Results 1 to 9 of 9
  1. #1
    Join Date
    Mar 2020
    Posts
    2
    Post Likes

    Question Connecting to Alerton BACnet Controller via Port Forwarding on Remote Network

    Hey guys,

    This is my first post and I am new to the BACnet/Modbus community. I've recently built a service that can bring modbus and bacnet protocols to our cloud platform and am running into an issue on a specific buildings controllers which are alerton.

    A quick background on the building - it has a number of controllers in it - the Desktop computer is xp running the Bactalk program and it seems to only communicate with a specific alerton controller that gets the data from the rest of the bacnet controllers throughout the building and displays it on the GUI program on that local computer.

    We've went to that specific controller, got the IP, opened all ports up to forward to our cloud service which can only make connection once with the device. Once it establishes initial communication, it fails to then read data and the other devices associated with the device to pull back information.

    Now if I run wireshark on the local computer, I can see all the BACNet packets just fine. It seems that maybe the controller itself has a programming to only talk to the local computer? Am I not establishing myself as a device that has permissions to talk to the controller even with port forwarding?

    Any suggestions and recommendations would be greatly appreciated!

  2. #2
    Join Date
    Oct 2013
    Posts
    418
    Post Likes
    Whats the global controller? BCM-ETH, ACM? If the frontend is Envision, it makes use of the Alerton BACtalk driver to communicate with BACnet devices, but global like BCM-ETH ACM has exposed BACnet points, you would be able to scan the device with any BACnet software. For further information post your email on your profile or send me an email.

  3. #3
    Join Date
    Mar 2020
    Posts
    2
    Post Likes
    Thread Starter
    Quote Originally Posted by Reckles View Post
    Whats the global controller? BCM-ETH, ACM? If the frontend is Envision, it makes use of the Alerton BACtalk driver to communicate with BACnet devices, but global like BCM-ETH ACM has exposed BACnet points, you would be able to scan the device with any BACnet software. For further information post your email on your profile or send me an email.
    Yes - it is Envision for BACtalk running on that windows xp computer. I will find out the other details and post here for visibility but I also sent you an email!

  4. #4
    Join Date
    Jul 2009
    Posts
    2
    Post Likes
    Just to expand on this a little. There is nothing proprietary in the Alerton BACtalk driver. It is just a communication stack for BACnet/Ethernet. You should be able to communicate to the BTI/BCM/ACM with standard BACnet messaging. Default port id 47808. Also remember it is UDP not TCP.

  5. #5
    Join Date
    May 2009
    Location
    SC
    Posts
    2,180
    Post Likes
    So I see you have BACnet/IP exposed to the public internet and a XP machine in play here. Tell us so much more about this.

    Also some speculation as I'm not too familiar with Alerton but I bet you need to do some foreign device registration or declare some BBMD's to get between the two locations. That's going to be complicated by the NAT routers involved because of the public vs private addresses.

  6. #6
    Join Date
    Feb 2005
    Posts
    1,671
    Post Likes
    I am guessing his (OP) main issue is that he has not set NAT aware settings in his Alerton BCM, so LAN BACnet packets are still carrying the LAN IP header instead of WAN. From what I remember BCM can be setup to account for NAT routing.
    Also, last I recall you could not specify a URL/DDNS in the BCM WAN address place holder but had to be in an IP address format, which then needs to be static.
    Now he does not elaborate on how he is making the initial connection and maintaining the connection to site, hopefully he is not popping holes all over his firewall over public internet.

  7. #7
    Join Date
    Jul 2009
    Posts
    2
    Post Likes
    The BCM NAT routing setup requires the same functions be available on both ends. It is also pre standard and may not work without another BCM.

  8. #8
    Join Date
    Oct 2013
    Posts
    418
    Post Likes
    I'm guessing a setup like this should work


  9. #9
    Join Date
    May 2009
    Location
    SC
    Posts
    2,180
    Post Likes
    So this is heading right down the road I joked about at first. Hopefully you can add some IP white listing to the NAT firewalls too, otherwise anyone in the world can access your stuff.

    As far as that diagram is concerned I'm not sure all those gymnastics with the different port numbers is necessary. IF (only if) you can put port forwarding rules in both NAT firewalls then your BBMD tables in each can simply point to the other sites WAN address. No FDR needed, but it does require a BBMD on both sites.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Contracting Business
HPAC Engineering
EC&M
CONTRACTOR