Home of the Squeezebox™ & Transporter® network music players.
Page 10 of 12 FirstFirst ... 89101112 LastLast
Results 91 to 100 of 117
  1. #91
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,867

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > I go no report at all with the plugin.cli info settings.

    plugin.cli is only used by the CLI itself. But network.http=info would
    be more helpful.

    > So a local port 9000 is set up in ConnectBot to route to my
    > home-server-ip-address:9000.


    That's a use case I haven't tested yet. Will do. Could you please enable
    logging as mentioned above, then see what IP address LMS is seeing? Also
    what is your gateway's IP, and your server's?

    --

    Michael

  2. #92
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,867

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > However, the gateway is only a hop point. Even in a DNAT network, if
    > you allow an external device through the firewall, it will not have the
    > gateways address.


    I guess that most systems which currently are systematically attacked
    simply forward port 900x on their router to LMS. In this case the
    incoming IP address would be the gateway's.

    I know the current code is far from perfect. But it certainly covers
    many of the cases I've seen so far. I do know there are already
    installations out there which take advantage of this slightly improved
    default behaviour.

    Please note that I did NOT implement this to make publishing your LMS to
    the world more safe. I'm still saying: don't do it. But I know that many
    users did it out of some need, or ignorance. And many of them are not
    aware of the problem. In these cases new LMS at least does provide a
    minimum more protection than before.

    --

    Michael

  3. #93
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,654
    Quote Originally Posted by mherger View Post
    > I go no report at all with the plugin.cli info settings.

    plugin.cli is only used by the CLI itself. But network.http=info would
    be more helpful.

    > So a local port 9000 is set up in ConnectBot to route to my
    > home-server-ip-address:9000.


    That's a use case I haven't tested yet. Will do. Could you please enable
    logging as mentioned above, then see what IP address LMS is seeing? Also
    what is your gateway's IP, and your server's?

    --

    Michael
    I turned that info on, and looked at "HTTP request: from " lines. I got them from my desktop (...2), my Touch (...7), and the music server itself (...10) when I connected from my mobile. I can see nothing from my gateway (I searched for it).

    I therefore surmise that the SSH server is sending from the music server's own IP address to the same address.

    If you need bits of the log I could pm them (tomorrow) rather than attach them here (being paranoid, I know....).
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  4. #94
    Senior Member paul-'s Avatar
    Join Date
    Jan 2013
    Posts
    1,015
    Quote Originally Posted by mherger View Post
    >
    I guess that most systems which currently are systematically attacked
    simply forward port 900x on their router to LMS. In this case the
    incoming IP address would be the gateway's.
    Not that I do this, but I opened up the ports to do some testing. On my netgear router, when it lets the traffic in, the connection at the server is shown as whatever the external device address.

  5. #95
    Senior Member DJanGo's Avatar
    Join Date
    Sep 2005
    Location
    Germany
    Posts
    2,517
    Quote Originally Posted by paul- View Post
    Not that I do this, but I opened up the ports to do some testing. On my netgear router, when it lets the traffic in, the connection at the server is shown as whatever the external device address.
    And thats exactly how it works.

    own PC -> private IP Adress -> Router ISP official IP Adress -> {Internet} <- Router external IP <- foreign private IP.

    Its the MAC Adress thats changed to the router not the IP.

  6. #96
    Senior Member DJanGo's Avatar
    Join Date
    Sep 2005
    Location
    Germany
    Posts
    2,517
    Quote Originally Posted by DJanGo View Post
    And thats exactly how it works.

    own PC -> private IP Adress -> Router ISP official IP Adress -> {Internet} <- Router external IP <- foreign private IP.

    Its the MAC Adress thats changed to the router not the IP.
    mea culpa i just forget the NAT/Routing Mode from some devices....

    There is the transparent Mode and the NAT/Routing Mode thats the one Michael is using. That Mode really translates the external IP from sender/receiver to the router.....

  7. #97
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,867

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > mea culpa i just forget the NAT/Routing Mode from some devices....
    >
    > There is the transparent Mode and the NAT/Routing Mode thats the one
    > Michael is using. That Mode really translates the external IP from
    > sender/receiver to the router.....


    Oh, good point. Thanks for the hint. I did have a check for non-local
    addresses in that code at some point. Should have left it in.

    --

    Michael

  8. #98
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,867

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > I therefore surmise that the SSH server is sending from the music
    > server's own IP address to the same address.


    Hmm... it depends on how your tool is setting up the tunnel. But when I
    ssh into my box and forward requests to the internal IP of the LMS
    machine, then LMS does see the IP address of the SSH server. If that was
    the router itself (which I doubt), then LMS would see the gateway
    address. If the router forwarded SSH to some other box, then LMS would
    see that other box' IP address.

    --

    Michael

  9. #99
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,654
    Quote Originally Posted by mherger View Post
    > I therefore surmise that the SSH server is sending from the music
    > server's own IP address to the same address.


    Hmm... it depends on how your tool is setting up the tunnel. But when I
    ssh into my box and forward requests to the internal IP of the LMS
    machine, then LMS does see the IP address of the SSH server. If that was
    the router itself (which I doubt), then LMS would see the gateway
    address. If the router forwarded SSH to some other box, then LMS would
    see that other box' IP address.

    --

    Michael
    My router is forwarding all incoming on port 22 to the music server where there is an SSH server, so that matches what you say.
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  10. #100
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,867

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > mea culpa i just forget the NAT/Routing Mode from some devices....
    >
    > There is the transparent Mode and the NAT/Routing Mode thats the one
    > Michael is using. That Mode really translates the external IP from
    > sender/receiver to the router.....


    Both modes now should be covered.

    --

    Michael

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •