[App_rpt-users] App_rpt-users Digest, Vol 67, Issue 68
Anthony Percy
antcp at bigpond.com
Sun Oct 26 09:00:31 UTC 2014
Hi,
Strictly speaking a router will always route all packets regardless of TCP
port number depending on its routing table(because routers route IP
packets only and it is TCP, which has a port number that is made up of IP
packets hence the name TCP/IP)
However our home internet ³routers² nearly always have firewalls built in
along with NAT(Network Address Translation) capability. Normally the
default firewall configuration on our home ³router² blocks all inbound
packet flows which would stop any inbound IAX2 protocol flows from
reaching the Allstar box and thus the repeater running allstar would be
able to send packets to the allstar network but not receive any IAX2
packets back hence the Allstar connection would not work.
There are normal at least two ways to get inbound connections (packet
flows) to work on such home ³routers";
1. Most home internet ²routers² allow a single IP address to be configured
so the ³router" will send all inbound connections to this ip address. It
is sometimes called a DMZ ( DeMilitarized Zone) ip address. However if you
do this, there is nothing ³demilitarised" about this IP address. To all
intensive purpose your Allstar box will be standing ³naked² on the
internet with NO protection at all! So make sure you have a firewall
configured on the Allstar box (that allows SSH and IAX2 connections) after
you have tested this configuration.
2. Most home internet ²routers² allow you to configure inbound ports that
the router will allow in through the firewall. This is much safer but may
be harder to setup.Remember that because of NAT you will never see your
internal home IP addresses on the Internet. What you will see is the IP
address of the Internet connection that your home router is using. So
your Allstar box will appear on the Internet to have the IP address of the
home ³router².vOne tip to aid in testing the firewall setup is to use the
IAX2ping tool on voip-info.org.
Hope this helps...
Regards
Anthony, VK2ACP
On 24/09/2014 4:36 pm, "app_rpt-users-request at ohnosec.org"
<app_rpt-users-request at ohnosec.org> wrote:
>Send App_rpt-users mailing list submissions to
> app_rpt-users at ohnosec.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>or, via email, send a message with subject or body 'help' to
> app_rpt-users-request at ohnosec.org
>
>You can reach the person managing the list at
> app_rpt-users-owner at ohnosec.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of App_rpt-users digest..."
>
>
>Today's Topics:
>
> 1. Not able to receive incoming connections (gene at wb9coy.com)
> 2. Re: Not able to receive incoming connections (Doug Crompton)
> 3. Re: Not able to receive incoming connections (gene at wb9coy.com)
> 4. Re: Not able to receive incoming connections (gene at wb9coy.com)
> 5. Re: Not able to receive incoming connections (Doug Crompton)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Tue, 23 Sep 2014 15:34:22 -0700
>From: <gene at wb9coy.com>
>To: app_rpt-users at ohnosec.org
>Subject: [App_rpt-users] Not able to receive incoming connections
>Message-ID:
> <20140923153422.6bda0fc0b2fcdc09c2716b2cba60b34f.b59f50f291.wbe at email12.s
>ecureserver.net>
>
>Content-Type: text/plain; charset="utf-8"
>
>My node is 41303 W6QAR
>
>I have verified that I NAT on port 4569. It was mentioned that a check
>can be done on my node to see if it had to be forced.
>
>
>
>------------------------------
>
>Message: 2
>Date: Tue, 23 Sep 2014 19:38:57 -0400
>From: Doug Crompton <doug at crompton.com>
>To: "gene at wb9coy.com" <gene at wb9coy.com>
>Cc: "app_rpt-users at ohnosec.org" <app_rpt-users at ohnosec.org>
>Subject: Re: [App_rpt-users] Not able to receive incoming connections
>Message-ID: <BLU172-W48C33D5293469A55079C46BAB00 at phx.gbl>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Gene,
>
> Not sure what you mean by forced but you need to port foward port 4569
>upd to the IP address of your Allstar computer. The Allstar computer
>should be set as a static IP address on your local network so that the
>local address does not change.
>
>In addition if you want to access your system remotely or have someone
>else do it for maintenance you need to port forward port 222 tcp to the
>IP address of your Allstar computer.
>73 Doug
>WA3DSP
>http://www.crompton.com/hamradio
>
>
>> From: gene at wb9coy.com
>> To: app_rpt-users at ohnosec.org
>> Date: Tue, 23 Sep 2014 15:34:22 -0700
>> Subject: [App_rpt-users] Not able to receive incoming connections
>>
>> My node is 41303 W6QAR
>>
>> I have verified that I NAT on port 4569. It was mentioned that a check
>> can be done on my node to see if it had to be forced.
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit
>>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>>down to the bottom of the page. Enter your email address and press the
>>"Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email
>>confirmation. If you have trouble unsubscribing, please send a message
>>to the list detailing the problem.
>>
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://ohnosec.org/pipermail/app_rpt-users/attachments/20140923/4815d463/
>attachment-0001.html>
>
>------------------------------
>
>Message: 3
>Date: Tue, 23 Sep 2014 22:37:21 -0700
>From: <gene at wb9coy.com>
>To: "Doug Crompton" <doug at crompton.com>
>Cc: "app_rpt-users at ohnosec.org" <app_rpt-users at ohnosec.org>
>Subject: Re: [App_rpt-users] Not able to receive incoming connections
>Message-ID:
> <20140923223721.6bda0fc0b2fcdc09c2716b2cba60b34f.7324a418f0.wbe at email12.s
>ecureserver.net>
>
>Content-Type: text/plain; charset="us-ascii"
>
>An HTML attachment was scrubbed...
>URL:
><http://ohnosec.org/pipermail/app_rpt-users/attachments/20140923/8c28b7b4/
>attachment-0001.html>
>
>------------------------------
>
>Message: 4
>Date: Tue, 23 Sep 2014 23:09:09 -0700
>From: <gene at wb9coy.com>
>To: "Doug Crompton" <doug at crompton.com>
>Cc: "app_rpt-users at ohnosec.org" <app_rpt-users at ohnosec.org>
>Subject: Re: [App_rpt-users] Not able to receive incoming connections
>Message-ID:
> <20140923230909.6bda0fc0b2fcdc09c2716b2cba60b34f.57f5307248.wbe at email12.s
>ecureserver.net>
>
>Content-Type: text/plain; charset="us-ascii"
>
>An HTML attachment was scrubbed...
>URL:
><http://ohnosec.org/pipermail/app_rpt-users/attachments/20140923/ab5437b7/
>attachment-0001.html>
>
>------------------------------
>
>Message: 5
>Date: Wed, 24 Sep 2014 02:36:53 -0400
>From: Doug Crompton <doug at crompton.com>
>To: "gene at wb9coy.com" <gene at wb9coy.com>
>Cc: "app_rpt-users at ohnosec.org" <app_rpt-users at ohnosec.org>
>Subject: Re: [App_rpt-users] Not able to receive incoming connections
>Message-ID: <BLU172-W10D9F3BB65297505AD6175BAB10 at phx.gbl>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Gene,
>
> There is no way to "force" something through a router that is
>miss-configured or not working correctly.
>
>In the router you should be able to port forward and you need the
>following ports forwarded
>
>4569 udp
>222 tcp
>
>It is important that you specify udp and tcp. In some case you can say
>'both'
>
>Both ports should be forwarded to your Allstar box IP address. Without
>4569 no one will be able to connect to you. Without 222 no one will be
>able to administratively connect to your allstar.
>
>There is no way around this you need the forwards to work. In a pinch you
>could setup DMZ in the router to the allstar box and see if it works. If
>it doesn't you have other problems but if it does then you know you port
>forwarding is incorrect.
>
>I don't know your router but there is probably someone else on here that
>could help. I know with the Verizon FIOS routers you need specify the
>from port and IP as any and the to port and Ip as the ones you want it to
>go to. Specifying the from port as a specific number even if it is the
>right number does not work.
>
>73 Doug
>WA3DSP
>http://www.crompton.com/hamradio
>
>
>From: gene at wb9coy.com
>To: doug at crompton.com
>CC: app_rpt-users at ohnosec.org
>Subject: RE: [App_rpt-users] Not able to receive incoming connections
>Date: Tue, 23 Sep 2014 22:37:21 -0700
>
>Hi Doug, thanks for the response. My router is an ATT U-Verse
>
>I have NAT to port 4569 and 222. For some reason I can not connect to
>it. It shows up on the Web Xcvr. I am able to have QSOs on node 2003.
>I think it is an in-bound issue. I read on the AllStar pages that a sys
>admin might have to force port 4569 on the AllStar side. I am writting
>to this mail list because I am stuck on why I can not conntec to my node
>which is 41303
>
>
>
>
>-------- Original Message --------
>Subject: RE: [App_rpt-users] Not able to receive incoming connections
>From: Doug Crompton <doug at crompton.com>
>Date: Tue, September 23, 2014 4:38 pm
>To: "gene at wb9coy.com" <gene at wb9coy.com>
>Cc: "app_rpt-users at ohnosec.org" <app_rpt-users at ohnosec.org>
>
>
>
>
>Gene,
>
> Not sure what you mean by forced but you need to port foward port 4569
>upd to the IP address of your Allstar computer. The Allstar computer
>should be set as a static IP address on your local network so that the
>local address does not change.
>
>In addition if you want to access your system remotely or have someone
>else do it for maintenance you need to port forward port 222 tcp to the
>IP address of your Allstar computer.
>73 Doug
>WA3DSP
>http://www.crompton.com/hamradio
>
>
>
>> From: gene at wb9coy.com
>> To: app_rpt-users at ohnosec.org
>> Date: Tue, 23 Sep 2014 15:34:22 -0700
>> Subject: [App_rpt-users] Not able to receive incoming connections
>>
>> My node is 41303 W6QAR
>>
>> I have verified that I NAT on port 4569. It was mentioned that a check
>> can be done on my node to see if it had to be forced.
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit
>>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>>down to the bottom of the page. Enter your email address and press the
>>"Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email
>>confirmation. If you have trouble unsubscribing, please send a message
>>to the list detailing the problem.
>>
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://ohnosec.org/pipermail/app_rpt-users/attachments/20140924/ce7ad6f9/
>attachment.html>
>
>------------------------------
>
>_______________________________________________
>App_rpt-users mailing list
>App_rpt-users at ohnosec.org
>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
>
>End of App_rpt-users Digest, Vol 67, Issue 68
>*********************************************
More information about the App_rpt-users
mailing list