# Industrial NAT System for PLC/SCADA Access ## 🎯 **Network Architecture** ``` PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x) ↑ ↑ ↑ ↑ ZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate Network Intermediary from WSL2 (GlobalConnect VPN) ``` ## 🏭 **Industrial Use Cases** - **VNC to PLCs** - Remote graphical access to HMI screens - **Web Interfaces** - Industrial device configuration - **Modbus TCP** - Controller communication - **SSH/Telnet** - Terminal access to equipment - **Databases** - Historians and SCADA systems ## 🚀 **Installation on PC1 (WSL2)** ### 1. Configure SSH Key ```bash # Copy your SSH private key cp /path/to/your/private_key certs/ssh_private_key chmod 600 certs/ssh_private_key ``` ### 2. Configure SSH User on PC3 Edit `config/nat_config.yaml`: ```yaml ssh_server: host: "91.99.210.72" user: "your_ssh_user" # Change here ``` ### 3. Start System ```bash ./setup.sh ``` ## 🖥️ **Usage from PC2 (Remote Client)** ### Quick PLC Connection ```bash # Install client on PC2 pip install requests # Connect to PLC via VNC (auto-assigns port) python nat_client.py plc 10.1.33.11 vnc --wait # Result: # ✅ PLC connection established! # Access from PC2: 91.99.210.72:9001 # Service: VNC # Now from PC2 connect VNC to: 91.99.210.72:9001 ``` ### Predefined Services ```bash # VNC (port 5900) python nat_client.py plc 10.1.33.11 vnc # Web Interface (port 80) python nat_client.py plc 10.1.33.11 web # Modbus TCP (port 502) python nat_client.py plc 10.1.33.12 modbus # SSH to PLC (port 22) python nat_client.py plc 10.1.33.13 ssh ``` ### Custom Port Connection ```bash # Connect to specific port python nat_client.py connect 10.1.33.11 8080 --description "PLC Web Admin" # Specific port on PC3 python nat_client.py add 10.1.33.11 1234 --external-port 9500 ``` ### View System Status ```bash # Complete status python nat_client.py status # List active connections python nat_client.py list ``` ## 📊 **Practical Examples** ### Scenario 1: VNC Access to HMI ```bash # From PC2 create tunnel python nat_client.py plc 10.1.33.11 vnc --wait # Connect VNC viewer to: 91.99.210.72:9001 # Now you have HMI access as if you were at the plant! ``` ### Scenario 2: Configure Multiple PLCs ```bash # Main PLC - VNC python nat_client.py plc 10.1.33.11 vnc # Main PLC - Web python nat_client.py plc 10.1.33.11 web # Secondary PLC - Modbus python nat_client.py plc 10.1.33.12 modbus # Verify connections python nat_client.py list ``` ### Scenario 3: Historian Access ```bash # Historian database python nat_client.py connect 10.1.33.20 1433 --description "SQL Server Historian" # Connect from PC2: 91.99.210.72:9XXX ``` ## 🔧 **REST API for Automation** ```python import requests # Create connection programmatically response = requests.post('http://91.99.210.72:8080/quick-connect', json={ 'target_ip': '10.1.33.11', 'target_port': 5900, 'description': 'Automated VNC access' }) connection = response.json() print(f"Connect VNC to: {connection['access_url']}") ``` ## 🛡️ **Security** - **Encrypted SSH tunnels** - All traffic is protected - **No open ports on PC1** - Only outbound connections - **Controlled access** - Only authorized devices via IP - **Detailed logs** - Complete connection auditing ## 🔍 **Monitoring and Logs** ```bash # View real-time logs ./scripts/manage_proxy.sh logs # NAT system status curl http://localhost:8080/status # Active connections by PLC python nat_client.py status | grep "10.1.33" ``` ## 📱 **Management from PC2** ### Quick Connection Script (Windows) ```batch @echo off echo Connecting to Main PLC... python nat_client.py plc 10.1.33.11 vnc --wait echo. echo Ready! Connect your VNC viewer to: 91.99.210.72:9001 pause ``` ### PowerShell for Multiple PLCs ```powershell # Connect to all production line PLCs $plcs = @("10.1.33.11", "10.1.33.12", "10.1.33.13") foreach ($plc in $plcs) { Write-Host "Connecting to PLC $plc..." python nat_client.py plc $plc vnc } # Show status python nat_client.py list ``` ## 🚨 **Troubleshooting** ### PC1 cannot connect to PC3 ```bash # Verify SSH key ssh -i certs/ssh_private_key user@91.99.210.72 # Check connectivity ping 91.99.210.72 ``` ### PC2 cannot access port ```bash # Verify tunnel is active python nat_client.py status # Test connectivity to PC3 telnet 91.99.210.72 9001 ``` ### PLC not responding ```bash # From PC1, verify PLC access ping 10.1.33.11 telnet 10.1.33.11 5900 ``` ## 📋 **Common Industrial Ports** | Service | Port | Description | |----------|--------|-------------| | VNC | 5900 | HMI graphical access | | HTTP | 80 | PLC web interface | | HTTPS | 443 | Secure web interface | | Modbus TCP | 502 | Modbus communication | | SSH | 22 | Remote terminal | | Telnet | 23 | Terminal (insecure) | | FTP | 21 | File transfer | | SQL Server | 1433 | Historian database | | MySQL | 3306 | Database | | OPC | 135 | OPC Classic | --- **System ready!** Now PC2 can access any device on the corporate network as if it were physically connected at the plant.