Modern industrial machines are constantly generating data that can be harnessed to improve business outcomes. Insights from machine data can be utilized to reduce machine down time, increase machine efficiency and even prevent machine faults. Although the availability of data from machines is readily available, many challenges prevent the collection of this data from the machine network. Challenges such as limited computing resources or security vulnerabilities can prevent the utilization of valuable machine data.
A specific challenge seen across many applications is the requirement for a private machine network (LAN) to connect to a public network (WAN) such as the company’s operations network. For example, the PLC or HMI’s in the machine network may need connectivity to various servers such as SQL, Web, or FTP etc. KEB’s C6 Router offers the functionality needed to solve this problem securely.
By default the C6 Router closes all data traffic across its WAN and LAN interfaces except its VPN traffic. However, NAT rules can be used when required to securely transmit data across its WAN and LAN interfaces. This post will overview how the C6 Router with its NAT rule functionality can enable connectivity between these networks, enabling access to machine data securely.
Overview of Network Address Translation (NAT)
Network Address Translation (NAT) is a commonly used technique by routing devices to forward data between networks. The IP datagrams (messages) sent between devices are formatted according to the IP protocol, and contain the information required travel across networks. Information such as the source/destination address in each IP message is used by routers to deliver data to its correct destination. NAT works to modify data packets by changing the source or destination IP address information in messages. The “re-addressing” of data allows information to pass between public and private networks. Various types of NAT exist depending on the desired direction of data across a router and network configuration. Aside from connecting networks, benefits of NAT include reducing the number of IP addresses, and increasing security by hiding original source and destination addresses within the data packets.
C6 Router Implementation
The C6 router includes NAT rule functionality by supporting Destination and Source NAT (1:1) services across its WAN and LAN ports. This allows for the translation of destination addresses and ports. Port forwarding and port translation is made possible by defining easy to configure rules. The configuration can limit data traffic by direction , IP address, port number, and protocol.
C6 Router Example Configuration
The necessity for devices such as HMI’s or PLC’s within the machine network to reach a web server is a common problem. The example solution below demonstrates and tests NAT functionality via port translation to limit network traffic to the HTTP protocol and only serving HTTP requests from the LAN address and port 9000. HTTP Requests are handled by a python HTTP server (using the built-in http.server library) on port 8000.
1. Define NAT configuration. This rule will allow for requests on the LAN interface on port 9000 to translate to address of the web server on the WAN network at 192.168.202.66 on port 8000.
2. Open command line and run web server by using the following command: python -m http.server
3. Open browser on C6 HMI and enter in the IP address of the LAN address and port 9000
4. This will cause the router to remap the source and destination addresses in the IP message. The HTTP server will handle the request and the web page is served to the HMI browser.
KEB’s C6 Router acts to bridge the gap between private machine networks and public networks with an extensive set of easy to implement configuration features.
Would you like to hear more about our remote networking solutions?