NAT 1:1 to create an IP for the LAN device that can be accessed via the WAN, but that would only work if you had another public IP address available, which you probably don’t. So in this case you should be able to accomplish the port forwarding configuration by setting up a proxy connection to the HMI. There are instructions here:
AM-1007-00 - Define Proxy for Port Forwarding.pdf (405.3 KB)
You would need to choose a different port than 80, which is what the eWON is using and forward that to your HMI.
I hope you have also considered the security implications of this, as you are leaving your HMI exposed to the internet. Make sure you at least have a strong password set.
Kyle
Kyle,
Thanks for the info. I’m still a little unsure about setting this up. The article isn’t exactly clear to me. Here is what I set up. I realize I’m not supposed to use Port 80 but you didn’t tell me what to use instead. I’m just wanting to confirm that I have all the settings correct. The IP address, 10.0.23.11, is what I am wanting to forward to. Please see attached screen shot.
Randy
Hi Randy,
That looks correct. It doesn’t really matter what port you use, as long as it doesn’t conflict with something else, so 8080 is fine. That port number will be used in the URL when you are trying to reach the internal webserver, for example, if you WAN IP address is 172.16.10.10 you would enter 172.16.10.10:8080.
Kyle
Kyle,
Well for some reason I am still not able to connect. Any ideas?
Randy
Hi Randy,
Please send me your configuration so I can check. Use eBuddy Backup/Restore and do a backup with Support Files and attach that file to your response.
Thanks,
Kyle
Backup file is attached.
MOVED TO STAFF NOTE (18.5 KB)
Can you try setting NAT and TF to ‘NAT on LAN (Plug’n Route)’ and disabling NAT 1:1 as shown below, then reboot the eWON and try again?
I’m sorry, I used a screenshot from the Flexy. I think I figured out why this isn’t working though. I was under the impression that you were using an eWON with an internal cellular modem, but it looks like you are using an external cellular modem. Is this the same modem that you used with the Cisco router? And is it configurable? Can you let me know the model?
Yes we are using a separate cellular modem. It is a Sierra Wireless. We have used different versions of this modem. For this application we are using the Airlink LS300. Yes this is the modem we used with the Cisco and it is configurable.
OK - Please change NATItf to 3
The rest of the settings look good and if the modem was already configured to be bridged to the Cisco, it should work with the Cosy. Reboot the Cosy and try again. If you still aren’t able to connect, try a different port, like 8081 and try again and let me know if it works.
Kyle
Sorry you also need to change:
‘ProxySrvPort1’ should be ‘80’
‘ProxyPort1’ should be ‘8080’
Kyle,
I can now access the HMI via web interface so that now works. I can also connect to my PLC using RSLinx. However it seems changing the NATltf from 2 to 3 is blocking alarm emails from being sent out by the Red Lion HMI. I used the KB article that said to change the settings to the following:
NatItf = 2 (Nat and TF on WAN)
VPNRedirect = 0 (Allow traffic outside the VPN tunnel)
FwrdToWAN = 1 (Forward LAN traffic to WAN)
Randy
Randy, try changing NATItf back to 2, rebooting, and see if it still works. If not, we can probably come up with an alternative.
Kyle,
I changed NATltf back to 2 and I am still able to access the HMI web interface. I was able to generate a couple of alarms but now it seems that the HMI has lost connection to the PLC and I am not seeing any more alarms being sent out. Maybe eventually I’ll get everything working at the same time. Lol
Randy
One of the issues we had with the Cisco was we were using the built in ethernet switch and devices on the LAN tended to lose connection. I’m wondering if the Cosy may have the same issue. Do you think it would be a good idea to add a separate ethernet switch?
Hi Randy,
I don’t think the settings changing are related to the connection issue between the HMI and PLC. If we check the event logs, we can see if there are any errors involving the switch. It’s hard to say at this point if adding a switch would help or not, but it wouldn’t hurt. It would introduce another device that could potentially malfunction, but the chances are low.
Let’s check the logs first and see what we find. You can look at the logs in the web interface and if you want to make a backup with support files I’ll take a look as well.
Kyle
Backup file attached.
MOVED TO STAFF NOTE (175 KB)
Good Morning Randy,
Taking a look at the logs there are a few different errors that may be related to the communication problem:
1555672606 19/04/2019 11:16:46 eip-receive socket error during read/write eip 79324 27802
1555622870 18/04/2019 21:27:50 smbs-Serial port not opened mbsio 79305 22332
1555678902 19/04/2019 13:01:42 mbgw-Rx frame error, invalid header mbsgw 79304 22410
1555685314 19/04/2019 14:48:34 stdsrv-Socket Bind error eproxy 79340 33003
1555689873 19/04/2019 16:04:33 stdios-Inter process gateway request timeout (FINS) finsgw 79333 26802
1555689918 19/04/2019 16:05:18 epxy-Maximum sessions per port reached eproxy 79340 33106
So if you change ‘ProxyMaxSocks’ from [5] to [100] that should take care of at least one of those.
The other errors mainly involve Modbus TCP and Ethernet-IP socket and port issues. The HMI and PLC are both on the LAN, right? It seems like there might be a communication issue between them, or at least the Cosy is having issues forwarding the traffic between them, which is odd. What are the models and are they using Modbus TCP to communicate with each other? Have you had any issues before with the communication between the PLC and HMI? What is the make/model of each?
Kyle