6/1/2023 0 Comments Firewall builder ip forwarding![]() The devices can use their standard TCP port of 502. Incoming traffic is then routed to the proper device. The Connect WAN is configured with a TCP/UDP forwarding table as follows: Notice the destination IP address is the Connect WAN''''s mobile IP address. In this case the application is configured to poll according to this table: The application must be able to support changing the TCP protocol port number from the default of 502. Different TCP port numbers are used to designate which device gets the proper traffic. TCP port forwarding is used to forward the IP polls to one or more devices on the Connect WAN Ethernet port. The application can then only send polls to one IP address the mobile IP in this case 166.213.229.218. NAT hides the private Ethernet IP addresses of the devices connected behind the Connect WAN''''s Ethernet port. On local LANs and publicly routable IP addresses this is not a problem. The application uses a protocol that polls the devices using the device IP address and TCP port 502 (which is Modbus). Pass VPN traffic, such as IPSec-in-UDP, through to routers or VPN appliances.įor example, three devices are attached to the Connect WAN''''s Ethernet port: Pass application data traffic, such as polls or requests, to Ethernet connected devices, andĢ. There are two main applications where port forwarding is required:ġ. Port forwarding provides a means to pass traffic from the mobile interface to devices connected to the Connect WAN''''s Ethernet port. ![]() Normally, traffic initiated from a host site to a Digi Connect WAN is blocked by NAT, unless the traffic is destined for the Connect WAN itself. See the Digi Connect WAN application notes on primary and fail-over connection scenarios. Typically this connection is a directly connected Ethernet cable.Īn example similar to the above is where GRE tunneling is used to create a backup WAN connection to a primary Frame Relay connection through the Connect WAN and wireless network. The Connect WAN has GRE forwarding enabled and will send to the router''''s Ethernet WAN port, in this case 192.168.1.2. The HQ router''''s peer GRE address is the mobile IP address of the Digi Connect WAN, which in this case is 166.213.229.218. Note the Connect WAN only passes GRE traffic and does not terminate it. ![]() The Connect WAN provides a simple checkbox to turn on GRE forwarding to pass GRE traffic from the mobile interface through to a router on the Ethernet interface. GRE uses IP-in-IP and allows private IP addresses to be tunneled through a public network. IPSec can be encapsulated in GRE (and vice-versa). Note that GRE itself provides no encryption but protocols such as PPTP can use GRE. GRE is a transport layer protocol, designated as IP protocol number 47, is used by many routers, WAN switches and VPN concentrators, to effectively tunnel traffic over a WAN between routers. Generic Routing Encapsulation (GRE) forwarding It should not be disabled unless there is a specific reason to do so. NAT is enabled by default on the Connect WAN. The Connect WAN need be provided only one IP address from the wireless carrier. IP Address Availability: IP addresses are in short supply and cost money. Security: NAT hides the Private IP addresses of the devices on the Connect WAN''''s Ethernet network.Ģ. HTTP or telnet connections for configuration or monitoring), or is forwarded to hosts via the Ethernet interface based either on GRE or TCP/UDP port forwarding which is covered below.ġ. Incoming (mobile terminated) traffic is either designated to the Connect WAN itself (i.e. An internal table tracks which internal IP address made the outgoing request so that responses get sent to the proper requestor.įor example, a workstation at IP address 192.168.1.15 sends a request to The source IP address is changed by the Connect WAN address translation to the public Outgoing traffic (mobile initiated) from the private network to the public mobile network assumes the IP address of the public mobile interface. NAT allows the Digi Connect WAN to have a single public IP address on the mobile link, while allowing multiple private IP addressed devices connected to the Ethernet interface. This document describes each function, how they are used in conjunction with each other, how they are used, and what issues can occur with each if not used properly. The Digi Connect WAN supports four features which provide security and IP traffic forwarding when using incoming or Mobile Terminated connections:Ģ.
0 Comments
Leave a Reply. |