In setting up a firewall exception for Roon ARC it would increase security by specifying the IP address - or IP address range - of the remote server.
Could you please provide information about IP address / IP-range for remote Roon ARC server(s)?
Any restriction will improve security and reduce outside polling of router.
What you can do is set a rule in your router to make sure the IP address your Roon Core is currently using to be set all the time. With a static IP address.
Then all you need to do is make a Port Forwarding rule in your router specifying the IP address and Port numbers that Roon shows in the Roon ARC setup.
Then Roon ARC should just work. That’s how it works in my place. However I don’t have a Nucleus, as I’m using a MacBook Air as Roon Core. But my guess is the basic router setup should be similar if not identical.
This is how I setup my main router to work with Roon ARC. I had to set up 2 forwarding rules, as I have 2 routers in my house. ISP router → Main Router (ASUS) → Clients (including Roon Core).
The local IP address is the one that my Roon Core uses, and it uses Port 55000 to get data across.
My question relates to the firewall rule forwarding external traffic on port 55000 to the internal Roon server. Here it is best practice the limit the range of external IP addresses allowed to be forwarded to the internal server.
From you own example, your security would be improved if you limited the ‘Source IP’ field to the address(es) of the external Roon Server.
@Michael_Preisel, in the case of Roon ARC, there is not an external Roon server or Core. The external device is your mobile phone and I don’t believe you will know in advance what the IP address range is for the mobile phone depending on what network (mobile, WiFi) to which the phone is attached.
Anything coming in on port 55000 needs to be forwarded to your Roon core for ARC to work. We have to trust a) the router does exactly that (once you’ve built the rule), and b) the Roon Core security hardening can ignore anything nefarious. Don’t worry about it too much
I’ve filled in a source IP at first, but then the whole thing didn’t work. A fellow user here on the forum suggested leaving the source IP empty, and promptly Roon ARC worked.