SmartSDR v3.9.19 and the SmartSDR v3.9.19 Release Notes
SmartSDR v2.12.1 and the SmartSDR v2.12.1 Release Notes
The latest 4O3A Genius Product Software and Firmware
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.
Remote operation port forwarding requirement
I'm somehow missing one bit of information. I just can't seem to find an answer. Is port forwarding required for remote operation? If so, which ports? I know how to set up port forwarding in my router. I just can't determine which port(s) are required. Any help appreciated.
Answers
-
Hi Doug
Check chapter 9 of the SmartSDR manual as it has all the details. The radio requires 4993 and 4994 (UDP and TCP). The outside ports can be anything you choose.
If your router support uPNP, it is automatic.
0 -
Hi Doug,
Adding to Mike's note, if you are planning to use any application or device that talks to the Flex using the API ports-MorCoNI is an example- You also need to forward port 4992.
0 -
I really need to stress this point: opening TCP port 4992 to the outside world (WAN side) is strongly discouraged. That port is essentially the “front door” to your radio’s command and control interface. If it’s exposed directly to the internet without any kind of protection, you’re inviting serious security risks.
Here’s why:
- No Authentication on 4992: This port handles raw TCP commands that control the radio. If someone discovers it’s open—and scans for it—they can potentially send commands to your radio. There’s no login prompt or password protection baked into that layer. It's just listening for trusted connections on an internal home network.
- Highly Discoverable: There are automated tools (bots and scanners) constantly sweeping the internet looking for open ports. Once they find it, they can probe for vulnerabilities or exploit misconfigurations.
- FlexRadio Did It Right with SmartLink: SmartLink was designed to be secure—it uses encrypted authentication, NAT traversal, and a controlled backend. Port 4992 was never meant to be exposed the way 4993 and 4994 are through SmartLink.
Now, when you’re using tools like Morconi, a great remote CW solution, the safe and proper way to use them is through a VPN connection into your home network. That way:
- You’re not exposing any sensitive ports directly to the internet.
- Your traffic is encrypted end-to-end.
- Only trusted devices (connected via VPN) can reach and control the radio.
A VPN like TailScale, ZeroTier, or even a traditional OpenVPN setup will give you secure, private access to your radio from anywhere—without putting your station at risk.
If you’re not familiar with setting up a VPN, there are good guides out there—or plenty of folks here in the community willing to help.
Bottom line: keep port 4992 closed to the outside world. It’s just not worth the risk.
0 -
A basic IP whitelist—supported by nearly all routers—can effectively address the lack of built-in protection.
1
Leave a Comment
Categories
- All Categories
- 328 Community Topics
- 2.1K New Ideas
- 594 The Flea Market
- 7.8K Software
- 6.2K SmartSDR for Windows
- 168 SmartSDR for Maestro and M models
- 397 SmartSDR for Mac
- 260 SmartSDR for iOS
- 247 SmartSDR CAT
- 179 DAX
- 369 SmartSDR API
- 9.1K Radios and Accessories
- 15 Aurora
- 162 FLEX-8000 Signature Series
- 7.1K FLEX-6000 Signature Series
- 910 Maestro
- 51 FlexControl
- 854 FLEX Series (Legacy) Radios
- 873 Genius Products
- 446 Power Genius XL Amplifier
- 312 Tuner Genius XL
- 115 Antenna Genius
- 278 Shack Infrastructure
- 196 Networking
- 439 Remote Operation (SmartLink)
- 135 Contesting
- 726 Peripherals & Station Integration
- 136 Amateur Radio Interests
- 945 Third-Party Software