NI Home > Community > NI Discussion Forums

Real-Time Measurement and Control

Showing results for 
Search instead for 
Do you mean 
Reply
Member
Theo
Posts: 6
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

The issue can be corrected in MAX. MAX should ignore the local address in the cRIO configuration, but use the external ip address that I specify when I use the "Remote Device (not on the local subnet)" search function.

 

Member
John-C
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

I agree with Theo.  The fact that we have already established the network connection manually and then MAX defaults to whatever the cRIO responds with is the issue.

Member
ebnelson
Posts: 25
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

[ Edited ]

Whether the issue is from MAX or the cRIO is a "chicken and egg" problem.  I think I will try a hack work around when I get my system back online.  This is to set the local cRIO IP address to the same address as my remote router's static WAN side IP address.  If my low end router can handle the WAN and LAN address ranges being the same, this may work.  It is the only thing I can think may work at this point. 

 

 I am personally far more interested in getting the remote target (cRIO) to connect through a LabVIEW project than through MAX.  I have been using the MAX connection as the first step.

Active Participant
rpursley8
Posts: 970
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Here is an excerpt from the response I got from NI about using a NI-9163 behind a NAT firewall and may be applicable to the cRIO issue as well.

 

"... The 9163 modules uses a Datagram Delivery Protocol (DDP) broadcast to communicate with MAX at any level deeper than purely being able to recognize the device.  With this sort of protocol, the actual address of the device, in this case the 9163, is embedded in the packet instead of the NAT address which is the only way that MAX would be able to interact with the device through the firewall.  Using the hardware you are using, we aren't sure that this device will be able to communicate through the NAT firewall..."

 

"... Our cDAQ 9181 and 9191 devices use a different protocol, mDNS, to communicate between the device and MAX.  The NAT firewall should not cause any issues with these devices..."

 

 

 

So I have to upgrade to get this to work, a solution I am willing to do.

 

 

 

 

 

Randall Pursley
Active Participant
Tom_W_[DE]
Posts: 1,717
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Hi Randall-

 

Hopefully the cDAQ-918x or cDAQ-9191 will be able to meet your needs.  One limitation you may want to be aware of, though, is that accessing the device across a NAT boundary does require forwarding all of the ports (indicated in the specifications for those chassis) to a specific IP 'inside' the NAT.  So, you wouldn't be able to hook up many cDAQ chassis across a NAT from your host and expect them all to work because the port selection isn't dynamic.

 

Before we released the cDAQ-9188 (8-slot ethernet), I took one home and hooked it up behind my home router and then forwarded all of the ports listed in the documentation to the cDAQ-9188 client.  After that, I could Add and Reserve it in MAX from my machine at the NI offices by pointing the DAQmx configuration at the IP address of my home router as assigned by my ISP.  But, we do not support dynamic port assignment for services or other protocols that might or might not allow using multiple chassis behind a NAT, unfortunately.

 

Hopefully this helps-

Tom W
National Instruments
Member
John-C
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Randall and I are working together. :smileyhappy:

 

The firewall we are using is an enterprise class firewall.  We will configure it with a 1to1 NAT so no port forwarding is needed.  Then I will write rules to only allow the required traffic in to the device.

 

But yes depending on the hardware being used it could be a problem using port forwarding for multiple devices.

 

We will definitely keep this thread updated on our experience.

 

Thanks!

Member
ebnelson
Posts: 25
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

I couldn't find a listing of specific ethernet ports required for the cRIO-9025 controller.  Can you point me in the right direction Tom?

Active Participant
Kyle-H
Posts: 212
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Ebnelson,

 

Please see this other discussion forum where it lists the ports. If you go to the solution it lists all the required ports for the firewall settings.

http://forums.ni.com/t5/Real-Time-Measurement-and/Exactly-what-ports-are-used-to-communicate-with-a-...

Kyle Hartley
RIO Product Support Engineer
National Instruments
Member
ericbnelson
Posts: 4
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX

Except the "solution" fails to mention that port 44525 (Ethernet Target Device Discover) only used when the cRIO and PC are on the same subnet.  If we were all on a local subnet /w our cRIO targets, none of us would have had a problem.  What I'm hoping for is the port numbers and type of connection (TCP, UDP, ...) for all connections required to connect to a remote target, on the other side of a firewall, from a LabVIEW project.  If I have a chance to take a simple home router to work I may come with that list myself. 

 

Is the MAX discovery only process that changes ports if the target is on a local subnet vs. external WAN?

Member
alexislg
Posts: 7
0 Kudos

Re: Cannot access cRIO behind NAT firewall with MAX


ericbnelson wrote:

Except the "solution" fails to mention that port 44525 (Ethernet Target Device Discover) only used when the cRIO and PC are on the same subnet.  If we were all on a local subnet /w our cRIO targets, none of us would have had a problem.  What I'm hoping for is the port numbers and type of connection (TCP, UDP, ...) for all connections required to connect to a remote target, on the other side of a firewall, from a LabVIEW project.  If I have a chance to take a simple home router to work I may come with that list myself. 

 

Is the MAX discovery only process that changes ports if the target is on a local subnet vs. external WAN?




Ebnelson,

you also have to forward the ports for the shared variables.

I personally forward all these ports:

80
44516
44525
21
20
3079
3580
3537
81
2343 (both TCP and UDP)
59110
62602
57616
51700

 

I found them using wireshark.