FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,352 views 5 comments
by anonymous

Hello.  I have an RUT955 running firmware 6.00.4 

I have configured RS485 as a Modbus TCP gateway as per the picture below (on port 9502).  I can poll the Modbus successfully from the mobile WAN port,or via the Wifi LAN, or through a openVPN tunnel across the mobile WAN.

I now set up a DMZ to one of the lan ports (10.143.1.50)  where I have a second router. (my base lan address is 10.143.1.1)  At this point I can no longer poll the Modbus for the mobile WAN.  Although it will still work over VPN or from the LAN.   I can repeat this fault and I have even tried reinstalling firmware and discarding existing settings to ensure the tables are clean.

One thing I have noticed is that a line appears in the Port Forwarding tab (on the webgui) when the DMZ and Remote Access (https) are both enabled.  This entry in the port forwarding tab isn't visible all the time, as in you can refresh the page screen and it vanishes.   The entry is called 'tlt_allow_remote_https_through_DMZ'  and it forwards the remote port (9506 in my case) from the wan back to the LAN port 10.143.1.1

Taking this as a hint I constructed a similar rule to forward my port 9502 from the wan back to the lan 10.143.1.1, but this didn't work.

Any ideas please?   For now I'm going to have to turn off the dmz and try constructing individual port forwarding rules.

Also I unsure about the Listening IP and the Allow IP fields on the RS485 tab, please can you elaborate, the wiki says very little.

thank you

https://community.teltonika-networks.com/?qa=blob&qa_blobid=14973037794677148018

by anonymous

One related issue I should mention, although I cannot repeat it consistently.  When trouble shooting this problem, turning on/off dmz and adding/deleting firewall rules, it sometimes becomes impossible to acees the webgui via the mobile wan, even though remote https access is enabled.   Rebooting the router doesn't help, however if I disable the DMZ then it all goes back to normal.  I wondered if it's anything to do with the 'tlt_allow_remote_https_through_DMZ' port forwarding rule that is only sometimes visible in the webgui

thanks

guy

1 Answer

0 votes
by anonymous
Hi,

As workaround you could set port forward rules for your LAN device.

By default Modbus gateway use port 502.
by anonymous

Yes I tried that and it didn't work.     As I said above, my Modbus is set to port 9502.  Then I tried a port forward 

from WAN zone port external port 9502

to LAN zone 10.143.1.1 on port 9502.   Essentially a copy of the rule that sometimes appears in the firewall tab called ''tlt_allow_remote_https_through_DMZ'

Have I made a mistake on that rule?  I also tried constructing a traffic rule to forward 9502 to the internal device.  that didn't work either.

I see in the previous firmware releases that there has been a bug fix to allow remote https access through DMZ, I presume that is what this automatic firewall rule is about.  My other problem is that the bug fix doesn't always seem to work.  i.e. the rule disappears while you are editing other firewall rules and then the remote access https gets blocked.  the only fix is to remove the DMZ

Please can you advise further?

by anonymous

As I said above, my Modbus is set to port 9502.  Then I tried a port forward from WAN zone port external port 9502.

Please try this:

Reset router to default settings.

Reconfigure your Modbus gateway.

Configure port forwarding rules to your LAN device. Set port ranges, one from  1 - 9501 and second rule 9503 - 50000

by anonymous
thanks.   Yes that would work as a workaround,   actually I already did more or less that.  I forwarded a list of ports that I needed on the second router.

I presume that this issue and the similar issue with https access while DMZ is active are know bugs?
by anonymous
Thank you for your feedback. I will inform programmers about this.