0

basically i'm in the industrial automation space and every different machine has its own internal network. they also each connect to the company internal network. proble is that sometimes different machines have conflicting IPs and therefore you can't access them from the company network. is there a device i can put between each machine and the company network to solve the possible conflict? it is preferrable if the company network does not need to configure anything

Improve this question
5
  • What do you mean by "machine has its own internal network"?
    – harrymc
    Commented Aug 31, 2023 at 14:38
  • What topics can I ask about here? and What types of questions should I avoid asking?
    – Joep van Steen
    Commented Aug 31, 2023 at 15:18
  • basically every industrial machine is comprised of at least 1 plc, 1 pc that serves as an operator terminal, 1 safety plc et cetra that communicate with each other through their network (using the profinet protocol).
    – Emmanuele Zanotto
    Commented Aug 31, 2023 at 16:12
  • @harrymc manufacturing machines often use internal networks to connect The PLC (the internal controller), an external controller (usually a screen and possibly keyboard connected to a PC inside the face of the device or it's control station, and the components of the device the PLC controls. He's basically got a bunch of sub-networks connected to his main network and is probably dealing with IP conflicts where he can't easily change those sub network's properties.
    – music2myear
    Commented Sep 10, 2023 at 14:15
  • The devices I'm familiar with had separate ports for the external connections, and either the PC or the PLC handled all of the internal communication, and the internal component network didn't see the outside network at all, or vice versa. I'd imagine for automation external control or monitoring systems may have more visibility, and so there's a need for that bidirectional communication, but I'd also guess that, at this level, the vendor can configure the internal network's IPs.
    – music2myear
    Commented Sep 10, 2023 at 14:18

1 Answer 1

Reset to default
0

is there a device i can put between each machine and the company network to solve the possible conflict?

A router, or a computer configured to act as a router. Give it a second IP address (optional) on the company network and configure it to 1:1 DNAT all packets for this address to the machine (functionally the same as a "DMZ" or "port forwarding" feature in home routers). If the machine needs to connect back to company network for some reason – add SNAT as well.

This will work as long as each conflicting machine gets its own dedicated router. The company network only sees two local hosts in its own address range. As a bonus you can set up firewall rules on the routers to restrict access.

If the machine's own network has more than one device and you want to access them individually – the same can be done using NPT aka NETMAP, which is still 1:1 NAT but for a whole address range.

Either a generic router, or whatever kind of industrial mini-PC with two Ethernet ports that can run Linux, can be used for this. (I'd go for something like RB750Gr3 for flexibility but that might not be suitable for your environment.) It's technically doable even with a fixed-function "home" router, but really don't.

Improve this answer
1
  • that would be exactly what i needed, thank you
    – Emmanuele Zanotto
    Commented Aug 31, 2023 at 15:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .