Community discussions

 
Jusufs
just joined
Topic Author
Posts: 2
Joined: Thu Sep 12, 2019 1:13 pm

hap2 ac firewall rules for Fronius Solar Inverter

Mon Oct 07, 2019 7:49 pm

Hi,
after change of my router for Mikrotik hAP AC2 the communciation to solarweb.fronius.com was broken.
I need help to write some rule(s) in /ip firewall according Fronius documentation.
Thanks for help.

Jozef
You do not have the required permissions to view the files attached to this post.
 
dmitris
newbie
Posts: 42
Joined: Mon Oct 09, 2017 1:08 pm

Re: hap2 ac firewall rules for Fronius Solar Inverter

Mon Oct 07, 2019 11:24 pm

If i understood correctly....This rule will forward udp 49049 port from WAN to your LAN solar inverter
/ip firewall nat
add action=dst-nat chain=dstnat in-interface=ether1-gateway dst-port=49049 protocol=udp to-addresses=IP-OF-SOLAR-DEVICE to-ports=49049
 
mkx
Forum Guru
Forum Guru
Posts: 2971
Joined: Thu Mar 03, 2016 10:23 pm

Re: hap2 ac firewall rules for Fronius Solar Inverter

Tue Oct 08, 2019 8:08 am

If i understood correctly....

Nope, UDP port 49049 is used by Inverter to connect to the cloud and should work just fine with default RouterOS config. What needs to be done is to forward port 80 from internet to Inverter. Like this:
/ip firewall nat
add action=dst-nat chain=dstnat in-interface-list=WAN dst-port=80 protocol=tcp to-addresses=<IP-OF-SOLAR-DEVICE>
and this assumes otherwise default RouterOS config (which extensively uses interface lists).

Further more, the doc recommends to only allow conenction to TCP port 80 only from select networks to reduce risk of compromise. That should be done in /ip firewall filter section, but how in particular that's up to OP's wishes and requirements.

N.b.: if OP wishes to connect to Inverter when he's connected to LAN, he can connect directly to <IP-OF-SOLAR-DEVICE>. If he wants to bookmark connection and use the same bookmark both when using internet and when on LAN, then he needs to implement hairpin NAT.
BR,
Metod
 
Jusufs
just joined
Topic Author
Posts: 2
Joined: Thu Sep 12, 2019 1:13 pm

Re: hap2 ac firewall rules for Fronius Solar Inverter

Wed Oct 09, 2019 11:39 pm

Hi,
thanks for answer. I have port forwarding used to my web server port 80.
So it is not possible that Fronius acts as a server on the same port.
Is it possieble to define some other port in Fronius ?
Acts Fronius as a web server ?

Jozef
 
mkx
Forum Guru
Forum Guru
Posts: 2971
Joined: Thu Mar 03, 2016 10:23 pm

Re: hap2 ac firewall rules for Fronius Solar Inverter

Thu Oct 10, 2019 8:43 am

You can select another port on WAN interface and forward it to port 80 on Fronius:
/ip firewall nat
add action=dst-nat chain=dstnat in-interface-list=WAN dst-port=8080 protocol=tcp \
    to-addresses=<IP-OF-SOLAR-DEVICE> to-port=80
in the above example it's port 8080 which is available on WAN side. Then you can connect to Fronius using URL http://<WAN_address>:8080/ ...
BR,
Metod

Who is online

Users browsing this forum: No registered users and 32 guests