Firewall Setup

Base station communicates to a few services, that must be allowed in the network firewall. In most cases, the station starts working right after connection to a network with access to the Internet. However, some networks are more secure and block traffic to needed hosts and ports. If the firewall blocks any traffic and your station is not online after a few minutes of running, we recommend checking firewall settings and allowing needed ports.

Required hosts and ports

The full list of hosts and ports used by the station:

  • [critical] host: z.nwave.io (54.195.232.12); port: tcp/10051

  • [critical] host: wireguard.nwave.io; port: tcp/5<Station-ID> (port 51234 for station with ID 1234)

  • [critical] host: wireguard.nwave.io; port: udp/41194 (this port must be available for inbound traffic)

  • [critical] host: a2j317pelpvu7-ats.iot.eu-west-1.amazonaws.com; port: tcp/443

  • host: 104.192.136.0; port: 21

  • host: 185.166.140.0; port: 22

  • host: 18.205.93.0; port: 25

  • host: 18.234.32.128; port: 25

  • host: 13.52.5.0; port: 25

  • [critical] udp/123

  • udp/53

Some of the ports are marked as [critical]. These ports are crucial for the station’s functionality. Other ones are used for secondary functionality(automatic software updates, for example).

Diagnostics

If the station has been connected to the local network but is Offline on the Base Stations page, you can do the following diagnostics steps to determine the issue reason.

All the following steps require login into the base station command shell. Login and password for logging in can be requested by email to support@nwave.io or yb@nwave.io

DNS/Internet availability check

The first step is to check the availability of Domain Name Service:

nslookup nwave.io

The correct result:

$ nslookup nwave.io Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: nwave.io Address: 88.99.85.48

Result when DNS is unavailable or the Internet is not reachable:

$ nslookup nwave.io Server: 127.0.0.53 Address: 127.0.0.53#53 ** server can't find nwave.io: NXDOMAIN

Monitoring endpoint availability check

The correct result:

The result when monitoring host/port is unavailable is hanging the command execution on the following output:

Press Ctrl+C to stop the command execution.

Remote diagnostics availability check

General availability check

The command shows the following rows if the endpoint is available. Press Ctrl+C to stop the command execution.

When the remote diagnostics host/port is unavailable, the command is hanging execution on the following output:

Press Ctrl+C to stop the command execution.

UDP allowance check

The command above tests the port availability for TCP traffic. The diagnostics port must be available for UDP traffic. Run the following command to check the UDP availability:

The result if UDP is allowed:

Inbound traffic allowance check

Even if UDP port is open for outbound traffic, it can be blocked for inbound.

The following command shows the traffic statistics. It asks to enter the same password that was used for logging in to the command shell.

The remote diagnostics channel works well when transfer and receive traffic counters show non-zero values:

Data endpoint availability check

The command shows the following rows if the endpoint is available. Press Ctrl+C to stop the command execution.

When the data diagnostics host/port is unavailable, the command is hanging execution on the following output:

Press Ctrl+C to stop the command execution.

Time sync service check

When the time synchronization service is inaccessible, the station is displayed as Online Unhealthy. This means that the station is connected to the Nwave Platform but can not transfer messages to it due to time synchronization issues.

The command for checking the synchronization service status:

The result when time synchronization works fine:

If there is an issue with time synchronization the command above prints the row System clock synchronized: No.