Duet3D Logo Duet3D
    • Tags
    • Documentation
    • Order
    • Register
    • Login

    Network Security - Which ports do Duets use?

    Scheduled Pinned Locked Moved
    General Discussion
    3
    7
    158
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DocTruckerundefined
      DocTrucker
      last edited by

      Hello!

      I am looking to revisit my office/workshop network. I have a subnet which I have allocated for devices like 2D printers and my Duet based machines. What IP ports will I need to allow from my computer subnet to this one? Most of my machines are Duet2 boards, with one Duet 3 running through a Raspberry Pi. I appreciate that I would need to give the Raspberry Pi system additional privileges (perhaps temporary) to access the internet for updates. Are file uploads through the webpages all handled through port 80?

      Thanks!

      Running 3 P3Steel with Duet 2. Duet 3 on the shelf looking for a suitable machine. One first generation Duet in a Logo/Turtle style robot!

      droftartsundefined chrishammundefined 2 Replies Last reply Reply Quote 0
      • droftartsundefined
        droftarts administrators @DocTrucker
        last edited by

        @DocTrucker What ports are open depends on what you have enabled in config.g with M586. The services use the default port for that service, though you can set your own port using M586 R parameter. Sending M586 on it's own should show what ports are enabled on your Duet. I get (Duet 3 Mini 5+ WiFi on RRF 3.6.0-beta.3, http and ftp enabled in config.g):

        M586
CORS disabled
HTTP is enabled on port 80
FTP is enabled on port 21
TELNET is disabled
MQTT is disabled

        To confirm, I did a port scan from Terminal in MacOS:

        Ian@Ians-MacBook ~ % nc -z 192.168.1.182 1-65535
Connection to 192.168.1.182 port 21 [tcp/ftp] succeeded!
Connection to 192.168.1.182 port 80 [tcp/http] succeeded!
Ian@Ians-MacBook ~ %

        Not sure about what ports the Raspberry Pi has open. One for @chrishamm !

        Ian

        Bed-slinger - Mini5+ WiFi/1LC | RRP Fisher v1 - D2 WiFi | Polargraph - D2 WiFi | TronXY X5S - 6HC/Roto | CNC router - 6HC | Tractus3D T1250 - D2 Eth

        DocTruckerundefined 1 Reply Last reply Reply Quote 1
        • DocTruckerundefined
          DocTrucker @droftarts
          last edited by

          @droftarts Thanks Ian. MQTT is interesting, learnt something by mistake there!

          As far as I understand it the Duet never attempts to contact the outside world, other than with clients that have established connection to the HTTP port, or perhaps the MQTT server/client, but I'll read up on that another time.

          Knowing what the raspberry pi can be cut back to is a little more tricky as it will have to allow for "apt-get [update/upgrade]" and whatever other applications have been loaded on. I'm thinking about a script that will allow temporary external access for updates.

          Just to clarify, I'm not worried about what the duets are up to, but I would like to limit general access to the outside WAN so the paper printer isn't trying to phone home, or more concerning any cheap web cams!

          Running 3 P3Steel with Duet 2. Duet 3 on the shelf looking for a suitable machine. One first generation Duet in a Logo/Turtle style robot!

          droftartsundefined 1 Reply Last reply Reply Quote 1
          • droftartsundefined
            droftarts administrators @DocTrucker
            last edited by

            @DocTrucker said in Network Security - Which ports do Duets use?:

            MQTT is interesting, learnt something by mistake there!

            It was added with 3.5, but not something I've set up. See https://docs.duet3d.com/User_manual/Reference/Gcodes#m5864-configure-mqtt-client and https://github.com/Duet3D/MQTT-WPA2-Enterprise-Demo.

            Ian

            Bed-slinger - Mini5+ WiFi/1LC | RRP Fisher v1 - D2 WiFi | Polargraph - D2 WiFi | TronXY X5S - 6HC/Roto | CNC router - 6HC | Tractus3D T1250 - D2 Eth

            1 Reply Last reply Reply Quote 1
            • chrishammundefined
              chrishamm administrators @DocTrucker
              last edited by

              @DocTrucker Yes, port 80 should suffice. If you want to enable more services like SSH you will need to open those ports as well. For updates from the SBC you should permit outgoing HTTPS connections.

              Duet software engineer

              DocTruckerundefined 1 Reply Last reply Reply Quote 1
              • DocTruckerundefined
                DocTrucker @chrishamm
                last edited by

                @chrishamm Thanks. Regards ssh, I assume that's only on the duets with a RPi or similar. Normal duet controller boatds don't do ssh do they?

                Running 3 P3Steel with Duet 2. Duet 3 on the shelf looking for a suitable machine. One first generation Duet in a Logo/Turtle style robot!

                chrishammundefined 1 Reply Last reply Reply Quote 0
                • chrishammundefined
                  chrishamm administrators @DocTrucker
                  last edited by

                  @DocTrucker That's right, but you could enable the Telnet port if you wanted to.

                  Duet software engineer

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Unless otherwise noted, all forum content is licensed under CC-BY-SA