User Tools

Site Tools


network_connections_setup

This is an old revision of the document!


Setting up network connections

LAN and WAN interfaces


In any project for WebHMI you have to connect to local network or Internet. There are several options how to do this, and the most reliable is wired Ethernet.

WEBHMI has 2 RJ45 network connectors labeled LAN and WAN. By default, the LAN is configured as DHCP-server that automatically distributes network settings to the connected devices, and WAN as a DHCP client focused on connecting to a network that already has a A DHCP server, for example, a router distributing the Internet. In addition, WAN Firewall settings forbid all incoming connectoins from WAN network, and therefore access to WebHMI's web-interface is possible only from LAN. [1]. You can change the current settings using the Network setup section, which you can access via the link on the authorization page or from the Setup/Network setup menu after logging in:

Login to the network settings section requires authorization. Default requisites are

Login:admin/Password:webhmi

ATTENTION! For security reasons, during the project setup process, please change the default password

All network settings are grouped in the 'Network' tab. The submenu 'Interfaces' allows you to create, configure and manage network connections

This page displays general information that describes the current status of network connections. To change the interface settings (LAN or WAN), press Edit.

All settings for convenience are divided into several separate groups of bookmarks: General, Advanced, Physical и Firewall settings:

General setup allows you to set general (basic) settings, which will differ, depending on the selected protocol type (connection method: Static IP, DHCP, PPPoE, L2TP, etc.). In the case of static addressing (the most widely used option), this will be: host IP address, subnet mask, gateway address and DNS server address.

In 'Advanced settings' the following parameters are set: MAC address (device identifier used by link-layer protocols, as well as security systems for controlling access to network resources and packet filtering), MTU maximum transmission unit and gateway metric.

Physical settings defines bindings to the communication adapters of the device. In this tab, you can combine several interfaces in a bridge, thus linking several segments of the network, and also using STP, to organize fault-tolerant channel reservation ( STP - Spanning Tree Protocol Allows you to create redundant links between network segments, avoiding topological loops and looping packets).

The tab Firewall settings allows you to specify the group policies according to which incoming and outgoing traffic will be processed for this connection.


In the most general case, to connect WEBHMI to the local network it will be enough to configure only a few important parameters.

General settings tab:

1. Protocol indicates the type of connection. Despite all the visible diversity, for the local network, only two options are possible: DHCP client and Static address. DHCP-client means obtaining network settings automatically (possible only if there is a DHCP server on the network), in the case of Static address, the settings are entered manually by the user.

TIP. As a rule, dynamic addressing is not convenient for providing any services within the network. Each time resource addresses will change and access to them will be more difficult

2. IP address is the unique address of the device (node) in the IP network. In the version of IPv4 it is 4 bytes in length and written through a point of the type xx.xx.xx.xx. The IP address of the device consists of the network address and the node address in this network (defined by the subnet mask). You can read about addressing rules in IP networks here.

WARNING! If several devices with the same IP address are connected to the same network, this will cause an 
address conflict, which will lead to the disconnection of one of the devices. This is possible, for example, if 
you simultaneously connect two WebHMI devices with the factory configuration to the network

3. IP netmask (subnet mask) - indicates which part of the IP address (high-order bits) refers to the network address, and which one (minor) to the host (node) address in this network. In IPv4, the subnet mask has a length of 4 bytes and is written by byte, through a point, similar to the IP address.

4. IP gateway(gateway) is the address of a device on the network that processes all packets directed outside this network (devices with an address from another network).

Firewall settings tab:

5. You must specify which zone this interface belongs to. In this case LAN or WAN. For more information, see Firewall.

WARNING! If all incoming connections for all networks are disabled, the WEB interface of the device will be completely lost. In this case, you will have to restore/reset settigs and all data, including the project, will be lost

6. DHCP Server (Dynamic Host Configuration Protocol) – Protocol for automatic configuration of IP network nodes. If the device is connected as a DHCP client, or the network uses static addressing, disable this option.

After changing the settings, click Save&Apply at the bottom of the screen. The new settings will take effect in a few seconds.

WARNING! If you change the network settings, in the case of NO ACCESS TO THE DEVICE, be sure to check the 
network connection settings of your PC

WiFi


WebHMI can be either a client in an existing network, or work in an access point mode. An interesting feature is the ability to work simultaneously in several networks! (For example, to connect to the Internet in one network and at the same time to distribute access to your resources to another one). Or provide several access points with different access rights (with or without internet).

These capabilities make possible very flexible solutions for organizing communication with devices where, for whatever reason, you can not use a wired connection to the local network.

TIP: If there is such a possibility, you should always give preference to a more reliable wired connection in 
comparison with a wireless one.

Access point mode setup

In the default configuration, there is one Wifi interface configured as access point (master network) with SSID name “WebHMI”. It can be seen in the interfaces list. This interface is “bridged” with eth0 Ethernet interface for LAN network. So clients connected to “WebHMI” WiFi network and to Ethernet LAN connector are in the same network LAN. Bridged interface icons are shown in parenthesis and bridged interface name starts with “br- … ”.

To add new WiFi network or to modify existing one follow the WiFi link from Network menu. The opened window Wireless Overview shows the main parameters of existing wireless networks. From here you can manage them: add / remove, enable / disable, and change their settings :

ATTENTION! If you are connected to WebHMI via Wi-Fi, manipulation of wireless network settings may result in 
communication failure.

To change the settings of an existing network, click “Edit”. Here, all the parameters are divided into two groups:

  • the physical settings (called DEVICE CONFIGURATION) that determine the parameters of the radio channel, which in most cases can be left untouched and
  • logical (called INTERFACE CONFIGURATION), which determine, in fact, the properties of the wireless network - its identifier, mode of operation and security parameters.

Interface configuration, General setup tab:

  • ESSID – wireless network name
  • Mode – work mode. In most cases, it will either be an 'Access point' when creating a new wireless network, or Client - when connecting to an existing network.
  • Network '- defines the physical binding of this network to a new another already existing network (connecting a bridge type), or creating a new interface for it
  • Hide ESSID checkbox - makes WiFi “invisible” for clients - use this if you are not supposed to connect guest devices to this wireless network
  • WMM mode - enables WiFi MultiMedia extensions

The Wireless Security tab defines the security settings for the wireless network.

  • Encryption - Select the type of encryption or leave the network open
TIP. To limit access to wireless networks, use more advanced technology WPA2-PSK. 
  • Key – Come up with a security key (from 8 to 63 characters)
  • Save button saves current changes while Save & Apply restarts network stack with current changes.

You can add more WiFi networks from wireless Overview page (e.g. let's create access point “wh2ndWiFi” ):

So you should set “wh2ndWiFi” for ESSID, “Access Point” for mode and create new network “WIFI2” bound to this wifi physical adapter:

After saving, a new network interface will appear in the list:

However, this is not the end! As a result of the manipulations, only a new network interface has been created so 
far (like the device, the network adapter), which appears in the interface list of the Network menu or as tab 
name in interface's setup page. Now it will still need to be fully configured to work in the IP network (assign 
an address,   gateway, etc.) similarly to described earlier LAN and WAN interface settings 

Connect to an existing network (Client mode)

1. Press Scan in Wireless Overview window, Network / Wi-Fi menu A list of WiFi networks will be shown.

2. Press Join Network for the network you're going to connect to.

In the appeared window:

3. If you want to make this wifi interface the only one, leave the checkbox as is (checked). Otherwise uncheck - to add this wifi interface and keep other.

4. Enter the network security key to which you are connecting

5. Specify the name of the network (how it will be displayed in the system). Note the Replace wireless configuration option, at the top of the screen. If it is selected, the new wireless network will replace the existing one, if not, then a new network will be created.

6.Based on the level of trust in the network, specify the desired network zone that defines the traffic processing rules for this connection. For details, see the Firewall.

7.In the window that appears, click Save & Apply. Most part is finished now.

In the Wireless Overview window, you will see a new wireless network (in this case there are two of them: one has a WebHMI client and the other has an access point).

You can see or change the settings of the network connection in the same place, in the tab ' Network / Interfaces'

Connecting WebHMI to the Internet

A common task is to configure WebHMI with simultaneous access to the Internet for both WebHMI, and the computer from which WebHMI is configured. Let's consider several connection scenarios.

Option 1. WebHMI is a gateway for the PC. This is the simplest and prefferable method. In this scenario you connect WebHMI Ethernet WAN port to the internet gateway, or setup WebHMI Wi-Fi client connection to the Wi-Fi access point.

When using Ethernet - no network settings are touched on WebHMI at all, with Wi-Fi there is a couple of simple steps (see WiFi connections).

Option 2. The computer and WebHMI connect to one external wireless network with the Internet.

WebHMI with factory settings has only one WiFi connection - 'access point'. Therefore, the first step should be to connect it to the wireless network by the 'client' (for example we will call this WebHMI-DDS network). You can configure the WebHMI itself either over Ethernet (см. here), and connecting to its WiFi network 'master'. In the latter case, you need to specify the option to add a new wireless network without replacing the existing one, otherwise after the new WiFi network of the 'client' is switched on, the network 'access point' through which the computer or laptop is connected will be lost. For more on this,here. Then, after WebHMI is connected to the WebHMI-DDS network as a 'client', remember the IP address of the wireless network it has received. For example, in the following figure, WebHMI received an IP address of 192.168.1.203. Now you can disconnect the computer from WebHMI and connect to the WebHMI-DDS wireless network. To enter WebHMI, you must this address.

Now both the computer and WebHMI have Internet access, and you can access the web interface from a computer from a common wireless network.

Firewall


Common information

The WebHMI firewall 'maps' one or more networks/interfaces in special zones, which are used to describe the default rules for this interface, the rules for forwarding packets between interfaces, and additional rules that do not fall under the first two types. All traffic for the network interface can be classified as incoming, outgoing, or redirected. In the firewall's network settings menu, for convenience, descriptions and comments to all its fields are provided.

In the operating system configuration file, the default firewall rules goes first, but they take effect last. The filtering system uses sequential processing, in which the packets are processed sequentially, in a chain, by different rules. The first matching rule is executed, but it often performs a transition to another chain of rules that the packet is moving on until it meets ACCEPT (accept) or DROP / REJECT (discard) commands. Rules with such commands are executed last in the chain of rules, so the default rules will come into effect last, and more specific rules will be checked first. Zones are used to configure masquerading, also known as NAT, as well as for configuring port forwarding rules, more commonly known as redirection.

Zones should always be assigned to one or more interfaces. You can assign a zone to the interface in the tab of its properties Firewall settings. In the factory configuration of WebHMI, two zones are configured with their own rules, which are sufficient for working in 99% of the cases - the wan zone (in which the Internet gateway is usually located) prohibits incoming traffic, but allows redirection from the lan zone to wan. The names of the zones lan (green) and wan (red) by default coincide with the names of the network interfaces LAN and WAN to which they are assigned, however, the zones can be called arbitrary:

network_connections_setup.1539098140.txt.gz · Last modified: 2018/10/09 15:15 by emozolyak

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki