So, I have looked to see what ports need to be opened up, but I can't seem to get this straight. I would like to be able to connect to my PXI-RT system that resides behind a firewall remotely. I have opened what I thought were all ports associated for LV and Max communication, but I still can't seem to connect to the box when I am off the subnet. Should I but this thing on the DMZ or does anyone have any suggestions on what I need to be doing to work on this box remotely?
If your remote RT system is behind a Firewall, then the Remote system needs some Firewall exceptions (which renders it somewhat vulnerable, of course). I'm trying to remember what happened when I last configured a PXI system living on my local sub-net. I know when I install LabVIEW on a PC on the network and want MAX, for example, to "see" a Remote System, my PC asks me for permission to allow a Firewall Exception. The same thing happens when I install LabVIEW and turn on TCP/IP protocols.
What protocols are you using between the two machines? Are you using things that use TCP/IP directly, or "only" Web Services?
Thanks, Bob. I actually can communicate with the chassis via web services already (this is just a matter of exposing the port to talk on), but what I actually want to do is be able to communicate with the chassis via MAX and connect to it via the LV development environment so that I can work remotely.
I do that, but through a somewhat round-about system. When I'm home and I need to access my PXI at work, I create a VPN tunnel to work, log in remotely to a Work PC, and (forgive the pun) Bob's Your Uncle. The trick, of course, is that the Remote Network "gives" me permission to enter, which means I need to present the right credential to them so they can "trust" me. I suspect going the other way would be much more problematic ...
VPN is actually not necessary and creates a layer that I don't want to have to deal with (right now I don't have a ton of bandwidth to spare). Given this is an RT machine with a minimal operating system, security is not an issue, so I would prefer to access the chassis directly.
Yes, but you need to get into the Network on which it resides. In my case, VPN gets me into the Network, behind its Firewall. Now that I think about it, my PXIs are not on the (remote) local network, but are on a "private LAN", connected directly to a second NIC using a non-routable IP (in the 10.x range) ...
Have you already looked at this page? Configuring Software and Hardware Firewalls to Support National Instruments Products
Make sure you open the ports for UDP when necessary, not just for TCP. MAX will not be able to automatically find an RT system that is on another subnet, but you can manually add its IP address, and then you should be able to connect. Make sure the RT system is properly configured as well, with a valid gateway so that it can connect to another subnet (I admit, I'm not certain enough of the details of TCP to know if this is necessary if it is only receiving connections, not originating them).
Thanks, Nathan. I thought I did open up all of those ports, but I am going to have to double check. I will look into the gateway to see if that is good or not.
Notice that your Router addresses are all 192.168.x.x. This is a "Private IP", and is not routable to the Internet. Thus you cannot directly connect to it except by making a connection through a PC also on this same Private Network. This is the way we have our RT Systems configured (I use the 10.x.x.x Private IP space, but it's the same idea). So to connect to your RT system, you need to make a connect to a PC that, in turn, connects through your Router. When I've needed to do this, I used Remote Desktop to "take over" the remote connected PC and then operated as though I was local to the RT system.
For this, you do not need (and probably should not have) any special Ports open on the Firewall other than the ones LabVIEW opens for you when you enable TCP/IP in the Options menu.