Firewall Rules for Beta Software Server

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • (@bbotello)

    I have looked through the online documentation and I am having a difficult time finding the firewall rules necessary to connect to the beta software server named “Mix Server Nürnberg.” I need to put in a request with our security office to open ports on an edge firewall to allow access to this server for several client machines. Can I get the following information:

    – Which ports with protocols need to be open outgoing on the SoundJack clients to connect to the software server?

    – Which ports with protocols need to be open incoming on the SoundJack clients to accept traffic from the software server or other SoundJack clients?

    – What is the IP address, or addresses, for the software server(s)?

    Thank you in advance for your help, it is much appreciated.

    (@oconnorstp)

    Hi Bonnie,

    Have a look at the FAQ section called “Port Forwarding”

    Here’s the link to the FAQ

    FAQ

    In short, open up port 50050 on your router. That should be all you need to do — the Stage will take care of the rest.

    (@bbotello)

    Thanks Mike! I did see that section in the documentation. I’m trying to get a little more detailed information for my security office so they can build firewall rules. The port number is super helpful though. 🙂

    (@oconnorstp)

    Hi Bonnie,

    Sorry it took me so long to get back to you.

    Soundjack will often work without a firewall port open on your end, because you’re initiating the connection to the server. Have you tried connecting to the Nürnberg server?

    Oof! I just realized that the FAQ kinda got garbled during the transition to the new server. Here’s a recap of the port-forwarding stuff that might cheer up your security team. The very last line is the reason I was asking whether you’d tried to connect to Nürnberg. It should be possible, because Nürnberg is wide open, so you should be able to connect to it even if no ports are open at your end. I hope this (retyped) version helps.

    – – – from FAQ

    Soundjack provides a very helpful tool to check the port-forwarding configuration of your router. The behavior of your router’s NAT (network address translation) is displayed as a three-digit number in brackets behind the UDP-Port2-Info at the “i”-symbol tooltip.

    <picture of the i-symbol tooltip>

    The first number indicates whether the default port is being changed from 50050 to anything else. Here are the possible values:

    ”1″ – NAT preserves the outbound port
    “3” – NAT changes the outbound port.

    The second number indicates port filtering. Here are the possible values:

    ”1″ or “3” – the outbound port can be reached by an external sender
    “8” – Soundjack assumes that the sender’s address has previously been used as the destination

    The third number (port mapping) relates to the first number. Here are possible values:

    ”1″ – port remains the same for additional connections
    ”8″ – port changes for each new connection

    Thus “111” can be considered a completely open NAT while “388” is the most restrictive type. However, if one peer of a bidirectional connection is “388” and the other is “111” it is possible to establish a link because the “111” will know the outbound port of the “388” NAT and will in turn use it as the destination (via port bending). Thus, connectivity always has to take both peers’ behavior into consideration.

    (@oconnorstp)

    Oh, one further note. Hovering over the “i” information-icon for the person/server you’re connecting with will give you their IP address, if that’s required by the firewall. Forgot…

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.