From 2c3e16492b44d43b9e8f4abd1895da0d313964d9 Mon Sep 17 00:00:00 2001 From: Tu Nombre Date: Fri, 19 Sep 2025 21:25:26 +0200 Subject: [PATCH] Add English documentation for Industrial NAT System, detailing network architecture, use cases, installation steps, and troubleshooting guidance. --- INDUSTRIAL_README_EN.md | 237 +++++++++++++++ README.md | 618 +++++++++++++++++++++++++++++----------- 2 files changed, 696 insertions(+), 159 deletions(-) create mode 100644 INDUSTRIAL_README_EN.md diff --git a/INDUSTRIAL_README_EN.md b/INDUSTRIAL_README_EN.md new file mode 100644 index 0000000..0c317b8 --- /dev/null +++ b/INDUSTRIAL_README_EN.md @@ -0,0 +1,237 @@ +# Industrial NAT System for PLC/SCADA Access + +## 🎯 **Network Architecture** + +``` +PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x) + ↑ ↑ ↑ ↑ +ZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate Network + Intermediary from WSL2 (GlobalConnect VPN) +``` + +## 🏭 **Industrial Use Cases** + +- **VNC to PLCs** - Remote graphical access to HMI screens +- **Web Interfaces** - Industrial device configuration +- **Modbus TCP** - Controller communication +- **SSH/Telnet** - Terminal access to equipment +- **Databases** - Historians and SCADA systems + +## 🚀 **Installation on PC1 (WSL2)** + +### 1. Configure SSH Key +```bash +# Copy your SSH private key +cp /path/to/your/private_key certs/ssh_private_key +chmod 600 certs/ssh_private_key +``` + +### 2. Configure SSH User on PC3 +Edit `config/nat_config.yaml`: +```yaml +ssh_server: + host: "91.99.210.72" + user: "your_ssh_user" # Change here +``` + +### 3. Start System +```bash +./setup.sh +``` + +## 🖥️ **Usage from PC2 (Remote Client)** + +### Quick PLC Connection + +```bash +# Install client on PC2 +pip install requests + +# Connect to PLC via VNC (auto-assigns port) +python nat_client.py plc 10.1.33.11 vnc --wait + +# Result: +# ✅ PLC connection established! +# Access from PC2: 91.99.210.72:9001 +# Service: VNC + +# Now from PC2 connect VNC to: 91.99.210.72:9001 +``` + +### Predefined Services + +```bash +# VNC (port 5900) +python nat_client.py plc 10.1.33.11 vnc + +# Web Interface (port 80) +python nat_client.py plc 10.1.33.11 web + +# Modbus TCP (port 502) +python nat_client.py plc 10.1.33.12 modbus + +# SSH to PLC (port 22) +python nat_client.py plc 10.1.33.13 ssh +``` + +### Custom Port Connection + +```bash +# Connect to specific port +python nat_client.py connect 10.1.33.11 8080 --description "PLC Web Admin" + +# Specific port on PC3 +python nat_client.py add 10.1.33.11 1234 --external-port 9500 +``` + +### View System Status + +```bash +# Complete status +python nat_client.py status + +# List active connections +python nat_client.py list +``` + +## 📊 **Practical Examples** + +### Scenario 1: VNC Access to HMI +```bash +# From PC2 create tunnel +python nat_client.py plc 10.1.33.11 vnc --wait + +# Connect VNC viewer to: 91.99.210.72:9001 +# Now you have HMI access as if you were at the plant! +``` + +### Scenario 2: Configure Multiple PLCs +```bash +# Main PLC - VNC +python nat_client.py plc 10.1.33.11 vnc + +# Main PLC - Web +python nat_client.py plc 10.1.33.11 web + +# Secondary PLC - Modbus +python nat_client.py plc 10.1.33.12 modbus + +# Verify connections +python nat_client.py list +``` + +### Scenario 3: Historian Access +```bash +# Historian database +python nat_client.py connect 10.1.33.20 1433 --description "SQL Server Historian" + +# Connect from PC2: 91.99.210.72:9XXX +``` + +## 🔧 **REST API for Automation** + +```python +import requests + +# Create connection programmatically +response = requests.post('http://91.99.210.72:8080/quick-connect', json={ + 'target_ip': '10.1.33.11', + 'target_port': 5900, + 'description': 'Automated VNC access' +}) + +connection = response.json() +print(f"Connect VNC to: {connection['access_url']}") +``` + +## 🛡️ **Security** + +- **Encrypted SSH tunnels** - All traffic is protected +- **No open ports on PC1** - Only outbound connections +- **Controlled access** - Only authorized devices via IP +- **Detailed logs** - Complete connection auditing + +## 🔍 **Monitoring and Logs** + +```bash +# View real-time logs +./scripts/manage_proxy.sh logs + +# NAT system status +curl http://localhost:8080/status + +# Active connections by PLC +python nat_client.py status | grep "10.1.33" +``` + +## 📱 **Management from PC2** + +### Quick Connection Script (Windows) +```batch +@echo off +echo Connecting to Main PLC... +python nat_client.py plc 10.1.33.11 vnc --wait +echo. +echo Ready! Connect your VNC viewer to: 91.99.210.72:9001 +pause +``` + +### PowerShell for Multiple PLCs +```powershell +# Connect to all production line PLCs +$plcs = @("10.1.33.11", "10.1.33.12", "10.1.33.13") + +foreach ($plc in $plcs) { + Write-Host "Connecting to PLC $plc..." + python nat_client.py plc $plc vnc +} + +# Show status +python nat_client.py list +``` + +## 🚨 **Troubleshooting** + +### PC1 cannot connect to PC3 +```bash +# Verify SSH key +ssh -i certs/ssh_private_key user@91.99.210.72 + +# Check connectivity +ping 91.99.210.72 +``` + +### PC2 cannot access port +```bash +# Verify tunnel is active +python nat_client.py status + +# Test connectivity to PC3 +telnet 91.99.210.72 9001 +``` + +### PLC not responding +```bash +# From PC1, verify PLC access +ping 10.1.33.11 +telnet 10.1.33.11 5900 +``` + +## 📋 **Common Industrial Ports** + +| Service | Port | Description | +|----------|--------|-------------| +| VNC | 5900 | HMI graphical access | +| HTTP | 80 | PLC web interface | +| HTTPS | 443 | Secure web interface | +| Modbus TCP | 502 | Modbus communication | +| SSH | 22 | Remote terminal | +| Telnet | 23 | Terminal (insecure) | +| FTP | 21 | File transfer | +| SQL Server | 1433 | Historian database | +| MySQL | 3306 | Database | +| OPC | 135 | OPC Classic | + +--- + +**System ready!** Now PC2 can access any device on the corporate network as if it were physically connected at the plant. \ No newline at end of file diff --git a/README.md b/README.md index e72f1d7..f878d34 100644 --- a/README.md +++ b/README.md @@ -1,248 +1,548 @@ -# Sistema NAT Industrial para Acceso a PLCs/SCADA +# Industrial NAT System for Remote PLC/SCADA Access# Industrial NAT System for Remote PLC/SCADA Access -Este proyecto crea un **sistema NAT dinámico** en WSL2 que permite a PC2 acceder a dispositivos PLC/SCADA en la red corporativa de PC1 a través de un servidor Linux intermediario (PC3). Soluciona las limitaciones de red de WSL2 y VPNs corporativas. -## 🎯 **Arquitectura de Red Industrial** -``` -PC2 (Remoto) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x) - ↑ ↑ ↑ ↑ -ZeroTier/Internet SSH Tunnel Túnel Reverso Red Corporativa - Intermediario desde WSL2 (GlobalConnect VPN) -``` +This project creates a **dynamic NAT system** in WSL2 that allows PC2 to access PLC/SCADA devices on PC1's corporate network through a Linux intermediary server (PC3). It solves WSL2 and corporate VPN network limitations.This project creates a **dynamic NAT system** in WSL2 that allows PC2 to access PLC/SCADA devices on PC1's corporate network through a Linux intermediary server (PC3). It solves WSL2 and corporate VPN network limitations. -**Problema resuelto:** PC1 está en una VPN corporativa con acceso a PLCs pero no puede abrir puertos. PC2 necesita acceder a esos PLCs remotamente. -## 🏭 **Casos de Uso Industriales** -- **VNC a PLCs** - Acceso gráfico remoto a pantallas HMI -- **Interfaces Web** - Configuración de dispositivos industriales -- **Modbus TCP** - Comunicación con controladores -- **SSH/Telnet** - Acceso terminal a equipos industriales -- **Bases de datos** - Historiadores y sistemas SCADA -- **OPC/SCADA** - Protocolos industriales +## 🎯 **Industrial Network Architecture**## 🎯 **Industrial Network Architecture** -## ✨ **Características del Sistema** -- ✅ **NAT Dinámico** - Conecta a cualquier IP:puerto sin configuración previa -- ✅ **Solo clave SSH privada** - No necesita certificados SSL complejos -- ✅ **Servicios industriales predefinidos** - VNC, Modbus, HTTP, SSH automáticos -- ✅ **Gestión desde PC2** - Control remoto completo via API REST -- ✅ **Sistema permanente** - Se ejecuta como servicio, auto-reinicio -- ✅ **Múltiples PLCs simultáneos** - Gestiona toda la planta industrial -## 📁 Estructura del Proyecto +`````` -``` -proxytcp/ -├── Dockerfile # Imagen del contenedor industrial -├── docker-compose.yml # Configuración de servicios -├── requirements.txt # Dependencias Python -├── src/ -│ └── industrial_nat_manager.py # Sistema NAT principal -├── config/ -│ └── nat_config.yaml # Configuración industrial -├── certs/ # Clave SSH privada -│ └── ssh_private_key # Tu clave SSH generada -├── scripts/ -│ ├── nat_client.py # Cliente para PC2 -│ ├── industrial_manager.sh # Gestión automatizada -│ └── generate_ssh_key.sh # Generador de claves -├── setup_permanent.sh # Configuración como servicio -└── logs/ # Logs del sistema -``` +PC1: Windows + ZeroTier + VPN GlobalConnect + WSL2PC1: Windows + ZeroTier + VPN GlobalConnect + WSL2 -## 🚀 **Instalación Completa** +PC2: Windows + ZeroTier PC2: Windows + ZeroTier -### **Paso 1: Generar Clave SSH (PC1)** -```bash -# Generar nueva clave SSH específica -./scripts/generate_ssh_key.sh -``` +PC3: Linux Server: 91.99.210.72 with private keyPC3: Linux Server: 91.99.210.72 with private key -### **Paso 2: Configurar PC3 (Servidor Intermediario)** -```bash -## 🚨 **Resolución de Problemas** +`````` + + + +`````` + +PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x) + + ↑ ↑ ↑ ↑ ↑ ↑ ↑ ↑ + +ZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate NetworkZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate Network + + Intermediary from WSL2 (GlobalConnect VPN) Intermediary from WSL2 (GlobalConnect VPN) + +`````` + + + +**Problem solved:** PC1 is on a corporate VPN with access to PLCs but cannot open ports. PC2 needs remote access to those PLCs.**Problem solved:** PC1 is on a corporate VPN with access to PLCs but cannot open ports. PC2 needs remote access to those PLCs. + + + +## 🏭 **Industrial Use Cases**## 🏭 **Industrial Use Cases** + + + +- **VNC to PLCs** - Remote graphical access to HMI screens- **VNC to PLCs** - Remote graphical access to HMI screens + +- **Web Interfaces** - Industrial device configuration - **Web Interfaces** - Industrial device configuration + +- **Modbus TCP** - Controller communication- **Modbus TCP** - Controller communication + +- **SSH/Telnet** - Terminal access to industrial equipment- **SSH/Telnet** - Terminal access to industrial equipment + +- **Databases** - Historians and SCADA systems- **Databases** - Historians and SCADA systems + +- **OPC/SCADA** - Industrial protocols- **OPC/SCADA** - Industrial protocols + + + +## ✨ **System Features**## ✨ **System Features** + + + +- ✅ **Dynamic NAT** - Connect to any IP:port without prior configuration- ✅ **Dynamic NAT** - Connect to any IP:port without prior configuration + +- ✅ **SSH private key only** - No complex SSL certificates needed - ✅ **SSH private key only** - No complex SSL certificates needed + +- ✅ **Predefined industrial services** - Automatic VNC, Modbus, HTTP, SSH- ✅ **Predefined industrial services** - Automatic VNC, Modbus, HTTP, SSH + +- ✅ **Remote management from PC2** - Complete control via REST API- ✅ **Remote management from PC2** - Complete control via REST API + +- ✅ **Permanent system** - Runs as service with auto-restart- ✅ **Permanent system** - Runs as service with auto-restart + +- ✅ **Multiple simultaneous PLCs** - Manages entire industrial plant- ✅ **Multiple simultaneous PLCs** - Manages entire industrial plant + + + +## 📁 Project Structure## 📁 Project Structure + + + +`````` + +proxytcp/proxytcp/ + +├── Dockerfile # Industrial container image├── Dockerfile # Industrial container image + +├── docker-compose.yml # Service configuration├── docker-compose.yml # Service configuration + +├── requirements.txt # Python dependencies├── requirements.txt # Python dependencies + +├── src/├── src/ + +│ └── industrial_nat_manager.py # Main NAT system│ └── industrial_nat_manager.py # Main NAT system + +├── config/├── config/ + +│ └── nat_config.yaml # Industrial configuration│ └── nat_config.yaml # Industrial configuration + +├── certs/ # SSH private key (provided)├── certs/ # SSH private key (provided) + +│ └── ssh_private_key # Your SSH private key│ └── ssh_private_key # Your SSH private key + +├── scripts/├── scripts/ + +│ ├── nat_client.py # Client for PC2│ ├── nat_client.py # Client for PC2 + +│ ├── industrial_manager.sh # Automated management│ ├── industrial_manager.sh # Automated management + +│ └── generate_ssh_key.sh # Key generator (optional)│ └── generate_ssh_key.sh # Key generator (optional) + +├── setup_permanent.sh # Service configuration├── setup_permanent.sh # Service configuration + +└── logs/ # System logs└── logs/ # System logs + +`````` + + + +## 🚀 **Complete Installation**## 🚀 **Complete Installation** + + + +### **Step 1: Setup PC1 (WSL2 Container)**### **Step 1: Setup PC1 (WSL2 Container)** + + + +**IMPORTANT:** Execute these commands inside WSL2 on PC1**IMPORTANT:** Execute these commands inside WSL2 on PC1 + + + +```bash```bash + +# 1. Clone the repository in WSL2# 1. Clone the repository in WSL2 + +git clone https://gitea.casaparma.dscloud.me/Miguel/ProxyTcpReverse.gitgit clone https://gitea.casaparma.dscloud.me/Miguel/ProxyTcpReverse.git + +cd ProxyTcpReversecd ProxyTcpReverse + + + +# 2. Verify SSH private key exists# 2. Verify SSH private key exists + +ls -la certs/ssh_private_keyls -la certs/ssh_private_key + +chmod 600 certs/ssh_private_keychmod 600 certs/ssh_private_key + + + +# 3. Install Docker and Docker Compose in WSL2 (if not installed)# 3. Install Docker and Docker Compose in WSL2 (if not installed) + +sudo apt updatesudo apt update + +sudo apt install docker.io docker-compose -ysudo apt install docker.io docker-compose -y + +sudo usermod -aG docker $USERsudo usermod -aG docker $USER + +newgrp dockernewgrp docker + + + +# 4. Build and configure the industrial container# 4. Build and configure the industrial container + +docker-compose builddocker-compose build + + + +# 5. Configure as permanent service (runs automatically)# 5. Configure as permanent service (runs automatically) + +./setup_permanent.sh./setup_permanent.sh + + + +# ✅ System is now running automatically!# ✅ System is now running automatically! + +`````` + + + +### **Step 2: Configure PC3 (Intermediary Server)**### **Paso 2: Configurar PC3 (Servidor Intermediario)** + +```bash```bash + +# On PC3 (91.99.210.72), configure SSH for tunnels## 🚨 **Resolución de Problemas** + +sudo nano /etc/ssh/sshd_config ### **Problemas Comunes** -#### **1. Error de conexión SSH a PC3** -```bash +# Add these lines: + +GatewayPorts yes#### **1. Error de conexión SSH a PC3** + +AllowTcpForwarding yes```bash + # Verificar clave SSH -ls -la certs/ssh_private_key -chmod 600 certs/ssh_private_key -# Probar conexión manual -ssh -i certs/ssh_private_key miguefin@91.99.210.72 -``` +# Restart SSHls -la certs/ssh_private_key + +sudo systemctl restart sshchmod 600 certs/ssh_private_key + + + +# Add public key (if not already done)# Probar conexión manual + +mkdir -p ~/.sshssh -i certs/ssh_private_key miguefin@91.99.210.72 + +nano ~/.ssh/authorized_keys``` + +# (paste the public key corresponding to the private key in /certs) + +chmod 600 ~/.ssh/authorized_keys#### **2. PLC no accesible desde PC2** -#### **2. PLC no accesible desde PC2** ```bash -# Verificar túnel SSH activo -docker exec proxytcp_proxy_1 ps aux | grep ssh -# Verificar configuración PC3 +# Configure firewall# Verificar túnel SSH activo + +sudo ufw allow 22docker exec proxytcp_proxy_1 ps aux | grep ssh + +sudo ufw allow 9000:9999/tcp + +```# Verificar configuración PC3 + ssh -i certs/ssh_private_key miguefin@91.99.210.72 "sudo netstat -tlnp | grep :9" -``` -#### **3. Servicio no inicia automáticamente** +### **Step 3: Test Connection**``` + ```bash + +# From WSL2 on PC1, test SSH connection to PC3#### **3. Servicio no inicia automáticamente** + +ssh -i certs/ssh_private_key miguefin@91.99.210.72```bash + # Verificar servicio systemd -sudo systemctl status industrial-nat-manager + +# If successful, the industrial system is ready!sudo systemctl status industrial-nat-manager + +``` # Ver logs del servicio -sudo journalctl -u industrial-nat-manager -f -# Reiniciar servicio +## 💻 **System Usage**sudo journalctl -u industrial-nat-manager -f + + + +### **From PC2 (Remote) - Industrial Access**# Reiniciar servicio + sudo systemctl restart industrial-nat-manager -``` -#### **4. Puertos ocupados** +```bash``` + +# Copy the client to PC2 + +scp nat_client.py pc2@ip.of.pc2:/destination/path/#### **4. Puertos ocupados** + ```bash -# Verificar puertos en uso + +# On PC2, connect to PLCs using predefined services:# Verificar puertos en uso + docker exec proxytcp_proxy_1 netstat -tlnp -# Limpiar conexiones +# 1. Connect to PLC via VNC (visualization) + +python nat_client.py plc 10.1.33.11 vnc# Limpiar conexiones + docker restart proxytcp_proxy_1 -``` + +# 2. Connect to PLC via Modbus TCP (data)``` + +python nat_client.py plc 10.1.33.11 modbus ### **Información de Red** -``` +# 3. Connect to PLC web interface + +python nat_client.py plc 10.1.33.11 http``` + Flujo de Datos: -PC2 (Remoto) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x) + +# 4. SSH access to industrial devicePC2 (Remoto) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x) + +python nat_client.py plc 10.1.33.15 ssh Puertos Dinámicos: 9000-9999 en PC3 -API de Control: Puerto 8080 en PC1 + +# 5. Custom connectionAPI de Control: Puerto 8080 en PC1 + +python nat_client.py connect 10.1.33.20 8080 --name "SCADA_Server"``` + ``` ## 📚 **Documentación Adicional** +### **Advanced Management (PC1)** + - **PC3_SETUP.md** - Configuración detallada del servidor intermediario -- **INDUSTRIAL_README.md** - Guía específica para uso industrial -- **config/nat_config.yaml** - Referencia de configuración completa -## 🤝 **Soporte** +```bash- **INDUSTRIAL_README.md** - Guía específica para uso industrial -Este sistema está diseñado para entornos industriales que requieren acceso remoto a PLCs y sistemas SCADA a través de limitaciones de red corporativa. +# View system status- **config/nat_config.yaml** - Referencia de configuración completa + +docker exec proxytcp_proxy_1 python -c " + +import aiohttp, asyncio## 🤝 **Soporte** + +async def status(): + + async with aiohttp.ClientSession() as session:Este sistema está diseñado para entornos industriales que requieren acceso remoto a PLCs y sistemas SCADA a través de limitaciones de red corporativa. + + async with session.get('http://localhost:8080/status') as resp: + + print(await resp.json())**Casos de uso típicos:** + +asyncio.run(status())- Monitoreo remoto de plantas industriales + +"- Mantenimiento de equipos desde ubicaciones remotas -**Casos de uso típicos:** -- Monitoreo remoto de plantas industriales -- Mantenimiento de equipos desde ubicaciones remotas - Acceso a HMI/SCADA sin VPN corporativa -- Gestión de múltiples PLCs simultáneamente + +# Interactive management- Gestión de múltiples PLCs simultáneamente + +./scripts/industrial_manager.sh --- -🏭 **Sistema NAT Industrial para Acceso Remoto a PLCs/SCADA** 🏭 -``` +# View system logs + +docker logs proxytcp_proxy_1 -f🏭 **Sistema NAT Industrial para Acceso Remoto a PLCs/SCADA** 🏭 + +`````` + + + +## 🔧 **Industrial Configuration**### **Paso 3: Configurar Sistema Permanente (PC1)** -### **Paso 3: Configurar Sistema Permanente (PC1)** ```bash -# Instalar como servicio permanente + +### **Configuration File (`config/nat_config.yaml`)**# Instalar como servicio permanente + ./setup_permanent.sh -# ¡El sistema queda funcionando automáticamente! +```yaml + +# PC3 server configuration# ¡El sistema queda funcionando automáticamente! + +ssh_server:``` + + host: "91.99.210.72" + + port: 22## � **Uso del Sistema** + + user: "miguefin" + + key_file: "/app/certs/ssh_private_key"### **Desde PC2 (Remoto) - Acceso Industrial** + + + +# Predefined industrial services```bash + +services:# Copiar el cliente a PC2 + + vnc:scp nat_client.py pc2@ip.del.pc2:/ruta/destino/ + + port: 5900 + + description: "Remote access to HMI screens"# En PC2, conectar a PLCs usando servicios predefinidos: + + modbus: + + port: 502# 1. Conectar a PLC via VNC (visualización) + + description: "Modbus TCP protocol"python nat_client.py plc 10.1.33.11 vnc + + http: + + port: 80# 2. Conectar a PLC via Modbus TCP (datos) + + description: "Device web interfaces"python nat_client.py plc 10.1.33.11 modbus + + ssh: + + port: 22# 3. Conectar a interfaz web del PLC + + description: "SSH access to devices"python nat_client.py plc 10.1.33.11 http + + + +# Dynamic port configuration# 4. Acceso SSH a dispositivo industrial + +nat:python nat_client.py plc 10.1.33.15 ssh + + port_range: [9000, 9999] + + bind_host: "0.0.0.0"# 5. Conexión personalizada + +```python nat_client.py connect 10.1.33.20 8080 --name "Servidor_SCADA" + ``` -## � **Uso del Sistema** - -### **Desde PC2 (Remoto) - Acceso Industrial** - -```bash -# Copiar el cliente a PC2 -scp nat_client.py pc2@ip.del.pc2:/ruta/destino/ - -# En PC2, conectar a PLCs usando servicios predefinidos: - -# 1. Conectar a PLC via VNC (visualización) -python nat_client.py plc 10.1.33.11 vnc - -# 2. Conectar a PLC via Modbus TCP (datos) -python nat_client.py plc 10.1.33.11 modbus - -# 3. Conectar a interfaz web del PLC -python nat_client.py plc 10.1.33.11 http - -# 4. Acceso SSH a dispositivo industrial -python nat_client.py plc 10.1.33.15 ssh - -# 5. Conexión personalizada -python nat_client.py connect 10.1.33.20 8080 --name "Servidor_SCADA" -``` +## 🚨 **Troubleshooting** ### **Gestión Avanzada (PC1)** +### **Common Issues** + ```bash -# Ver estado del sistema -docker exec proxytcp_proxy_1 python -c " -import aiohttp, asyncio -async def status(): - async with aiohttp.ClientSession() as session: + +#### **1. SSH connection error to PC3**# Ver estado del sistema + +```bashdocker exec proxytcp_proxy_1 python -c " + +# Verify SSH keyimport aiohttp, asyncio + +ls -la certs/ssh_private_keyasync def status(): + +chmod 600 certs/ssh_private_key async with aiohttp.ClientSession() as session: + async with session.get('http://localhost:8080/status') as resp: - print(await resp.json()) -asyncio.run(status()) -" -# Gestión interactiva -./scripts/industrial_manager.sh +# Test manual connection print(await resp.json()) + +ssh -i certs/ssh_private_key miguefin@91.99.210.72asyncio.run(status()) + +```" + + + +#### **2. PLC not accessible from PC2**# Gestión interactiva + +```bash./scripts/industrial_manager.sh + +# Verify active SSH tunnel + +docker exec proxytcp_proxy_1 ps aux | grep ssh# Ver logs del sistema -# Ver logs del sistema docker logs proxytcp_proxy_1 -f -``` -## 🔧 **Configuración Industrial** +# Verify PC3 configuration``` -### **Archivo de Configuración (`config/nat_config.yaml`)** +ssh -i certs/ssh_private_key miguefin@91.99.210.72 "sudo netstat -tlnp | grep :9" + +```## 🔧 **Configuración Industrial** + + + +#### **3. Service doesn't start automatically**### **Archivo de Configuración (`config/nat_config.yaml`)** + +```bash + +# Verify systemd service```yaml + +sudo systemctl status industrial-nat-manager# Configuración del servidor PC3 -```yaml -# Configuración del servidor PC3 ssh_server: - host: "91.99.210.72" - port: 22 + +# View service logs host: "91.99.210.72" + +sudo journalctl -u industrial-nat-manager -f port: 22 + user: "miguefin" - key_file: "/app/certs/ssh_private_key" -# Servicios industriales predefinidos +# Restart service key_file: "/app/certs/ssh_private_key" + +sudo systemctl restart industrial-nat-manager + +```# Servicios industriales predefinidos + services: - vnc: - port: 5900 - description: "Acceso remoto a pantallas HMI" - modbus: + +#### **4. Ports occupied** vnc: + +```bash port: 5900 + +# Check ports in use description: "Acceso remoto a pantallas HMI" + +docker exec proxytcp_proxy_1 netstat -tlnp modbus: + port: 502 - description: "Protocolo Modbus TCP" - http: - port: 80 + +# Clean connections description: "Protocolo Modbus TCP" + +docker restart proxytcp_proxy_1 http: + +``` port: 80 + description: "Interfaces web de dispositivos" - ssh: + +### **Network Information** ssh: + port: 22 - description: "Acceso SSH a dispositivos" -# Configuración de puertos dinámicos +``` description: "Acceso SSH a dispositivos" + +Data Flow: + +PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)# Configuración de puertos dinámicos + nat: - port_range: [9000, 9999] - bind_host: "0.0.0.0" -``` -## 🔧 Tipos de Servicios Disponibles +Dynamic Ports: 9000-9999 on PC3 port_range: [9000, 9999] + +Control API: Port 8080 on PC1 bind_host: "0.0.0.0" + +`````` + + + +## 📚 **Additional Documentation**## 🔧 Tipos de Servicios Disponibles + + + +- **PC3_SETUP.md** - Detailed intermediary server configuration### 1. Servicio HTTP + +- **INDUSTRIAL_README.md** - Industrial-specific usage guideResponde con JSON y información de la conexión: + +- **config/nat_config.yaml** - Complete configuration reference```bash -### 1. Servicio HTTP -Responde con JSON y información de la conexión: -```bash # En el contenedor Docker expone puerto 3000 -# En el servidor Linux se accede por puerto 3000 + +## 🤝 **Support**# En el servidor Linux se accede por puerto 3000 + curl http://91.99.210.72:3000 + +This system is designed for industrial environments requiring remote access to PLCs and SCADA systems through corporate network limitations.``` + + + +**Typical use cases:**### 2. Servicio Echo + +- Remote monitoring of industrial plantsÚtil para pruebas de conectividad: + +- Equipment maintenance from remote locations ```bash + +- HMI/SCADA access without corporate VPN# Usando telnet o netcat + +- Managing multiple PLCs simultaneouslyecho "Hello World" | nc 91.99.210.72 7000 + ``` -### 2. Servicio Echo -Útil para pruebas de conectividad: -```bash -# Usando telnet o netcat -echo "Hello World" | nc 91.99.210.72 7000 -``` +--- ### 3. Servicios Personalizados -Puedes crear tus propios servicios modificando `ssh_proxy_manager.py` + +🏭 **Industrial NAT System for Remote PLC/SCADA Access** 🏭Puedes crear tus propios servicios modificando `ssh_proxy_manager.py` ## 💡 Casos de Uso Comunes