Skip to content

Firewall setup guide

Overview

When a gateway connects to the Internet through a local network, the network firewall must be configured to permit access to specific ports, hostnames, IP addresses, and services to ensure proper functionality. Incorrect or missing firewall rules can lead to connectivity issues or pose security risks, making it essential to manage these exceptions with care.

Gateways establish connections with the rayleighconnect™ cloud system. Aside from DNS responses and optional ICMP functionality, the gateways do not have any listening ports.

Ethernet Port MAC address

The MAC address of the gateway always starts with 00:08:dc, remaining 3 values are 1st, 2nd, and 3rd byte of CRC32 of serial number.

Communication with cloud system

Ports

Gateway initiates TCP/IP connections to following ports:

  • 90 - used for standard communication
  • 99 - used for communication in recovery mode

DNS

Note

Firmware versions prior to NG-1015 always used default DNS servers listed below.

Gateway requires working DNS to resolve hostnames used for communication.

Default DNS servers used by the devices are:

  • 8.8.8.8
  • 8.8.4.4

Other DNS servers can be supplied by DHCP or static IP configuration.

DNS service uses UDP port 53.

Hostnames and IP address

Gateway initiates TCP/IP connections to following hostnames:

  • Connectivity checks:
    • ch1.uxeon.com
    • ch2.uxeon.com
  • Communication:
    • htX.uxeon.com Note: ht1, ht2, ht6, ht8 are not used and are intentionally not listed.
      • ht0.uxeon.com
      • ht3.uxeon.com
      • ht4.uxeon.com
      • ht5.uxeon.com
      • ht7.uxeon.com
      • ht9.uxeon.com
    • cX.rxcx.net
      • c1.rxcx.net
      • c2.rxcx.net
      • c3.rxcx.net
      • c4.rxcx.net
    • mX.rxcx.net
      • m1.rxcx.net
      • m2.rxcx.net
      • m3.rxcx.net
      • m4.rxcx.net
      • m5.rxcx.net
      • m6.rxcx.net

These addresses may be resolved to one of following IP addresses:

  • Floating IPs:
    • 49.12.116.0
    • 5.75.212.57
    • 78.47.225.109
    • 128.140.31.11
  • Floating subnet 178.63.204.136/29:
    • 178.63.204.137
    • 178.63.204.138
    • 178.63.204.139
    • 178.63.204.140
    • 178.63.204.141
    • 178.63.204.142

Updates to IP addresses list

The IP addresses list may be updated. For convenience we provide full and up to date list of IP addresses as DNS type A records on ipwl.rxcx.net.

Following terminal command can be used to obtain the list:

dig +short ipwl.rxcx.net

Optional fatures

Some optional features may require additional firewall setup if used.

Modbus TCP

Warning

We strongly recommend to use Modbus TCP in local network only.

All gateways equipped with ethernet port support Modbus TCP in Master mode.

This means gateway can connect to Modbus TCP Slave device to read the data.

Used ports and IP addresses depend on user supplied configuration.

Ping sensors

Gateway can be configured by user to autonomously send pings (ICMP packets) to any IP address or hostname in order to monitor connectivity (online/offline) status.