Sign in to follow this  
Followers 0
dunc

comms between 2 different networks on same PC?

7 posts in this topic

we have a SCADA PC (running windows) which is fitted with 2 network cards. one network card connects the PC to our company network, the other one connects the PC to a separate control network. I would like to keep the separation to stop network traffic passing from the control network onto the company network, this is also the view of the IT department. however, is there a way of accessing the devices on the control network from another PC on the company network in a way that wont permanently merge the 2 networks? hopefully that makes some sense? can anyone help as I am struggling to find a solution! thanks

Share this post


Link to post
Share on other sites
Yes, this is done all the time. The key technologies to research are: 1. Router 2. Firewall 3. DMZ (for demilitarized zone) This is mostly an IT thing - are they going to help you set it up?

Share this post


Link to post
Share on other sites
Not sure if it will help, You can have two networks running along side each other as long as you have the key items. 2 x network card/connection for each PC you would like to talk to both Have a 2 network switch (this will manage the network you want.) This is something we do on vessel to keep the network clear of the data network from the different sensors You will need another sever for this to keep performance. Also have to run separate network cables to each computer you want to to have access to the other network. Trying to access another network through one computer can be done but it can also slow down the exciting network.

Share this post


Link to post
Share on other sites
please see attachment. how would I communicate with the control network with PC2? our It department say it cant be done. in other words, they cant be bothered. they tell me this all the time and I work most things out myself. thanks everyone Edited by dunc

Share this post


Link to post
Share on other sites
It can be done, but it would not be an architecture I would want to install. If some other group is responsible for PC1, PC2, and company network, they may not want you to do this. Can-do and should-do are not the same thing. Anyway, to address can-do, you would configure PC1 as a router - trivial in Linux, but assuming your running Windows, it will do it as well with a registry change/reboot cycle. I avoid doing this, but have in the past, in a pinch, when needed. Add a static route on PC2 that basically says... to get to the control network, I need to go through PC1. Of course, proper ip address schema must be in place, security considerations, etc.... If you provide more specifics, actual route add commands and the like could be generated to provide more detail. There are other clever ways with NAT and other technologies as well that can be used to hook the networks together but there always trade-offs, most of all with complexity and hardware requirements. In your case, likely nothing extra would need to be procured. The proper way to do this is to work with your IT group to integrate the control network into the corporate network through a DMZ and router, protected by (a) firewall(s) with strong access controls.

Share this post


Link to post
Share on other sites
thanks for your help. I think I get it. our IT department are very reluctant to do anything. as we are the engineering department we are the bottom of the priority list. if a young sales girl cant untangle her mouse they drop everything and go running! anyway..... I only really want to be able to access the PC1 from PC2 so I can remote fault find from my desk if there are any issues. it also makes taking backups a lot easier and cleaner as I can do it all from a central place. PC2 is on windows 7 32 bit, PC1 is on windows XP. PC1 and PC2 are both on the same "200.200.200.0" company network. PC1 control network is a local "192.168.0.0" network. would I have to enable connection sharing on PC1 then create my static routing on PC2 to access the control network?

Share this post


Link to post
Share on other sites
To turn WindowsXP into a router - try something like this: http://www.wikihow.com/Enable-Windows-XP-Routing I never use Internet Connection Sharing so not sure what it does. Likely some sort of SRC-NAT mangling. Other options include using RDP to do a remote session on PC1, and then go in that way. With routing enabled on PC1, on PC2, you might do route add 192.168.0.0 mask 255.255.255.0 200.200.200.x where the 200.200.200.x address is for PC1 (and assuming subnet size). Also on your control equipment, you will have to set PC1 as the default GW. Otherwise, packets can get in, but they will never be able to get out. This can be fun - changing all your control applications and configurations to support a default gateway. If you can't do this, or don't want to, the only other option is something like RDP or VNC, as mentioned, or some DST-NAT behavior. If you are going the NAT route, I would then look at some hardware.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0