Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
32 posts

Geek


  # 2308868 31-Aug-2019 19:31
Send private message quote this post

Petenz:

I have also discovered that PiAware cannot connect to Flightaware and is thus down the drain along with PlanePlotter now that I am on Spark wireless Broadband.


I run piaware on Skinny 4g broadband with CGNAT. Works fine. Does not require port forwarding as just uploads data.

6973 posts

Uber Geek

Trusted
Subscriber

  # 2308891 31-Aug-2019 20:21
One person supports this post
Send private message quote this post

Hi, just done a bit of reading on Flightaware, there seems absolutely no requirement for port forwarding, if so it should work fine from behind CG-NAT.......ymmv

 

Cyril


 
 
 
 


3363 posts

Uber Geek


  # 2308909 31-Aug-2019 22:36
One person supports this post
Send private message quote this post

If users have it on CG-NAT now, it would be needed to check if the servers MLAT data being fed back is on your local map (most people wouldn't bother and just rely on their data going out to get upgraded accounts)

 

It isn't clear if it is coming in via the 2-way link it starts up with FA, or establishes separate inbound. Quite possibly on the same datastream as I don't currently have a pinhole (like you suggest) and get results.

 

FR24 - your data goes out, MLAT is shown on the web only. Flightaware - your data is sent, they combine and calculate it and send results  straight back.

 

By default, multilateration positions resulting from the data that you feed to FlightAware are returned to you by sending them to the local dump1090 process on port 30104; dump1090 will then include them on the web map it generates.

 

Planeplotter, does need inbound traffic (UDP 9742) if you wish to see similar MLAT raw results, or get Master User status and assist with generating them

 

Their system isn't as smart and needs it's own inbound stream

 

 

 

 


6973 posts

Uber Geek

Trusted
Subscriber

  # 2308954 1-Sep-2019 08:35
Send private message quote this post

So the following image shows the faup1090 process creates one outbound connection, and the fa-mlat-client creates an outbound connection 30005 and it would appear return traffic is on the same port or possibly 30104 which I assume the client opens to the server for it to return traffic on. ie all are outbound connections, ie no pinhole required, well thats how I read it, I could be wrong. 

 

This is a client/server setup, it would be very poor engineering if the server required the client open inbound connections from it, surely the client initiates and creates all channels required.

 

Click to see full size

 

 

 

Cyril


28270 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2308958 1-Sep-2019 09:24
Send private message quote this post

When I look at that very same image I can't see any requirement for a port forward. It shows two way traffic over the same socket for MLAT traffic to and from the FA server.

That would be an incredibly sloppy design.

It's safe to say most people don't realise the security implications of port forwards.

I know @scottjpalmer has been feeding FR24 and FA for ages using CG-NAT, he might be able to offer some advice.

3363 posts

Uber Geek


  # 2308962 1-Sep-2019 09:42
Send private message quote this post

Ok, so looks like the 2way data from Fa sorted. And somewhat established

I too have been feeding all of them since about 2010

Those 2 are very unlikely to see an issue. As I say most tend to be used out only anyway. And more use them than planeplotter

Planeplotter however, has a specific inbound test performed as part of it's setup checks to grant the ground station status that would likely fail.

But again, it's not a feature everyone takes advantage of.

6973 posts

Uber Geek

Trusted
Subscriber

  # 2308967 1-Sep-2019 09:59
Send private message quote this post

So only other thought I had is do the servers require you register your public IP with them (be it your real local one or the CG-NAT routers gateway) to let you through there firewall, this would explain why the OP might have been having issues, but not being a user of this service I cannot comment further.

 

Cyril


 
 
 
 


3363 posts

Uber Geek


  # 2308968 1-Sep-2019 10:03
Send private message quote this post

Basically this, doesn't occur without one. It is a web-generated test that tells the server to try connect

 

Click to see full size

 

 

 

I believe the MLAT/Raw data results server is different from the one you upload to. But it uses your connection to get the return IP and establish inbound on it

 

But the only advserse effect you would see, was no localised MLAT results (most tracking sites will do this now anyway) and can't use your data to help the others around you be more precise


6973 posts

Uber Geek

Trusted
Subscriber

  # 2308978 1-Sep-2019 11:06
Send private message quote this post

Hi so what you are saying is with newer servers its not required, so will work 100% without the port forwarding and or CG-NAT.

I recommend that if you Do require port forwarding and you know the server IP that will be using it then firewall the port forward to just that IP, if your router does not support that filtering then you are using the wrong device.

Cyril

3363 posts

Uber Geek


  # 2308985 1-Sep-2019 11:38
Send private message quote this post

cyril7: Hi so what you are saying is with newer servers its not required, so will work 100% without the port forwarding and or CG-NAT.

I recommend that if you Do require port forwarding and you know the server IP that will be using it then firewall the port forward to just that IP, if your router does not support that filtering then you are using the wrong device.

Cyril


More, the chap who does planeplotter hasn't seem to considered public IPs disappearing. And as such his peer2peer / 2 source connection requirements implemented (1 server receive/send data and a 2nd separate MLAT results server or near neighbour direct) are going to bite anyone on CGNathat wish to use those
MLAT functions

(The planeplotter server so kindly offers others your IP as a source for data too to allow somewhat of a mesh calculation :/)

Whereas flightaware has taken care of it with sending the different MLAT data back down the same single connection you make.

In short. OP shouldn't see any change In operation. Other than noone will be able to use his data directly, and likely won't be able to calculate mlat targets within the planeplotter screen.

Anything out side of that is likely coincidental as I see no reason for it not to work. Planeplotter is the only odd one that needs open inbound

6973 posts

Uber Geek

Trusted
Subscriber

  # 2308988 1-Sep-2019 11:49
Send private message quote this post

Hi, if you do happen to enage with the flightawre developers I suggest you advise them to redesign both in the interest of security and with the increasing CG-NAT situation.

 

Also would it not make sense that data you forward to their servers, you can elect if this is forwarded to others, but not from you but from the server, surely a better engineered solution.

 

Cyril


3363 posts

Uber Geek


  # 2308990 1-Sep-2019 12:01
Send private message quote this post

cyril7:

Hi, if you do happen to enage with the flightawre developers I suggest you advise them to redesign both in the interest of security and with the increasing CG-NAT situation.


Also would it not make sense that data you forward to their servers, you can elect if this is forwarded to others, but not from you but from the server, surely a better engineered solution



Flightaware is fine. It's all server side. And the data uses a sngle stream that we establish. Not the issue here.

Planeplotter is, and that spawned his later concerns of potential for flightaware to be the same. But now identified as fine/out only.

Planeplotter is the bugbear. And it is opt-in somewhat. As part of the request to enable the master user/ground station status.

Explained under security considerations http://www.coaa.co.uk/multilat.pdf

2852 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2308993 1-Sep-2019 12:04
One person supports this post
Send private message quote this post

Static IP on Wireless Broadband has been available for at almost 2 years since around November/December 2017 since that was when I built it. 😁

 

You have a Static IP address in the same range as the current Fixed Broadband Static IPs as your Wireless session gets terminated on the same BNGs that terminate fixed broadband and it gets terminated exactly the same way BUBA customers get terminated for the moment.

 

But I personally would recommend against getting a Static IP on Wireless Broadband unless you absolutely need it as if you get DDoSed there isn't much you can do to stop it plus there is a constant stream of background noise on the internet all of which you will go against your data cap. I remember there wasn't an easy way to flick between static and dynamic much like there is on fixed broadband putting in the username "NoStatic".






1 | 2 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.