Modbus TCP via Port Forward on StrideLinx VPN Router

[Bolt]

I'm trying to Modbus TCP to a BRX that is behind a StrideLinx VPN router, via a network local to the WAN port, not through the VPN. I can't get it to work.

I have port 502 forwarded in the router setup
I have 4 sessions, port 502, 60 second time out, enabled for Modbus/TCP Server Settings
I am testing it via modpoll, and instantly get response Network connection was closed by remote peer!
I tried same modpoll test on test BRX and a PC on the local LAN, and succeed.
I can "login" via telnet routeripaddress 502
I get no activity in ModbusTCPServer.ActiveSessions, .Errors, .Transactions

Any other things I can check or test?

[franji1]

I'd also post this on ADC's community website to get some StrideLinx eyes looking at this too.
https://community.automationdirect.com

[Bolt]

Thought about it, will do. But kinda leaning towards a BRX issue nuance, because as far as I can tell it is forwarding through the router.

[Controls Guy]

Put a PC in the PLC LAN and try to Modbus to it from the same place from which you're trying to reach the BRX.  Run Wireshark on that new PC.

[franji1]

Put a PC in the PLC LAN and try to Modbus to it from the same place from which you're trying to reach the BRX.  Run Wireshark on that new PC.

Great idea!  I was thinking mirroring router, but this is much simpler and gets you 99% of the "same" setup.

Just make sure PC subnet and mask match the BRX subnet and mask exactly, e.g. 192.168.x.x and 255.255.0.0

[Bolt]

Put a PC in the PLC LAN and try to Modbus to it from the same place from which you're trying to reach the BRX.  Run Wireshark on that new PC.

So I don't need a modbus server on the PC, just the captured port traffic will be enough?

[Controls Guy]

Correct.   Wireshark will even recognize it as a Modbus/TCP request and tell you the request code, register(s), etc.

[BobO]

Correct.   Wireshark will even recognize it as a Modbus/TCP request and tell you the request code, register(s), etc.

Unless something is accepting connections on 502, I don't think you'll ever get to the Modbus request. Has to be a server running somewhere.

[Controls Guy]

Hmmm, see your point.   Maybe run the BRX Sim.

[franji1]

Hmmm, see your point.   Maybe run the BRX Sim.

Good idea.  The BRX Sim should be listening on port 502.

[Bolt]

So I get the same "Network connection was closed by remote peer!" response when connected to the local side of the router with laptop and sending a test modbus command to the BRX in question. I can modbus to another BRX behind the same router with no problem.
I also get the same "Network connection was closed by remote peer!" when trying it on a different local network, no router, just switch, to the BRX via an ECOMX POM.
If I change the parameters to be "wrong", I get a "Can't reach server/slave! Check TCP/IP and firewall settings." response, so it is connecting to the BRX in the first scenarios.

[Bolt]

I have tried disabling Modbus TCP Server, writing to PLC, re-enabling Server and write, etc. Changed port numbers, etc. No change. I have been able to write to and from my laptop to other BRX's, other PC's, inside and outside the VPN router, so the port forwards are working just fine.

[Bolt]

Well, that was easy. There were some old, forgotten whitelist settings in the PLC. Now it works just fine. Thanks for reading!