Netgate/PfSense with JamKazam online band jamming tool.
-
In all likelihood it won't make a significant difference. There are a number of variables at play so.... it depends!
I have worked with another customer who used JamKazam though and once we had the required port forwards open it worked fine. They were using an MBT-4220 for reference.
Steve
-
Thanks for your reply. I had not considered QoS as a control for a (potential) latency issue, but I guess its an obvious thing to use when you think about it.
I'll probably go ahead, but take time to chhose the hardware platform carefully, taking into account the NiC type.
-
Thanks for your reply. This is all new stuff for me.
Bearing in mind comments from @paint regarding the choice of NiC and your mention of the MBT-4220, I'm now wondering which hardware platform to look at.
I was considering the SG-2100, which I was thinking would be more than adequate in terms of processing power and throughput for my mostly single user home network, but I am now considering the SG-3100 on the basis that its more expensive and therefore more powerful. The problem I have is I dont know how "powerful" a platform I need.
I obviously dont want to pay more than I need to but I also dont want to compromise given my particular use case, so I'm inclined to over-spend rather than under-spend.Is the SG-3100 likely to further minimise any potential latency issue? Any advise is welcomed.
Steve
-
@steve-c said in Netgate/PfSense with JamKazam online band jamming tool.:
nsidering the SG-2100, which I was thinking would be more than adequate in
who is your internet provider and what are the upload and download speeds?
-
@paint Well I'm in the UK and the provider it BT (British Telecom). Download speed is 73Mbps, upload 20Mbps.
-
@steve-c is it cable internet? With those speeds... I dont think QoS or pfSense will make much of a difference
-
It will be FTTC (VDSL) using PPPoE.
The SG-2100 will be more than sufficient there.
Steve
-
@stephenw10 I wish I had seen this topic earlier.
Opening a port is not needed. What's working well is to set up a NAT 1:1 rule from the WAN to the IP address of the JamKazam client. Nothing else seems to be required, but I do have UDP ports of the JK application set to a starting number of 12000, primarily so I can pick out the States of the specific UDP connections being used by the application.
-
If you setup a 1:1 rule (all ports) but don't add any firewall rules to pass that inbound on WAN then all you are actually doing it setting outbound NAT for that IP with static source ports.
In that case a single outbound NAT rule would also work and it would not redircet incoming traffic that you might otherwise need for, say, a VPN.
Steve
-
@stephenw10 Thanks, Steve. That's good to know.
Last year when I was trying to get things working with your help, I tried a number of strategies to get to a functional configuration. I had a rule for a range of forward ports based upon JamKazam guidance. Thinking that this could lead to a vulnerability, I tried disabling the rule and things still worked. The configuration hasn't changed since.
The application and the server algorithms have evolved quite a bit since I first started using the service. With that in mind, I just checked functionality with 1:1 NAT disabled and was surprised it was able to connect with the server and establish UDP peer connections. In addition, it didn't complain with a pop-up diagnostic as before. So, perhaps 1:1 NAT isn't necessary anymore. I'll try to see how well it works without it over the next few days and report back.
-
@spacecase I've tried a few spot checks during active sessions over the last few evenings, but my testing was limited. After experiencing what might've been disruptions of session stability when I disabled 1:1 NAT, I quickly reverted back to my baseline configuration.
Forwarding the configured UDP ports at the router doesn't seem to make a noticeable difference, which seems to be consistent with the alternate configuration approach at this link.
