Port forwarding as a simple solution for SIM cards with fixed, accessible IP addresses.
The description in this Configuration Guide follows a configuration in the new user interface (web interface) available from icom OS 5.5. Update your router to the latest version of icom OS for the required functionality of the new user interface.
Situation
An IP device (e. G. Modbus TCP) in the router’s local network is to be accessed from a PC via the cellular network. You also have an M2M SIM card with fixed IP address, which is accessible in the network of the SIM card provider.
Solution
The solution for this is port forwarding (Destination NAT). The router forwards connections that are directed to its LTE IP address to the target device in the local network, in this case a Modbus device. A port forwarding (destination NAT) rule is created in the router, which forwards Modbus connections to the Modbus device (target device).
In the following overview image, the target device has the address 192.168.2.100 and the port 502 (standard port for Modbus) in the IP network net2 of the router. The IP address of the router in the provider’s network has the address 1.2.3.4.
|
Access from the PC to the SIM card provider’s network (usually VPN access) is not described in detail here, as this depends on the provider. |
|
|
For the following configuration, it is assumed that your router was in default settings and commissioned using the startup wizard so that it can establish an LTE connection and has configured a local network net2 in the address range 192.168.2.0.
|
-
Open the user interface of the router in a browser: insys.icom [1]
-
Click on
on the 
Network → Firewall / NAT page under Destination NAT on to add a destination NAT rule: and configure this accordingly:-
Description: DNAT rule for port forwarding to Modbus port
-
Type: Portforward
-
Protocol: TCP
-
Incoming interface: lte2
-
Destination port: 502
-
Destination NAT to address: 192.168.2.100
-
Destination NAT to port: 502
-
-
Click on SUBMIT .
-
Click on
on the Network → Firewall / NAT page under IP filter to add an IP filter rule and configure this accordingly: [2]-
Description: Traffic from lte2 to 192.168.2.100
-
Packet direction: FORWARD
-
IP version: All
-
Protocol: TCP
-
Input interface: lte2
-
Output interface: net2
-
Destination IP address: 192.168.2.100 / 32
-
Destination port: 502
-
-
Click on SUBMIT .
-
Activate the profile with a click on ACTIVATE PROFILE
.
Result testing
In order to verify whether the port forwarding to the Modbus device on the router works, you can use a Modbus master simulator (such as Modbus Poll) to establish a test connection, for example. To do this, establish a Modbus TCP connection to the fixed IP address of the SIM card via port 502. If the connection can be established, port forwarding works as expected.
Troubleshooting
-
Disable the IP filters for IPv4 in the
Network → Firewall / NAT menu under Settings IP filter to check whether incorrect filter settings are the reason for connection problems. -
Disconnect the Ethernet connection between your configuration PC and the router and enter the fixed IP address of the SIM card in your browser to verify that you can access the router via the cellular connection.
-
Click in the
Administration → Debugging menu on OPEN DEBUG TOOLS 
, select the tool TCP-Dump, enter the parameter -i net2 and click on SEND .
In this TCP dump, you can verify whether port forwarding to the router’s IP network net2 is working.
Back to the Configuration Guides for icom OS routers
Back to overview