Real-Time Measurement and Control

cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot access cRIO behind NAT firewall with MAX

Hi,

 

I have a cRIO system on a remote location that is connected to a GPRS router. I would like to use MAX to configure the cRIO system remotely. I have forwarded all required ports in the router to the local ip address of the cRIO system (10.10.10.11). The external ip address of the router is 192.168.101.11.

 

In MAX I go to Remote Systems -> Create New, select "Remote Device (not on the local subnet)" and click Next.

I enter the external ip address of the router (192.168.101.11) and click Finish.

 

With Wireshark I can see that MAX opens a connection to 192.168.101.11 on port 44516. A few packets are exchanged and then the communication stops. At that point MAX seems not to be responding anymore. With Wireshark I can see that MAX is continuously trying to open a connection to 10.10.10.11, which is the local ip address of the cRIO system. But that ip address is inaccessible, MAX should use the external ip address of the router instead.

 

Apparently MAX first retrieves the network configuration of the cRIO system and then uses the locally configured ip address of the cRIO system for communication. This doesn't work if the cRIO is behind a NAT device.

 

Anyone have a suggestion to force MAX to keep using the external ip address of the router?

 

Theo

 

0 Kudos
Message 1 of 25
(6,940 Views)

I am having the same issue.  I opened up several ports using the advice on several posts on this forum.  My understanding was that MAX used port 44525.  I am using a Verizon 4G USB modem to a Cradlepoint CTR500 router.  My router may not be passing the traffic on like I configured it.  I would really like this to work.  Anyones real world experiences would be appreciated.

0 Kudos
Message 2 of 25
(6,907 Views)

Wireshark also showed MAX trying on port TCP 44516.  I'm going to open up this port and see if this helps.  I am concerned about the routing issue.  The option of connecting to a device not on the local subnet should take care of your redirect to LAN side issue

0 Kudos
Message 3 of 25
(6,904 Views)

Port 44516 is used when the device is not on the same subnet as the computer runnng MAX. For local devices port 44525 is used. My problem is not the ports that MAX use, but that MAX uses the locally configured ip address of the device instead of the ip address of the router behind which the device is located.

 

0 Kudos
Message 4 of 25
(6,913 Views)

We opened up TCP port 44516 and are experiencing similar behavior.  We have not verified that MAX uses the locally configured IP address after making the initial connection.  I haven't seen MAX try to reach the target's local IP on Wireshark.  We have been wondering whether once connected the reply from the target would use a different TCP port?  Do you have a list of ports that are needed for cRIO behind NAT?  The NI whitepaper on the subject seems inacurate.

0 Kudos
Message 5 of 25
(6,909 Views)

I am having the same problem (note I am a Network Engineer not a researcher).  What appears to be happening is that the device responds to the queries sent from MAX.  One of those fields includes the device's IP address, it appears that MAX then defaults to that IP address information for further communication.

 

If anyone has any workaround for this I would appreciate it.  Our environment requires us to segment scientific equipment and we have been using a NAT firewall to do this.

 

At this point I am allowing all inbound and outbound communication to and from the device but the behavior persists.

0 Kudos
Message 6 of 25
(6,901 Views)

What about adding a remote target to a LabVIEW project?  Does this use the same ports?  I am unable to test the ports at the moment because my system had to be shut down due to another problem.

0 Kudos
Message 7 of 25
(6,895 Views)

Hello,

I have the exact same issue. It is indeed a bug of MAX. I would be very interested for any solution to this !

0 Kudos
Message 8 of 25
(6,890 Views)

I think the only solution would be for NI to patch the MAX application.

0 Kudos
Message 9 of 25
(6,876 Views)

Same issue here:

http://forums.ni.com/t5/LabVIEW/MAX-can-t-connect-to-CompactRIO-on-remote-subnet-using-NAT/td-p/1319...

 

I think that this issue comes from the cRIO itself and not from Max. It is the cRIO that sends its own local IP over the Internet to MAX. It should look like this:

MAX -> cRIO (global adress) : HELLO

cRIO -> MAX : HELLO, please contact me at 192.168.x.x (local adress)

MAX -> 192.168.x.x   => Time out

 

0 Kudos
Message 10 of 25
(6,869 Views)