SmartLink and DMZ

  • 2
  • Question
  • Updated 6 months ago
  • (Edited)
I've been fighting this battle ever since my new 6400 arrived...I've done as much Googling/reading as I can find in other threads (the SmartLink & Port Forwarding discussion was REALLY helpful).
Here's the deal: I tried all the 'Automatic' and 'Manual Port Forwarding suggestions, but couldn't get the "button" to go green in the 'Network Settings Test' no matter what I did. Finally, out of desperation, I DMZ'd the IP for the 6400 and got the green light. As an added bonus, I was then able to log in from my ATT LTE cell phone account with SmartSDR for iOS. I was NOT able to do this before nor was I able to log in from another Suddenlink cable account other than my own. I've used DMZ before for testing, but it's something I'm hesitant to leave open long term. Suggestions?
Photo of wb5nfc

wb5nfc

  • 6 Posts
  • 1 Reply Like

Posted 7 months ago

  • 2
Photo of WX7Y

WX7Y

  • 536 Posts
  • 98 Reply Likes
Just make sure you have the TCP and UDP IP ports INSIDE and OUTSIDE ports set correctly.

What router are you using??  Maybe someone has it figured out and can send you a screen grab of the settings if your ports are the same as there's that showed up in your Smartlink setup.

I definitely would NOT run the radio in a DMZ situation, remember it has a computer in it. 

73's
Bret
WX7Y
Photo of wb5nfc

wb5nfc

  • 6 Posts
  • 1 Reply Like
Thanks for the suggestions, Bret. Yes, double checked incoming and outgoing ports then checked 'em again just to make sure I hadn't fat-fingered something. Saved, rebooted, reentered, deleted, rebooted... you get the picture. The router is unlike anything I've used before. It's Suddenlink cable company provided. It's a Hitron CGNM-2250-SDL. It's actually listed as a "Wi-Fi Gateway." But I'm not using WiFi for the radio or control. Ran a Cat 6 cable from one of the ethernet ports out to the shack - only about 150 feet.

73
John
WB5NFC
Photo of wb5nfc

wb5nfc

  • 6 Posts
  • 1 Reply Like
I found a manual for the Hitron device online. Not much help... I had already checked the firewall and set it to minimum - what I didn't see was that "Port 113 IDS IDENT" was blocked. This isn't a port listed as one that needs forwarding, but just thought I'd throw out a little more info for whatever it may be worth. -- John / WB5NFC
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1135 Posts
  • 235 Reply Likes
Here's a YouTube video for that router showing how to port forward. The info that you want starts around 1:30 into the video. First check the IP address of your radio as that needs to be entered for the local address.

https://www.youtube.com/watch?v=hMxGBb-VSgc

You need to enter two rules. 

I would suggest 4994 external to 4994 internal TCP
and
4993 external to 4993 internal UDP. 

After saving in router set up SmartLink Network setup using Manual as shown in the other thread. Click Save In SmartLink setup then click test.

Dave wo2x
Photo of wb5nfc

wb5nfc

  • 6 Posts
  • 1 Reply Like
Thanks for the video, Dave. I've watched it twice to see if I might have missed something, but it shows exactly what I have been doing -- but here's where the story gets better. After checking the ports, the TCP, UDP designations, and the IPs for the umpteenth time, I decided to reboot everything. The cable modem, the router, the DVR, a switch here in the shop and the 6400. When everything finally came back up -- it worked. Even the automatic network mode brings up the green test light now. I have no idea why, I'm just glad it does. I'm going to chalk this one up to an unknown gremlin and call it a night. Thanks for the help!  John
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1135 Posts
  • 235 Reply Likes
Great! Glad you got it working.

Welcome to the world of easy remote operation.

Dave wo2x
Photo of K1SZO

K1SZO

  • 32 Posts
  • 0 Reply Likes
What router are you using?   It's possible your router is doing something flaky that is preventing it from forwarding properly.  Especially if following the manual setup was not working.

I haven't read the instructions yet since my 6400 hasn't even shipped yet.  Where you manually forwarding TCP and UDP? Or just one or the other?   I suppose I should read the instructions prior to actually posting...
Photo of wb5nfc

wb5nfc

  • 6 Posts
  • 1 Reply Like
You can catch router info on the previous post... it's a cable company provided unit. I ordered my 6400 the second day of the Dayton Mudfest last year and it just came in a couple weeks ago. Well worth the wait. You'll love it! Setup was pretty easy. It's when things don't go as planned (like this router thing) that it gets frustrating. Lots of very knowledgeable folks here in the forum, so help is out there if you need it. As far as the ports go, the SmartSDR setup screen has a manual port forward option that seems to work for most people - when the automatic setting doesn't. Neither worked for me.  ;-) There's just one TCP and one UDP port to forward IF automatic settings don't work.

73
John
(Edited)
Photo of Bob - W7KWS -

Bob - W7KWS -

  • 270 Posts
  • 37 Reply Likes
I'm glad it's working but there is another trick to watch out for now that you have the ports functioning. This is dynamic IP address allocation to the radio from your router. This is the usual default where the DHCP server issues a random address to each device on your internal network everytime you reboot a device or the router.


Most routers allow you to fix this so that the same address is always issued to a device. If you don't set this the router may issue a different address sometime in the future. When this happens things will stop working if the radio's address has changed because the ports are no longer forwarded to the radio's new address.


There are usually two approaches for solving this, Reserved addresses which you setup in the router or a static IP address which you set up in the radio. Use one or the other method but not both.

I prefer the Reserved method but your router has to support it. Check the manual. Otherwise, check the Flex manual for setting a static address there. Good luck!
(Edited)
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9148 Posts
  • 3467 Reply Likes
I suspect this behavior is a consequence of your routers software features.  Not every router/firewall implements the same feature the same way.  This is one of the challenges with consumer-grade devices.  If you have it working, count it as a win.
Photo of wb5nfc

wb5nfc

  • 6 Posts
  • 1 Reply Like
Yes, totally agree Tim. I have been toying with the idea of replacing "rented" cable equipment (modem and router) with my own. Recent events may move the process forward.
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9148 Posts
  • 3467 Reply Likes
+1  Just put the cable modem in "bridge mode" and get a reasonable firewall.  I have been doing this for more years than I can count.
Photo of WH6HI - Pat

WH6HI - Pat

  • 275 Posts
  • 38 Reply Likes
I will not name the internet provider I was using, but after a few months I became disalusioned with therir equipment. Best decision was to get my own. Was a big improvement all around . No more dropouts, reboots etc. worked well with my Apple wireless router. Port forwarding took less then 5 minutes to get going. Only problem I have with my service is that they can not keep up ip v6 routing up in a reliable manor.
Photo of Stephen Hawkins NG0G

Stephen Hawkins NG0G

  • 72 Posts
  • 14 Reply Likes
If the box  you got from the ISP is both a modem and a router you should be able to get them to reconfigure it to just be a modem and then buy your own router that will do what you want it to.  The advantage to this path is this.  If you put your own modem and router in and at some point in the future you lose your internet connection the ISP will tell you that it is probably your hardware.  Then you will have to prove yourself innocent. However if the modem is theirs and you can use your router to see it on the network and talk to it, then the problem is theirs.  The LAN side IP address of their equipment is frequently 192.168.1.1.
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Gents, I'm running a Cisco/Linksys E4200 V2 .. thousands of them out there ... and a pretty standard router from what I can tell .. UPnP is enabled on the router .. yet I no joy when attempting the "Automatic" connection under Network Settings .. Mouse Over red dot shows

Radio Cannot Be Accessed using Smartlink

UPnP Ports;
TCP = FAIL
UDP = FAIL,

Forwarded Ports:
TCP = FAIL
UDP= FAIL,

Hole Punch Supported: No

What's my next move to get SmartLink working?

Photo of Stephen Hawkins NG0G

Stephen Hawkins NG0G

  • 72 Posts
  • 14 Reply Likes
Be very careful with UPnP.  You don't want it turned on, on the WAN side of the router.  It is for LAN use and is not secure.
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1138 Posts
  • 235 Reply Likes
What does your ISP provide? Modem? Combo modem/router?
Need a little more info on your network.

Dave wo2x
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Dave, ISP is Comcast/Xfinity .. they provide CableModem/Router combo but I'm running the Cisco/Linksys E4200 router on the other side of the house in the hamshack via a Netgear Powerline AV500 device .. been working for years ... but you raise a good point about UPnP being enabled on the Comcast Router ... or at least that's the synapse that was triggered ..
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1138 Posts
  • 235 Reply Likes
Just went through this at my sister’s house. You need to run one of them in Bridge mode. The double NATing is probably your issue.

You could try using manual port forwarding in both routers but it is easier to put the Cisco in Bridge mode.

Dave wo2x
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Thanks Dave .. am I correct in that when in Bridge mode the Cisco/Linksys E4200 can no longer be a WiFi hotspot?  I need WiFi in the shack on this side of the house in addition to hard wired ethernet connectivity for radios/computers etc .. Ed
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
And .. if I go the manual port forwarding .. for both .. who has that recipe?
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1138 Posts
  • 235 Reply Likes
The Cisco should work fine as a WiFi hotspot in Bridge mode. I am doing it with a pair of ASUS routers.

Dave wo2x
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Bob, thanks for the above ... I thought I saw that warning from the Cisco/Linksys E4200 that it would disable the wifi in bridge mode and that would not be good as I need that for other devices on this side of the house ... still need a solution here .. port forwarding might have to be it .. though I need a recipe for that ... anyone have?
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1117 Posts
  • 229 Reply Likes
Didn't know that about Linksys/Cisco. According to this article on Cisco site it says it can be used as an access point in bridge mode. As an access point the WiFi will work.
https://www.linksys.com/us/support-article?articleNum=143751

I am using an Asus RT-66U in bridged mode for WiFi coverage in living room and family room and it WiFi works fine.

Dave wo2x
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Appreciate that insight David ... QQ for you .. do you explicitly specify an IP address or select the "Obtain IP address automatically (DHCP) .. or does it matter .. 
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1138 Posts
  • 235 Reply Likes
It should work either way but I recommend setting a static IP in the access point so you know what it is if you need to log into it. Use an IP outside the DHCP range of the main router.

Dave wo2x
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Dave/all, ok spent the last hour attempting to get Bridge mode working on my Cisco E4200 unsuccessfully, I need the following parms and am not sure exactly where to get the values to populate same ..

I used the assigned IP address from the master xfinity router/cable modem and then Googled the subnet values and entered 255 255 255 0, then Googled for the DNS 1 address and entered 75 75 75 75 .. no joy .. where do i get these values .. presumably from the xfinity router/cable modem which will be the master ..

Need legit values for the following and where I go in my system to get ... thanks in advance

Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1138 Posts
  • 235 Reply Likes
you should be able to get the info from the Xfinity router. Look for DHCP server settings. It should show a range of IP addresses like 192.168.1.100 to 192.168.1.200 or something similar

Assign an IP on that subnet, but out of that range. For the example above you could assign 192.168.1.10 for the IP. Mask is 255.255.255.0 , gateway would be 192.168.1.1 and DNS would also be 192.168.1.1

Let us know what the Xfinity shows and I can suggest what to put in the Bridge.

Dave wo2x
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Thanks Dave .. i'm now back on the port forwarding option .. still futzing with that .. trial and error .. this should not be this much of a puzzle .. but all configs are different .. i get it ..  will advise on the port forwarding ..

Did I see someone mention that I need to have port forwarding enabled on both routers .. primary (xfinity router/cablemodem) and secondary shack router (Cisco E4200) .. seems to make sense as one needs to pass to the other ..

FWIW .. seems that the primary xfinity router is assigning IP addresses in the 10.0.0 and up range .. will double check when I get to the other side of the house

Ed
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1117 Posts
  • 229 Reply Likes
Set the Cisco to bridge with following

Ip address 10.0.0.253
Subnet mask 255.255.255.0
Gateway 10.0.0.1
DNS 10.0.0.1

Should work with SmartLink set to automatic

Make sure to restart shack PC and Radio after making change to Cisco
Dave
(Edited)
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Thanks Dave for the above .. just achieved connectivity via "Manual Port Forwarding" ... combo of dumb luck and some trial and error .. net is I first opened the port range on the secondary shack router E4200 ports 4993 to 4994 .. selected the "Both" option (TCP/UPD) and the IP address of the Flex 6400 from the shack router 192.161.1.128 ... but no joy.

Next went to the primary xfinity router/cablemodem and did the same though I had to select the IP address of the secondary router 10.0.0.77 and opened up the same port range from 4993 to 4994 and then viola .. the test light gets to green ..

So I grab my iPad and go to the apple store and DL the SmartSDR for iOS and open it up only to find that I now need to fork over $59.99 for the iOS app ... seriously .. what a let down ... I guess it's the harbinger of things to come .. though I'm NOT HAPPY FLEX with this ...

Next Q is it worth it?  SmartSDR for iOS ..  oye ..
Photo of Bill -VA3WTB

Bill -VA3WTB

  • 2767 Posts
  • 610 Reply Likes
It is worth it, and no the App is not free.
Photo of WX7Y

WX7Y

  • 536 Posts
  • 98 Reply Likes
I think Marcus set's the Price on the APP who is the author of the IOS app and Flex just supports it on there WEB site.

Marcus is great with keeping things updated and working with bugs much better then other  IOS app authors. 

I think if you use it, you will find it is a really well put together APP and worth the $59.99, his other add on tools are great quality as well and you may look at them if you run portable. 

I really like the Griffin Bluetooth PowerMate Knob add on works great with the App. 

73's
Bret
WX7Y
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Thanks Bill/Bret ... I DL'ed and purchased SmartSDR for iOS and attempted to get it going via SmartLink last night once I confirmed that SmartLink was working with the Manual Port Forwarding according to the diagnostic window on the Win10 desktop machine.

I was able to connect once while on a wifi connection local to my secondary router to which the radio and Win10 desktop were connected .. but then that failed ... and I got stuck in the loop of trying various options on the SmartSDR for iOS ..

Checked this a.m. and I'm still getting a GREEN indication on the Win10 Desktop that SmartLink is still working .. but seems that SmartSDR for iOS is having a hard time locating the 6400 or the WIn10 desktop or both ..

Which raises another good question .. am I connecting to the IP for the 6400 via SmartSDR for iOS or the Win10 Deskstop .. obviously 2 different IP addresses, just looked and I've got the port forwarding set up for the 6400 vs. the Win10 desktop .. not sure if that is correct or not though SmartSDR on Win10 machine SmartLink Window instructs to connect to radio ..makes sense .

Net is SmartSDR for iOS not connecting yet via SmartLink when using Manual Port Forwarding even though SmartLink on Win10 desktop reporting GREEN and SmartLink working.

Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Ok gents .. back to the SmartLink puzzle.  While I was able to turn the Test Light Green as indicate above via the Port Forwarding indicated in the screen shot above ... No joy on the ability to access SmartLink from the Internet coming in from my ISP Comcast/Xfinith.

My network is pretty straightforward:

- Xfinity Cablemodem/Router/Wifi - assigns 10.0.0.X series local IP addresses ... (I attempted port forwarding on this router as well but I'm not exactly which IP port to assign forwarding to ... suspect this is the root of my issue)

- Netgear PoweLine AV500 - powerline ethernet adapter to get ethernet from one end of the house to the other where the shack is .. works great and I get >100 Mps through speed test, this connects the Xfinity cablemodem/router above to the device below

- Cisco/Linksys E4200 v2 - Router/Wifi - assigns 192.168.1.X series local IP addresses.  I have the 6400 connected directly to this router (192.168.1.128), I have the Win10 PC that controls the 6400 (192.168.1.132) connected directly to this router and I have port forward forwarding for (4993-4994) for both TCP & UPD and for port 192.168.1.128 (the 6400).

When I test the SmartLink from my local Win10 PC (192.168.1.132) I get a successful connection via the Test button.

When I run SmartSDR for iOS locally on the Wifi connected to the E4200 router I can connect .. though not via SmartLink.

Though when I attempt to run SmartSDR from another Laptop PC connected to the Xfinity Cablemodem router or the SmartSDR for iOS .. no joy .. just doesn't find the SmartLink or radio.

My hypothesis is that I don't have the right Port Forwarding set up on the Xfinity Cablemodem/Router device as I'm not exactly which 10.0.0.X  IP address to assign Port Forwarding .. I don't see the 192.168.1.128 device (6400) or anything in that range (of course) but unsure if a 10.0.0.X address gets assigned for the devices on the E4200 router that is in the shack  ..

What's my next move gents?

Ed W2MKM
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1137 Posts
  • 235 Reply Likes
What is the wan port IP of the E4200? In the Xfinity router you can port forward 4994 TCP and 4993 UPD to the address of the 4200.

What would be easier is to put the Xfinity router in Bridge mode and just use the E4200 as a router. Doing double NATing gets complicated.

Dave wo2x
Photo of K1SZO

K1SZO

  • 32 Posts
  • 0 Reply Likes
I agree with WO2X.

You would be better served by setting up the cable modem router in bridge mode, but if you don't want to or can't.  The cable modem router should port forward to the to the WAN address of the Cisco/Linksys router.  Then the Cisco/Linksys router should then forward the ports as you normally would.
Photo of Ed W2MKM

Ed W2MKM

  • 39 Posts
  • 1 Reply Like
Thank Dave & K1SZO, appreciate the input .. a couple of Qs and details before I start some more testing tonight/tomorrow.

1. My what I call "Master" router, is the Xfinity Cablemodem/Router, which serves 70% of the household ethernet and Wifi needs ...  not sure if I made that clear ..

2. My "Slave" router is the Cisco E4200 which serves primarily the ham shack and related goodies nearby.  This is getting "internet" from the Xfinity box, via the Netgear Powerline device and plugged into the "internet" port on the E4200 leaving 4 ethernet ports for hard wire connections to the 6400 and 2 shack computers 1 for the 5000A and 1 for the 6400

I ask this as the suggestion above suggests putting the "Master" router (Xfinity) into Bridge mode vs. the E4200 which is counter intuitive to me .. but I've never done it .. I don't know if the Master (Xfinity) would even work properly as it is also the Cablemodem and serves up VOIP.

I'll assume that the better option would be to put the Slave (E4200) into bridge mode given it that I don't want to mess with the Cablemodem/VOIP features.

If that's the case, what IP address do I enter into the Slave E4200?  Recall the Xfinity dishes out 10.0.0.X IP addresses and the E4200 Slave 192.168.1.X addresses ... 

Once bridged will that change the addresses assigned by the E4200 from 192.168.1.x to 10.0.0.X used by the Xfinity router?

I ask since I've taken one half hearted attempt at putting the Slave E 4200 into Bridge Mode but was unsuccessful likely due to not knowing what IP address to put in .. 

Thanks for your help and patience here gents.

Ed
Photo of Bob - W7KWS -

Bob - W7KWS -

  • 270 Posts
  • 37 Reply Likes
Ed,

I believe that having two routers is the basis of your difficulty plus, the group, not knowing enough about your network from the beginning has produced many suggestions that don't fit your situation. Trying to implement them has confused things for you even more. I suggest first things first. Get the things inside your LAN going first then rest. Then think about SmartLink as a second step. I think it will be much simpler to do this as a two step project.

It seems to me that the first thing you should do is to follow your instinct and leave the cable modem/router alone. You will have to do one or two things in that device later for SmartLink but not now.

Now for the second router, unplug it, put it in some closet and forget about it unless it can be set up as an access point for WiFi where its routing function is off and its Ethernet ports are working as a switch only. This IS NOT always Bridge mode. In my Asus there is no bridge mode but instead "Access Point" mode.

If it can't be set up as described, in its place, use a 10/100 switch. I'd avoid a Gigabit unit for now. Flex had an issue with some of these & I don't know if a soloution was distributed or not. 10/100 is plenty for what you have described to be in use in your ham shack and they are cheap. I use this one from Amazon:

https://www.amazon.com/gp/product/B00...

If you need WiFi in the ham shack location, an access point works well. I use this one from Amazon:

https://www.amazon.com/gp/aw/ya?ac=bi...

Just plug the access point into an Ethernet port on the switch. Plug another port on the switch into your current "Power Line" connection to the router, Flex radio to a third one. The switch needs no configuration of any kind. The access point is straight forward per its manual & the defaults should work out of the box although setting it up with your own password is a good idea fairly soon.

If you need to log your iPad or computer onto WiFi, go ahead. They should work from either WiFi devece, the cable modem/router or your new access point. Just be sure to set the new WiFi up in the iPad & computer.

There are no IP addresses or ports for you to set in this first step of the project. All IP address you need will be automatically issued by the DHCP server in the modem's router function.

Later, after things are working within your LAN, you need only see to it that the radio always uses the same IP address and that the two ports are forwarded for SmartLink. This only needs to be done for SmartLink. Get the thing working in your LAN for a few days first then the SmartLink will be easier as a second step in your project.

Best regards!
(Edited)