I've always wondered what the difference was between tcp and udp. Write off list if you want to
toggle quoted messageShow quoted text
On Fri, 29 Mar 2019, Ralph wrote:
Put the the node's private IP address into the router's DMZ.
Or If you need to, forward the ports IRLP uses to the private IP address of the node. Unless it has changed, they should be TCP ports 15425, 15426, and 15427, as well as UDP ports 2074 through 2093
Quit worrying about IPv6. That is just the transport stuff and is beyond your control.
On 3/29/19, 4:57 PM, "k9dc" <IRLP@irlp.groups.io on behalf of Dave@...> wrote:
To be honest, an IRLP node must be open to the entire public Internet to operate at all. Placing a node behind a firewall on your internal network brings with it, some risk (however small) to the other machines on the same network because you have opened a permanent hole through the firewall from the outside world. Being *outside* the firewall is actually a bit safer. Keeping in mind “safer” means risk to other assets on your network. There is essentially no value at all in the IRLP node itself.
But as I mentioned earlier, it is often difficult or impossible to do that if your IRLP node is in your home. Most IRLP nodes are installed exactly as yours. It is hard to argue with 20 years of successful operation.
When we are asked for a router recommendation, our response is that we recommend that no router or firewall be used if possible. But typically it is rare that works for most users.
> On Mar 29, 2019, at 15:51, Rick Szajkowski <va3rzs2@...> wrote:
> Mine has been and always will be behind an fire wall for the last 20 ish years ( back when we where 3 digit node numbers ) we have had problems when not behind ( not my site but others , a router fixed the problem , but this was because it was a wisp ...
> Go figure
> Richard Szajkowski VA3RZS,VA3ZJ,VE3BTE
>> On Mar 29, 2019, at 3:31 PM, k9dc <Dave@...> wrote:
>> We actually recommend that an IRLP node be placed directly on the public Internet with no firewall or NAT router in front of it. IRLP machines are hardened and design to be run with a public address directly on it. I would say at least 90% of the trouble tickets we handle at the Install help desk are related to routers that are not properly configured with the correct ports opened. Placing a node directly on the public Internet is how the product was designed to work.
>> With that being said, we realize that it is frequently quite inconvenient, perhaps impossible to do that, given the state of residential Internet connections these days. So parts of the product, and the infrastructure is dedicated to supporting machines that are behind NAT gateways and using dynamic IP addresses.
>> But the bottom line is, installing the node behind a router or firewall is not required nor even a recommended practice. It can be done if you have to, but not necessary. I certainly would not spend any money just to firewall off your node.