8.7.3   Routers, Proxy Servers, Port Mapping and NAT

The WebAccess Project Node and SCADA Node can be mapped to a "Port" on a Router or other Proxy Server.   Users from the outside connect to the public IP address of the router with the Port number appended to it.  The format is http://ipaddress:port. 

If the port number is 8000, and example is http://67.94.27.174:8000.  

WebAccess downloads a "deploy file" which describes the two additional TCP ports used by Web Access Project and SCADA Nodes to the Clients.  This deploy file contains the address of the SCADA Nodes and Project Node.  This address used in the deploy file must be translatable by all your users.

The design of WebAccess using Port Mapping requires that the Router/Gateway redirect Private IP Users back to the SCADA Node and Project node when the Public IP:Port is used by the Private IP User (including the SCADA Node and Project Node).  Most Routers do this (LinkSYS and CISCO), we believe. This is the second customer to have difficulty. 

To configure a access to the Project Node and SCADA Node, for most routers/gateways, enter the Public IP address in SCADA Node and Project Node configuration.  Most routers will translate the Public IP Address into a Private IP Address for both External (Public, Internet) and Internal (Private, Intranet) Users.

Many ADSL modems and Novell Border Manager does not connect internal users back to the internal node if a Public IP address is specified by the private user . If the router/gateway does not re-direct internal users to an internal node using a Public IP address, then the HOSTS file is a solution that allows different users to interpret the SCADA and Project Nodes differently.  A HOST name is entered in Project Configuration, instead of an IP Address, for the SCADA and Project Nodes.

To read a deploy file in your web browser, using the following format:

http://ipaddress/broadweb/projectname.dpj

To read the deploy file of the WebAccess Live demo:

http://64.55.156.4/broadweb/LiveDEMO.dpj

3 TCP Ports must be mapped to the Project / SCADA Node. The default Port Numbers are:

1)     Port 80 is the default Port used for the ASP page (the web page).

2)     Port 4592 is the WebAccess Primary Port used for File Downloads (e.g. graphics, symbols, etc). 

3)     Port 14592 is the WebAccess Secondary port is used for real-time data (e.g. setpoints, measurements, status, Trends).

All TCP Ports used by WebAccess can be modified.  The above are the default values.

Port mapping is a way to reduce the number of public IP addresses assigned.  Many WebAccess Nodes can use a single public IP address, each with its own private IP address and a port mapped to those private IP address.

Network Address Translation (NAT) is a method of connecting multiple computers to the Internet (or any other IP network) using one IP address. This allows home users and small businesses to connect their network to the Internet cheaply and efficiently.

The impetus towards increasing use of Port Mapping and NAT comes from a number of factors:

·         Security needs

·         Shortage of IP addresses

·         Ease and flexibility of network administration

Dynamic Port Mapping in NAT automatically provides firewall-style protection without any special set-up. That is because it only allows connections that are originated on the inside network. This means, for example, that an internal client can connect to an outside Project Node /Web server, but an outside client will not be able to connect to an internal Project Node / Web server because it would have to originate the connection, and NAT will not allow that.

Static Port Mapping in NAT makes it possible to make some internal Project Nodes / Web Servers and SCADA Nodes available to the outside world via inbound mapping, which maps specified TCP ports to specific internal addresses, thus making services such as the Web or TCP/IP available in a controlled way.

WebAccess uses Active Server Pages (.ASP) to communicate with an Access database for engineering and configuration (typically via TCP Port 80).  Real-time Data and Animated Graphics are supplied to client Web Browsers using an ActiveX "plug-in" to Internet Explorer 6.0 (the default ports are 4592 and 14592, respectively).

The outside clients will use the Proxy Server's IP Address with the third ports IP appended to it. Clients will type in the IP Address of the Proxy Server : 3rd Port.  If the third TCP Port is 3333 and the IP address of the Proxy Server is 64.55.156.4 then Internet Clients must enter for the IP address

 http://64.55.156.4:3333

WebAccess supports Proxy Server Port Mapping on Microsoft networks, but where Port 3333 of the Router/Proxy Server is mapped to Project Node's private ipaddress:port 80 (the default web server port).

Any port numbers can be used. The 3333 is just an example, the 4592 and 14592 are just defaults. Both IIS (Internet Information Server) and WebAccess can be configured to use any port numbers.