Real-Time Measurement and Control

cancel
Showing results for 
Search instead for 
Did you mean: 

Exactly what ports are used to communicate with a cRIO?

Solved!
Go to solution

Can someone provide this information (or point me to it). I would like to set up a cRIO for remote access across the internet, and I am putting it behind a firewall. I'd like to know exactly what ports need to be forwarded to allow MAX to connect (when I tell it to directly connect to a URL).

 

Thanks,

Chris

0 Kudos
Message 1 of 14
(17,707 Views)

hi Chris,

 

First you need to be able to access the network behind the firewall. For example we use VPN software and tokens to enable us to access

our system servers from literal anywhere in the world.

 

On setting up you cRIO, suggest you name give it an alias. Connect via MAX to record the salient details, IP address etc.

 

Suggest you obtain a fixed IP address so that in event of power loss, on restart you still have same IP address. Our DHCP  software does not provide the same IP address in such events. So necessary to utilise console out (serial port ) & hyper terminal to discover new

IP address. Try not to go down this road, you have to carry so much extra equipment.

 

Basically after you have set up the cRIO inside the company network, provided you have access to there internal network then

MAX should have no problem seeing the cRIO.

 

It worked first time for me. Then the fun started as we were using DHCP, so on rebooting (via MAX ) I 'loss' the system. After

fault finding IT agreed to provide fixed IP address, no problewm since.

 

xseadog

0 Kudos
Message 2 of 14
(17,704 Views)

Thanks for the feedback, but that doesn't give me exactly what I need. My cRIO will be attached to a wireless modem with built in NAT, Firewall, and DynDNS Client. I will set the cRIO with a static IP, and I will forward traffic directed at the modem (via DynDNS URL) to the cRIO, but I need to know exactly which ports to forward (I'd rather not expose the cRIO to the internet directly). I'm guessing that you avoid this trouble because you can VPN directly into the network, which makes it seem like your computer is on the same network as your cRIO. My cRIO will be on a different network, so I will have to configure the firewall to route the traffic for the cRIO manually.

 

Chris

0 Kudos
Message 3 of 14
(17,691 Views)

hi Chris,

 

I am confused with port settings. If you are using a CAN bus interface with MAX then it is necessary to set up the ports.

That is the only info provided in MAX help.

 

It is necessary to provide an IP address for the controller, so that MAX can address it. i suspect that you will have to set up your wireless

router using the manufactures driver. Once you have suceeded then a Windows ping to the cRIO controller will verify that the system is functional. Thus Max can be used. 

 

xseadog

0 Kudos
Message 4 of 14
(17,689 Views)

xseadog, sorry for the confusion. I am not speaking about physical ports like the serial port on the cRIO. I am talking about the port number(s) that are used by the TCP/UDP traffic that is directed to the cRIO over ethernet. This Wikipedia article explains the topic: http://en.wikipedia.org/wiki/TCP_and_UDP_port. When I configure the NAT router built into the modem, it will direct traffic to the router from the internet to the cRIO based on the port it is received on. I just need to know which ports are used with the cRIO with MAX. For example, FTP (File Transfer Protocol) uses ports 20 and 21. If I want to FTP into my cRIO from the internet, I will configure the router to direct traffic directed at it on port 21 to be forwarded to the cRIO on its local network. All traffic directed at my router from the internet using different port numbers (like worms, etc) will be disregarded.

 

That's a bad example because FTP could be exploited pretty easily. I won't be able to expose that port directly..

 

Chris

0 Kudos
Message 5 of 14
(17,682 Views)
Solution
Accepted by topic author minnellac

Chris

 

This Knowledge Base Article show which ports NI software uses.Please refer to the Kb for more details.

 

For cRIO you will need to use

44525 (Ethernet Target Device Discover)

3079 (LabVIEW RT TCP front panel connections)

3580 (NI Service Locator)

80 (LabVIEW Web Server)

96 (FPGA Compile Server)

 

(3537 if using VISA)

(81 if using Internet toolkit)

(20 and 21 if using FTP server).

 

What Ports Do I Need to Open on My Firewall for National Instruments Software Products?

Message Edited by Hueter on 12-02-2009 06:30 PM
Message 6 of 14
(17,676 Views)

Hi Chirs,

 

Have you realized the remote device access via Remote Router?

 

I have a similar application as yours.

 

Now my network settings is as follow:

 

 

cRIO:

 

192.168.8.7

255.255.255.0

192.168.8.1

 

 

Remote Router Local:

 

192.168.8.1

 

Remote Router Mobile Modem:

 

Mobile Status.JPG

 

NAT Settings in my Remote Router:

 

NAT.JPG

 

 

Now the 3G mobile network is proved to be OK, with a dynamic IP address every time booting up the router (114.81.217.195 e.g.).

 

But when I try to connect the cRIO as a Remote Device in MAX, with the remote IP 114.81.217.195,  an error pops up "Unable to initialize connection to Remote Systems".

 

And I use a LabVIEW TCP_Simple Data Server.vi and TCP_Simple Data Client.vi to test the NAT, in which I use 114.81.217.195 as the server address, the TCP_Simple Data Server.vi runs on cRIO with

 

local IP 192.168.8.7, as I think: 114.81.217.195 NAT to 192.168.8.7, but actually it doesn't work.

 

 

Do i need to have a static mobile modem IP address? I notice that every time I power off and reboot the router, the mobile modem would be assigned a different dynamic IP address.

 

 

Thanks,

Frankey

0 Kudos
Message 7 of 14
(17,490 Views)

It turns out that my EVDO Modem facilitates a VPN connection, so the way we are going, I won't need to explicitly open ports for the cRIO/MAX. I haven't tried this yet, but there is no reason to expect a problem. I should have it up this week. I feel better about a using a secure vpn connection than I did opening/forwarding ports to my device over the internet. Based on your settings, things look okay to me. You shouldn't need a static IP for the modem as long as you have a way of figuring out what the IP is. I use DynDNS to automatically associate my modem with a static URL so I don't have to worry about the IP address changing.

 

Did you say that the Simple Data Server VI did not work when you tried to connect to it from the client over the internet? That should work if you are using one of the ports that you have forwarded. By default, that example uses 2055, which doesn't look like it is forwarded from your settings.Why don't you double check that and try again.

 

Chris

0 Kudos
Message 8 of 14
(17,468 Views)

Hi Chirs, thanks for your reply.

 

I have tried many ports including the ports listed above, the program blocks on the TCP Open Connection.vi and then timeout.

 

 

Mentioning about the VPN connection, I know for a router which supports VPN, there are two kind of meanings:

 

some kind of router support VPN Server built in it, such as Cisco 2821,

 

and some other kinds of router only support VPN Pass Through, which means you could not build a VPN Server in it, you can only visit some other VPN Server by it.

 

 

My router only supports VPN Pass Through, what about your router?

 

Is it possible to realize what we want with the VPN Pass Through 3G Router?

 

 

 

Thanks a lot!

 

Frankey

0 Kudos
Message 9 of 14
(17,457 Views)

For the Simple TCP Server/Client VI, the only port you need to allow is the one listed on the front panel. If that is not working, there is some other problem. It sounds like you have the server set up correctly; maybe there is a problem with the client machine. Could it be that its outbound traffic is blocked? I am assuming you can get to the internet from the machine. Why don't you set the simple TCP server to respond to requests from Port 80, and then try to connect to it from your machine. If that works, that implies that there is something blocking your outbound traffic on other ports.

 

As far as our router goes, we are using the Digi Connect WAN 3G VPN router. I'm not sure about the details, but I'm pretty sure it includes a VPN Server. I handed it off to our IT guys to figure out.

 

Chris

0 Kudos
Message 10 of 14
(17,444 Views)