Remote Access to an IP-Ready Terminal Device via LTE using Port Forwarding
- 17 Sep 2024
- Print
- PDF
Remote Access to an IP-Ready Terminal Device via LTE using Port Forwarding
- Updated on 17 Sep 2024
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Port forwarding as a simple solution for SIM cards with fixed, accessible IP addresses.
Situation
An IP device (e. G. Modbus TCP) in the router’s local network is to be accessed from a PC via the cellular network. You also have an M2M SIM card with fixed IP address, which is accessible in the network of the SIM card provider.
Solution
The solution for this is port forwarding (Destination NAT). The router forwards connections that are directed to its LTE IP address to the target device in the local network, in this case a Modbus device. A port forwarding (destination NAT) rule is created in the router, which forwards Modbus connections to the Modbus device (target device).
In the following overview image, the target device has the address 192.168.2.100 and the port 502 (standard port for Modbus) in the IP network net2 of the router. The IP address of the router in the provider’s network has the address 1.2.3.4.
Please note!
Access from the PC to the SIM card provider’s network (usually VPN access) is not described in detail here, as this depends on the provider.
Prerequisites!
For the following configuration, it is assumed that your router was in default settings and commissioned using the startup wizard so that it can establish an LTE connection and has configured a local network net2 in the address range 192.168.2.0.
Open the user interface of the router: https://insys.icom
Click on on the Network → Firewall / NAT page under Destination NAT on to add a destination NAT rule: and configure this accordingly:
Description: DNAT rule for port forwarding to Modbus port
Type: Portforward
Protocol: TCP
Incoming interface: lte2
Destination port: 502
Destination NAT to address: 192.168.2.100
Destination NAT to port: 502
Click on SUBMIT.
Click on on the Network → Firewall / NAT page under IP filter to add an IP filter rule (that enables the transmission of TCP data packets from the WAN network lte2 to port 502 of the IP address 192.168.2.100 in IP network net2) and configure this accordingly:
Description: Traffic from lte2 to 192.168.2.100
Packet direction: FORWARD
IP version: All
Protocol: TCP
Input interface: lte2
Output interface: net2
Destination IP address: 192.168.2.100 / 32
Destination port: 502
Click on SUBMIT.
Activate the profile with a click on ACTIVATE PROFILE .
Result testing
In order to verify whether the port forwarding to the Modbus device on the router works, you can use a Modbus master simulator (such as Modbus Poll) to establish a test connection, for example. To do this, establish a Modbus TCP connection to the fixed IP address of the SIM card via port 502. If the connection can be established, port forwarding works as expected.
Troubleshooting
Disable the IP filters for IPv4 in the Network → Firewall / NAT menu under Settings IP filter to check whether incorrect filter settings are the reason for connection problems.
Disconnect the Ethernet connection between your configuration PC and the router and enter the fixed IP address of the SIM card in your browser to verify that you can access the router via the cellular connection.
Click in the Administration → Debugging menu on OPEN DEBUG TOOLS , select the tool TCP-Dump, enter the parameter -i net2 and click on SEND. In this TCP dump, you can verify whether port forwarding to the router’s IP network net2 is working.
Was this article helpful?