PDA

View Full Version : Just installed Zone Alarm, now SB3 cant connect



autopilot
2006-01-03, 09:34
After installing Zone Alarm firewall, my SB3 won't connect to Slimserver.

I have Slim.exe fully allowed in Zone Alarm and windows seems to show it has a good connection (ad-hoc) with the SB3, but i cant understand why it cant find Slimserver. Please help, very confused!

funkstar
2006-01-03, 12:12
Thats because Zone Alarm is blocking the ports the SB is trying to contact Slimserver on. I can't remember what ports need to be opened exactly, or how to do this in ZA (abandoned using it ages ago) but there should be something about firewalls in the WiKi (http://wiki.slimdevices.com/)

autopilot
2006-01-03, 12:23
Hi Funkster (a Hexus buddy i think).

Yeah, well i sorted it now. I did not have to open any ports, just add the SB3's IP address to the trusted list agian. Not sure why it did not work the first time, but it works now i will leave it as it is.

BTW, will/can the SB3's IP address ever change? My PC seems to give it the same IP address everytime it connects (in ad-hoc/peer-to-peer mode), will it always give the same address out?

Mark Lanctot
2006-01-03, 12:36
3483 TCP and UDP and 9000 TCP are needed. See
http://www.slimdevices.com/su_faq.html#networking

Generally, you can see if the Squeezebox is being
blocked by looking at the firewall log. The
Squeezebox is very insistent, you will see
requests every 5 seconds or so. ZoneAlarm may
have interpreted this as a repeated attack and
blocked the address.

IMHO the best way to do this is to allow the
Squeezebox full file-sharing access - add its IP
address to your Trusted Zone as you would a
networked PC. You don't need to know the ports to
do this, but if you wish you can still restrict ports.

Note you also need to allow SlimServer *external*
Internet access for three things:

- Internet radio

- checking for a new version

- if you are streaming audio over the Internet,
say to your work PC

So you need to let the Squeezebox *in* as if it
was a networked PC, and you need to let SlimServer
*out* to do those three things.

For extra security you can set SlimServer to only
accept connections from certain IP addresses.
127.0.0.1 should be in there to access the
SlimServer interface on the PC running SlimServer,
but obviously your Squeezebox's IP address should
be there too, as should the IP address of any
Internet PC you would like to stream to or any
networked computer you'd like to control SlimServer.

SqueezeNetwork access is handled through your
router, not your firewalled PC, so if it worked
before it should still work.

funkstar wrote:
> Thats because Zone Alarm is blocking the ports the
SB is trying to
> contact Slimserver on. I can't remember what ports
need to be opened
> exactly, or how to do this in ZA (abandoned using it
ages ago) but
> there should be something about firewalls in the
WiKi
> (http://wiki.slimdevices.com/)
>
>

--
___________________________________


Mark Lanctot
___________________________________

funkstar
2006-01-04, 08:17
Hi Funkster (a Hexus buddy i think).
indeed. we get about don't we :)


BTW, will/can the SB3's IP address ever change? My PC seems to give it the same IP address everytime it connects (in ad-hoc/peer-to-peer mode), will it always give the same address out?
Sure it can, but i don't think it will. I've always used a router to provice the network addresses as opposed to windows and the routers i've used usually give out the same addresses to each system. You could probably configure windows to always issue that particular address to SB based on its MAC address. But you'll have to find out the specifics on how to do that from somewhere else, i have no idea :)

Mark Lanctot
2006-01-04, 08:59
funkstar wrote:
> dangerous_dom Wrote:
>
>>BTW, will/can the SB3's IP address ever change? My
PC seems to give it
>>the same IP address everytime it connects (in
ad-hoc/peer-to-peer
>>mode), will it always give the same address out?
>
> Sure it can, but i don't think it will. I've always
used a router to
> provice the network addresses as opposed to windows
and the routers
> i've used usually give out the same addresses to
each system. You could
> probably configure windows to always issue that
particular address to SB
> based on its MAC address. But you'll have to find
out the specifics on
> how to do that from somewhere else, i have no idea
:)
>
>

It probably will not change, but there is a
scenario where it will.

When I was using DHCP, here's what happened:

- with one PC, never any problem. Since it was
the only device on the network, it always got the
same IP address - the first one in the DHCP pool.

- with two PCs, there were no problems *as long as
the PCs booted up in the same order*. Say PC1
usually gets address 1, and PC2 usually gets
address 2. If they are both down and PC1 boots,
it gets address 1. If you boot PC2, it gets
address 2 and everything's fine. But if PC2 boots
first, it gets address 1, which is not what you
are expecting, and if you then boot PC1, it gets
address 2 and you've just played "musical IP
addresses". Shutting both down and rebooting in
the proper order will restore things, but it can
happen again should the order be reversed.

Since the Squeezebox is an "always on" device and
most people keep their SlimServer on 24/7 as well,
this may not be a problem as both devices will
always be on the network and will keep their IP
addresses.

But should you ever interrupt power to the
Squeezebox or SlimServer and another PC on the
network boots up before either of these devices,
it will be assigned the IP address formerly
assigned to the Squeezebox or the SlimServer and
you will have a problem.

It's easy to compensate for with a firewall as you
just enter your entire DHCP pool range as a
trusted zone - therefore any possibility is
covered. If you do this, you'll only have
difficulty with browsing to the SlimServer web
page with another networked computer as you won't
necessarily know what IP address SlimServer will
always be. A Squeezebox may have a bit of trouble
as well since its former address for SlimServer is
no longer valid. However, mine can usually detect
my SlimServer by the SlimServer PC's host name.

This explanation does not include DHCP lease and
renewal, but as I understand it the renewal
process gives the same IP address to any devices
that remain on and connected.

This is why I use static IP addresses. Makes
things much simpler for file and printer sharing
and Squeezebox/SlimServer operation. :-)

--
___________________________________


Mark Lanctot
___________________________________

Wirrunna
2006-01-05, 21:49
Mark Lanctot's replies should either be in a "sticky" or the "wiki" !
Firewalls and DHCP servers are a constant source of puzzlement for PC users venturing into networking, which is just what the SB3 will be encouraging.

slimpy
2006-01-06, 02:29
It's easy to compensate for with a firewall as you
just enter your entire DHCP pool range as a
trusted zone - therefore any possibility is
covered. If you do this, you'll only have
difficulty with browsing to the SlimServer web
page with another networked computer as you won't
necessarily know what IP address SlimServer will
always be.

This explanation does not include DHCP lease and
renewal, but as I understand it the renewal
process gives the same IP address to any devices
that remain on and connected.

This is why I use static IP addresses. Makes
things much simpler for file and printer sharing
and Squeezebox/SlimServer operation.
Just as an addition to Mark's post:
Using the convenience of DHCP with the advantages of fixed IP
adresses is possible if your router allows manual configuration
of IP addresses within your DHCP pool. This lets yout tie IP
addresses to a specific client's MAC address. When the client
connects, the IP address specified will be given to that client.
Check your router's manual to see if your router supports this
feature.

-s.

Mark Lanctot
2006-01-06, 08:50
Mark Lanctot's replies should either be in a "sticky" or the "wiki" !
Firewalls and DHCP servers are a constant source of puzzlement for PC users venturing into networking, which is just what the SB3 will be encouraging.

Thank you very much for the compliment!

I did put something in the wiki, see http://wiki.slimdevices.com/index.cgi?BeginnersGuide , "Configuring a Firewall" section.

As this was the Beginner's Guide it's not as detailed as my above posts.

Mark Lanctot
2006-01-06, 08:56
Just as an addition to Mark's post:
Using the convenience of DHCP with the advantages of fixed IP
adresses is possible if your router allows manual configuration
of IP addresses within your DHCP pool. This lets yout tie IP
addresses to a specific client's MAC address. When the client
connects, the IP address specified will be given to that client.
Check your router's manual to see if your router supports this
feature.

-s.

That's indeed an interesting option. I have never seen it with the NETGEAR/SMC/Linksys (DD-WRT) routers I've used, but it would be a great option.

The main drawback of DHCP is the possibility of IP address changes. Its chief advantage is easy and simple exapandability to the network.

At first glance, it might seem that static IP address assignment would offer higher security because a wireless intruder would not be automatically granted an IP. This deters casual connection, but if you're using WEP, it offers no advantage because if an intruder is proficient at WEP cracking tools, he/she surely knows how to read the IP addresses of connected devices and assign one in the same pool to himself/herself. The same goes for WPA, where cracking usually consists of a brute-force dictionary attack.

radish
2006-01-06, 09:12
That's indeed an interesting option. I have never seen it with the NETGEAR/SMC/Linksys (DD-WRT) routers I've used, but it would be a great option.


That's strange. I use netgear routers (and have in the past used both linksys and smc) and they all have/had the option to allocate fixed IPs. It's a pretty standard feature in my experience.

Mark Lanctot
2006-01-06, 09:46
The NETGEAR was a really cheap wired RP614v1.

The SMC was an SMC2804WBRP-G. There's no point in
working with this one, it doesn't connect to the
Squeezeboxen at all.

The Linksys is a WRT54G. I certainly didn't see
the option with the stock firmware 4.20.6 and
4.20.7 and I don't see it with DD-WRT 23b1.

It's not obvious in DD-WRT, the options I have are
DHCP Server/DHCP Forwarder and DHCP
Enable/Disable. Would it be other some other name?

I do see a static routing table, but this seems to
set subnet mask and default gateway for a
particular LAN IP.

radish wrote:

> That's strange. I use netgear routers (and have in
the past used both
> linksys and smc) and they all have/had the option to
allocate fixed
> IPs. It's a pretty standard feature in my
experience.
>
>

--
___________________________________


Mark Lanctot
___________________________________

radish
2006-01-06, 10:42
Wow you're right, the WRT54G doesn't support reserved DHCP. Crazy! I would have thought such a popular device would have done so for sure. I guess you can always flash one of the replacement firmwares...

Mark Lanctot
2006-01-06, 11:08
You prompted me to update my 3rd party Linksys
WRT54G firmware from DD-WRT 23 beta 1 to DD-WRT 23
final.

This option is now there in Administration -
Services - DHCPd - Static Leases.

radish wrote:
> Wow you're right, the WRT54G doesn't support
reserved DHCP. Crazy! I
> would have thought such a popular device would have
done so for sure. I
> guess you can always flash one of the replacement
firmwares...
>
>

--
___________________________________


Mark Lanctot
___________________________________