Flex 6500 passes all Port forwarding tests and registers - Can't find on any device on outside network

  • 2
  • Problem
  • Updated 7 months ago
I have setup port forwarding on my Flex 6500 and SmartSDR confirms that the port setup is correct. I was able to register the Flex and it was also successful. I can connect to the 6500 from the local network of course using the direct method and using Smartlink. But outside of the network, the radio is nowhere to be found. I can login to Smartlink successfully from my Maestro and the iPad using an outside network. Have tried connecting to the 6500 from 2 locations and from my Maestro. No luck. What might I be missing?

Thanks!
Photo of Jeff Hilliard

Jeff Hilliard

  • 10 Posts
  • 0 Reply Likes
  • Happy - Great products!

Posted 7 months ago

  • 2
Photo of Michael Walker

Michael Walker, Employee

  • 290 Posts
  • 77 Reply Likes
Hi Jeff

Make sure you are using our latest code when testing.  

http://www.flexradio.com/downloads/smartsdr_v2-1-33_installer-exe/

We have a smart link issue that is solved in .33.

Mike
 
Photo of Jeff Hilliard

Jeff Hilliard

  • 10 Posts
  • 0 Reply Likes
Hi Mike and Thank you. I am using V2-1-33 already and still have not been able to find the radio. Thanks!
Jeff
Photo of Nick - N9SJA

Nick - N9SJA

  • 7 Posts
  • 0 Reply Likes
Most likely it's a software firewall operating on your Windows laptop/desktop.  I had to add rules to my laptop to get SmartLink to work properly.

Disable Windows firewall and or any AV/security products that you are using then test.  Once you find which software is blocking your connection then you can make a rule to allow it:  https://www.digitalcitizen.life/manage-rules-windows-firewall-advanced-security

Various AV products have firewalls enabled as well...you will need to consult documentation for your specific version of software.
Photo of Jeff Hilliard

Jeff Hilliard

  • 10 Posts
  • 0 Reply Likes
I have used the Maestro before with no issues using the same firewall. I just tried shutting the firewall off in my Windows 10 machine and no change. So can not access from there or the Maestro. Response -"There are currently no radios available"

Also have a user in another city and he can not access the Flex 6500 either. In the router settings at the radio site, are there rules that have to be set in addition to the port forwarding? I would assume the passing the tests while setting up the SmartSDR would indicate that all router settings are fine? Is that correct? 


 Thanks for the response! Jeff
Photo of NX6D Dave

NX6D Dave

  • 302 Posts
  • 89 Reply Likes
I don't think you said that you got successful tests with the Test button. Did you try that?
Photo of Jeff Hilliard

Jeff Hilliard

  • 10 Posts
  • 0 Reply Likes
Yes I did get green (Success) using the Test Button.
Photo of Nick - N9SJA

Nick - N9SJA

  • 7 Posts
  • 0 Reply Likes
If it is not your firewall on your device, then it is the router/firewall that your flex is plugged into.  Your NAT (port forward) may not be setup correctly.  There are many setups as every router/firewall has a different process.  But this is what you need to do...

1.  On your Flex 6000 series transceiver, use a static IP address for your network.  (This will make sure that if the unit is ever restarted the Flex will always use the same internal IP address and not break your NAT (port forward rule) by getting different IP address from your home router's DHCP server).  

2.  Create a NAT rule (port forward) using the internal static IP address you assigned to your Flex to your external IP address.

3.  Create a firewall rule for your NAT (port forward) that allows from ANY source TCP port 4994 inbound and UDP port 4993 inbound.  You may need to do two separate rules since some routers/firewall will not do TCP and UDP both in the same rule. It just depends on what firewall you are using.

4.  Save your configuration and test.  You can test to make sure that the ports are open on your firewall by using these links:  http://portquiz.net:4994/  http://portquiz.net:4993/  These links will test your firewall's ability to use these ports to the outside.  If you cannot get a proper response back, then either another firewall rule is blocking access, or your firewall rule is not configured correctly.

Lastly most firewalls use rules in what is called an ACL format (Access Control List).  This means that the rule ordering is important.  If you can, create rules or change the order so they are at the TOP of of your firewall's ACL.  This way another rule you may have configured will not block the rules that you just created.

Obviously this process does require a bit of knowledge about IP networking and firewalls.  If you are not sure about some of this, you may want to seek out someone close (that you trust) to take a look at your settings.

Hope that helps...

73 de Nick N9SJA
Photo of Nick - N9SJA

Nick - N9SJA

  • 7 Posts
  • 0 Reply Likes
What AV software are you using Jeff?  Have you checked to see if it is running a software firewall?  Have you tried shutting that off to see if it then started working?  Windows Firewall is not the only firewall that can be on your computer.  A lot of AV/Security products have their own firewall integrated as well.

Nick N9SJA
Photo of Jeff Hilliard

Jeff Hilliard

  • 10 Posts
  • 0 Reply Likes
Hi Nick,

1. I have set it up to use one fixed IP for the Flex and the radio has been setup that way (192.168.50.10)
2. The NAT rule is a question. I am using 2 flex radios on this system, one on (192.168.50.9) and the other on one (192.168.50.10)

I set up Port forwarding on RADIO 1 as follows: Port 2100TCP forwards to 4994TCP to (192.168.50.9.) and Port 2200UDP forwards to 4993UDP on (192.168.50.9) and the port Test works.

ON Radio 2, Port 21000 forwards to 4994TCP to (192.168.50.10) and Port 22000 forwards to 4993UDP on (192.168.50.10) and the port Test works

Setting up the NAT to use any WAN IP address and forward it to the LAN address may be an issue because we are trying to run 2 radios on one external IP address. I think this should work but I might be wrong. Thanks for all of your assistance!
Jeff
Photo of NX6D Dave

NX6D Dave

  • 302 Posts
  • 89 Reply Likes
This should work fine.  I've done the same here and it works.  The port numbers on the radios is fixed(4993 and 4994), but the ports numbers on the outside of your LAN can be any ephemeral port number. You'll need two sets of port forwarding rules in the router, one for each radio, and each radio must be registered with the SmartLink server, individually.  If you have tested each and received the "Green Button" test result, then your configuration is good.
Photo of Nick - N9SJA

Nick - N9SJA

  • 7 Posts
  • 0 Reply Likes
Well, there is most likely your problem.  The SmartLink software I don't think will allow you to type in alternate ports so the problem looks like when TCP port 4994 data hits your external address, the firewall does not know where to send the data to.  I would not use port translation PAT (this is what you are doing by using 2100 TCP for example).  This process will technically work, but only if the software will allow you to change the ports that it is using.  I don't think you can do this with the Flex software (I don't recall if you can set additional port info in the SmartLink setup).

When troubleshooting you are better off by simplifying the process.  Try doing this with only ONE radio and drop the PAT (port translation)...just allow rules for TCP 4994 and UDP 4993.  Once one of the Flexes is working with SmartLink, then try to bring the other online.  But if you cannot use the software with a port translation, you might be able to get a second IP address from your ISP for the other Flex.  My ISP sells me external addresses for +$10/mo per address.  


Nick N9SJA
Photo of Jeff Hilliard

Jeff Hilliard

  • 10 Posts
  • 0 Reply Likes
Hi all,
We have gotten this all figured out and thanks to everyone who contributed with their comments! It turns out that the reason I was unable to see my 6500 was that it was registered in my partner's account. While we were working on this project, I signed in under his account and after everything was running locally, still signed in as my associate, I un-registered my 6500 and re-registered it again. That of course put my radio under his account. From then on, he was able to see both Flex radios but remotely, I could see non. Really embarrassing but in the future this might assist someone else who pulls the same stunt. All working well now using 2 Flex 6500 radios on a single WAN IP. Thanks all again! Jeff AK6OK