Which ports need to be open to get a bidirectional access over a router?
- Armin Beck
Which ports need to be open to get a bidirectional access over a Router?
A netSCADA device uses
TCP based HTTP protocol on standard port 80 for showing web content over the browser
TCP based FTP protocol on standard port 21 for performing a download procedure during distribution process.
Both ports 80 and 21 need to be opened in your routers "open ports" or "port forwarding" configuration settings to get a full access a netSCADA device over the internet.
If you just want to visualize and do no programming it is enough just to open port 80.
Special note about bidirectional FTP access:
During the distribution procedure atvise Builder uses the standard FTP ethernet protocol described here https://en.wikipedia.org/wiki/File_Transfer_Protocol. Read on for details in the active/passive FTPconnection chapter.
When the distribute command is used within atvise Builder the connection will be executed across a 'passive' FTP mode connection by an FTP client running as a Windows service in the backgound. The FTP client initiates this connection using a PASV command over port 21. So make sure that the port 21 is opened from communications from atvise PC->netSCADA device. The passive protocol defines that with a FTP passive connection the server (netSCADA device) replies with a port beyond >1023. So make sure that this port netSCADA device->atvise PC is also opened. This port will be determined dynamically by netSCADA device and cannot be predicted. Either you make a local ethernet frame analysis to get knowledge of this port or you configure a range of ports in your router to be opened.
To make tests if a proper FTP connection works you can use a standard FTP client such as Filezilla https://filezilla-project.org/ to get access to a netSCADA device alternatively. The client software needs to be configure in passive mode with authentication using the login user: admin and password: ftpnetlink
Summary: In case you want to a establish a connection over Internet across a router to a local netSCADA device then you have to open or forward the port 21 AND the specific netSCADA FTP reply port in order to allow a proper connection from remote.