Port forwarding for WebSDR?

[MikeMl]

I cannot get to w7rna.dyndns-remote.com:8901/ (The Sedona SDR)

or 69.27.184.62:8901/ (The Half Moon Bay SDR)

It used to work a couple of years ago, but now I cant seem to get through the firewall on my Actiontec GT-724-WG DSL modem. I had some issues with the modem, and lost the previous settings.

No URL with :8901 appended seems to connect. What settings are required to allow connection to the WEBSDRs?

 

[jpanhalt]

I just typed in the second url and the site came up. I am on fiber optic with Armstrong ( a small regional ISP) and Chrome. Modem= Arris model TM822G . Most settings were simply default windows.

If I knew which settings you need, I could check.

For Sedona, Google did a search and came up with :**broken link removed** that also works.

John

 

[dr pepper]

You should be able to connect Ok.
Some Isp's do ot allow certain ports, might be worth a check on your Isp.
You can for a short time enable Dmz on your router to see if the firewall is messing it up, but dont leave it on.

 

[MikeMl]

Got it working. In the GT724-WG modem, under the Security Tab:
Under Port Forwarding:
Click on User:
Click on New:
Make up a Rule Name: "Half Moon SDR", for example
Select Protocol: "TCP,UDP"
Port Start:8901 Port End:8901 Port Map Start:8901
Click Apply
Click Back
On the Port Forwarding Page, click on the new rule you just created, then click Add.
On the Port Forwarding Page, click on Apply.


btw- I use the latest Firefox. That had nothing to do with the original problem.

Next question:Can I avoid having to create a separate entry for every different :89xx port? I just found some I'd like to use that have a different port#

 

[dr pepper]

That sounds like you have the Sdr and are connecting it to the web, I thought you wanted to access someone else's Sdr.
You can also use Dns if you want a name rather than a Ip number.

 

[MikeMl]

That sounds like you have the Sdr and are connecting it to the web, I thought you wanted to access someone else's Sdr.

I am using remote, publicly accessible SDRs from this list:

You can also use Dns if you want a name rather than a Ip number.

DNS vs numerical URLs has nothing to do with it. Appending ":89xx" to either a numeric or text-based URL was being blocked by the firewall in my modem.

 

[Pommie]

Can you use port start 8900 and port end 8999?

Mike,

 

[MikeMl]

Can you use port start 8900 and port end 8999?

Mike,

Does opening a wide range of ports pose a security hazard?

 

[Nigel Goodwin]

Does opening a wide range of ports pose a security hazard?

Obviously so, they are closed for a reason - open just the ones you need.

 

[dr pepper]

I suggested Dns as a means of access other than numeric, of course if your server or Isp doesnt like it then it wont work.
Certain port numbers are disliked by some Isp's, they say for security reasons, not sure why.
A kiwi Sdr has just started up on the hills a few miles from me, and they have a Vlf loop, excellent!
If I wanted to be really sad I could talk to myself.
Someday radio will be a thing of the past at least for the average Joe, other than a microwave connection to the net.

 

[MikeMl]

So after working for several months, the problem has resurfaced. My wife's win7 computer can connect through the modem to the sdrs just fine. If I use my ham shack win 7 computer, it just times out. No changes other than what might have happened during updates or new software installation.

Is there a diagnostic I can run from my computer to see where it is getting blocked?

 

[eTech]

So after working for several months, the problem has resurfaced. My wife's win7 computer can connect through the modem to the sdrs just fine. If I use my ham shack win 7 computer, it just times out. No changes other than what might have happened during updates or new software installation.

Is there a diagnostic I can run from my computer to see where it is getting blocked?

Some basic things to try:

Make sure your router firewall is allowing more internal IP's to the destination

Turn off the windows firewall temporarily and try to connect.

Try traceroute to the destination.

Open a command prompt, then type tracert (ip address of sdr w/o port number)<enter>

see how far it gets before timing out.

If you accessing the site using a dns name, make sure it can resolve the name.

Open a command prompt, then type nslookup (FQDN of sdr)<enter>

It should return the ip address mapped to the dns name.

Just to confirm, try these same commands on the working computer.

also

On the working computer, check the connection to the site.
Open a command prompt, then type netstat -an<enter>

Look at the output. There should be a line with the "state" column shown as "Established".
The column labeled "Foreign Address" should be the SDR IP address and port number.
This should be the same IP being connected to on the non-working computer.

eT

 

[KeepItSimpleStupid]

ipconfig /flushdns
at the CMD prompt on the non-working computer should work. Make sure there is a space between the g and the /.

 

[large_ghostman]

It sounds like your virus protection or firewall this time. I leave alot of my router ports open, most hackers or script kiddies, they use ARMITAGE and such to pivot access on your machine, this is why some ports should stay shut. Some ports relate to specific windows applications most never need or use, armitage works by using known vulnerabilities on these ports.

So my thinking is, if someone is going to hack they are one of two types, ones who use software to exploit and ones who know what they are doing. The first type you simply go look up lists on the web of known security hazard ports and close them. The other type would scan your network and find an open port somewhere, your firewall is then your last protection, but seriously if they want you......

So its the first group mainly to worry about and they are simple to avoid.

Your SDR problem.

Check no firewall or protection software has updated, it may be a virus has been found and the software has updated everyone to close a known port. You can get graphical programs that will show you your network and beyound and how far they get. use one of those and i bet you get stopped at the pc (firewall problem).

 

[dr pepper]

You can briefly just for a test use the Dmz mode of your router, this turns off all protection.
Dont leave it long though.

 

[large_ghostman]

You can briefly just for a test use the Dmz mode of your router, this turns off all protection.
Dont leave it long though.

Its the other way around Dr Pepper. Turn off the OS firewall first, no change and you know its the router firewall. I would guess pc firewall because it was working, most routers hardly ever update so its more likely a software patch.

 

[KeepItSimpleStupid]

My feeling is, it the nature of dynamic DNS. Something is caching the old address. It could be the router or the Windows box, I would expect the Windpws box.

Not sure if nslookup would use the cached address or get a new one.

 

[dr pepper]

Yes ghostie, I made the assumption the op had done that.
But you know what they say, never assume.

 

[large_ghostman]

Yes ghostie, I made the assumption the op had done that.
But you know what they say, never assume.

Well at least its win 7 and not 8 or 10!! Then it would be a real mess .

I only mentioned it because i recently got a pc with Norton on, no way could i find port settings in the software or uninstall it! I ended up scrubbing the disk clean and putting my own OS on! I am looking at some my old win 7 tools for networks. I cant remember the name of the graphical one i used. Its really good at mapping......

Command line is ok, but simple graphical is nice for what is needed.

I cant help that much on this, most of what i have done in the last two years is occasional Red Team stuff. Obviously that has to be done with alot of different consents in place so isnt really an option.

One last point.......

With routers people get ancy about opening ports, there is a list of ports with KNOWN vulnerabilities on them, these tend to relate to operating system functions and calls. most so called hackers use programs designed to exploit these holes. programs in Kali Linux etc or Metasploit is the main tool used.

Very few O days are used outside of the pen test community, so the idea is look up metasploit lists and close or patch those holes.

A open port is not a problem for 90% of hacking, most so called hackers cant do a thing with a general open port, pc's dont work like that. if you come across someone who dosnt need metasploit, then dont fool yourself. if they want route they will get route in under an hour no matter who you are.

But honestly 99.9% of people are of no interest to real hackers, very few true black hats exist. Those that do make a great deal of money doing what they do legally.
Having said that.....

in the day and age of raspberry pi and VM's, i personally have a pi and VM as the front facing connection to my router, as Jim can confirm, if you look up my ip from here it always returns to a ISP head office address, however it also pretty much always looks like its from a really dodgy site! or a black listed ip.

I spoof my ip alot to use known black listed ip's, it stops most people wanting to scan what appears to be a ISP with a dodgy address .

But using a VM and connected via that is 99.99% as safe as you get, if your VM gets infected just wipe it and reinstall, if the pi gets infected then sit back and enjoy the circles they go around in lol.

 

[MikeMl]

Got it working again without doing anything to the "Ham" computer. Rather, I reopened the modem's web page interface, and revisited the steps in post #4. I noticed that there were a total of four rules; two for the "ham" computer (one for each for port 8901 and 18901), and two for the wife's computer (one for each for port 8901 and 18901) that I had created months ago. Her computer could get to the sdrs, mine couldn't. All I did to get it working was to delete the two existing rules for "ham", recreate them, and put them back. Didn't touch the other two...

Thanks for everyone who helped. I am keeping notes on how to use tracert, nslookup, ipconfig, and netstat. I tried them all out from my wife's computer, but by the time I got to my computer the underlying problem had gone away, so I wasn't able to see if they would have helped on mine.