EchoLink firewall issue solution

EchoLink firewall issue solved

I run EchoLink on a Qwest DSL Internet connection, and recently was presented with the following firewall test results:
Testing TCP connectivity...Succeeded.
Testing UDP connectivity...
UDP 5198 Test #1...Receive failed (10060).
UDP 5199 Test #1...Receive failed (10060).
UDP 5198 Test #2...Succeeded.
UDP 5199 Test #2...Succeeded.
Firewall test FAILED.

My setup uses an Actiontec M1000 modem and that feeds into a Dynex DX-WGRTR router.

As it turns out, the M1000 is a modem with router capability built-in, even though it has just one port.  You can buy additional modules to make a full-blown router and wireless network out of it, but I already have my own router and network set up.

I worked with Joe, KF7CDM, of the 2100 Net, who works for the phone company, and he brought home an M1000 modem to try to figure out what I needed to do, but Skype with its screen-sharing ability really came in handy along the way.

Before we tore into things, we made note of the two IP addresses used for DNS, found on the router's status screen.  These will be entered into a static IP setup in the router, and in a static IP setup on the EchoLink computer.

The modem's setup page can be accessed by visiting the modem's IP address, 192.168.0.1.  This is the IP that will be used by the router as its gateway, while the router can be visited by going to 192.168.2.1.  This address will be used in the EchoLink computer as its gateway.

We wound up going in to the modem's Advanced Setup screen, and under Security we went to Advanced Port Forwarding.  There we encountered two entry fields for Port IP range, a drop-down menu box for Protocol and a text entry for IP address.  In the first box enter 5198 and in the second, enter 5199.  Select UDP from the drop-down list and enter the IP address for the connected router, which we found to be 192.168.0.3.  Leave the second line of entries alone, with the first box containing the numeral 0 and the second containing 65535.  Leave the box checked for Any IP.

We turned off the DHCP server, and hit Apply.

Next, in the router, we set the connection to static IP, assigning the router an IP address on the modem network of 192.158.0.3, subnet mask of 255.255.255.0, and gateway address of 192.168.0.1, the IP of the modem.  On the next screen, we used the two DNS addresses assigned before we started making changes.

Still in the router, we set the DHCP server range to between 192.168.2.5 and 192.168.2.15 from their original last-digit values of .2 and .11.  The computer running EchoLink was assigned a static IP address of 192.168.2.3, below the range of addresses handled by the DHCP server.  The computer assignment is done in the Network Connections properties in Windows, or the manual network configuration icon in Ubuntu Linux.  More on this in a moment.

Still in the router, we go under the firewall heading and set virtual servers.  This is otherwise known as port forwarding.  In the Dynex router, I had to enter port 5198-5198 for UDP routed to IP address 192.168.2.3 port 5198-5198 on one line, and repeat for port 5199-5199 on a second line.  I called each entry "For EchoLink" and put a tick in the checkbox on both lines.

To set the EchoLink Windows computer's IP on the network, we opened the Control Panel, Network Connections, and on the network connection used for the connection to the router, we right-clicked, and selected Properties.  In the drop-down list we selected TCP-IP and hit Properties.

We chose to "use the following IP address," and entered 192.168.2.3 there, and subnet mask by default filled in with 255.255.255.0, and we used the router's address, 192.168.2.1 as the gateway, not the modem's 192.168.0.1.  We assigned the original two DNS addresses in the boxes below.

In the Windows XP computer running EchoLink, Live One Care's firewall is set to allow ports 5198 and 5199 to pass UDP traffic.  The firewall test does not hesitate for a moment when it is run, and comes out passing all tests.

The router still assigns IP addresses to the EchoLink computer within the DHCP client list, but it will assign IP addresses to any other connecting computers.  While the router assigns IP addresses, they are not used by the static-IP computer running EchoLink.

I have yet to explore the impact on other networking of these computers, file-sharing and the like.  These functions perhaps will have to be manually configured.  The Internet connection is going to function on all connected computers, however, as long as no two computers have the same IP address.

WB7C EchoLink should be able to handle five connections all right.

My thanks to Joe, KF7CDM for his help in this project!