Firewall Solutions

Take a Tour
Support and FAQs
Help Files
Call CQ!
News and Tips
Vanity Node Numbers
Conference Servers
Routers and Firewalls
Current Logins
Link Status

"I see the list of stations, but every time I try to connect to one, I get a "Connect attempt failed" message after 30 seconds.  What's the problem?"

Most likely, a "firewall" problem is preventing your computer from receiving messages from other stations over the Internet.  This is a very common issue.

Please note that this is not a problem with the EchoLink software itself.   For this reason, the EchoLink Support team will not be able to help you solve it.  However, the information on this page might help.  It's also recommended that you first try the Firewall/Router Test Page on this site.

The solution depends on what kind of hardware and software you are using for your Internet connection.  Unfortunately, many different hardware and software products may be involved, so it is not possible to document every solution.  A few of the most common situations are listed below.

Basic Information

EchoLink requires that your router or firewall allow inbound and outbound UDP to ports 5198 and 5199, and outbound TCP to port 5200.  If you are using a home-network router, you will also need to configure the router to "forward" UDP ports 5198 and 5199 to the PC on which EchoLink is running.

This can be summarized as:

Allow UDP destination ports 5198-5199 between Internet and PC in both directions
Allow TCP (source port any, destination port 5200) from PC to Internet

The information above applies to every situation, regardless of the type of equipment and software you are using.  If the information below does not help you solve the problem, please consult your equipment's documentation, or contact the manufacturer for support, and provide them with the information above.

Note: If you are using Internet security software and have recently upgraded to a newer version of EchoLink, you may need to re-apply the special security settings you had established earlier.

DSL and Cable Modem Service

If you connect to the Internet using DSL or Cable Modem service, there might be a router built into the equipment that the telephone company or cable company provided you. For example, some of the equipment provided by Comcast and Verizon have built-in routers. Check the make and model of your DSL adapter or cable modem, and then look for instructions on the site described below. Web Site

A useful Web site that discusses port forwarding, with solutions for specific makes and models of equipment, is . Scroll down the page at that site to find the make and model of your equipment. (Please note that is not affiliated in any way with EchoLink; we recommend that you use the Web site as an information resource, and not necessarily for the optional configuration software being sold on that site.)

Microsoft Windows

Windows comes with a built-in "firewall" feature that helps protect your computer from undesired connections from the Internet.  In order to use EchoLink, you will need to adjust some settings if the built-in firewall is enabled.  This is normally done automatically during installation, but in some cases, you might need to manually add an "exception" for the EchoLink.exe software.

Problems With Some Connections, And Not Others?

If you router isn't properly configured, you might that you are able to connect to some stations on EchoLink, but not others. For more information about this, please see the article "Echolink, Firewalls, and Routers."

Home-Network Routers and Modems

A "router", as used in a home network, is a device which allows several different computers to share a single connection to the Internet.  A router is frequently used in conjunction with a cable modem or DSL connection.  Popular models are manufactured by Linksys, D-Link, and SMC.  We do not have configuration information for any routers other than those listed below.   If your model is not listed below, please consult the manufacturer's documentation for details.

Finding the Local IP Address

To configure your router, you will first need to know your computer's local IP address.  If you are not sure what the address is, do the following:

From the Start menu, choose Programs->Accessories->Command Prompt.  A command prompt should open.  Enter ipconfig.  Note the IP address that is displayed underneath the name of your Ethernet adapter.

Linksys Routers
  1. Using a Web browser, bring up your router's configuration page.  By default, the URL is, the user name is blank, and the password is "admin".
  2. Be sure you are using the latest version of the firmware for this device.  The version of your current firmware is displayed on the Setup page.  Check the Linksys Web site for details. 
  3. Click the Advanced tab.
  4. Click the Forwarding tab.
  5. If you see a column labeled "Customized Applications" on the left, enter "EchoLink" on the first line.  (Not all versions of the Linksys firmware have this column.)
  6. In the first pair of Service Port Range (or Ext.Port) boxes along the top, enter 5198 and 5199.
  7. On the same line, under Protocol, choose UDP (or check the UDP box).
  8. On the same line, enter the local IP address of the computer running EchoLink.  (If you are not sure what the address is, run "winipcfg" or "ipconfig" from a command prompt).
  9. If there is an Enable check box on the same line, check it.
  10. Click Apply to save changes.
D-Link DI-604
  1. Be sure you are using the latest version of the firmware for this device.  Older versions of the firmware may not work correctly.  Check the D-Link Web site for details.
  2. Using a Web browser, bring up your router's configuration page.  By default, the URL is, the user name is "admin", and the password is blank.
  3. Click the Advanced tab.
  4. Click the Applications button.
  5. Click the Enable button.
  6. After Name, enter "EchoLink".
  7. After Trigger Port, enter 5200.
  8. After Trigger Type, choose TCP.
  9. After Public Port, enter 5198-5199.
  10. After Public Type, choose UDP.
  11. Click "Apply".

Click here to see a screen shot of this configuration.  (Tks: VE3BDR)

3Com Office Connect 612

(courtesy of IW0GLC)
Enter the following three commands, substituting your computer's local IP address for <ip>:

set vc EchoLink nat_options enable
add nat udp vc EchoLink public_port 5198 private_address <ip> private_port 5198
add nat udp vc EchoLink public_port 5199 private_address <ip> private_port 5199
SMC Routers

(courtesy of N1AHH)

click NAT
on line one under TRIGGER PORT type:


on line two under TRIGGER PORT type:


Drop down to the bottom of the page and select apply. Exit the router set-up and start EchoLink.  It should function normally.

If you have any firmware version before v1.05, contact SMC technical support at and ask for the latest firmware update.  The latest on the web page as of 3 nov 02 is ver 1.03, however if asked, they will e-mail you version 1.05 which appears to solve a problem with intermittent disconnects.

When you receive the firmware update, install it according to the manual's directions. Basically, this means to go to the ADVANCED section and then TOOLS, then FIRMWARE UPGRADE.  Follow the directions.  The router will perform a hard reset when done and you will have to re-configure using the SET-UP WIZARD.

Belkin Cable/DSL Router

Model No. F5D-5230-4
(courtesy of WD4FFX)

Log into the Router by going to going to on your browser, then invoke Initial Setup, then go to Virtual Server under the Security Banner.

Fill out the blanks as follows: ( XX is the IP suffix of the EchoLink computer)

 Private IP      Private Port Type Public Port
1. 192. 168. 2.XX    5198      UDP     5198  
2. 192. 168. 2.XX    5199      UDP     5199

Alcatel Speedtouch Pro Modem

See instructions, courtesy of VK3FFB

Other Routers

In general, the router must be configured to "forward" UDP ports 5198 and 5199 to the computer on which EchoLink is installed.  Forwarding is sometimes found as an advanced configuration option on your router's setup screens.  If forwarding is not available, you may need to configure your EchoLink computer as a DMZ, which effectively opens all ports to the Internet.  If this becomes necessary, some sort of network security software such as Windows XP, Norton Internet Security, or ZoneAlarm is recommended.


ZoneAlarm is a brand of security software which can act as a firewall, blocking certain "ports" from being used, unless you configure it to allow them.

If you are using the "free" version of ZoneAlarm, you will need to change the Internet Zone Security slider to Medium while you are using EchoLink.  Other versions of ZoneAlarm (such as ZoneAlarm Plus and ZoneAlarm Pro) let you set more specific rules while leaving the security level at High, which is preferred.

For more information, see ZoneAlarm Configuration.

Norton Internet Security

The Norton Internet Security package includes Norton Personal Firewall, a software-based firewall.  Setting up Norton Internet Security for use with EchoLink is normally almost automatic.

For more information, see Configuring Norton Internet Security .

DSL (Digital Subscriber Line) Service

If you are using DSL to connect to the Internet, note that many DSL "modems" have built-in routers.  For example, Sprint DSL customers are frequently provided with Efficient Networks or ZyXEL modem/routers, even though the outside of the equipment might only say Sprint.  If you have such a unit, please follow the modem's User Guide to forward UDP ports 5198 and 5199 as described above, or contact the router manufacturer or your DSL provider for assistance.

Apple Macintosh

Although EchoLink is designed to run only under Microsoft Windows, some Macintosh users have successfully run it in a Windows "virtual machine", using products such as Parallels.  However, due to EchoLink's UDP port requirements, Parallels might need to be configured to use an IP address separate from the Mac itself.  This can be easily done if your home network uses a router.  Configure the router as described above to forward EchoLink's UDP ports to the second IP address.  See the Parallels documentation for configuration details.

Linux IPTables

For complete details, see the sample configuration file generously provided by Jason, KB1IMD.

AVM KEN Proxy Software

AVM KEN is a German product, available in ISDN and DSL versions.  For complete details, see the configuration information generously provided by Jochen, DG2IAQ.

Cisco PIX and ASA Firewalls

VA3ISP has provided this configuration information:

static (inside,outside) udp interface 5199 XXX.XXX.XXX.XXX 5199 netmask 0 0
static (inside,outside) udp interface 5198 XXX.XXX.XXX.XXX 5198 netmask 0 0
access-list 100 permit udp any host XXX.XXX.XXX.XXX eq 5198
access-list 100 permit udp any host XXX.XXX.XXX.XXX eq 5199

For port forwarding on Cisco routers (from VK2AAT):

ip nat inside source list 100 interface  overload
ip nat inside source static udp  5198  5198 extendable
ip nat inside source static udp  5199  5199 extendable
ip nat inside source static tcp   5200  5200 extendable

Satellite Internet Service Providers

Many users are successfully running EchoLink using an Internet connection provided through a satellite dish.  Although the latency (time delay) is usually higher with this type of system, it rarely affects EchoLink since EchoLink does not use end-to-end acknowledgements of voice packets.  However, some service providers use a router which does network-address translation (NAT), which often cannot be configured by the customer.  Check with your satellite ISP to see if this is the case, and whether a different tier of service is available which will avoid it.

For more information, see:

StarBand FAQ
Broadband Glossary
MagicSat FAQ


Copyright © 2002-2021