Router/firewall configuration to allow n-stream connection

Posted by: kTana on 04 January 2012

Hi,

I have an iPod touch with n-stream application installed. It connects via a Wifi router to a 1st network. In this network a second (wired) router is connected. Behind this 2nd network is a unitiserve (with a fixed IP address). The question is which port(s)/service(s) should I open on the 2nd router to allow n-stream to connect the unitiserve?

It seems authorizing http (port 80) is not enough.

Thanks ahead

FranÇois

Posted on: 04 January 2012 by Guido Fawkes

Why not open them all - is there a danger that something on your wireless network will try to attack your UnitiServe? 

 

If it is any help scanning the UQ gives 

 

Port Scan has started ...

 

Port Scanning host: 10.10.10.6

 

Open TCP Port:23 (telnet)

Open TCP Port:80  (http)

Open TCP Port:6666

Open TCP Port:8080 (http-alt)

Open TCP Port:15555 (snat)

Port Scan has completed ...

 

I don't have a US to try. However scanning assumes the US doesn't dynamically open a port when the Naim nServe client connects to it on an open port. 

 

I think if you dropped Phil Harris a note at Naim support then he'd tell you which ports you need to permit in your ACLs on your router. 


Richard if I have contravened any rules by listing the port numbers, please could you delete. Thanks, Guy

Posted on: 04 January 2012 by garyi
Can i ask why the complicated network set up?
Posted on: 04 January 2012 by Simon-in-Suffolk
Francois, you should be aware that upnp and Nstream (as well as Apple Airplay) use multicast and broadcast packets. Therefore if you have several networks behind routers you will need your routers and preferably your switches to support IGMP and IGMP Snooping respectively. Additionally  broadcast forwarding across the subnets will need to be set up. It's far more than opening ports..
As Gary asks, why the complex network? If you keep your Nstream, upnp server  and network player in the same network ( ie subnet) and bridge the wifi via an access point you massively simplify the installation and regular consumer network devices will support streaming with little or no network configuration, and then your Nstream should be able to discover your UQ. On a sinle network you can still control security using access control lists or better secure ports on your switches ( although you will need industrial not consumer switches) but unless your equipment is in an untrusted environment is this not over the top?
Simon
Posted on: 13 January 2012 by kTana

Thank you Guys, actually the second network is the one I use for business. The first router is the telecom operator box/gateway/router which I do not consider to be part of a trusted environment (of course it is configurable but it's also configurable by the telco). So I will add a wifi access point to my wired router and it will be fine. Thanks again