SmartSDR v3.8.19 and the SmartSDR v3.8.19 Release Notes | SmartSDR v2.12.1 and the SmartSDR v2.12.1 Release Notes
SmartSDR v1.12.1 and the SmartSDR v1.12.1 Release Notes
Power Genius XL Utility v3.8.8 and the Power Genius XL Release Notes v3.8.8
Tuner Genius XL Utility v1.2.11 and the Tuner Genius XL Release Notes v1.2.11
Antenna Genius Utility v4.1.8
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.
SmartSDR port forwarding fails
I've search for a few hours but did not find a solution. I have a 6400 (running the latest software) that has successfully registered with Smartlink but still doesn't pass the tests. Here is my configuration;
Comcast internet with modem in bridge mode ( doubled checked and it is) and I have a static external IP address.
Sonicwall firewall handle everything else. Yes Windows FW is shutoff on the machine running SmartSDR. I'm assuming the Flex at .24 does not have a FW blocking it.
The radio has a static IP of x.x.x.24/24. My DHCP pool starts at .100 so everything below is static. I can do an IP scan and the radio appears at the proper address.
The firewall has rules that allows TCP 4994 and UDP 4993 to go both ways.. I can watch traffic go from internal .24 to the FW.. Then I can see it come back and go from FW to .24 but .24 never answers. It is as if it is not listening. I did the manual port forwarding option as follows;
Forward TCP Port 4994 (external) to 4994 (internal)
Forward UDP Port 4993 (external) to 4993 (internal)
I've also tried disabled Enforce private IP Connections
What am I missing? is there a service not running? Am I correct to assume the flex itself is the computer communicating with the internet and the machine running SDR has nothing to do with it. I can SSH into the machine internally but obviously I don't have the password. What is the destination address I'm trying to get to? does this work like Teamviewer where Flex is in the middle?
Thanks in advance for the help.
Ken
AG2K
Answers
-
Hi Ken
I have attempted to program a few SonicWall firewalls in my past, and they never seemed to do what I wanted them to do. Your logic does look correct though.
You might out to open an outbound Source Port ANY from the Radio IP address and see if that helps as the source outbound port might not be one of those 2.
You might have to allow an outbound 443 as well. I just checked my firewall states and this is what I had:
Mike
va3mw0 -
pfSense, FTW!0
-
I found this which might be helpful. You will need 2 service objects, one for 4994/tcp and 4993/udp and 2 NAT policies, one for each service object and 2 loopback NAT policies, one for each service object.
https://www.sonicwall.com/en-us/support/knowledge-base/170503477349850
0 -
Thanks Mike.. I'll try it... We have a couple of dozen of these out there and they can be fussy. But they are reliable and secure. This is a new 6400 out of the box so I'm hoping it is not the radio itself.
Ken
0 -
Thanks that is how I configured.
Ken
0 -
any chance it is the radio itself? it's new out of the box? anyway to SSH into it to test?0
-
I used to administer SonicWall firewalls too several years ago. They were find for some things, but just would not work correctly with others. For instance, we had brokers who talked with traders and they did so via AIM (AOL messaging) SonicWall would allow some messages, but not others.
That is just one issue I had with them. I ended up replacing them with Juniper SSGs though those are now discontinued so I started using Fortigates which were created by the same person up created SSGs and then sold them to Juniper.
Good luck, but if all else fails. A different router should help. Oh and I wouldn't ever put my router in bridge mode. I certainly don't and SmartLink works for me.0 -
PFsense works great. That is what Michael, I and what the office uses for firewalls. For SmartLink, just enable UPnP and be done with it.
They are using my radios for demos at Ham Radio in Germany this weekend.1 -
Thanks for the info. I'm confused why you don't like bridge mode for a modem.. All I'm asking it to do is take the internet and put it on a port to my firewall. Since I have no other networks coming in there is no need to do routing. Internally I only have one local network so there is no need to route internally. So basically the only route needed goes from my internal network to the internet. My default gateway. So all I need to do is filter or monitor what's coming in from and out to the internet. No routing needed. Maybe I'm wrong and that's my problem?
Ken
0 -
I highly recommend bridge mode for the ISP's modem/router and use a better router connected to it. I do this because it is not only a better technical solution but also from a security standpoint; I do not want a third-party having access to my Internet firewall.
0 -
Thanks.. I think I agree.. my confusion is why do I need a router? There is nothing to route. Just a firewall should work correct?.
0 -
The firewall IS the router :P0
-
Really? A firewall doesn't route anything? Just takes the incoming packets filters them and passes it on. How does a simple firewall route? I'm learning a lot
0 -
A modem in bridge mode is one thing, using a router in bridge mode is what I wouldn't do. (ie, all PCs behind your router have an Internet routable addresses) Your PC should not have an Internet routable address. That increases your attack surface and it also limits you to the amount of IPs provided by your ISP.0
-
A software firewall like the one built into Windows doesn't do routing, sure. But pfSense or sonicwall or monowall etc., are firewalls and routers combined. One subnet on the WAN side and a different subnet on the LAN side, by design.0
-
Your firewall is a router. It routes all non-local traffic onto the Internet via the gateway (which is the router) Everything local is on a different subnet than the other side of your router. The subnet on the other side is a publicly routable address while NAT is not.0
-
Agreed, installing it on those six port Firewall Micro Appliances with pfSense are incredibly powerful.0
-
Thanks but I don't have any routers. I have a modem in bridge mode and a firewall that's it.. I have nothing to route anyplace. The only network I connect to is the internet.0
-
I guess you can say technically the firewall routes the internal to the external. But I think of routers as routing data between different networks or paths.
Thanks for all the help I learn something everyday
0 -
I was running pfSense as a VM (2) but found a Lanner/NetGate FW-7535H for cheap on eBay and it works great too.0
-
The different networks are the internal and external in this context.0
-
Thanks.
Problem resolved... It was a case of **** fingers, poor eyesight and fatigue.. After sniffing and packet capture I realized the firewall object for the radio had a typo.. Corrected and now all is green.... Next step is to get audio and Tx to work come across to the laptop.
Thanks again all the great information..
Ken
2
Leave a Comment
Categories
- All Categories
- 290 Community Topics
- 2.1K New Ideas
- 536 The Flea Market
- 7.5K Software
- 6K SmartSDR for Windows
- 146 SmartSDR for Maestro and M models
- 361 SmartSDR for Mac
- 250 SmartSDR for iOS
- 231 SmartSDR CAT
- 173 DAX
- 354 SmartSDR API
- 8.8K Radios and Accessories
- 7K FLEX-6000 Signature Series
- 33 FLEX-8000 Signature Series
- 851 Maestro
- 44 FlexControl
- 847 FLEX Series (Legacy) Radios
- 799 Genius Products
- 417 Power Genius XL Amplifier
- 279 Tuner Genius XL
- 103 Antenna Genius
- 244 Shack Infrastructure
- 166 Networking
- 404 Remote Operation (SmartLink)
- 130 Contesting
- 633 Peripherals & Station Integration
- 125 Amateur Radio Interests
- 874 Third-Party Software