Welcome to the FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
Need the latest SmartSDR or 4O3A Genius Product Software?


SmartSDR v4.0.1 and the SmartSDR v4.0.1 Release Notes

SmartSDR v3.10.15 and the SmartSDR v3.10.15 Release Notes

The latest 4O3A Genius Product Software and Firmware
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Smartlink Server IP ranges - locking down firewall access

andyg8tjq
andyg8tjq Member ✭✭
in Remote Operation (SmartLink)
Apologies for cross posting but I am new to the group and originally posted this as a question so not sure if it reached the right audience.

For good security reasons I want to limit the range of IP addresses that can use the Smartlink port forwarding capability of my firewall to only the Flex smartlink servers. Can somebody advise the server ip address ranges in use please so i can tighten my firewall access? Many thanks

Comments

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    In your Router/Firewall you should be able to check on the current connections in use and find the IP addresses you require on the ports you have configured (4992 and 4993 on the LAN - Trusted Side)

    But, you then won't be able to connect to the radio from a remote site if do not know the IP address that you are operating remotely from since the connection from the User to the Radio is a Peer to Peer connection in order to provide the best performance.

    If you are concerned about security, the connection is a secure TLS-encrypted connection and without the proper encryption keys you can't connect to the radio anyway.

    73

  • andyg8tjq
    andyg8tjq Member ✭✭
    Many thanks Mike. I was under the impression (clearly mistaken) that the Smartlink system acted as a relay in the comms channel - so if I understand you correctly the role of the Smartlink server is only to act as a broker for the initial connecton of the remote user directly to the radio over TLS at which point the Smartlink system has no further role to play.
    My desire to lock down the 'allowed' ip addresses to connect to the designated ports on the router was simply to minimise the attack surface.
    73
  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    That is correct. It is just the lookup resource.

    You could still do that, but you need to know all the IP addresses you are going to be operating from.

  • andyg8tjq
    andyg8tjq Member ✭✭
    Many thanks for the replies @Mike-VA3MW

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.

Comment As ...

Categories