Industrial Ethernet Tech Note
Abstract
This document provides step by step procedures to set up communication to the LAN side of a wired router to devices that do not have a default gateway. For example, a plant floor has a wired router at various locations. Each device behind the wired router has the same LAN subnet i.e. 192.168.10.0/24 and no default gateway set on any device. Remote access to devices in that LAN will be problematic since all traffic outside of that LAN’s subnet will get dropped due to the lack of a configured default gateway. This document solves that problem by using Masquerading and Port Forwarding.
Product
RAM-6021 & RAM-6021M12 Wired Router
Software
Web Browser
Firmware
4.16 or higher
Introduction
Set up a Wired Router to get access to devices on the LAN side that does not have a default gateway set using port forwarding
Part 1 – Setting up IP address on ETH1
In this example, we will use the following setup:
- WAN: 192.168.24.0/21
- LAN: 192.168.10.0/24
Edit where needed to fit your network subnet and topology.
- Go to Networking – Interfaces – eth0 (WAN)
- To set the IP address on the RAM, choose either DHCP, if a DHCP server is available on the WAN side or enter a static IP and subnet mask for Eth0. In this example, we are using DHCP.
When done entering all information, click Apply
Part 2 - Setting up Masquerade Rule
Here we set up masquerade rules to NAT the source subnet on the WAN side of Router.
- Go to Network – Firewall – Masquerade/NAT/DMZ Rules
- Click Add
- Enter the following:
- Original Source Subnet: Enter the WAN side’s network subnet. Ex. 192.168.24.0/21
- Interface: eth1 or All Trusted
- Click Finish
- Click Apply
Part 3 - Setting up Port Forwarding
Here we set up forwarding to send traffic to different devices behind the router on the LAN side.
- While on the same screen, click add under Host Redirect (Port Forwarding) Rules
- Enter in the information that meets your setup.
Note: In this example, we are using Windows Remote Desktop for proof of concept. If using another device behind the router that has a web interface such as a Red Lion DSP, substitute port 3389 for port 80 or whichever port is configured on the connected device.
- Original Destination Port: 3389
- Select Interface: All Untrusted
- New Destination IP: 192.168.10.50
- New Destination Port: 3389
- Select Protocol: TCP
- Source subnets via Whitelist: default
- Click Finish
- Click Apply
Part 3 - Setting up Port Forwarding
Here we set up forwarding to send traffic to different devices behind the router on the LAN side.
- While on the same screen, click add under Host Redirect (Port Forwarding) Rules
- Enter in the information that meets your application's requirements.
Note: In this example, we are using Windows Remote Desktop for proof of concept. If using another device behind the router that has a web interface such as a Red Lion DSP, substitute port 3389 for port 80 or whichever port is configured on the connected device.
- Original Destination Port: 3389
- Select Interface: All Untrusted
- New Destination IP: 192.168.10.50
- New Destination Port: 3389
- Select Protocol: TCP
- Source subnets via Whitelist: default
- Click Finish
- Click Apply
Part 5 – Test
Note: A ping test will not work in this case because the firewall does not forward pings to LAN devices. This is strictly for accessing devices behind the router like web UI’s, polling Modbus, etc using port forwarding.
- Open Windows Desktop.
- Enter the WAN IP of the Router
- Click Connect
- Masquerading and Port Forwarding was successful.
Disclaimer
It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of this document is at your own risk. Red Lion standard product warranty applies.
Red Lion Technical Support
If you have any questions or trouble contact Red Lion Technical Support by clicking here or calling 1-877-432-9908.
For more information: http://www.redlion.net/support/policies-statements/warranty-statemen