Establish Connection Via Network Address Translation (Nat) - Siemens SIMATIC S7-1500 Operating Instructions Manual

Commissioning in STEP 7
5.4 Communication between Linux and CPU
5.4.2.2

Establish connection via Network Address Translation (NAT)

Establishing web server access
If you want the runtime communication interface to be hidden or otherwise not reachable
from outside, you can use control-line commands to configure the Linux NAT table.
This enables Web server access from an external PC via the physical Linux Ethernet
interface.
Note
Unique IP and MAC addresses
Make sure that the IP addresses of the devices used in the virtual network are unique within
the subnet. The MAC addresses of the devices must be globally unique.
You can use the Management tool (Page 60) provided to change the MAC addresses for
virtual Ethernet interface devices.
Requirement
● You have root privileges.
● You have Configured Web server in STEP 7 (Page 45).
Procedure
To establish external Web server access via NAT, proceed as follows:
1. Activate "packet forwarding" with the following command line:
sysctl -w net.ipv4.ip_forward=1
2. To add a rule to the prerouting and postrouting chain, enter the following command lines:
iptables -t nat -A PREROUTING -p tcp -i enp4s0 --src
192.168.2.0/24 --dport 443 -j DNAT --to-destination 192.168.73.155:443
iptables -t nat -A POSTROUTING --src 192.168.2.0/24 -j MASQUERADE
–
–
–
–
54
enp4s0
Name of the physical network interface assigned to the Linux operating system.
192.168.73.155
IP address of the runtime communication interface
192.168.2.0/24
Address of the subnet of the physical Ethernet interface assigned to the Linux
operating system.
443
Port number of the https connection.
CPU 1505SP (F) Ready4Linux Version 2.7
Operating Instructions, 05/2019, A5E46864285-AA