NI Home > Community > NI Discussion Forums

Real-Time Measurement and Control

Reply
Member
Theo
Posts: 6
0 Kudos

Cannot access cRIO behind NAT firewall with MAX

Hi,

 

I have a cRIO system on a remote location that is connected to a GPRS router. I would like to use MAX to configure the cRIO system remotely. I have forwarded all required ports in the router to the local ip address of the cRIO system (10.10.10.11). The external ip address of the router is 192.168.101.11.

 

In MAX I go to Remote Systems -> Create New, select "Remote Device (not on the local subnet)" and click Next.

I enter the external ip address of the router (192.168.101.11) and click Finish.

 

With Wireshark I can see that MAX opens a connection to 192.168.101.11 on port 44516. A few packets are exchanged and then the communication stops. At that point MAX seems not to be responding anymore. With Wireshark I can see that MAX is continuously trying to open a connection to 10.10.10.11, which is the local ip address of the cRIO system. But that ip address is inaccessible, MAX should use the external ip address of the router instead.

 

Apparently MAX first retrieves the network configuration of the cRIO system and then uses the locally configured ip address of the cRIO system for communication. This doesn't work if the cRIO is behind a NAT device.

 

Anyone have a suggestion to force MAX to keep using the external ip address of the router?

 

Theo

 

Member
ericbnelson
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

I am having the same issue.  I opened up several ports using the advice on several posts on this forum.  My understanding was that MAX used port 44525.  I am using a Verizon 4G USB modem to a Cradlepoint CTR500 router.  My router may not be passing the traffic on like I configured it.  I would really like this to work.  Anyones real world experiences would be appreciated.

Member
ericbnelson
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Wireshark also showed MAX trying on port TCP 44516.  I'm going to open up this port and see if this helps.  I am concerned about the routing issue.  The option of connecting to a device not on the local subnet should take care of your redirect to LAN side issue

Member
Theo
Posts: 6
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Port 44516 is used when the device is not on the same subnet as the computer runnng MAX. For local devices port 44525 is used. My problem is not the ports that MAX use, but that MAX uses the locally configured ip address of the device instead of the ip address of the router behind which the device is located.

 

Member
ebnelson
Posts: 25
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

[ Edited ]

We opened up TCP port 44516 and are experiencing similar behavior.  We have not verified that MAX uses the locally configured IP address after making the initial connection.  I haven't seen MAX try to reach the target's local IP on Wireshark.  We have been wondering whether once connected the reply from the target would use a different TCP port?  Do you have a list of ports that are needed for cRIO behind NAT?  The NI whitepaper on the subject seems inacurate.

Member
John-C
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

I am having the same problem (note I am a Network Engineer not a researcher).  What appears to be happening is that the device responds to the queries sent from MAX.  One of those fields includes the device's IP address, it appears that MAX then defaults to that IP address information for further communication.

 

If anyone has any workaround for this I would appreciate it.  Our environment requires us to segment scientific equipment and we have been using a NAT firewall to do this.

 

At this point I am allowing all inbound and outbound communication to and from the device but the behavior persists.

Member
ericbnelson
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

What about adding a remote target to a LabVIEW project?  Does this use the same ports?  I am unable to test the ports at the moment because my system had to be shut down due to another problem.

Member
alexislg
Posts: 7
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Hello,

I have the exact same issue. It is indeed a bug of MAX. I would be very interested for any solution to this !

Member
John-C
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

I think the only solution would be for NI to patch the MAX application.

Member
alexislg
Posts: 7
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Same issue here:

http://forums.ni.com/t5/LabVIEW/MAX-can-t-connect-to-CompactRIO-on-remote-subnet-using-NAT/td-p/1319...

 

I think that this issue comes from the cRIO itself and not from Max. It is the cRIO that sends its own local IP over the Internet to MAX. It should look like this:

MAX -> cRIO (global adress) : HELLO

cRIO -> MAX : HELLO, please contact me at 192.168.x.x (local adress)

MAX -> 192.168.x.x   => Time out