Miguel
/
ProxyTcpReverse
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ProxyTcpReverse/INDUSTRIAL_README_EN.md

237 lines
5.1 KiB
Markdown
Raw Permalink Blame History

# Industrial NAT System for PLC/SCADA Access
## 🎯 **Network Architecture**
```
PC2 (Remote) → PC3 (91.99.210.72) → PC1 (WSL2+VPN) → PLCs/SCADA (10.1.33.x)
↑ ↑ ↑ ↑
ZeroTier/Internet SSH Tunnel Reverse Tunnel Corporate Network
Intermediary from WSL2 (GlobalConnect VPN)
```
## 🏭 **Industrial Use Cases**
- **VNC to PLCs** - Remote graphical access to HMI screens
- **Web Interfaces** - Industrial device configuration
- **Modbus TCP** - Controller communication
- **SSH/Telnet** - Terminal access to equipment
- **Databases** - Historians and SCADA systems
## 🚀 **Installation on PC1 (WSL2)**
### 1. Configure SSH Key
```bash
# Copy your SSH private key
cp /path/to/your/private_key certs/ssh_private_key
chmod 600 certs/ssh_private_key
```
### 2. Configure SSH User on PC3
Edit `config/nat_config.yaml`:
```yaml
ssh_server:
host: "91.99.210.72"
user: "your_ssh_user" # Change here
```
### 3. Start System
```bash
./setup.sh
```
## 🖥️ **Usage from PC2 (Remote Client)**
### Quick PLC Connection
```bash
# Install client on PC2
pip install requests
# Connect to PLC via VNC (auto-assigns port)
python nat_client.py plc 10.1.33.11 vnc --wait
# Result:
# ✅ PLC connection established!
# Access from PC2: 91.99.210.72:9001
# Service: VNC
# Now from PC2 connect VNC to: 91.99.210.72:9001
```
### Predefined Services
```bash
# VNC (port 5900)
python nat_client.py plc 10.1.33.11 vnc
# Web Interface (port 80)
python nat_client.py plc 10.1.33.11 web
# Modbus TCP (port 502)
python nat_client.py plc 10.1.33.12 modbus
# SSH to PLC (port 22)
python nat_client.py plc 10.1.33.13 ssh
```
### Custom Port Connection
```bash
# Connect to specific port
python nat_client.py connect 10.1.33.11 8080 --description "PLC Web Admin"
# Specific port on PC3
python nat_client.py add 10.1.33.11 1234 --external-port 9500
```
### View System Status
```bash
# Complete status
python nat_client.py status
# List active connections
python nat_client.py list
```
## 📊 **Practical Examples**
### Scenario 1: VNC Access to HMI
```bash
# From PC2 create tunnel
python nat_client.py plc 10.1.33.11 vnc --wait
# Connect VNC viewer to: 91.99.210.72:9001
# Now you have HMI access as if you were at the plant!
```
### Scenario 2: Configure Multiple PLCs
```bash
# Main PLC - VNC
python nat_client.py plc 10.1.33.11 vnc
# Main PLC - Web
python nat_client.py plc 10.1.33.11 web
# Secondary PLC - Modbus
python nat_client.py plc 10.1.33.12 modbus
# Verify connections
python nat_client.py list
```
### Scenario 3: Historian Access
```bash
# Historian database
python nat_client.py connect 10.1.33.20 1433 --description "SQL Server Historian"
# Connect from PC2: 91.99.210.72:9XXX
```
## 🔧 **REST API for Automation**
```python
import requests
# Create connection programmatically
response = requests.post('http://91.99.210.72:8080/quick-connect', json={
'target_ip': '10.1.33.11',
'target_port': 5900,
'description': 'Automated VNC access'
})
connection = response.json()
print(f"Connect VNC to: {connection['access_url']}")
```
## 🛡️ **Security**
- **Encrypted SSH tunnels** - All traffic is protected
- **No open ports on PC1** - Only outbound connections
- **Controlled access** - Only authorized devices via IP
- **Detailed logs** - Complete connection auditing
## 🔍 **Monitoring and Logs**
```bash
# View real-time logs
./scripts/manage_proxy.sh logs
# NAT system status
curl http://localhost:8080/status
# Active connections by PLC
python nat_client.py status | grep "10.1.33"
```
## 📱 **Management from PC2**
### Quick Connection Script (Windows)
```batch
@echo off
echo Connecting to Main PLC...
python nat_client.py plc 10.1.33.11 vnc --wait
echo.
echo Ready! Connect your VNC viewer to: 91.99.210.72:9001
pause
```
### PowerShell for Multiple PLCs
```powershell
# Connect to all production line PLCs
$plcs = @("10.1.33.11", "10.1.33.12", "10.1.33.13")
foreach ($plc in $plcs) {
Write-Host "Connecting to PLC $plc..."
python nat_client.py plc $plc vnc
}
# Show status
python nat_client.py list
```
## 🚨 **Troubleshooting**
### PC1 cannot connect to PC3
```bash
# Verify SSH key
ssh -i certs/ssh_private_key user@91.99.210.72
# Check connectivity
ping 91.99.210.72
```
### PC2 cannot access port
```bash
# Verify tunnel is active
python nat_client.py status
# Test connectivity to PC3
telnet 91.99.210.72 9001
```
### PLC not responding
```bash
# From PC1, verify PLC access
ping 10.1.33.11
telnet 10.1.33.11 5900
```
## 📋 **Common Industrial Ports**
| Service | Port | Description |
|----------|--------|-------------|
| VNC | 5900 | HMI graphical access |
| HTTP | 80 | PLC web interface |
| HTTPS | 443 | Secure web interface |
| Modbus TCP | 502 | Modbus communication |
| SSH | 22 | Remote terminal |
| Telnet | 23 | Terminal (insecure) |
| FTP | 21 | File transfer |
| SQL Server | 1433 | Historian database |
| MySQL | 3306 | Database |
| OPC | 135 | OPC Classic |
---
**System ready!** Now PC2 can access any device on the corporate network as if it were physically connected at the plant.
Reference in New Issue View Git Blame Copy Permalink