WIXLIB

Remote Maintenance with WinCC flexibleCommunication via a Wide Area Network (WAN)Communication via Port ForwardingIssue 12/04

ForewordForewordThis document describes the option of communication via port forwarding.If several operator panels in a system have to be connected to the Internetvia a router connection, this can be done using the port forwarding function,for example.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.docPort forwarding is a technique for forwarding requests, which have beensent to certain external ports on the router, to internal IP addresses withinthe local network.2/27

ForewordDisclaimer / LiabilitySiemens AG accepts no liability, regardless of the legal grounds, fordamages arising from the use of this entry, apart from the statutory liabilityaccepted, for example, for damage to items used for personal purposes,personal accidents or due to malicious intent or gross negligence.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.docWarrantyThe entries relate to selected suggested solutions for queries with complextasks that have been dealt with in Customer Support. We also wish to pointout that current technology not does permit us to exclude the possibility oferrors in software programs taking all application conditions into account.The entries have been compiled to the best of our knowledge. We cannotagree to accept any liability over and beyond the standard warranty forclass C software in accordance with our "General Terms and Conditions forthe Transfer of Software Products for Automation and Drive Technology".The programs are available on the Internet under individual licenses. Theyare non-transferable.3/27

Communication via Port ForwardingContentsCommunication via Port Forwarding . 5Accessing panels via port forwarding . 5Introduction . 5Sample application . 6Configuring port forwarding on the router . 7Changing a panel's port setting . 132Glossary . 233Warranty and Support . 27Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc11.11.1.11.1.21.21.34/27

Communication via Port Forwarding1Communication via Port Forwarding1.1Accessing panels via port forwarding1.1.1IntroductionIn communication via port forwarding, you do not contact the operator paneldirectly via the Internet, you only contact the IP address or the name of therouter in connection with the defined port.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.docFig. 1-1This option only comes into consideration if there are several HMI systemsthat you wish to access externally within the local network that is beingcalled using a standard router connection.In the case of port forwarding, only pay attention externally to the portsspecified previously in the router for the destination network; only use therouter's external IP address for addressing. The name of the router canalsobeusedinsteadoftheIPaddress(seealsoWinCC flexible remote maintenance DSL with router.pdf, section 2.3.1).At the local network end, the router from the destination network addressesthe devices via their local IP address. The router redirects an externalrequest to a local IP address with the aid of the specified port.This can be illustrated by comparing it with a phone system. Theswitchboard number corresponds to the IP address, the extensions/directlines correspond to the ports.5/27

Communication via Port Forwarding1.1.2Sample applicationPoint your Internet browser to the following :81In our router, this address is then forwarded to port 80 at local IP address192.168.1.20.The HTML page for our MP270 6" appears on your screen.Note:When you assign ports, take care to ensure that they are not alreadyoccupied on the Internet by certain services or protocols.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.docIf they are occupied twice, this may cause errors or malfunctions.Example:You are using to address port 80 externally (this port is normallyreserved for http communication). Port 80 is forwarded to a permanent IPaddress and also externally from this IP address again.As a result of this link, no other device can access information from theInternet/Intranet because the information from the Internet/Intranet is onlyrouted to a local IP address.Consequently, none of the other devices within your LAN receive anyfurther data.A standard assignment of ports to protocols or applications is performed bythe IANA (Internet Assigned Numbers Authority). It provides a complete listunder http://www.iana.org/assignments/port-numbers6/27

Communication via Port Forwarding1.2Configuring port forwarding on the routerTable 1-1No.ActionNoteCopyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc1 The BRICKware from BinTecthat is already installedcontains two defaultconnections to your router.Depending on which COM portis used, now select aconnection. The WindowsHyperTerminal opens.Start Programs BRICKware Device atCOM12 HyperTerminalPress ENTER to continue.3 After you press ENTER, alogin prompt appears in whichyou enter the user data whichis defined in your basicconfiguration.Use admin as the login, forexample, followed by Enterand then the relevantpassword.7/27

Communication via Port Forwarding4 Following login, enter setup.This takes you to the setuptool.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc5 Open the IP folder in order toaccess the Network AddressTranslation settings.6 Execute the NetworkAddress Translation optionby pressing ENTER in order toconfigure the settings.8/27

Communication via Port ForwardingCopyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc7 Select the Internet connectionwith which your router will beconstantly online.If this should change, you willhave to configure the settingsfor every other connectionused.The T ONLINE DSLconnection is selected in thisexample. The router ispermanently online via thisconnection.8 Network Address Translationwas enabled previously,preventing the internaladdresses from beingcontacted externally.Any functions which you wishto support via ports, despitethis block, must now bedefined individually in theRequested from OUTSIDE /INSIDE menu options.Open the dialed path.9 You can now define a newroute in the requested fromOUTSIDE subfolder via ADD.9/27

Communication via Port Forwarding10 In our example we define the route from external port 5800 to internal port 5800 of IPaddress 192.168.2.2.We have approved a whole range in the case of the external port via the setting specifyrange because, under normal circumstances, the smart server in WinCC flexible 2004 iscontacted via the smart viewer via port 5900.The specify setting means that a single port is forwarded.No range can be defined in the case of the internal port; the starting point suffices.Caution:The danger with large ranges is that ports are affected which are already occupied bystandard protocols.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc11 Save your entry and exit thedialog with SAVE.12 The table now contains the entry that you have just created.You can now create other routes for all the requisite ports.Caution:The HTML page on each panel can only ever be contacted via port 80. Therefore,depending on the external port, you must contact the internal IP address and port 80.Example:External port 81 -- internal port 80 and IP 192.168.2.1External port 82 -- internal port 80 and IP 192.168.2.2The return route will be configured later on in the menu option requested from INSIDE.10/27

Communication via Port ForwardingCopyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc13 View:Newly created entry14 In order to configure the returnroute, open the menu optionrequested from INSIDE.15 Add a new return route viaADD.11/27

Communication via Port ForwardingCopyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc16 Click SAVE to close the dialog17 Close the setup tool with Saveas boot configuration andexit.12/27

Communication via Port Forwarding1.3Changing a panel's port settingWhen using several panels in a local network, port settings for accessingthe Sm@rtServer must be adapted on an HMI system in the context ofSm@rtService.The following conflict arises:Example for illustration (see also section 1.1.2):We have used the following configuration for the incoming and outgoingroute for your router.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.docPanel 1external port 80 -- internal port 80external port 5800 -- internal port 5800external port 5900 -- internal port 5900Panel 2external port 81 -- internal port 80external port 5801 -- internal port 5800external port 5901 -- internal port 5900Call up the router name together with port 81 in the Internet Explorer; thewebsite for panel 2 appears.(For example, http://router1.dyndns.org:81)You can go to the HTML page "RemoteControl.html" via the RemoteControl menu option. The link for calling the Sm@rtClient is embeddedthere. Sm@rtClient facilitates the remote control of the panel. The defaultlink configuration is for panel access to take place via port 5800 (default).Thus, when the "Start Sm@rtClient" link is selected, the Internet Explorerattempts to contact the router address together with port 5800. (forexample, http://Router1.dyndns.org:5800).In our example, panel 1 is contacted instead of panel 2 on the basis of therouter configuration shown.Consequently, when using several panels, the standard HTML page"RemoteControl.html" has to be adapted in order to start the Sm@rtClient.This measure allows you to distinguish between the different destinationdevices.The description below shows you how to change the ports on the standardHTML page "RemoteControl.html".13/27

Communication via Port ForwardingTable 1-2No.ActionNoteCopyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc1 Prerequisite for thefollowing steps:N.B. The following settings areonly possible on a panel if therelevant configuration hasbeen transferred to the panelbeforehand with the aid ofWinCC flexible Engineeringusing the Sm@rtService:HTML pages utility (see basicsettings).2 Check the port settings ofthe Sm@rtServer on the portsettings.Start Settings ControlPanel Internet Settings.14/27

Communication via Port Forwarding3 Open the Sm@rtServerproperties on the Remote tabby clicking the Changesettings button.Note:In the panels you will find thissetting in the Control Panelunder the "Internet Settings"icon.Copyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc4 You can now check the portsunder ports:.The dialog shown on the rightshows the defaults that havebeen used in our example.(main) is the port for directaccess with the Smart Viewer.(HTTP) is the port for accessvia the Internet VNC Client.15/27

Communication via Port ForwardingCopyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc5 Now start the panel homepagevia the Internet.6 The File Browser link takesyou directly to the paneldirectory.Please select the WWW-Rootdirectory and login with youruser name and password.16/27

Communication via Port ForwardingCopyright Siemens AG 2004 All rights reservedKommunikation ueber Port Forwarding e.doc7 This takes you to the directoryon the panel's internal flash.17/27