Home
Last Heard
JFindU D-Star Maps
Repeater Directory
D-Star Solutions
Watch D-Star Grow
Forums
Updated Site
Joining The Network (Now Automated)
(Updated 01/10/2012
Japan D-Star Repeaters
App for Iphones
Updated Site
 
Nifty E-Z Guide to D-STAR Operation
The first published book on D-Star!

ID-8880H
IC-80AD
IC-2820
« previous next »
[Print]
Pages: [1]

Author Topic: Help with EOC firewall  (Read 1805 times)

kg4ulp

  • Posts: 10
Help with EOC firewall
« on: September 16, 2009, 04:58:06 PM »
Hi all, my first post here.

Over the past few months I have been working to get a D-Star installation going for the Gratiot County Amateur Radio Society's site at the EOC center near Alma, MI. The GCARA has a pretty good relationship with the EOC - we have a nice tower at the site and some room within the building to conduct club business. It is also the site of the D-Star system that we have installed. I am mostly a computer guy and got CentOS installed and installed and configured the D-Star software.

The problem we are running into concerns network security. The EOC will let us use their network but I am not sure we can work with their stringent security restrictions. My understanding of how D-Star works is that the computer connected to the internet must have the following ports open to the general internet:

Description Port No. Protocol
Voice Receive 40000 UDP
Data Receive 40001 TCP
Data Sync dplus 20001-20005 UDP,TCP
40002 outbound only

I got to the point where the person in control of the firewall for the EOC agreed to port forward those ports to the router hooked up to our D-Star computer, but would not open them up to the general internet, instead stating:

"We can open those ports to and from only specific IP's this would not compromise security. Get me the Outside IP's the DSTARUSERS.com uses and the inside IP's of the gateway and I can set it up."

As I understand it, there is no master list of IP numbers for D-Star. Or is there? Do these ports have to be open to the general internet? How have people dealt with firewall and port forwarding issues? Any help is greatly appreciated. We are itching to get this up and running and only this last roadblock seems to be in our way.

Thanks,

Leigh KG4ULP
Logged

N5MIJ

  • Administrator
  • *****
  • Posts: 38
Re: Help with EOC firewall
« Reply #1 on: September 16, 2009, 05:29:50 PM »
Leigh,

You're close on your port list.

D-STAR uses these ports:

20005 TCP for database sync
40000 UDP for Digital Voice
40001 TCP for high-speed data (23cm only, via RP2D)

DPlus uses these ports:

20001 - 20005 UDP for voice

We don't use 40002.

In all cases, your Gateway must use a default gateway of 10.0.0.1, and have those ports forwarded to 10.0.0.2 from that router.  In instances like you describe, we most often see the site define a new DMZ, and assign the Firewall DMZ port the 10.0.0.1 address, or use a dedicated router inside an existing DMZ, configured per the manual, with the ports forwarded appropriately.  Either way works very well to isolate the D-STAR traffic away from the protected LAN segments.

It is not possible to provide a static list of IP's for other Gateways.  The list of other Gateways grows (literally daily), and many of them are on dynamic addresses from their ISP's.  In the D-STAR network, there is no central site through which all communication flows; Gateways route voice traffic directly between themselves.

Good luck. 

73,
Jim
N5MIJ

Logged

kg4ulp

  • Posts: 10
Re: Help with EOC firewall
« Reply #2 on: September 16, 2009, 06:23:54 PM »
Thanks for the reply, Jim. That's what I figured. I think we just need to convince the EOC folks (or, rather, the folks who manage their machines) that D-Star does not present a security threat.
Logged
[Print]
Pages: [1]
« previous next »
 

SMF © 2011, Simple Machines © Copyright D-StarUsers.org, All Rights Reserved.