Receiving Non Registered gateway uplink

Hii @brocaar ,

i have 3 gateway and 2 gateways registered on lora-app-server.
All gateways are running and up
when i start node i also getting uplinks from non-registered gateways to lora-app-server in rxinfo

it’s bug or not i don’t know, but we need to stop unregistered gateway packet

can you please help us

Thank you

This is not a bug. Gateway authorization is not the responsibility of LoRa Server. When your gateway forward UDP data, then you need to setup firewall rules. If the Gateway Bridge is installed on the gateway, then you can setup MQTT ACLs for authorization.

1 Like

Can we use MQTT ACLs for authorization on Gateway bridge is installed on server?

UDP packets can be spoofed, so the Gateway IDs will never be authenticated. You can however limit the topics to which LoRa Gateway Bridge publishes using ACLs.


Hii @brocaar

we also receiving downlink on unregistered gateway.

can we use filter features of lora-gateway-bridge v3.2.0?


You have no sufficiently described your setup. Where is LoRa Gateway Bridge running, is it installed on all 3 gateways? 2 of the gateways? 0 of the gateways and all 3 are pointed at a gateway bridge running across the network via UDP 1700?

we have installed Gateway-bridge on server and all gateways are pointing to Lora gateway bridge running across the network via UDP 1700

In that case, your options are more limited. You can use NetID and JoinEUI filtering to prevent non-owned device data from crossing from the bridge onto MQTT, but you will still consume traffic getting it to the bridge (probably not a big deal). To prevent that traffic from hitting the bridge at all, your only real choices are firewalling (may not be practical if devices are spread across networks you don’t control) or VPNing the traffic (at the carrier level if using cellular, for example) between the gateways and the bridge.

Moving the gateway bridge onto the gateways, if possible, would allow you to filter at the gateway level, along with securing the traffic (MQTT ACL + TLS) earlier in the data flow.

Why do you have gateways pointed at the server if you do not want to hear from them?

You don’t really seem to be describing someone attacking you, and going to all the trouble of spoofing plausible looking traffic, but rather a situation where your own gateways are pointed someplace when you don’t want them to be…

1 Like