PDA

View Full Version : SlimServer trying to connect to Roku - how to stop?



tbessie
2006-11-18, 23:00
Another thing I was just noticing, since I have both a SqueezeBox and a Roku SoundBridge 1001 on my network, is that my software firewall is reporting that SlimServer is regularly attempting connections with the Roku.

I don't know if this is being triggered by the Roku sending some kind of broadcast packet I'm not seeing, or if SlimServer is broadcasting and receiving back some kind of acknowledgement, or what, but it's a little worrysome. Why would there be any communication between them if the Roku is not using SlimServer as it's audio server? (it's using Firefly, on the same machine as the SlimServer instnace).

If it is SlimServer doing this, it would be nice to be able to tell it to ignore certain IPs or MACs that I don't want it to pay attention to.

Anyway, just another question from this SqueezeBox newbie who's suspicious of unknown network activity. :-)

Edit: I just did a test by disconnecting the SqueezeBox from power, and Roku from network (since it's running wired), then connected only the Roku, and I see a lot of activity, although it looks like it may have been initially triggered by a broadcast packet from the Roku to everything on the subnet (this without even turning the Roku on). This may be the source of at least some of the unknown packets I mentioned in another post here (I'll up date that). In any case, I think I may need to see if I can block SlimServer from receiving packets meant for the Roku's server (Firefly).

Edit 2: Double-D'oh! : http://www.rokulabs.com/forums/viewtopic.php?p=56248&highlight=3483#56248 (look for the title "Reduce constant port 3483 broadcasts")

- Tim

notanatheist
2006-11-19, 18:20
Troll alert:

Ebay the Roku. Get another Squeezebox. I 'had' the 1001. Boy was it a joy to get rid of.

tbessie
2006-11-19, 19:13
In SlimServer, go to Server Settings - Security and set Block Incoming Connections to "Block".

Then in "Allowed IP Addresses", whitelist 127.0.0.1, your Squeezebox IP, your SlimServer IP and the IP of any other machine you want to connect to SlimServer (i.e. your laptop). If you leave the Roku's IP out, SlimServer won't try to contact it and will ignore any packets from it.

Just make sure you don't forget to include the IP address of the SB3, the SlimServer and other network devices or you will see how effective this blocking is...

Hi Mark...

Well, I turned on blocking, and only enable SlimServer to connect to the local machine and the SqueezeBox IP, but according to my firewall log, SlimServer is still sending packets to the Roku, local ports are 3483 and 3543, roku ports are 1220 and 80.

So blocking all but local and SqueezeBox ports isn't actually blocking -- SlimServer is still sending packets back to the Roku.

I'm stumped -- does blocking not block ALL traffic, just some?

- Tim

stinkingpig
2006-11-19, 20:04
On 11/19/06, tbessie
<tbessie.2hjtyz1163988901 (AT) no-mx (DOT) forums.slimdevices.com> wrote:
>
> Mark Lanctot;155942 Wrote:
> > In SlimServer, go to Server Settings - Security and set Block Incoming
> > Connections to "Block".
> >
> > Then in "Allowed IP Addresses", whitelist 127.0.0.1, your Squeezebox
> > IP, your SlimServer IP and the IP of any other machine you want to
> > connect to SlimServer (i.e. your laptop). If you leave the Roku's IP
> > out, SlimServer won't try to contact it and will ignore any packets
> > from it.
> >
> > Just make sure you don't forget to include the IP address of the SB3,
> > the SlimServer and other network devices or you will see how effective
> > this blocking is...
>
> Hi Mark...
>
> Well, I turned on blocking, and only enable SlimServer to connect to
> the local machine and the SqueezeBox IP, but according to my firewall
> log, SlimServer is still sending packets to the Roku, local ports are
> 3483 and 3543, roku ports are 1220 and 80.
>
> So blocking all but local and SqueezeBox ports isn't actually blocking
> -- SlimServer is still sending packets back to the Roku.
>
> I'm stumped -- does blocking not block ALL traffic, just some?
>
> - Tim


Seems that blocking should have been more effective, but it's treating
symptom rather than cause. Your Roku is initiating the connection.
Read http://yourslimserver:9000/html/docs/slimproto.html for details.

--
"I spent all me tin with the ladies drinking gin,
So across the Western ocean I must wander" -- traditional

tbessie
2006-11-19, 21:13
Oh but it does!

Just leave your SB3 out of the whitelist and see what happens. It will block it very well indeed...

As stinkingpig indicates, the packets are being initiated by the Roku.

Yeah... I just thought that slim.exe would ignore any connection attempt at any port from any machine not on it's list, even if they were pings or broadcasts of some sort. Guess not.

In any case, I've turned back on the firewall rules that keep SlimServer from seeing anything the Roku sends. The Roku keeps sending them, but SlimServer'll never see 'em.

- Tim

tbessie
2006-11-19, 21:31
Seems that blocking should have been more effective, but it's treating
symptom rather than cause. Your Roku is initiating the connection.
Read http://yourslimserver:9000/html/docs/slimproto.html for details.

Thanks! I hadn't seen those technical docs when I first looked.
Anyway, as I mentioned, I turned back on my firewall to block SlimServer from even receiving those Roku packets. Just trying to reduce unnecessary network traffic on my home network.

- Tim

tbessie
2006-11-20, 12:04
Perhaps I'm missing something? Are you saying that SlimServer is responding?

I've never looked intently at a packet sniffer. However seeing the results blacklisting a SlimServer client, it satisfied me.

Yes, if I turn off my firewall's blocking of SlimServer seeing packets coming from the Roku's MAC, and enable SlimServer's blocking of the the Roku's IP, I still see SlimServer sending packets to the Roku (in response to the Roku's sending packets to SlimServer).

The only way I've gotten SlimServer NOT to respond to anything the Roku sends to it has been to enable my firewall rules that block packets from the Roku MAC getting to SlimServer.

What this makes me think is that SlimServer's blocking functionality doesn't block ALL packets, but is possibly still responding to some multicasts/broadcasts that the Roku is sending out, or even direct connection attempts by the Roku.

- Tim

Ben Sandee
2006-11-20, 12:30
On 11/20/06, tbessie <tbessie.2hl4qc1164049502 (AT) no-mx (DOT) forums.slimdevices.com>
wrote:
>
>
> Mark Lanctot;156096 Wrote:
> > Perhaps I'm missing something? Are you saying that SlimServer is
> > responding?
> >
> > I've never looked intently at a packet sniffer. However seeing the
> > results blacklisting a SlimServer client, it satisfied me.
>
> What this makes me think is that SlimServer's blocking functionality
> doesn't block ALL packets, but is possibly still responding to some
> multicasts/broadcasts that the Roku is sending out, or even direct
> connection attempts by the Roku.


I think the primary purpose of SlimServer's IP blocking is to block web
clients, not hardware/device/player clients. I could be wrong about that
though.

Ben

Mark Lanctot
2006-11-20, 12:36
On 11/20/06, tbessie <tbessie.2hl4qc1164049502 (AT) no-mx (DOT) forums.slimdevices.com>
wrote:
>
>
> Mark Lanctot;156096 Wrote:
> > Perhaps I'm missing something? Are you saying that SlimServer is
> > responding?
> >
> > I've never looked intently at a packet sniffer. However seeing the
> > results blacklisting a SlimServer client, it satisfied me.
>
> What this makes me think is that SlimServer's blocking functionality
> doesn't block ALL packets, but is possibly still responding to some
> multicasts/broadcasts that the Roku is sending out, or even direct
> connection attempts by the Roku.


I think the primary purpose of SlimServer's IP blocking is to block web
clients, not hardware/device/player clients. I could be wrong about that
though.

Ben

Doh! No, you're absolutely right. I didn't follow my own advice when I said to block the SB3. Because if I did, I would see that it still allows harware clients full access.

The blocking is for web clients only.

Edit coming up.