Firewall Rules for Beta Software Server
September 8, 2020 at 9:29 pm5 months, 2 weeks ago(@bbotello)
I have looked through the online documentation and I am having a difficult time finding the firewall rules necessary to connect to the beta software server named “Mix Server Nürnberg.” I need to put in a request with our security office to open ports on an edge firewall to allow access to this server for several client machines. Can I get the following information:
– Which ports with protocols need to be open outgoing on the SoundJack clients to connect to the software server?
– Which ports with protocols need to be open incoming on the SoundJack clients to accept traffic from the software server or other SoundJack clients?
– What is the IP address, or addresses, for the software server(s)?
Thank you in advance for your help, it is much appreciated.September 9, 2020 at 11:38 pm5 months, 2 weeks ago(@bbotello)
Thanks Mike! I did see that section in the documentation. I’m trying to get a little more detailed information for my security office so they can build firewall rules. The port number is super helpful though. 🙂September 11, 2020 at 1:35 am5 months, 2 weeks ago(@oconnorstp)
Sorry it took me so long to get back to you.
Soundjack will often work without a firewall port open on your end, because you’re initiating the connection to the server. Have you tried connecting to the Nürnberg server?
Oof! I just realized that the FAQ kinda got garbled during the transition to the new server. Here’s a recap of the port-forwarding stuff that might cheer up your security team. The very last line is the reason I was asking whether you’d tried to connect to Nürnberg. It should be possible, because Nürnberg is wide open, so you should be able to connect to it even if no ports are open at your end. I hope this (retyped) version helps.
– – – from FAQ
Soundjack provides a very helpful tool to check the port-forwarding configuration of your router. The behavior of your router’s NAT (network address translation) is displayed as a three-digit number in brackets behind the UDP-Port2-Info at the “i”-symbol tooltip.
<picture of the i-symbol tooltip>
The first number indicates whether the default port is being changed from 50050 to anything else. Here are the possible values:
”1″ – NAT preserves the outbound port
“3” – NAT changes the outbound port.
The second number indicates port filtering. Here are the possible values:
”1″ or “3” – the outbound port can be reached by an external sender
“8” – Soundjack assumes that the sender’s address has previously been used as the destination
The third number (port mapping) relates to the first number. Here are possible values:
”1″ – port remains the same for additional connections
”8″ – port changes for each new connection
Thus “111” can be considered a completely open NAT while “388” is the most restrictive type. However, if one peer of a bidirectional connection is “388” and the other is “111” it is possible to establish a link because the “111” will know the outbound port of the “388” NAT and will in turn use it as the destination (via port bending). Thus, connectivity always has to take both peers’ behavior into consideration.September 11, 2020 at 10:01 pm5 months, 2 weeks ago(@oconnorstp)
Oh, one further note. Hovering over the “i” information-icon for the person/server you’re connecting with will give you their IP address, if that’s required by the firewall. Forgot…
- You must be logged in to reply to this topic.