Miguel
/
ProxyTcpReverse
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add English documentation for Industrial NAT System, detailing network architecture, use cases, installation steps, and troubleshooting guidance.

This commit is contained in:
Tu Nombre 2025-09-19 21:25:26 +02:00
parent 42b5ef099d
commit 2c3e16492b
2 changed files with 696 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

237
INDUSTRIAL_README_EN.md Normal file
View File

@ -0,0 +1,237 @@
# Industrial NAT System for PLC/SCADA Access
## 🎯 **Network Architecture**
```
PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)
↑ ↑ ↑ ↑
ZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate Network
Intermediary from WSL2 (GlobalConnect VPN)
```
## 🏭 **Industrial Use Cases**
- **VNC to PLCs** - Remote graphical access to HMI screens
- **Web Interfaces** - Industrial device configuration
- **Modbus TCP** - Controller communication
- **SSH/Telnet** - Terminal access to equipment
- **Databases** - Historians and SCADA systems
## 🚀 **Installation on PC1 (WSL2)**
### 1. Configure SSH Key
```bash
# Copy your SSH private key
cp /path/to/your/private_key certs/ssh_private_key
chmod 600 certs/ssh_private_key
```
### 2. Configure SSH User on PC3
Edit `config/nat_config.yaml`:
```yaml
ssh_server:
host: "91.99.210.72"
user: "your_ssh_user" # Change here
```
### 3. Start System
```bash
./setup.sh
```
## 🖥️ **Usage from PC2 (Remote Client)**
### Quick PLC Connection
```bash
# Install client on PC2
pip install requests
# Connect to PLC via VNC (auto-assigns port)
python nat_client.py plc 10.1.33.11 vnc --wait
# Result:
# ✅ PLC connection established!
# Access from PC2: 91.99.210.72:9001
# Service: VNC
# Now from PC2 connect VNC to: 91.99.210.72:9001
```
### Predefined Services
```bash
# VNC (port 5900)
python nat_client.py plc 10.1.33.11 vnc
# Web Interface (port 80)
python nat_client.py plc 10.1.33.11 web
# Modbus TCP (port 502)
python nat_client.py plc 10.1.33.12 modbus
# SSH to PLC (port 22)
python nat_client.py plc 10.1.33.13 ssh
```
### Custom Port Connection
```bash
# Connect to specific port
python nat_client.py connect 10.1.33.11 8080 --description "PLC Web Admin"
# Specific port on PC3
python nat_client.py add 10.1.33.11 1234 --external-port 9500
```
### View System Status
```bash
# Complete status
python nat_client.py status
# List active connections
python nat_client.py list
```
## 📊 **Practical Examples**
### Scenario 1: VNC Access to HMI
```bash
# From PC2 create tunnel
python nat_client.py plc 10.1.33.11 vnc --wait
# Connect VNC viewer to: 91.99.210.72:9001
# Now you have HMI access as if you were at the plant!
```
### Scenario 2: Configure Multiple PLCs
```bash
# Main PLC - VNC
python nat_client.py plc 10.1.33.11 vnc
# Main PLC - Web
python nat_client.py plc 10.1.33.11 web
# Secondary PLC - Modbus
python nat_client.py plc 10.1.33.12 modbus
# Verify connections
python nat_client.py list
```
### Scenario 3: Historian Access
```bash
# Historian database
python nat_client.py connect 10.1.33.20 1433 --description "SQL Server Historian"
# Connect from PC2: 91.99.210.72:9XXX
```
## 🔧 **REST API for Automation**
```python
import requests
# Create connection programmatically
response = requests.post('http://91.99.210.72:8080/quick-connect', json={
'target_ip': '10.1.33.11',
'target_port': 5900,
'description': 'Automated VNC access'
})
connection = response.json()
print(f"Connect VNC to: {connection['access_url']}")
```
## 🛡️ **Security**
- **Encrypted SSH tunnels** - All traffic is protected
- **No open ports on PC1** - Only outbound connections
- **Controlled access** - Only authorized devices via IP
- **Detailed logs** - Complete connection auditing
## 🔍 **Monitoring and Logs**
```bash
# View real-time logs
./scripts/manage_proxy.sh logs
# NAT system status
curl http://localhost:8080/status
# Active connections by PLC
python nat_client.py status | grep "10.1.33"
```
## 📱 **Management from PC2**
### Quick Connection Script (Windows)
```batch
@echo off
echo Connecting to Main PLC...
python nat_client.py plc 10.1.33.11 vnc --wait
echo.
echo Ready! Connect your VNC viewer to: 91.99.210.72:9001
pause
```
### PowerShell for Multiple PLCs
```powershell
# Connect to all production line PLCs
$plcs = @("10.1.33.11", "10.1.33.12", "10.1.33.13")
foreach ($plc in $plcs) {
Write-Host "Connecting to PLC $plc..."
python nat_client.py plc $plc vnc
}
# Show status
python nat_client.py list
```
## 🚨 **Troubleshooting**
### PC1 cannot connect to PC3
```bash
# Verify SSH key
ssh -i certs/ssh_private_key user@91.99.210.72
# Check connectivity
ping 91.99.210.72
```
### PC2 cannot access port
```bash
# Verify tunnel is active
python nat_client.py status
# Test connectivity to PC3
telnet 91.99.210.72 9001
```
### PLC not responding
```bash
# From PC1, verify PLC access
ping 10.1.33.11
telnet 10.1.33.11 5900
```
## 📋 **Common Industrial Ports**
| Service | Port | Description |
|----------|--------|-------------|
| VNC | 5900 | HMI graphical access |
| HTTP | 80 | PLC web interface |
| HTTPS | 443 | Secure web interface |
| Modbus TCP | 502 | Modbus communication |
| SSH | 22 | Remote terminal |
| Telnet | 23 | Terminal (insecure) |
| FTP | 21 | File transfer |
| SQL Server | 1433 | Historian database |
| MySQL | 3306 | Database |
| OPC | 135 | OPC Classic |
---
**System ready!** Now PC2 can access any device on the corporate network as if it were physically connected at the plant.

618
README.md
View File

@ -1,248 +1,548 @@
# Sistema NAT Industrial para Acceso a PLCs/SCADA # Industrial NAT System for Remote PLC/SCADA Access# Industrial NAT System for Remote PLC/SCADA Access
Este proyecto crea un **sistema NAT dinámico** en WSL2 que permite a PC2 acceder a dispositivos PLC/SCADA en la red corporativa de PC1 a través de un servidor Linux intermediario (PC3). Soluciona las limitaciones de red de WSL2 y VPNs corporativas.
## 🎯 **Arquitectura de Red Industrial**
``` This project creates a **dynamic NAT system** in WSL2 that allows PC2 to access PLC/SCADA devices on PC1's corporate network through a Linux intermediary server (PC3). It solves WSL2 and corporate VPN network limitations.This project creates a **dynamic NAT system** in WSL2 that allows PC2 to access PLC/SCADA devices on PC1's corporate network through a Linux intermediary server (PC3). It solves WSL2 and corporate VPN network limitations.
PC2 (Remoto) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)
↑ ↑ ↑ ↑
ZeroTier/Internet SSH Tunnel Túnel Reverso Red Corporativa
Intermediario desde WSL2 (GlobalConnect VPN)
```
**Problema resuelto:** PC1 está en una VPN corporativa con acceso a PLCs pero no puede abrir puertos. PC2 necesita acceder a esos PLCs remotamente.
## 🏭 **Casos de Uso Industriales**
- **VNC a PLCs** - Acceso gráfico remoto a pantallas HMI ## 🎯 **Industrial Network Architecture**## 🎯 **Industrial Network Architecture**
- **Interfaces Web** - Configuración de dispositivos industriales
- **Modbus TCP** - Comunicación con controladores
- **SSH/Telnet** - Acceso terminal a equipos industriales
- **Bases de datos** - Historiadores y sistemas SCADA
- **OPC/SCADA** - Protocolos industriales
## ✨ **Características del Sistema**
- ✅ **NAT Dinámico** - Conecta a cualquier IP:puerto sin configuración previa
- ✅ **Solo clave SSH privada** - No necesita certificados SSL complejos
- ✅ **Servicios industriales predefinidos** - VNC, Modbus, HTTP, SSH automáticos
- ✅ **Gestión desde PC2** - Control remoto completo via API REST
- ✅ **Sistema permanente** - Se ejecuta como servicio, auto-reinicio
- ✅ **Múltiples PLCs simultáneos** - Gestiona toda la planta industrial
## 📁 Estructura del Proyecto ``````
``` PC1: Windows + ZeroTier + VPN GlobalConnect + WSL2PC1: Windows + ZeroTier + VPN GlobalConnect + WSL2
proxytcp/
├── Dockerfile # Imagen del contenedor industrial
├── docker-compose.yml # Configuración de servicios
├── requirements.txt # Dependencias Python
├── src/
│ └── industrial_nat_manager.py # Sistema NAT principal
├── config/
│ └── nat_config.yaml # Configuración industrial
├── certs/ # Clave SSH privada
│ └── ssh_private_key # Tu clave SSH generada
├── scripts/
│ ├── nat_client.py # Cliente para PC2
│ ├── industrial_manager.sh # Gestión automatizada
│ └── generate_ssh_key.sh # Generador de claves
├── setup_permanent.sh # Configuración como servicio
└── logs/ # Logs del sistema
```
## 🚀 **Instalación Completa** PC2: Windows + ZeroTier PC2: Windows + ZeroTier
### **Paso 1: Generar Clave SSH (PC1)** PC3: Linux Server: 91.99.210.72 with private keyPC3: Linux Server: 91.99.210.72 with private key
```bash
# Generar nueva clave SSH específica
./scripts/generate_ssh_key.sh
```
### **Paso 2: Configurar PC3 (Servidor Intermediario)** ``````
```bash
## 🚨 **Resolución de Problemas**
``````
PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)
↑ ↑ ↑ ↑ ↑ ↑ ↑ ↑
ZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate NetworkZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate Network
Intermediary from WSL2 (GlobalConnect VPN) Intermediary from WSL2 (GlobalConnect VPN)
``````
**Problem solved:** PC1 is on a corporate VPN with access to PLCs but cannot open ports. PC2 needs remote access to those PLCs.**Problem solved:** PC1 is on a corporate VPN with access to PLCs but cannot open ports. PC2 needs remote access to those PLCs.
## 🏭 **Industrial Use Cases**## 🏭 **Industrial Use Cases**
- **VNC to PLCs** - Remote graphical access to HMI screens- **VNC to PLCs** - Remote graphical access to HMI screens
- **Web Interfaces** - Industrial device configuration - **Web Interfaces** - Industrial device configuration
- **Modbus TCP** - Controller communication- **Modbus TCP** - Controller communication
- **SSH/Telnet** - Terminal access to industrial equipment- **SSH/Telnet** - Terminal access to industrial equipment
- **Databases** - Historians and SCADA systems- **Databases** - Historians and SCADA systems
- **OPC/SCADA** - Industrial protocols- **OPC/SCADA** - Industrial protocols
## ✨ **System Features**## ✨ **System Features**
- ✅ **Dynamic NAT** - Connect to any IP:port without prior configuration- ✅ **Dynamic NAT** - Connect to any IP:port without prior configuration
- ✅ **SSH private key only** - No complex SSL certificates needed - ✅ **SSH private key only** - No complex SSL certificates needed
- ✅ **Predefined industrial services** - Automatic VNC, Modbus, HTTP, SSH- ✅ **Predefined industrial services** - Automatic VNC, Modbus, HTTP, SSH
- ✅ **Remote management from PC2** - Complete control via REST API- ✅ **Remote management from PC2** - Complete control via REST API
- ✅ **Permanent system** - Runs as service with auto-restart- ✅ **Permanent system** - Runs as service with auto-restart
- ✅ **Multiple simultaneous PLCs** - Manages entire industrial plant- ✅ **Multiple simultaneous PLCs** - Manages entire industrial plant
## 📁 Project Structure## 📁 Project Structure
``````
proxytcp/proxytcp/
├── Dockerfile # Industrial container image├── Dockerfile # Industrial container image
├── docker-compose.yml # Service configuration├── docker-compose.yml # Service configuration
├── requirements.txt # Python dependencies├── requirements.txt # Python dependencies
├── src/├── src/
│ └── industrial_nat_manager.py # Main NAT system│ └── industrial_nat_manager.py # Main NAT system
├── config/├── config/
│ └── nat_config.yaml # Industrial configuration│ └── nat_config.yaml # Industrial configuration
├── certs/ # SSH private key (provided)├── certs/ # SSH private key (provided)
│ └── ssh_private_key # Your SSH private key│ └── ssh_private_key # Your SSH private key
├── scripts/├── scripts/
│ ├── nat_client.py # Client for PC2│ ├── nat_client.py # Client for PC2
│ ├── industrial_manager.sh # Automated management│ ├── industrial_manager.sh # Automated management
│ └── generate_ssh_key.sh # Key generator (optional)│ └── generate_ssh_key.sh # Key generator (optional)
├── setup_permanent.sh # Service configuration├── setup_permanent.sh # Service configuration
└── logs/ # System logs└── logs/ # System logs
``````
## 🚀 **Complete Installation**## 🚀 **Complete Installation**
### **Step 1: Setup PC1 (WSL2 Container)**### **Step 1: Setup PC1 (WSL2 Container)**
**IMPORTANT:** Execute these commands inside WSL2 on PC1**IMPORTANT:** Execute these commands inside WSL2 on PC1
```bash```bash
# 1. Clone the repository in WSL2# 1. Clone the repository in WSL2
git clone https://gitea.casaparma.dscloud.me/Miguel/ProxyTcpReverse.gitgit clone https://gitea.casaparma.dscloud.me/Miguel/ProxyTcpReverse.git
cd ProxyTcpReversecd ProxyTcpReverse
# 2. Verify SSH private key exists# 2. Verify SSH private key exists
ls -la certs/ssh_private_keyls -la certs/ssh_private_key
chmod 600 certs/ssh_private_keychmod 600 certs/ssh_private_key
# 3. Install Docker and Docker Compose in WSL2 (if not installed)# 3. Install Docker and Docker Compose in WSL2 (if not installed)
sudo apt updatesudo apt update
sudo apt install docker.io docker-compose -ysudo apt install docker.io docker-compose -y
sudo usermod -aG docker $USERsudo usermod -aG docker $USER
newgrp dockernewgrp docker
# 4. Build and configure the industrial container# 4. Build and configure the industrial container
docker-compose builddocker-compose build
# 5. Configure as permanent service (runs automatically)# 5. Configure as permanent service (runs automatically)
./setup_permanent.sh./setup_permanent.sh
# ✅ System is now running automatically!# ✅ System is now running automatically!
``````
### **Step 2: Configure PC3 (Intermediary Server)**### **Paso 2: Configurar PC3 (Servidor Intermediario)**
```bash```bash
# On PC3 (91.99.210.72), configure SSH for tunnels## 🚨 **Resolución de Problemas**
sudo nano /etc/ssh/sshd_config
### **Problemas Comunes** ### **Problemas Comunes**
#### **1. Error de conexión SSH a PC3** # Add these lines:
```bash
GatewayPorts yes#### **1. Error de conexión SSH a PC3**
AllowTcpForwarding yes```bash
# Verificar clave SSH # Verificar clave SSH
ls -la certs/ssh_private_key
chmod 600 certs/ssh_private_key
# Probar conexión manual # Restart SSHls -la certs/ssh_private_key
ssh -i certs/ssh_private_key miguefin@91.99.210.72
``` sudo systemctl restart sshchmod 600 certs/ssh_private_key
# Add public key (if not already done)# Probar conexión manual
mkdir -p ~/.sshssh -i certs/ssh_private_key miguefin@91.99.210.72
nano ~/.ssh/authorized_keys```
# (paste the public key corresponding to the private key in /certs)
chmod 600 ~/.ssh/authorized_keys#### **2. PLC no accesible desde PC2**
#### **2. PLC no accesible desde PC2**
```bash ```bash
# Verificar túnel SSH activo
docker exec proxytcp_proxy_1 ps aux | grep ssh
# Verificar configuración PC3 # Configure firewall# Verificar túnel SSH activo
sudo ufw allow 22docker exec proxytcp_proxy_1 ps aux | grep ssh
sudo ufw allow 9000:9999/tcp
```# Verificar configuración PC3
ssh -i certs/ssh_private_key miguefin@91.99.210.72 "sudo netstat -tlnp | grep :9" ssh -i certs/ssh_private_key miguefin@91.99.210.72 "sudo netstat -tlnp | grep :9"
```
#### **3. Servicio no inicia automáticamente** ### **Step 3: Test Connection**```
```bash ```bash
# From WSL2 on PC1, test SSH connection to PC3#### **3. Servicio no inicia automáticamente**
ssh -i certs/ssh_private_key miguefin@91.99.210.72```bash
# Verificar servicio systemd # Verificar servicio systemd
sudo systemctl status industrial-nat-manager
# If successful, the industrial system is ready!sudo systemctl status industrial-nat-manager
```
# Ver logs del servicio # Ver logs del servicio
sudo journalctl -u industrial-nat-manager -f
# Reiniciar servicio ## 💻 **System Usage**sudo journalctl -u industrial-nat-manager -f
### **From PC2 (Remote) - Industrial Access**# Reiniciar servicio
sudo systemctl restart industrial-nat-manager sudo systemctl restart industrial-nat-manager
```
#### **4. Puertos ocupados** ```bash```
# Copy the client to PC2
scp nat_client.py pc2@ip.of.pc2:/destination/path/#### **4. Puertos ocupados**
```bash ```bash
# Verificar puertos en uso
# On PC2, connect to PLCs using predefined services:# Verificar puertos en uso
docker exec proxytcp_proxy_1 netstat -tlnp docker exec proxytcp_proxy_1 netstat -tlnp
# Limpiar conexiones # 1. Connect to PLC via VNC (visualization)
python nat_client.py plc 10.1.33.11 vnc# Limpiar conexiones
docker restart proxytcp_proxy_1 docker restart proxytcp_proxy_1
```
# 2. Connect to PLC via Modbus TCP (data)```
python nat_client.py plc 10.1.33.11 modbus
### **Información de Red** ### **Información de Red**
``` # 3. Connect to PLC web interface
python nat_client.py plc 10.1.33.11 http```
Flujo de Datos: Flujo de Datos:
PC2 (Remoto) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)
# 4. SSH access to industrial devicePC2 (Remoto) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)
python nat_client.py plc 10.1.33.15 ssh
Puertos Dinámicos: 9000-9999 en PC3 Puertos Dinámicos: 9000-9999 en PC3
API de Control: Puerto 8080 en PC1
# 5. Custom connectionAPI de Control: Puerto 8080 en PC1
python nat_client.py connect 10.1.33.20 8080 --name "SCADA_Server"```
``` ```
## 📚 **Documentación Adicional** ## 📚 **Documentación Adicional**
### **Advanced Management (PC1)**
- **PC3_SETUP.md** - Configuración detallada del servidor intermediario - **PC3_SETUP.md** - Configuración detallada del servidor intermediario
- **INDUSTRIAL_README.md** - Guía específica para uso industrial
- **config/nat_config.yaml** - Referencia de configuración completa
## 🤝 **Soporte** ```bash- **INDUSTRIAL_README.md** - Guía específica para uso industrial
Este sistema está diseñado para entornos industriales que requieren acceso remoto a PLCs y sistemas SCADA a través de limitaciones de red corporativa. # View system status- **config/nat_config.yaml** - Referencia de configuración completa
docker exec proxytcp_proxy_1 python -c "
import aiohttp, asyncio## 🤝 **Soporte**
async def status():
async with aiohttp.ClientSession() as session:Este sistema está diseñado para entornos industriales que requieren acceso remoto a PLCs y sistemas SCADA a través de limitaciones de red corporativa.
async with session.get('http://localhost:8080/status') as resp:
print(await resp.json())**Casos de uso típicos:**
asyncio.run(status())- Monitoreo remoto de plantas industriales
"- Mantenimiento de equipos desde ubicaciones remotas
**Casos de uso típicos:**
- Monitoreo remoto de plantas industriales
- Mantenimiento de equipos desde ubicaciones remotas
- Acceso a HMI/SCADA sin VPN corporativa - Acceso a HMI/SCADA sin VPN corporativa
- Gestión de múltiples PLCs simultáneamente
# Interactive management- Gestión de múltiples PLCs simultáneamente
./scripts/industrial_manager.sh
--- ---
🏭 **Sistema NAT Industrial para Acceso Remoto a PLCs/SCADA** 🏭 # View system logs
```
docker logs proxytcp_proxy_1 -f🏭 **Sistema NAT Industrial para Acceso Remoto a PLCs/SCADA** 🏭
``````
## 🔧 **Industrial Configuration**### **Paso 3: Configurar Sistema Permanente (PC1)**
### **Paso 3: Configurar Sistema Permanente (PC1)**
```bash ```bash
# Instalar como servicio permanente
### **Configuration File (`config/nat_config.yaml`)**# Instalar como servicio permanente
./setup_permanent.sh ./setup_permanent.sh
# ¡El sistema queda funcionando automáticamente! ```yaml
# PC3 server configuration# ¡El sistema queda funcionando automáticamente!
ssh_server:```
host: "91.99.210.72"
port: 22## <20> **Uso del Sistema**
user: "miguefin"
key_file: "/app/certs/ssh_private_key"### **Desde PC2 (Remoto) - Acceso Industrial**
# Predefined industrial services```bash
services:# Copiar el cliente a PC2
vnc:scp nat_client.py pc2@ip.del.pc2:/ruta/destino/
port: 5900
description: "Remote access to HMI screens"# En PC2, conectar a PLCs usando servicios predefinidos:
modbus:
port: 502# 1. Conectar a PLC via VNC (visualización)
description: "Modbus TCP protocol"python nat_client.py plc 10.1.33.11 vnc
http:
port: 80# 2. Conectar a PLC via Modbus TCP (datos)
description: "Device web interfaces"python nat_client.py plc 10.1.33.11 modbus
ssh:
port: 22# 3. Conectar a interfaz web del PLC
description: "SSH access to devices"python nat_client.py plc 10.1.33.11 http
# Dynamic port configuration# 4. Acceso SSH a dispositivo industrial
nat:python nat_client.py plc 10.1.33.15 ssh
port_range: [9000, 9999]
bind_host: "0.0.0.0"# 5. Conexión personalizada
```python nat_client.py connect 10.1.33.20 8080 --name "Servidor_SCADA"
``` ```
## <20> **Uso del Sistema** ## 🚨 **Troubleshooting**
### **Desde PC2 (Remoto) - Acceso Industrial**
```bash
# Copiar el cliente a PC2
scp nat_client.py pc2@ip.del.pc2:/ruta/destino/
# En PC2, conectar a PLCs usando servicios predefinidos:
# 1. Conectar a PLC via VNC (visualización)
python nat_client.py plc 10.1.33.11 vnc
# 2. Conectar a PLC via Modbus TCP (datos)
python nat_client.py plc 10.1.33.11 modbus
# 3. Conectar a interfaz web del PLC
python nat_client.py plc 10.1.33.11 http
# 4. Acceso SSH a dispositivo industrial
python nat_client.py plc 10.1.33.15 ssh
# 5. Conexión personalizada
python nat_client.py connect 10.1.33.20 8080 --name "Servidor_SCADA"
```
### **Gestión Avanzada (PC1)** ### **Gestión Avanzada (PC1)**
### **Common Issues**
```bash ```bash
# Ver estado del sistema
docker exec proxytcp_proxy_1 python -c " #### **1. SSH connection error to PC3**# Ver estado del sistema
import aiohttp, asyncio
async def status(): ```bashdocker exec proxytcp_proxy_1 python -c "
async with aiohttp.ClientSession() as session:
# Verify SSH keyimport aiohttp, asyncio
ls -la certs/ssh_private_keyasync def status():
chmod 600 certs/ssh_private_key async with aiohttp.ClientSession() as session:
async with session.get('http://localhost:8080/status') as resp: async with session.get('http://localhost:8080/status') as resp:
print(await resp.json())
asyncio.run(status())
"
# Gestión interactiva # Test manual connection print(await resp.json())
./scripts/industrial_manager.sh
ssh -i certs/ssh_private_key miguefin@91.99.210.72asyncio.run(status())
```"
#### **2. PLC not accessible from PC2**# Gestión interactiva
```bash./scripts/industrial_manager.sh
# Verify active SSH tunnel
docker exec proxytcp_proxy_1 ps aux | grep ssh# Ver logs del sistema
# Ver logs del sistema
docker logs proxytcp_proxy_1 -f docker logs proxytcp_proxy_1 -f
```
## 🔧 **Configuración Industrial** # Verify PC3 configuration```
### **Archivo de Configuración (`config/nat_config.yaml`)** ssh -i certs/ssh_private_key miguefin@91.99.210.72 "sudo netstat -tlnp | grep :9"
```## 🔧 **Configuración Industrial**
#### **3. Service doesn't start automatically**### **Archivo de Configuración (`config/nat_config.yaml`)**
```bash
# Verify systemd service```yaml
sudo systemctl status industrial-nat-manager# Configuración del servidor PC3
```yaml
# Configuración del servidor PC3
ssh_server: ssh_server:
host: "91.99.210.72"
port: 22 # View service logs host: "91.99.210.72"
sudo journalctl -u industrial-nat-manager -f port: 22
user: "miguefin" user: "miguefin"
key_file: "/app/certs/ssh_private_key"
# Servicios industriales predefinidos # Restart service key_file: "/app/certs/ssh_private_key"
sudo systemctl restart industrial-nat-manager
```# Servicios industriales predefinidos
services: services:
vnc:
port: 5900 #### **4. Ports occupied** vnc:
description: "Acceso remoto a pantallas HMI"
modbus: ```bash port: 5900
# Check ports in use description: "Acceso remoto a pantallas HMI"
docker exec proxytcp_proxy_1 netstat -tlnp modbus:
port: 502 port: 502
description: "Protocolo Modbus TCP"
http: # Clean connections description: "Protocolo Modbus TCP"
port: 80
docker restart proxytcp_proxy_1 http:
``` port: 80
description: "Interfaces web de dispositivos" description: "Interfaces web de dispositivos"
ssh:
### **Network Information** ssh:
port: 22 port: 22
description: "Acceso SSH a dispositivos"
# Configuración de puertos dinámicos ``` description: "Acceso SSH a dispositivos"
Data Flow:
PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)# Configuración de puertos dinámicos
nat: nat:
port_range: [9000, 9999]
bind_host: "0.0.0.0"
```
## 🔧 Tipos de Servicios Disponibles Dynamic Ports: 9000-9999 on PC3 port_range: [9000, 9999]
Control API: Port 8080 on PC1 bind_host: "0.0.0.0"
``````
## 📚 **Additional Documentation**## 🔧 Tipos de Servicios Disponibles
- **PC3_SETUP.md** - Detailed intermediary server configuration### 1. Servicio HTTP
- **INDUSTRIAL_README.md** - Industrial-specific usage guideResponde con JSON y información de la conexión:
- **config/nat_config.yaml** - Complete configuration reference```bash
### 1. Servicio HTTP
Responde con JSON y información de la conexión:
```bash
# En el contenedor Docker expone puerto 3000 # En el contenedor Docker expone puerto 3000
# En el servidor Linux se accede por puerto 3000
## 🤝 **Support**# En el servidor Linux se accede por puerto 3000
curl http://91.99.210.72:3000 curl http://91.99.210.72:3000
This system is designed for industrial environments requiring remote access to PLCs and SCADA systems through corporate network limitations.```
**Typical use cases:**### 2. Servicio Echo
- Remote monitoring of industrial plantsÚtil para pruebas de conectividad:
- Equipment maintenance from remote locations ```bash
- HMI/SCADA access without corporate VPN# Usando telnet o netcat
- Managing multiple PLCs simultaneouslyecho "Hello World" | nc 91.99.210.72 7000
``` ```
### 2. Servicio Echo ---
Útil para pruebas de conectividad:
```bash
# Usando telnet o netcat
echo "Hello World" | nc 91.99.210.72 7000
```
### 3. Servicios Personalizados ### 3. Servicios Personalizados
Puedes crear tus propios servicios modificando `ssh_proxy_manager.py`
🏭 **Industrial NAT System for Remote PLC/SCADA Access** 🏭Puedes crear tus propios servicios modificando `ssh_proxy_manager.py`
## 💡 Casos de Uso Comunes ## 💡 Casos de Uso Comunes