SmartSDR port forwarding fails

  • 1
  • Question
  • Updated 6 months ago
  • Answered

I've search for a few hours but did not find a solution. I have a 6400 (running the latest software) that has successfully registered with Smartlink but still doesn't pass the tests. Here is my configuration;

Comcast internet with modem in bridge mode ( doubled checked and it is) and I have a static external  IP address.

Sonicwall firewall handle everything else. Yes Windows FW is shutoff on the machine running SmartSDR. I'm assuming the Flex at .24 does not have a FW blocking it.

The radio has a static IP of x.x.x.24/24. My DHCP pool starts at .100 so everything below is static. I can do an IP scan and the radio appears at the proper address.

The firewall has rules that allows TCP 4994 and UDP 4993 to go both ways.. I can watch traffic go from internal .24 to the FW.. Then I can see it come back and go from FW to .24 but .24 never answers. It is as if it is not listening. I did the manual port forwarding option as follows;

Forward TCP Port 4994 (external) to 4994 (internal)

Forward UDP Port 4993 (external) to 4993 (internal)

I've also tried  disabled Enforce private IP Connections

What am I missing? is there a service not running? Am I correct to assume the flex itself is the computer communicating with the internet and the machine running SDR has nothing to do with it. I can SSH into the machine internally but obviously I don't have the password. What is the destination address I'm trying to get to? does this work like Teamviewer where Flex is in the middle?

Thanks in advance for the help.


Ken

AG2K




Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes

Posted 6 months ago

  • 1
Photo of Michael Walker

Michael Walker, Employee

  • 381 Posts
  • 101 Reply Likes
Hi Ken

I have attempted to program a few SonicWall firewalls in my past, and they never seemed to do what I wanted them to do.  Your logic does look correct though.  

You might out to open an outbound Source Port ANY from the Radio IP address and see if that helps as the source outbound port might not be one of those 2.  

You might have to allow an outbound 443 as well.  I just checked my firewall states and this is what I had:



Mike
va3mw
Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes
Thanks Mike.. I'll try it... We have a couple of dozen of these out there and they can be fussy. But they are reliable and secure. This is a new 6400 out of the box so I'm hoping it is not the radio itself.
Ken
Photo of Danny K5CG

Danny K5CG

  • 307 Posts
  • 45 Reply Likes
pfSense, FTW!
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9152 Posts
  • 3478 Reply Likes
I found this which might be helpful.  You will need 2 service objects, one for 4994/tcp and 4993/udp and 2 NAT policies, one for each service object and 2 loopback NAT policies, one for each service object.

https://www.sonicwall.com/en-us/support/knowledge-base/170503477349850
Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes
Thanks that is how I configured.
Ken
Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes
any chance it is the radio itself? it's new out of the box? anyway to SSH into it to test?
Photo of K1SZO

K1SZO

  • 32 Posts
  • 0 Reply Likes
I used to administer SonicWall firewalls too several years ago.  They were find for some things, but just would not work correctly with others.  For instance, we had brokers who talked with traders and they did so via AIM (AOL messaging)  SonicWall would allow some messages, but not others.

That is just one issue I had with them.  I ended up replacing them with Juniper SSGs though those are now discontinued so I started using Fortigates which were created by the same person up created SSGs and then sold them to Juniper.

Good luck, but if all else fails.  A different router should help.  Oh and I wouldn't ever put my router in bridge mode.  I certainly don't and SmartLink works for me.
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9152 Posts
  • 3478 Reply Likes
PFsense works great.  That is what Michael, I and what the office uses for firewalls.  For SmartLink, just enable UPnP and be done with it.

They are using my radios for demos at Ham Radio in Germany this weekend.
Photo of K1SZO

K1SZO

  • 32 Posts
  • 0 Reply Likes
Agreed, installing it on those six port Firewall Micro Appliances with pfSense are incredibly powerful.  
Photo of Danny K5CG

Danny K5CG

  • 307 Posts
  • 45 Reply Likes
I was running pfSense as a VM (2) but found a Lanner/NetGate FW-7535H for cheap on eBay and it works great too.
Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes

Thanks for the info. I'm confused why you don't like bridge mode for a modem.. All I'm asking it to do is take the internet and put it on a port to my firewall. Since I have no other networks coming in there is no need to do routing. Internally I only have one local network so there is no need to route internally. So basically the only route needed goes from my internal network to the internet. My default gateway. So all I need to do is filter or monitor what's coming in from and out to the internet. No routing needed. Maybe I'm wrong and that's my problem?

Ken


Photo of K1SZO

K1SZO

  • 32 Posts
  • 0 Reply Likes
Your firewall is a router.   It routes all non-local traffic onto the Internet via the gateway (which is the router)  Everything local is on a different subnet than the other side of your router.  The subnet on the other side is a publicly routable address while NAT is not.
Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes
Thanks but I don't have any routers. I have a modem in bridge mode and a firewall that's it.. I have nothing to route anyplace. The only network I connect to is the internet.
Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes

I guess you can say technically the firewall routes the internal to the external. But I think of routers as routing data between different networks or paths.

Thanks for all the help I learn something everyday

Photo of Danny K5CG

Danny K5CG

  • 307 Posts
  • 45 Reply Likes
The different networks are the internal and external in this context.
Photo of Ken AG2K

Ken AG2K

  • 17 Posts
  • 2 Reply Likes

Thanks.

Problem resolved... It was a case of fat fingers, poor eyesight and fatigue.. After  sniffing and packet capture I realized the firewall object for the radio had a typo.. Corrected and now all is green.... Next step is to get audio and Tx to work come across to the laptop.

Thanks again all the great information..

Ken