Changing UDP port number in the ECOM

[SteveD]

It's been about two years since I requested the ability to change the UDP port setting in the ECOM module so that it would respond to communication on other than port 28784.  This would be very helpful in a variety of our applications.  To my knowledge, nothing has been done about this.  Is this the case?  Does Host Engineering plan to get to this anytime soon?  The capability to change the port number in an Ethernet link was added to Direct Soft a long time ago.  Of what value is this without being able to change the ECOM port number?

[BobO]

No, we have not made allowances to change the port number. It wouldn't be that hard to do...but...there are other considerations.

AutomationDirect sells and supports exclusively over the telephone and Internet. Given that limitation, there are certain things that we try to do to limit the potential for confusion...among those is trying to find exactly one right way of doing things and not straying too far from that. That said, we can always ask.

You do end up with some strange behaviors though. Once the port is changed, NetEdit must also be changed to see the device. If you ever lose the port number of the ECOM, you may have to try 65535 different ports to find the right one. No fun. Consider the phone/internet thing I mentioned and you can see why we aren't rushing to do it.

The port changes in DirectSoft are specifically used to target proxy connections and firewall holes, not the ECOM directly.

[SteveD]

Thanks for the reply.  Your last sentence points points to our problem, which is this:  We have a large number of PLCs in the field at various customers' sites, most sites with multiple PLCs.  We need to be able to monitor these PLCs over the internet from a central data server.  We have two methods of doing this.  We can either access a particular PLC using port forwarding in the remote router, or we can set up a VPN tunnel between the central server's internet gateway and the remote site's internet gateway.  In the former case we would set up a link to the remote gateway's IP address and forward port 28784 to the PLC behind the firewall.  In the latter case, we would activate the VPN tunnel and set up the link to the local IP address of the PLC on the remote LAN.  The port forwarding method only works if you have a single PLC on the remote LAN, because you are limited to port 28784.  Your response implies that you can use different port numbers to get through the router, but in our experience, the vast majority of routers are not capable of forwarding a message and simultaneously changing the port number (i.e. taking a message coming in on Port 10000 and forwarding it to a local IP address on Port 28784).  If this is not the case, or you know of a way around this limitation, I'd love to hear about it.

The VPN method isn't adequate either, because we have multiple remote sites with the same local IP addressing scheme.  Thus, we may have VPN tunnels set up to three different sites, all with local IP addresses of 192.168.1.xxx.  If we have three PLCs on the multi-tunnel virtual network all with IP addresses of 192.168.1.10, there is no way to independent address them.

This is why we would like to be able to assign each PLC (ECOM) in the field a unique port number.  Then we could use simple port forwarding with a unique link to each PLC.  It would solve the problem of multiple PLCs on the same network and also the problem of non-unique local IP addressing.

Regarding your objections, it seems to me that in hardware and software of all types, there are a multiple of useful parameters that are set to a default value, and if you don't know what you are doing and/or have no reason to change them, you leave them alone and you stay out of trouble.  If you DO need to change them, it's a darn good thing they are there.

In the case of NetEdit, frequently one must find connected ECOMs without knowing what IP address they are set to.  That's what the IPX protocol provides, isn't it?  Wouldn't it see the ECOMs completely independently of both the IP address and port settings?

Could you elaborate on what you mean by proxy connections?  Is that possibly a solution for us?

[BobO]

Actually both IPX and IP support the addressed broadcast feature that you are referring to. The problem with IP is that if you get the config scrunged up, it may not talk any more...broadcast or otherwise. And yes, IPX was our back door. However, as of WinVista, IPX is no longer supported, so our IPX "get out of jail free" pass has been revoked. We are using one of the DIP switches to reset the IP config to bail us out.

I don't really disagree with any of your logic. As a rule, we don't add complexity unless there is a very good reason. Give someone a handle to jiggle, and they will, and then I get the module back after they've messed it up. But as far as I am aware, you are the first and only customer to request this change. I'll be happy to talk it over with the feature posse.

As for the proxy thing, I know that some proxy servers like Wingate allow you to define a local server port and a remote IP/Port pair. When you connect to the local port, it forwards to the remote IP and translates the port number. In your case, you might be able to define a different local port for each remote device...then connect to the local proxy port from DirectSoft.

[keith]

We are in the same situation you are in.  We have multiple clients with multiple PLC's, and we have VPN links to each client.  The solution is not to play with the port number, but rather allocate a subnet to each client.  This way, each PLC can have
a unique IP address.  If you use addresses in the 10.x.x.x IP range, then you can allocate a generous number of IPs to each client.  We pressently allocate a pool of 254 IPs to each client.

[MarkTTU]

Just thinking out loud, but why can't the ECOM listen on port 28784 AND some other user defined port?

[chris.zeman]

I currently have 8 PLC's I need access to from outside work, and that number is expected to increase dramatically. We have a cable internet connection that our department shares with 2 other departments, and we each have our own router that connects to the Comcast-supplied router. Our router is a Linux box that uses Shorewall to configure iptables, so I use DNAT to gain access to each ECOM. I take the last byte of the ECOM's IP address, and add that to the default ECOM port number. My configuration file follows:

Code: [Select]

# PLC's
DNAT net loc:172.16.8.1:28784 udp 28785
DNAT net loc:172.16.8.2:28784 udp 28786
DNAT net loc:172.16.8.3:28784 udp 28787
DNAT net loc:172.16.8.100:28784 udp 28884
DNAT net loc:172.16.8.103:28784 udp 28887
DNAT net loc:172.16.8.105:28784 udp 28889
DNAT net loc:172.16.8.112:28784 udp 28896
DNAT net loc:172.16.8.113:28784 udp 28897

Of course, though, you don't need a Linux box to accomplish this. I hate using off the shelf routers because they seem so limiting.

It would be easier to configure the links in DirectSoft if it was possible to enter a domain name instead of an IP address, but I'm just happy that it's possible to connect over the internet.

Chris

[Kristjan H]

Being able to change the port number in the ECOM would enable me to use some of the lower-end routers to service multiple PLCs on a LAN. The lower end routers - as we all know - can not do port address translation and thus I am always stuck to using port 28784 on the LAN side.

What I'd prefer is being able to do:
Gateway WAN IP#:port -> ECOM LAN IP#:port
216.239.59.104:28784  -> 192.168.1.101:28784
216.239.59.104:28785  -> 192.168.1.102:28785

But this I can't do unless I am able to change the UDP port of the PLC. My El Cheapo router I can't map gateway port 28785 to ECOM port 28784.

I actually would not be suprised that in a few months more and more routers will provide port address translation so maybe it's not a big deal...

[MarkTTU]

Check out the Netopia 3386-ENT.  They can be had realitivly cheaply (sub $100) and are not "home" routers.  They probably wouldn't be the first choice for a large corporate office, but they are a honest full fledged router that can be used for the typical home/office NAT application (or actual routing) and can do basically anything you can think of for routing including port forwards.

[keith]

I just ran into a simular situation.  I am using a linksys router with 1
public IP and would like to connect to several PLCs.

I think the solution might be to change the DS32, but leave the ECOM
module unchanged.

The router can redirect public-ip:28784 to local-ip-plc1:28784
and                           public-ip:28785 to local-ip-plc2:28784

where public-ip is a xx.xx.xx.xx number accessable over internet
and    local-ip-plc1 and local-ip-plc2 is a xx.xx.xx.xx number of 2 PLCs on our local network
and    :nnnn is the port number to use.

In this configuration, the ECOM still talks/listens on port 28784
but directsoft32 would need to be configurable with an alternate port
the router handles all the redirection.

In a previous post, I requested that directsoft32 allowed the DNS host name instead
of a dotted quad.  If it also allowed for the optional :port syntax, that would be nice.

[is there a way to link to a post on this system? ]
Keith

[franji1]

Got that one covered.  On DSLaunch, double click on your DSx000.ini file link (DS500.ini or DS400.ini) under the Utilities group in the tree view of the left pane.

Go down to devether.dll group (in square brackets) and look for the commented out ;UDPPortNumEnable=1 (semicolon is a comment in .INI files).  Remove the semicolon or just type the entry somewhere below the devether.dll group.

Now shutdown DSLaunch/DirectSOFT/DSData,... to reset the comm server.  Run DSLaunch and edit the link you want (right click on a comm link in DSLaunch and click Edit Link... menu to bring up the Link Editor dialog).  Click on the Port tab and hit the Advanced Settings button in the middle column.  This will bring up the UDP Port Number field (if it's disabled you are editing an IPX Protocol, which does not use UDP/IP).

That entry in the .INI file hides or shows this field.  It's one of those things that if we showed it all the time, people would be mucking with it and wondering why their links quit working (what's this 28784 number?).

[WRT]

I revisited this thread after spending the afternoon reading ten manuals for various routers, looking for those that do the necessary PAT for the ECOM 7070 port singularity.  The routers we had installed for this requirement (D-link DIR130s) turned out to be unacceptable, as they repeatedly turned into unrecoverable bricks when remote programming the port forwarding table.

I'll order up some Netopia 3386-ent routers as was suggested in this thread, but my point it this:

The inability to obtain a programmable port of the ECOM-100 is a complete PITA when dealing with multiple remote sites and hundreds of ECOM cards as I am installing.