Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Port forwarding on Spark wireless LAN
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
batdan
79 posts

Master Geek

ID Verified

  #2308868 31-Aug-2019 19:31
Send private message

Petenz:

I have also discovered that PiAware cannot connect to Flightaware and is thus down the drain along with PlanePlotter now that I am on Spark wireless Broadband.


I run piaware on Skinny 4g broadband with CGNAT. Works fine. Does not require port forwarding as just uploads data.



cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2308891 31-Aug-2019 20:21
Send private message

Hi, just done a bit of reading on Flightaware, there seems absolutely no requirement for port forwarding, if so it should work fine from behind CG-NAT.......ymmv

 

Cyril

Oblivian
7304 posts

Uber Geek

ID Verified

  #2308909 31-Aug-2019 22:36
Send private message

If users have it on CG-NAT now, it would be needed to check if the servers MLAT data being fed back is on your local map (most people wouldn't bother and just rely on their data going out to get upgraded accounts)

 

It isn't clear if it is coming in via the 2-way link it starts up with FA, or establishes separate inbound. Quite possibly on the same datastream as I don't currently have a pinhole (like you suggest) and get results.

 

FR24 - your data goes out, MLAT is shown on the web only. Flightaware - your data is sent, they combine and calculate it and send results  straight back.

 

By default, multilateration positions resulting from the data that you feed to FlightAware are returned to you by sending them to the local dump1090 process on port 30104; dump1090 will then include them on the web map it generates.

 

Planeplotter, does need inbound traffic (UDP 9742) if you wish to see similar MLAT raw results, or get Master User status and assist with generating them

 

Their system isn't as smart and needs it's own inbound stream

 

 

 

 



cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2308954 1-Sep-2019 08:35
Send private message

So the following image shows the faup1090 process creates one outbound connection, and the fa-mlat-client creates an outbound connection 30005 and it would appear return traffic is on the same port or possibly 30104 which I assume the client opens to the server for it to return traffic on. ie all are outbound connections, ie no pinhole required, well thats how I read it, I could be wrong. 

 

This is a client/server setup, it would be very poor engineering if the server required the client open inbound connections from it, surely the client initiates and creates all channels required.

 

Click to see full size

 

 

 

Cyril

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2308958 1-Sep-2019 09:24
Send private message

When I look at that very same image I can't see any requirement for a port forward. It shows two way traffic over the same socket for MLAT traffic to and from the FA server.

That would be an incredibly sloppy design.

It's safe to say most people don't realise the security implications of port forwards.

I know @scottjpalmer has been feeding FR24 and FA for ages using CG-NAT, he might be able to offer some advice.

Oblivian
7304 posts

Uber Geek

ID Verified

  #2308962 1-Sep-2019 09:42
Send private message

Ok, so looks like the 2way data from Fa sorted. And somewhat established

I too have been feeding all of them since about 2010

Those 2 are very unlikely to see an issue. As I say most tend to be used out only anyway. And more use them than planeplotter

Planeplotter however, has a specific inbound test performed as part of it's setup checks to grant the ground station status that would likely fail.

But again, it's not a feature everyone takes advantage of.

cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2308967 1-Sep-2019 09:59
Send private message

So only other thought I had is do the servers require you register your public IP with them (be it your real local one or the CG-NAT routers gateway) to let you through there firewall, this would explain why the OP might have been having issues, but not being a user of this service I cannot comment further.

 

Cyril

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
Oblivian
7304 posts

Uber Geek

ID Verified

  #2308968 1-Sep-2019 10:03
Send private message

Basically this, doesn't occur without one. It is a web-generated test that tells the server to try connect

 

Click to see full size

 

 

 

I believe the MLAT/Raw data results server is different from the one you upload to. But it uses your connection to get the return IP and establish inbound on it

 

But the only advserse effect you would see, was no localised MLAT results (most tracking sites will do this now anyway) and can't use your data to help the others around you be more precise

cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2308978 1-Sep-2019 11:06
Send private message

Hi so what you are saying is with newer servers its not required, so will work 100% without the port forwarding and or CG-NAT.

I recommend that if you Do require port forwarding and you know the server IP that will be using it then firewall the port forward to just that IP, if your router does not support that filtering then you are using the wrong device.

Cyril

Oblivian
7304 posts

Uber Geek

ID Verified

  #2308985 1-Sep-2019 11:38
Send private message

cyril7: Hi so what you are saying is with newer servers its not required, so will work 100% without the port forwarding and or CG-NAT.

I recommend that if you Do require port forwarding and you know the server IP that will be using it then firewall the port forward to just that IP, if your router does not support that filtering then you are using the wrong device.

Cyril


More, the chap who does planeplotter hasn't seem to considered public IPs disappearing. And as such his peer2peer / 2 source connection requirements implemented (1 server receive/send data and a 2nd separate MLAT results server or near neighbour direct) are going to bite anyone on CGNathat wish to use those
MLAT functions

(The planeplotter server so kindly offers others your IP as a source for data too to allow somewhat of a mesh calculation :/)

Whereas flightaware has taken care of it with sending the different MLAT data back down the same single connection you make.

In short. OP shouldn't see any change In operation. Other than noone will be able to use his data directly, and likely won't be able to calculate mlat targets within the planeplotter screen.

Anything out side of that is likely coincidental as I see no reason for it not to work. Planeplotter is the only odd one that needs open inbound

cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2308988 1-Sep-2019 11:49
Send private message

Hi, if you do happen to enage with the flightawre developers I suggest you advise them to redesign both in the interest of security and with the increasing CG-NAT situation.

 

Also would it not make sense that data you forward to their servers, you can elect if this is forwarded to others, but not from you but from the server, surely a better engineered solution.

 

Cyril

Oblivian
7304 posts

Uber Geek

ID Verified

  #2308990 1-Sep-2019 12:01
Send private message

cyril7:

Hi, if you do happen to enage with the flightawre developers I suggest you advise them to redesign both in the interest of security and with the increasing CG-NAT situation.


Also would it not make sense that data you forward to their servers, you can elect if this is forwarded to others, but not from you but from the server, surely a better engineered solution



Flightaware is fine. It's all server side. And the data uses a sngle stream that we establish. Not the issue here.

Planeplotter is, and that spawned his later concerns of potential for flightaware to be the same. But now identified as fine/out only.

Planeplotter is the bugbear. And it is opt-in somewhat. As part of the request to enable the master user/ground station status.

Explained under security considerations http://www.coaa.co.uk/multilat.pdf

BarTender
3607 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2308993 1-Sep-2019 12:04
Send private message

Static IP on Wireless Broadband has been available for at almost 2 years since around November/December 2017 since that was when I built it. 😁

 

You have a Static IP address in the same range as the current Fixed Broadband Static IPs as your Wireless session gets terminated on the same BNGs that terminate fixed broadband and it gets terminated exactly the same way BUBA customers get terminated for the moment.

 

But I personally would recommend against getting a Static IP on Wireless Broadband unless you absolutely need it as if you get DDoSed there isn't much you can do to stop it plus there is a constant stream of background noise on the internet all of which you will go against your data cap. I remember there wasn't an easy way to flick between static and dynamic much like there is on fixed broadband putting in the username "NoStatic".

1 | 2 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright