PDA

View Full Version : SB through iptables?



mherger
2005-05-26, 06:29
As WEP is not really strong protection I wanted to put my 2xSB, SB2,
SliMP3 in their own network. My machine running slimserver has two network
cards, one connected to the LAN, the other to the net with the
SlimDevices. It's running SME Linux (redhat 7.3) with iptables. I have the
following rules added to the firewall:

ACCEPT tcp -- anywhere anywhere tcp dpt:3483
ACCEPT udp -- anywhere anywhere udp dpt:3483
ACCEPT tcp -- anywhere anywhere tcp dpt:9000

After configuring the server's IP manually my SB2 correctly connects to
the server. I can browse my collection, radio station etc. It's smoothly
scrolling, the screensaver kicks in. Everything seems to be fine. Except
that it won't play. When I hit the play button on the remote it won't
start. I activated d_slimproto and got the following lines in the log:

2005-05-26 14:44:01.7378 Got Slimproto frame, op IR , length 10,
IO::Socket::INET=GLOB(0x9d09c64)
2005-05-26 14:44:01.8468 Got Slimproto frame, op IR , length 10,
IO::Socket::INET=GLOB(0x9d09c64)
2005-05-26 14:44:02.0028 *************stream called: q paused: format:
url:
2005-05-26 14:44:02.0040 Backtrace:

frame 0: Slim::Player::Squeezebox::stream
(/usr/local/slimserver/Slim/Player/Squeezebox.pm line 186)
frame 1: Slim::Player::Squeezebox::stop
(/usr/local/slimserver/Slim/Player/Squeezebox2.pm line 579)
frame 2: Slim::Player::Squeezebox2::stop
(/usr/local/slimserver/Slim/Player/Source.pm line 447)
frame 3: Slim::Player::Source::playmode
(/usr/local/slimserver/Slim/Player/Source.pm line 751)
frame 4: Slim::Player::Source::jumpto
(/usr/local/slimserver/Slim/Control/Command.pm line 1228)
frame 5: Slim::Control::Command::execute
(/usr/local/slimserver/Slim/Buttons/Playlist.pm line 161)
frame 6: Slim::Buttons::Playlist::__ANON__
(/usr/local/slimserver/Slim/Hardware/IR.pm line 616)
frame 7: Slim::Hardware::IR::executeButton
(/usr/local/slimserver/Slim/Control/Command.pm line 591)
frame 8: Slim::Control::Command::execute
(/usr/local/slimserver/Slim/Hardware/IR.pm line 640)
frame 9: Slim::Hardware::IR::processCode
(/usr/local/slimserver/Slim/Hardware/IR.pm line 499)
frame 10: Slim::Hardware::IR::releaseCode
(/usr/local/slimserver/Slim/Hardware/IR.pm line 394)
frame 11: Slim::Hardware::IR::checkRelease
(/usr/local/slimserver/Slim/Utils/Timers.pm line 100)
frame 12: Slim::Utils::Timers::checkTimers
(/usr/local/slimserver/slimserver.pl line 629)
frame 13: main::idle (/usr/local/slimserver/slimserver.pl line 567)
frame 14: main::main (/usr/local/slimserver/slimserver.pl line 1149)

2005-05-26 14:44:02.0056 starting with decoder with format: m autostart: 0
threshold: 255 samplesize: ? samplerate: ? endian: ? channels: ?
2005-05-26 14:44:02.0064 sending strm frame of length: 76 request string:
GET /stream.mp3?player=00:04:20:05:a5:8e HTTP/1.0



2005-05-26 14:44:02.0692 *************stream called: s paused: format:
mp3 url:
file:///home/e-smith/files/ibays/mp3/files/Elvis%20Presley/Elvis%20Presley%20-%20No.%201%20Hits/01%20-%20Heartbreak%20Hotel.mp3
2005-05-26 14:44:02.0710 Backtrace:

frame 0: Slim::Player::Squeezebox::stream
(/usr/local/slimserver/Slim/Player/Squeezebox.pm line 138)
frame 1: Slim::Player::Squeezebox::play
(/usr/local/slimserver/Slim/Player/Source.pm line 467)
frame 2: Slim::Player::Source::playmode
(/usr/local/slimserver/Slim/Player/Source.pm line 782)
frame 3: Slim::Player::Source::jumpto
(/usr/local/slimserver/Slim/Control/Command.pm line 1228)
frame 4: Slim::Control::Command::execute
(/usr/local/slimserver/Slim/Buttons/Playlist.pm line 161)
frame 5: Slim::Buttons::Playlist::__ANON__
(/usr/local/slimserver/Slim/Hardware/IR.pm line 616)
frame 6: Slim::Hardware::IR::executeButton
(/usr/local/slimserver/Slim/Control/Command.pm line 591)
frame 7: Slim::Control::Command::execute
(/usr/local/slimserver/Slim/Hardware/IR.pm line 640)
frame 8: Slim::Hardware::IR::processCode
(/usr/local/slimserver/Slim/Hardware/IR.pm line 499)
frame 9: Slim::Hardware::IR::releaseCode
(/usr/local/slimserver/Slim/Hardware/IR.pm line 394)
frame 10: Slim::Hardware::IR::checkRelease
(/usr/local/slimserver/Slim/Utils/Timers.pm line 100)
frame 11: Slim::Utils::Timers::checkTimers
(/usr/local/slimserver/slimserver.pl line 629)
frame 12: main::idle (/usr/local/slimserver/slimserver.pl line 567)
frame 13: main::main (/usr/local/slimserver/slimserver.pl line 1149)

2005-05-26 14:44:02.0719 starting with decoder with format: m autostart: 1
threshold: 255 samplesize: ? samplerate: ? endian: ? channels: ?
2005-05-26 14:44:02.0727 sending strm frame of length: 76 request string:
GET /stream.mp3?player=00:04:20:05:a5:8e HTTP/1.0
2005-05-26 14:44:02.0867 Got Slimproto frame, op STAT, length 41,
IO::Socket::INET=GLOB(0x9d09c64)
2005-05-26 14:44:02.0880 00:04:20:05:a5:8e Squeezebox stream status:
fullness: 0 (0%)
bytes_received 0
[.. a few of them...]
2005-05-26 14:44:02.1183 Got Slimproto frame, op DSCO, length 1,
IO::Socket::INET=GLOB(0x9d09c64)
2005-05-26 14:44:02.1191 Squeezebox got disconnection on the data channel
why: 2

What's wrong with my configuration?

Oh, btw, did I mention SB1 does not even connect to the server?

--

Michael

-----------------------------------------------------------
Help translate SlimServer by using the
StringEditor Plugin (http://www.herger.net/slim/)

mherger
2005-05-26, 09:22
> After configuring the server's IP manually my SB2 correctly connects to
> the server. I can browse my collection, radio station etc. It's smoothly
> scrolling, the screensaver kicks in. Everything seems to be fine. Except
> that it won't play. When I hit the play button on the remote it won't
> start. I activated d_slimproto and got the following lines in the log:

It was due to the allowedHosts setting: the german version only talked
about cli and web interface. The english original doesn't specify what
services are blocked using this parameter... I'll have to fix that german
translation :-).

--

Michael

-----------------------------------------------------------
Help translate SlimServer by using the
SlimString Translation Helper (http://www.herger.net/slim/)

mherger
2005-05-27, 00:53
> It was due to the allowedHosts setting: the german version only talked
> about cli and web interface. The english original doesn't specify what
> services are blocked using this parameter... I'll have to fix that german
> translation :-).

I was wrong: the translation represents exactly what the english version
says. So both are wrong.

The description to "Blocking incoming connections" says:

"This option allows you to enable blocking of incoming CLI and HTTP
requests by source IP address."

But it will not only block access through CLI and web interface, but the
players, too. They seem to use the http port as well. This should be noted
here. I wanted to block access to the web interface from outside my server
and only allow players to connect. I therefore accidentally blocked out my
players.

We'll have to fix that doc or change the behaviour. Which one is easier?

--

Michael

-----------------------------------------------------------
Help translate SlimServer by using the
StringEditor Plugin (http://www.herger.net/slim/)

kdf
2005-05-27, 02:07
Quoting Michael Herger <slim (AT) herger (DOT) net>:

> We'll have to fix that doc or change the behaviour. Which one is easier?

I believe 192.168.1.* (or similar works) so that could be part of the note in
the docs for unblocking the internal network.

-k