Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

SmartSDR port forwarding fails

Ken AG2K
Ken AG2K Member ✭✭
edited April 2019 in SmartSDR CAT

I've search for a few hours but did not find a solution. I have a 6400 (running the latest software) that has successfully registered with Smartlink but still doesn't pass the tests. Here is my configuration;

Comcast internet with modem in bridge mode ( doubled checked and it is) and I have a static external  IP address.

Sonicwall firewall handle everything else. Yes Windows FW is shutoff on the machine running SmartSDR. I'm assuming the Flex at .24 does not have a FW blocking it.

The radio has a static IP of x.x.x.24/24. My DHCP pool starts at .100 so everything below is static. I can do an IP scan and the radio appears at the proper address.

The firewall has rules that allows TCP 4994 and UDP 4993 to go both ways.. I can watch traffic go from internal .24 to the FW.. Then I can see it come back and go from FW to .24 but .24 never answers. It is as if it is not listening. I did the manual port forwarding option as follows;

Forward TCP Port 4994 (external) to 4994 (internal)

Forward UDP Port 4993 (external) to 4993 (internal)

I've also tried  disabled Enforce private IP Connections

What am I missing? is there a service not running? Am I correct to assume the flex itself is the computer communicating with the internet and the machine running SDR has nothing to do with it. I can SSH into the machine internally but obviously I don't have the password. What is the destination address I'm trying to get to? does this work like Teamviewer where Flex is in the middle?

Thanks in advance for the help.


Ken

AG2K




Completed · Last Updated

Answers

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin
    edited April 2019
    Hi Ken

    I have attempted to program a few SonicWall firewalls in my past, and they never seemed to do what I wanted them to do.  Your logic does look correct though.  

    You might out to open an outbound Source Port ANY from the Radio IP address and see if that helps as the source outbound port might not be one of those 2.  

    You might have to allow an outbound 443 as well.  I just checked my firewall states and this is what I had:

    image

    Mike
    va3mw
  • K5CG
    K5CG Danny Member ✭✭
    edited October 2018
    pfSense, FTW!
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited June 2018
    I found this which might be helpful.  You will need 2 service objects, one for 4994/tcp and 4993/udp and 2 NAT policies, one for each service object and 2 loopback NAT policies, one for each service object.

    https://www.sonicwall.com/en-us/support/knowledge-base/170503477349850
  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018
    Thanks Mike.. I'll try it... We have a couple of dozen of these out there and they can be fussy. But they are reliable and secure. This is a new 6400 out of the box so I'm hoping it is not the radio itself.
    Ken
  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018
    Thanks that is how I configured.
    Ken

  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018
    any chance it is the radio itself? it's new out of the box? anyway to SSH into it to test?
  • K1SZO
    K1SZO Member
    edited October 2018
    I used to administer SonicWall firewalls too several years ago.  They were find for some things, but just would not work correctly with others.  For instance, we had brokers who talked with traders and they did so via AIM (AOL messaging)  SonicWall would allow some messages, but not others.

    That is just one issue I had with them.  I ended up replacing them with Juniper SSGs though those are now discontinued so I started using Fortigates which were created by the same person up created SSGs and then sold them to Juniper.

    Good luck, but if all else fails.  A different router should help.  Oh and I wouldn't ever put my router in bridge mode.  I certainly don't and SmartLink works for me.
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited June 2018
    PFsense works great.  That is what Michael, I and what the office uses for firewalls.  For SmartLink, just enable UPnP and be done with it.

    They are using my radios for demos at Ham Radio in Germany this weekend.
  • Ken AG2K
    Ken AG2K Member ✭✭
    edited October 2018

    Thanks for the info. I'm confused why you don't like bridge mode for a modem.. All I'm asking it to do is take the internet and put it on a port to my firewall. Since I have no other networks coming in there is no need to do routing. Internally I only have one local network so there is no need to route internally. So basically the only route needed goes from my internal network to the internet. My default gateway. So all I need to do is filter or monitor what's coming in from and out to the internet. No routing needed. Maybe I'm wrong and that's my problem?

    Ken


  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited June 2018
    I highly recommend bridge mode for the ISP's modem/router and use a better router connected to it.  I do this because it is not only a better technical solution but also from a security standpoint; I do not want a third-party having access to my Internet firewall.

  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018

    Thanks.. I think I agree.. my confusion is why do I need a router? There is nothing to route. Just a firewall should work correct?.


  • K5CG
    K5CG Danny Member ✭✭
    edited June 2018
    The firewall IS the router :P
  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018

    Really? A firewall doesn't route anything? Just takes the incoming packets filters them and passes it on. How does a simple firewall route? I'm learning a lot


  • K1SZO
    K1SZO Member
    edited June 2018
    A modem in bridge mode is one thing, using a router in bridge mode is what I wouldn't do. (ie, all PCs behind your router have an Internet routable addresses)  Your PC should not have an Internet routable address.    That increases your attack surface and it also limits you to the amount of IPs provided by your ISP.
  • K5CG
    K5CG Danny Member ✭✭
    edited June 2018
    A software firewall like the one built into Windows doesn't do routing, sure. But pfSense or sonicwall or monowall etc., are firewalls and routers combined. One subnet on the WAN side and a different subnet on the LAN side, by design.
  • K1SZO
    K1SZO Member
    edited June 2018
    Your firewall is a router.   It routes all non-local traffic onto the Internet via the gateway (which is the router)  Everything local is on a different subnet than the other side of your router.  The subnet on the other side is a publicly routable address while NAT is not.
  • K1SZO
    K1SZO Member
    edited June 2018
    Agreed, installing it on those six port Firewall Micro Appliances with pfSense are incredibly powerful.  
  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018
    Thanks but I don't have any routers. I have a modem in bridge mode and a firewall that's it.. I have nothing to route anyplace. The only network I connect to is the internet.
  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018

    I guess you can say technically the firewall routes the internal to the external. But I think of routers as routing data between different networks or paths.

    Thanks for all the help I learn something everyday

  • K5CG
    K5CG Danny Member ✭✭
    edited June 2018
    I was running pfSense as a VM (2) but found a Lanner/NetGate FW-7535H for cheap on eBay and it works great too.
  • K5CG
    K5CG Danny Member ✭✭
    edited June 2018
    The different networks are the internal and external in this context.
  • Ken AG2K
    Ken AG2K Member ✭✭
    edited June 2018

    Thanks.

    Problem resolved... It was a case of **** fingers, poor eyesight and fatigue.. After  sniffing and packet capture I realized the firewall object for the radio had a typo.. Corrected and now all is green.... Next step is to get audio and Tx to work come across to the laptop.

    Thanks again all the great information..

    Ken


Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.