Miguel
/
ProxyTcpReverse
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ProxyTcpReverse/INDUSTRIAL_README_EN.md

5.1 KiB
Raw Permalink Blame History

Industrial NAT System for PLC/SCADA Access

🎯 Network Architecture

PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)
     ↑               ↑                    ↑                    ↑
ZeroTier/Internet  SSH Tunnel      Reverse Tunnel      Corporate Network
                   Intermediary    from WSL2           (GlobalConnect VPN)

🏭 Industrial Use Cases

  • VNC to PLCs - Remote graphical access to HMI screens
  • Web Interfaces - Industrial device configuration
  • Modbus TCP - Controller communication
  • SSH/Telnet - Terminal access to equipment
  • Databases - Historians and SCADA systems

🚀 Installation on PC1 (WSL2)

1. Configure SSH Key

# Copy your SSH private key
cp /path/to/your/private_key certs/ssh_private_key
chmod 600 certs/ssh_private_key

2. Configure SSH User on PC3

Edit config/nat_config.yaml:

ssh_server:
  host: "91.99.210.72"
  user: "your_ssh_user"  # Change here

3. Start System

./setup.sh

🖥️ Usage from PC2 (Remote Client)

Quick PLC Connection

# Install client on PC2
pip install requests

# Connect to PLC via VNC (auto-assigns port)
python nat_client.py plc 10.1.33.11 vnc --wait

# Result:
# ✅ PLC connection established!
# Access from PC2: 91.99.210.72:9001
# Service: VNC

# Now from PC2 connect VNC to: 91.99.210.72:9001

Predefined Services

# VNC (port 5900)
python nat_client.py plc 10.1.33.11 vnc

# Web Interface (port 80)  
python nat_client.py plc 10.1.33.11 web

# Modbus TCP (port 502)
python nat_client.py plc 10.1.33.12 modbus

# SSH to PLC (port 22)
python nat_client.py plc 10.1.33.13 ssh

Custom Port Connection

# Connect to specific port
python nat_client.py connect 10.1.33.11 8080 --description "PLC Web Admin"

# Specific port on PC3
python nat_client.py add 10.1.33.11 1234 --external-port 9500

View System Status

# Complete status
python nat_client.py status

# List active connections
python nat_client.py list

📊 Practical Examples

Scenario 1: VNC Access to HMI

# From PC2 create tunnel
python nat_client.py plc 10.1.33.11 vnc --wait

# Connect VNC viewer to: 91.99.210.72:9001
# Now you have HMI access as if you were at the plant!

Scenario 2: Configure Multiple PLCs

# Main PLC - VNC
python nat_client.py plc 10.1.33.11 vnc

# Main PLC - Web  
python nat_client.py plc 10.1.33.11 web

# Secondary PLC - Modbus
python nat_client.py plc 10.1.33.12 modbus

# Verify connections
python nat_client.py list

Scenario 3: Historian Access

# Historian database
python nat_client.py connect 10.1.33.20 1433 --description "SQL Server Historian"

# Connect from PC2: 91.99.210.72:9XXX

🔧 REST API for Automation

import requests

# Create connection programmatically
response = requests.post('http://91.99.210.72:8080/quick-connect', json={
    'target_ip': '10.1.33.11',
    'target_port': 5900,
    'description': 'Automated VNC access'
})

connection = response.json()
print(f"Connect VNC to: {connection['access_url']}")

🛡️ Security

  • Encrypted SSH tunnels - All traffic is protected
  • No open ports on PC1 - Only outbound connections
  • Controlled access - Only authorized devices via IP
  • Detailed logs - Complete connection auditing

🔍 Monitoring and Logs

# View real-time logs
./scripts/manage_proxy.sh logs

# NAT system status
curl http://localhost:8080/status

# Active connections by PLC
python nat_client.py status | grep "10.1.33"

📱 Management from PC2

Quick Connection Script (Windows)

@echo off
echo Connecting to Main PLC...
python nat_client.py plc 10.1.33.11 vnc --wait
echo.
echo Ready! Connect your VNC viewer to: 91.99.210.72:9001
pause

PowerShell for Multiple PLCs

# Connect to all production line PLCs
$plcs = @("10.1.33.11", "10.1.33.12", "10.1.33.13")

foreach ($plc in $plcs) {
    Write-Host "Connecting to PLC $plc..."
    python nat_client.py plc $plc vnc
}

# Show status
python nat_client.py list

🚨 Troubleshooting

PC1 cannot connect to PC3

# Verify SSH key
ssh -i certs/ssh_private_key user@91.99.210.72

# Check connectivity
ping 91.99.210.72

PC2 cannot access port

# Verify tunnel is active
python nat_client.py status

# Test connectivity to PC3
telnet 91.99.210.72 9001

PLC not responding

# From PC1, verify PLC access
ping 10.1.33.11
telnet 10.1.33.11 5900

📋 Common Industrial Ports

Service Port Description
VNC 5900 HMI graphical access
HTTP 80 PLC web interface
HTTPS 443 Secure web interface
Modbus TCP 502 Modbus communication
SSH 22 Remote terminal
Telnet 23 Terminal (insecure)
FTP 21 File transfer
SQL Server 1433 Historian database
MySQL 3306 Database
OPC 135 OPC Classic

System ready! Now PC2 can access any device on the corporate network as if it were physically connected at the plant.