Page 1 of 1
Port forwarding from Codesys with AWS SSM
Posted: 11 Oct 2021, 15:31
by Guest11740
Dear all,
I want to remote control a Codesys PLC with the codesys studio. For that, i am using the following setup: The PLC is connected via Ethernet to the RevPi Connect and the RevPi to the public internet.
I want to use port forwarding with AWS Systems Manager (SSM) for forwarding the port 11740 of the PLC to my local PC. To do so, I installed the SSM Agent on the RevPi and set up the tunnel to my local PC. The problem is that I cannot forward directly the port 11740 of the PLC via SSM but only the local host of the RevPi.
1) Is there a way to set the endpoint of SSM to the IP address of the PLC in order to forward directly port 11740 to my local PC?
2) Can I configure the RevPi settings (e.g. iptables) to manually forward the port 11740 from the PLC to the RevPi and transfer it from there to the SSM port forwarding?
Thanks to all for answering on that topic!
Re: Port forwarding from Codesys with AWS SSM
Posted: 11 Oct 2021, 15:57
by nicolaiB
Hi Guest,
unfortunately it is not possible to use a remote host with AWS SSM port forwarding. But as you already figured out, you can create a local port forwarding from your PLC to your RevPi and point AWS SSM to your local port.
For a quick test you could use the following
Code: Select all
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat - PREROUTING -i eth0 -p tcp -m tcp --dport 11740 -j DNAT --to-destination 127.0.0.1:11740
sudo iptables -t nat - POSTROUTING -o eth0 -j MASQUERADE
Nicolai
Re: Port forwarding from Codesys with AWS SSM
Posted: 12 Oct 2021, 16:27
by Guest11740
Hi Nicolai,
thanks a lot for your support! Unfortunately, I have not yet managed to establish the connection.
Below there is a sketch of the set up I use.
- SSM_Kunbus.png (49.01 KiB) Viewed 3303 times
The port forwarding with SSM agent between service PC and RevPi is working. I checked that by forwarding port 22 and using a SSH connection.
However, using SSM + iptables port forwarding the connection cannot be established by using this iptables rules:
Code: Select all
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 11740 -j DNAT --to-destination 127.0.0.1:11740
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Since the connection is always started from the Service PC I turned around the direction of the rules:
Code: Select all
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -p tcp --dport 11740 -j DNAT --to-destination 192.168.2.20:11740
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The connection via SSM still didn't work. But I was able to connect to the PLC if I specified within Codesys Studio the RevPi as the target system. So the port forwarding with iptables from PLC to RevPi should work. Can you see why it is still not possible to use the SSM port forwarding?
Thank you very much for your support!
Re: Port forwarding from Codesys with AWS SSM
Posted: 12 Oct 2021, 17:22
by nicolaiB
Hi Guest11740
Good catch! You're right, The destination IP in my iptables example must be the IP of the PLC.
Could you please test if the port is shown as open by using a port scanner like nmap?
Code: Select all
# install nmap package
sudo apt install -y nmap
# scan port on localhost
nmap -p11470 127.0.0.1
nmap -p11470 localhost
# scan port on external (wifi) interface
nmap -p11470 192.168.50.200
Nicolai
Re: Port forwarding from Codesys with AWS SSM
Posted: 12 Oct 2021, 17:42
by Guest11740
All ports are closed:
- Ports_Kunbus.PNG (28.24 KiB) Viewed 3294 times
Re: Port forwarding from Codesys with AWS SSM
Posted: 12 Oct 2021, 17:57
by nicolaiB
That's strange. Which IP did you use in your (successfull) test with CodeSys?