I run a linux home server under Rocky Linux 8, latest update. The ISPs router is set in bridge mode and the server is the modem/router of the network. Otherwise, I have no problems with the server
Problem statement: I cannot stream radio stations (tunein) on my LAN. I can connect to the wifi speakers with the app and stream music e.g. from my iphone
This is the configuration: • I have a HD Mesh Router connected to my server and additionally two mesh points. All internet is wifi • Multi-zone firewalld configuration: o <LAN NIC> was assigned to zone = internal o <WAN NIC> and ppp0 connection was assigned to zone = external <WAN NIC> is pppoe.parent of ppp0 nmcli con add type pppoe ifname ppp0 con-name ppp0 pppoe.parent <WAN NIC> pppoe.user <username> pppoe.password <password> o Masquerade is enabled for zones internal and external o Configuration that outgoing packets pass through the Server from Internal network and get forwarded to the External side. firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o ppp0 -j MASQUERADE o firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i <LAN NIC> -o ppp0 -j ACCEPT o firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ppp0 -o <LAN NIC> -m state --state RELATED,ESTABLISHED -j ACCEPT
From the provider of the wifi speakers I found this about ports: Speakers and controllers (apps, professional controllers) require communication with each other. Therefore, specific ports must be opened to allow this communication: • 80 : HTTP • 554: RTSP • 49152: MediaRenderer UPnP "listening" • 49153: Configuration UPnP "listening" • 49154: MediaServer UPnP "listening" Open range between 50000 to 64999 for MediaRenderer and 60006 for Media Server. Furthermore, all UPnP requires multicast access to the 239.255.255.250:1900 along with the appropriate IGMP messages and control for multicast. I also found this: The following router ports should be open on your router to allow a seamless network communication with a network-enabled device Router ports: 3813, 443, 80, 8080, 3689 TCP, 554, 5297, 5298, 5353 UDP multicast
I opened all ports on internal and external zone and checked for rejected UDP packages (dmesg ,journalctl -x -e) and opened these protest too, but no luck. I would really appreciate if here is somebody who could throw me a lifeline with the firewall configuration.
Thanks for your insights.
Wolfgang
Does it work if stop the firewalld?
On Mon, Jan 23, 2023 at 3:19 PM wp.rauchholz@gmail.com wrote:
I run a linux home server under Rocky Linux 8, latest update. The ISPs router is set in bridge mode and the server is the modem/router of the network. Otherwise, I have no problems with the server
Problem statement: I cannot stream radio stations (tunein) on my LAN. I can connect to the wifi speakers with the app and stream music e.g. from my iphone
This is the configuration: • I have a HD Mesh Router connected to my server and additionally two mesh points. All internet is wifi • Multi-zone firewalld configuration: o <LAN NIC> was assigned to zone = internal o <WAN NIC> and ppp0 connection was assigned to zone = external <WAN NIC> is pppoe.parent of ppp0 nmcli con add type pppoe ifname ppp0 con-name ppp0 pppoe.parent <WAN NIC> pppoe.user <username> pppoe.password <password> o Masquerade is enabled for zones internal and external o Configuration that outgoing packets pass through the Server from Internal network and get forwarded to the External side. firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o ppp0 -j MASQUERADE o firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i <LAN NIC> -o ppp0 -j ACCEPT o firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ppp0 -o <LAN NIC> -m state --state RELATED,ESTABLISHED -j ACCEPT
From the provider of the wifi speakers I found this about ports: Speakers and controllers (apps, professional controllers) require communication with each other. Therefore, specific ports must be opened to allow this communication: • 80 : HTTP • 554: RTSP • 49152: MediaRenderer UPnP "listening" • 49153: Configuration UPnP "listening" • 49154: MediaServer UPnP "listening" Open range between 50000 to 64999 for MediaRenderer and 60006 for Media Server. Furthermore, all UPnP requires multicast access to the 239.255.255.250:1900 along with the appropriate IGMP messages and control for multicast. I also found this: The following router ports should be open on your router to allow a seamless network communication with a network-enabled device Router ports: 3813, 443, 80, 8080, 3689 TCP, 554, 5297, 5298, 5353 UDP multicast
I opened all ports on internal and external zone and checked for rejected UDP packages (dmesg ,journalctl -x -e) and opened these protest too, but no luck. I would really appreciate if here is somebody who could throw me a lifeline with the firewall configuration.
Thanks for your insights.
Wolfgang _______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
firewalld-users@lists.fedorahosted.org