Dynamic DNS Issue with WebServer

[dalekphalm]

Hey guys,

 

So I have a somewhat non-standard setup that is giving us some issues. This has to do with work and much of the information is confidential and thus I cannot share some specifics, but I'll do my best to lay out everything.

 

Okay so the equipment involved:

1. ABB PLC w/ WebServer (Model AC564-R-ETH) - connected via ethernet to local router

2. Router on LAN - DIR-632

3. Dynamic DNS service - No-ip.org xxx.myftp.org (where xxx represents our subdomain)

4. External client access (Windows XP SP3 computer on an ASUS RT-AC66U router)

 

The ABB PLC is using internal network IP: 192.168.2.99, with the integrated webserver on port 80 (As per usual). The webserver page is located at /webvisu.htm.

 

I have the DIR-632 configured to access the No-ip.org service and update the Dynamic DNS records there (The free domain address from No-ip.org routes to our dynamic WAN IP Address from the ISP).

 

The DIR-632 also has port forwarding enabled for the PLC IP Address and port 80. So in theory it should redirect to the PLC.

 

I can access the web server page from within the internal network on BOTH the LAN IP Address, as well as the ddns domain address (using both 192.168.2.99/webvisu.htm and xxx.myftp.org/webvisu.htm). When attempting to access the Web Server from the external client computer (xxx.myftp.org/webvisu.htm), it immediately loads HTTP 404 error and cannot find the site. It also doesn't try for very long to locate the site. It's literally a few milliseconds (Half a second tops) before it loads the 404 error.

 

We have a network enabled KGuard DVR that also has a web server for remote viewing (Type in the DVR IP Address in your browser and it'll allow remote viewing and limited control via a web interface). When I type in the no-ip root domain address, I can access the DVR (typing in just xxx.myftp.org). It's supposed to be using a different port though (port 37777), but I don't need to type the port number into the browser for it to access.

 

I have also tried typing in the direct WAN IP Address that the network the PLC is on is using, and it acts the exact same way as if using the No-Ip.org redirect. I can access the DVR using the root, but I cannot access the PLC Web Server at /webvisu.htm.

 

I feel like there must be something stupid or simple blocking access, but I cannot find it for the life of me.

 

Can I get some help please ASAP? Please ask if you need additional info, and keep in mind things like the specific IP Addresses I may not be able to disclose.

[dalekphalm]

Hey guys, just an update:

 

When I put the ABB PLC LAN IP Address into the DMZ on the Router (DIR-632), I can fully access the webserver (/webvisu.htm).

 

What the heck? Obviously it's the DIR-632 firewall that's blocking something or has some sort of conflict (Perhaps with the KGuard DVR web interface?) But I've got no idea at this point.

 

For now, using the DMZ is fine, but I'm just concerned about the long term security issues with leaving it on the DMZ.

[gulmat]

Could you post of snipping of the port forwarding from your router? (If possible and if you don't mind?)

[dalekphalm]

Could you post of snipping of the port forwarding from your router? (If possible and if you don't mind?)

When I'm at work tomorrow I'll see if I can get a screenshot and post it. I tried both "Port Forwarding" as well as "Virtual Server", and neither worked. So far only putting it outside the DMZ has worked.

[gulmat]

Sounds good. Also, is there any chance that there's another port-forwarding configured for the DVR? If you say that the DVR should be on port 37777 and you access it when entering xxx.myftp.org, Maybe that's your problem or the it's configured for port 80 also. You can't have more than one service/application on a single port ...just to rule that out