IP address blocking on Internet side only

NetNathan

Lifetime Supporting Member
Join Date
Nov 2011
Location
Corona, CA
Posts
2,191
In my inadvertent ignorance (back in early 1994) I started addressing my GE PLCs in the default field on the the cpu.....3.0.0.?. At that time...may years ago, I did not know that 3.0.0.? was also an Internet range, not an "internal only" range like 192.168.1.?.

Now I have an issue....
Amazon has bought the 3.0.?.? range and is using a few of these addresses for their cloud.

I have hundreds of PLC systems using this 3.0.0.? IP range.
The facility where I have the most problems has 35 PLCs and 38 PCs, all in the 3.0.0.? range. It would be a huge pain to go and change all those IP ranges. This site is always connected to the Internet, because I have LogMeIn access for troubleshooting.

SO....if I am connected to the internet when I am troubleshooting logic, I get address conflicts.
Can I isolate this problem with a Router? Plus.... still have access to the Internet for remote access and the time server?
 
Well, Amazon did not start their online business till 1995, so maybe they should be paying you to use the address you have been using since 1994 ... LOL
 
It shouldn't matter as long as they are not connected to the internet or they are behind a gateway or router and are never directly on the internet.
years ago I set my network with a sub net I picked out of the air. Later I had some problems so called tech support ( I ma not sure who now ) in trouble shooting I was informed that my subnet was the same one that US Gov DOD vender used. I was told as long as I never tried to connect to that sub net there would never be a problem and I continued to use it for years without issue.
 
Well, you know the correct way to fix this. Second best would be install Network address translation (NAT) at each site.

I'm still a little confused by your description. Are these 3.0.0.x machines all connected directly to the Internet? What are their subnet and gateway addresses? The switch they connect to what are it's IP, subnet, and gateway? (I know you probably don't want to post specifics but if you could give us an idea.

You mention logmein, do you connect to computer at the site that then connects to the machines? That or a local machine you could modify the route table to use a second network adapter, similar to when you use 192.168.x.x non-routable addresses.

Stopping your 3.0.0.x machines from talking on the internet should be relatively easy. But to maintain your ability to reach them using those address would have to involve some sort of NAT. Setting up NAT properly might be more onerous than changing all those addresses.
 
Heh! I too used the 3.0.0.xxx range the first time I used a GE PLC with Ethernet. I got that address range directly from the user's manual example. I'm pretty sure that GE owned that block of addresses at the time.

I know that a NAT router can translate a local subnet address to one that is valid on the Internet. Are you attempting to make all 73 nodes in your subnet available on the Internet?
 
Well, you know the correct way to fix this. Second best would be install Network address translation (NAT) at each site.

I'm still a little confused by your description. Are these 3.0.0.x machines all connected directly to the Internet? What are their subnet and gateway addresses? The switch they connect to what are it's IP, subnet, and gateway? (I know you probably don't want to post specifics but if you could give us an idea.

You mention logmein, do you connect to computer at the site that then connects to the machines? That or a local machine you could modify the route table to use a second network adapter, similar to when you use 192.168.x.x non-routable addresses.

Stopping your 3.0.0.x machines from talking on the internet should be relatively easy. But to maintain your ability to reach them using those address would have to involve some sort of NAT. Setting up NAT properly might be more onerous than changing all those addresses.

The devices are inside a plant on an isolated "Control Network" which is the 3.0.0.? IP range. They are all connected to a server and the server is connected to the Internet.
When I ran "Slitheris Nertwork Discovery" tool, it also finds all the 3.0.0.? addresses on the Control Network AND all that are on the Internet.
The Gateway is 3.0.0.100 which is the Server, the subnet is 255.255.255.0.
There are managed switches in the installation, but the Server connection to the Internet is across wireless.
 
Last edited:
I'm not sure how Slitheris Nertwork Discovery works. So I'm not sure about my answer. It depends on whether it scans all network interfaces or only one at a time.

But I'm assuming the server has two network interfaces (one to Internet and one to the control network). There has to be some way it's bridging the two networks.

You should be able to make a persistent route on the server that will send any traffic for the 3.0.0.x network out the network interface connected to the control network.

Something along the lines of:
route -p add 3.0.0.0 mask 255.255.255.0 3.0.0.100

This would cause the server to send traffic for 3.0.0.x out of the network interface assigned 3.0.0.100. You might have to look in the routing table (route print) and delete other entries referring to 3.0.0.x.

Use The Google to learn more about route and routing tables.

Of course this solution will stop working if the server is replaced or the routing table cleared.
 
Heh! I too used the 3.0.0.xxx range the first time I used a GE PLC with Ethernet. I got that address range directly from the user's manual example. I'm pretty sure that GE owned that block of addresses at the time.

I know that a NAT router can translate a local subnet address to one that is valid on the Internet. Are you attempting to make all 73 nodes in your subnet available on the Internet?

Yes...the nodes need to be available to the Internet. They install a USB wireless module on the furnace computer for me to connect and troubleshoot the logic or the HMI (Wonderware) remotely.
 
I have had problems with some 192.168.x.x addresses as well - try to hook in to a web server in a device and get a web page LOL.
 
If you VPN in to the remote network I think you can instruct Windows to direct all traffic through the VPN. Then it would never see the Internet addresses.
 
I have had problems with some 192.168.x.x addresses as well - try to hook in to a web server in a device and get a web page LOL.

Yes....
I am moving away from using 192.168.0.? and 192.168.1.? on my Profinet network They are too widely used also.
My Profinet is on 192.168.1.? and I have conflict issues when I jump my Ethernet from my Enet Switch for 3.0.0.? to my Enet switch for Profinet to do troubleshooting..
There are 192.168.1.? IPs for managed switches on the 3.0.0.? network...
 

Similar Topics

Hello. I have a few machines that use Kinetix 300 (each machine has two drives). Both drives on one of the machine keep losing IP address. They...
Replies
2
Views
75
Hi Guys, Is it okay to have Redundancy ControlLogix Processor IP address set to DHCP? I had Static IP address on it but removed it via RSLinx...
Replies
3
Views
186
Hi everybody, I have DELTA PLC DVP-32ES and I have make a simple project in WPLSoft. using the input X0 to switch ON the output Y0 and using the...
Replies
0
Views
117
Kindly, I am trying to do some Modbus Rtu communication between a 1214C Siemens plc and the following slaves. ( Schneider PM5110 meter , Socomec...
Replies
4
Views
201
I created a project with Tia portal wincc runtime advanced PC station and also activated its smartserver for some smartclients to connect to it...
Replies
1
Views
270
Back
Top Bottom