1. Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.
    Dismiss Notice

Port forwarding for WebSDR?

Discussion in 'General Electronics Chat' started by MikeMl, Dec 24, 2017.

  1. MikeMl

    MikeMl Well-Known Member Most Helpful Member

    Joined:
    Mar 17, 2009
    Messages:
    11,423
    Likes:
    600
    Location:
    AZ 86334
    I cannot get to w7rna.dyndns-remote.com:8901/ (The Sedona SDR)

    or 69.27.184.62:8901/ (The Half Moon Bay SDR)

    It used to work a couple of years ago, but now I cant seem to get through the firewall on my Actiontec GT-724-WG DSL modem. I had some issues with the modem, and lost the previous settings.

    No URL with :8901 appended seems to connect. What settings are required to allow connection to the WEBSDRs?
     
  2. jpanhalt

    jpanhalt Well-Known Member Most Helpful Member

    Joined:
    Jun 21, 2006
    Messages:
    6,280
    Likes:
    555
    Location:
    Cleveland, OH, USA
    I just typed in the second url and the site came up. I am on fiber optic with Armstrong ( a small regional ISP) and Chrome. Modem= Arris model TM822G . Most settings were simply default windows.

    If I knew which settings you need, I could check.

    For Sedona, Google did a search and came up with :http://w7rna.dyndns-remote.com:18901/ that also works.

    John
     
    Last edited: Dec 24, 2017
    • Agree Agree x 1
  3. dr pepper

    dr pepper Well-Known Member Most Helpful Member

    Joined:
    Oct 6, 2008
    Messages:
    5,077
    Likes:
    301
    Location:
    North west UK
    You should be able to connect Ok.
    Some Isp's do ot allow certain ports, might be worth a check on your Isp.
    You can for a short time enable Dmz on your router to see if the firewall is messing it up, but dont leave it on.
     
  4. dave miyares

    Dave New Member

    Joined:
    Jan 12, 1997
    Messages:
    2
    Likes:
    -10


     
  5. MikeMl

    MikeMl Well-Known Member Most Helpful Member

    Joined:
    Mar 17, 2009
    Messages:
    11,423
    Likes:
    600
    Location:
    AZ 86334
    Got it working. In the GT724-WG modem, under the Security Tab:
    Under Port Forwarding:
    Click on User:
    Click on New:
    Make up a Rule Name: "Half Moon SDR", for example
    Select Protocol: "TCP,UDP"
    Port Start:8901 Port End:8901 Port Map Start:8901
    Click Apply
    Click Back
    On the Port Forwarding Page, click on the new rule you just created, then click Add.
    On the Port Forwarding Page, click on Apply.


    btw- I use the latest Firefox. That had nothing to do with the original problem.

    Next question:Can I avoid having to create a separate entry for every different :89xx port? I just found some I'd like to use that have a different port#
     
    Last edited: Dec 26, 2017
  6. dr pepper

    dr pepper Well-Known Member Most Helpful Member

    Joined:
    Oct 6, 2008
    Messages:
    5,077
    Likes:
    301
    Location:
    North west UK
    That sounds like you have the Sdr and are connecting it to the web, I thought you wanted to access someone else's Sdr.
    You can also use Dns if you want a name rather than a Ip number.
     
  7. MikeMl

    MikeMl Well-Known Member Most Helpful Member

    Joined:
    Mar 17, 2009
    Messages:
    11,423
    Likes:
    600
    Location:
    AZ 86334
    I am using remote, publicly accessible SDRs from this list:


    DNS vs numerical URLs has nothing to do with it. Appending ":89xx" to either a numeric or text-based URL was being blocked by the firewall in my modem.
     
  8. dave miyares

    Dave New Member

    Joined:
    Jan 12, 1997
    Messages:
    2
    Likes:
    -10


     
  9. Pommie

    Pommie Well-Known Member Most Helpful Member

    Joined:
    Mar 18, 2005
    Messages:
    10,710
    Likes:
    421
    Location:
    Brisbane Australia
    Can you use port start 8900 and port end 8999?

    Mike,
     
  10. MikeMl

    MikeMl Well-Known Member Most Helpful Member

    Joined:
    Mar 17, 2009
    Messages:
    11,423
    Likes:
    600
    Location:
    AZ 86334
    Does opening a wide range of ports pose a security hazard?
     
  11. Nigel Goodwin

    Nigel Goodwin Super Moderator Most Helpful Member

    Joined:
    Nov 17, 2003
    Messages:
    39,619
    Likes:
    697
    Location:
    Derbyshire, UK
    ONLINE
    Obviously so, they are closed for a reason - open just the ones you need.
     
  12. dr pepper

    dr pepper Well-Known Member Most Helpful Member

    Joined:
    Oct 6, 2008
    Messages:
    5,077
    Likes:
    301
    Location:
    North west UK
    I suggested Dns as a means of access other than numeric, of course if your server or Isp doesnt like it then it wont work.
    Certain port numbers are disliked by some Isp's, they say for security reasons, not sure why.
    A kiwi Sdr has just started up on the hills a few miles from me, and they have a Vlf loop, excellent!
    If I wanted to be really sad I could talk to myself.
    Someday radio will be a thing of the past at least for the average Joe, other than a microwave connection to the net.
     
  13. MikeMl

    MikeMl Well-Known Member Most Helpful Member

    Joined:
    Mar 17, 2009
    Messages:
    11,423
    Likes:
    600
    Location:
    AZ 86334
    So after working for several months, the problem has resurfaced. My wife's win7 computer can connect through the modem to the sdrs just fine. If I use my ham shack win 7 computer, it just times out. No changes other than what might have happened during updates or new software installation.

    Is there a diagnostic I can run from my computer to see where it is getting blocked?
     
  14. eTech

    eTech Active Member

    Joined:
    Apr 25, 2012
    Messages:
    636
    Likes:
    72
    ONLINE
    Some basic things to try:

    Make sure your router firewall is allowing more internal IP's to the destination

    Turn off the windows firewall temporarily and try to connect.

    Try traceroute to the destination.

    Open a command prompt, then type tracert (ip address of sdr w/o port number)<enter>

    see how far it gets before timing out.

    If you accessing the site using a dns name, make sure it can resolve the name.

    Open a command prompt, then type nslookup (FQDN of sdr)<enter>

    It should return the ip address mapped to the dns name.

    Just to confirm, try these same commands on the working computer.

    also

    On the working computer, check the connection to the site.
    Open a command prompt, then type netstat -an<enter>

    Look at the output. There should be a line with the "state" column shown as "Established".
    The column labeled "Foreign Address" should be the SDR IP address and port number.
    This should be the same IP being connected to on the non-working computer.

    eT
     
  15. KeepItSimpleStupid

    KeepItSimpleStupid Well-Known Member Most Helpful Member

    Joined:
    Oct 30, 2010
    Messages:
    10,144
    Likes:
    1,123
    ONLINE
    ipconfig /flushdns
    at the CMD prompt on the non-working computer should work. Make sure there is a space between the g and the /.
     
  16. large_ghostman

    large_ghostman Well-Known Member Most Helpful Member

    Joined:
    Jan 7, 2011
    Messages:
    4,725
    Likes:
    532
    Location:
    SCOTLAND
    It sounds like your virus protection or firewall this time. I leave alot of my router ports open, most hackers or script kiddies, they use ARMITAGE and such to pivot access on your machine, this is why some ports should stay shut. Some ports relate to specific windows applications most never need or use, armitage works by using known vulnerabilities on these ports.

    So my thinking is, if someone is going to hack they are one of two types, ones who use software to exploit and ones who know what they are doing. The first type you simply go look up lists on the web of known security hazard ports and close them. The other type would scan your network and find an open port somewhere, your firewall is then your last protection, but seriously if they want you......

    So its the first group mainly to worry about and they are simple to avoid.

    Your SDR problem.

    Check no firewall or protection software has updated, it may be a virus has been found and the software has updated everyone to close a known port. You can get graphical programs that will show you your network and beyound and how far they get. use one of those and i bet you get stopped at the pc (firewall problem).
     
  17. dr pepper

    dr pepper Well-Known Member Most Helpful Member

    Joined:
    Oct 6, 2008
    Messages:
    5,077
    Likes:
    301
    Location:
    North west UK
    You can briefly just for a test use the Dmz mode of your router, this turns off all protection.
    Dont leave it long though.
     
  18. large_ghostman

    large_ghostman Well-Known Member Most Helpful Member

    Joined:
    Jan 7, 2011
    Messages:
    4,725
    Likes:
    532
    Location:
    SCOTLAND
    Its the other way around Dr Pepper. Turn off the OS firewall first, no change and you know its the router firewall. I would guess pc firewall because it was working, most routers hardly ever update so its more likely a software patch.
     
  19. KeepItSimpleStupid

    KeepItSimpleStupid Well-Known Member Most Helpful Member

    Joined:
    Oct 30, 2010
    Messages:
    10,144
    Likes:
    1,123
    ONLINE
    My feeling is, it the nature of dynamic DNS. Something is caching the old address. It could be the router or the Windows box, I would expect the Windpws box.

    Not sure if nslookup would use the cached address or get a new one.
     
  20. dr pepper

    dr pepper Well-Known Member Most Helpful Member

    Joined:
    Oct 6, 2008
    Messages:
    5,077
    Likes:
    301
    Location:
    North west UK
    Yes ghostie, I made the assumption the op had done that.
    But you know what they say, never assume.
     
  21. large_ghostman

    large_ghostman Well-Known Member Most Helpful Member

    Joined:
    Jan 7, 2011
    Messages:
    4,725
    Likes:
    532
    Location:
    SCOTLAND
    Well at least its win 7 and not 8 or 10!! Then it would be a real mess :D.

    I only mentioned it because i recently got a pc with Norton on, no way could i find port settings in the software or uninstall it! I ended up scrubbing the disk clean and putting my own OS on! I am looking at some my old win 7 tools for networks. I cant remember the name of the graphical one i used. Its really good at mapping......

    Command line is ok, but simple graphical is nice for what is needed.

    I cant help that much on this, most of what i have done in the last two years is occasional Red Team stuff. Obviously that has to be done with alot of different consents in place so isnt really an option.

    One last point.......

    With routers people get ancy about opening ports, there is a list of ports with KNOWN vulnerabilities on them, these tend to relate to operating system functions and calls. most so called hackers use programs designed to exploit these holes. programs in Kali Linux etc or Metasploit is the main tool used.

    Very few O days are used outside of the pen test community, so the idea is look up metasploit lists and close or patch those holes.

    A open port is not a problem for 90% of hacking, most so called hackers cant do a thing with a general open port, pc's dont work like that. if you come across someone who dosnt need metasploit, then dont fool yourself. if they want route they will get route in under an hour no matter who you are.

    But honestly 99.9% of people are of no interest to real hackers, very few true black hats exist. Those that do make a great deal of money doing what they do legally.
    Having said that.....

    in the day and age of raspberry pi and VM's, i personally have a pi and VM as the front facing connection to my router, as Jim can confirm, if you look up my ip from here it always returns to a ISP head office address, however it also pretty much always looks like its from a really dodgy site! or a black listed ip.

    I spoof my ip alot to use known black listed ip's, it stops most people wanting to scan what appears to be a ISP with a dodgy address ;).

    But using a VM and connected via that is 99.99% as safe as you get, if your VM gets infected just wipe it and reinstall, if the pi gets infected then sit back and enjoy the circles they go around in lol.
     
    Last edited: Feb 26, 2018
  22. MikeMl

    MikeMl Well-Known Member Most Helpful Member

    Joined:
    Mar 17, 2009
    Messages:
    11,423
    Likes:
    600
    Location:
    AZ 86334
    Got it working again without doing anything to the "Ham" computer. Rather, I reopened the modem's web page interface, and revisited the steps in post #4. I noticed that there were a total of four rules; two for the "ham" computer (one for each for port 8901 and 18901), and two for the wife's computer (one for each for port 8901 and 18901) that I had created months ago. Her computer could get to the sdrs, mine couldn't. All I did to get it working was to delete the two existing rules for "ham", recreate them, and put them back. Didn't touch the other two...

    Thanks for everyone who helped. I am keeping notes on how to use tracert, nslookup, ipconfig, and netstat. I tried them all out from my wife's computer, but by the time I got to my computer the underlying problem had gone away, so I wasn't able to see if they would have helped on mine.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice