View Full Version : Used to connect remotely, now I can't

Liam Obrien
2008-03-17, 01:07
I've been running SlimServer for the past few years, and have never had any trouble connecting to it remotely. Recently I changed the OS on my server to MythDora, which necessitated that I redownload Slim software. The download link led me to SqueezeCenter, which seemed to install without incident. Unfortunately, one of these 2 changes (new OS or switch to SqueezeCenter) is preventing me from connecting remotely from computers outside of my firewall. As long as I'm behind my router firewall, I can connect to SqueezeCenter with no problem using localhost:9000, serverIP:9000, or dydns_example.com:9000 (mercifully, my SqueezeBox is working fine). I am forwarding ports 3483TCP, 3483UDP and 9000TCP to my server's IP address. I believe that the firewall and SELinux in MythDora are disabled; also, IP blocking in SqueezeCenter is set to "Do not block". I'm hoping someone here might have some thoughts as to what I am doing wrong? I do have one question related to port forwarding, I'm using a linksys router with stock firmware, and on the port forwarding configuration page it asks for an "application" in addition to the port range, protocol, and IP address. Does it matter what I put in the "application" box? Currently it says SlimServer, but maybe I need to update this to reflect the change to SqueezeCenter? If so, what do I change it to? "SqueezeCenter" is too many characters, and changing it to "Squeeze" didn't solve the problem. I've tried looking at the wiki, but the instructions still reference SlimServer; also, looked through the recent forum posts, but didn't see one that pertained to this problem exactly.

2008-03-17, 09:19
The application name in the router setup is just a name for that set of ports, you can put anything you want in it.

As for your problem it does sound a lot like a firewall issue. What exactly happens when you try to connect - does it timeout or fail quickly? Any error messages?

2008-03-17, 10:07
Is there a firewall at your remote receiving end? Any possibility of that having changed?

Liam Obrien
2008-03-17, 10:12
Dear Radish and Bobkoure,
When I try and connect it takes ~20sec; then pops up with a rather standard, non-specific error. Specifically, the browser title bar says "cannot find server" and in the main window it says "the page cannot be displayed." I never tried simply turning off the router firewall (probably should have done that before I posted anything). I'll give that a shot this evening, and any other suggestions you might have(?)

2008-03-17, 12:22
This might be really daft but you did check that the IP address to forward to in the router is of your new server?

Changing the OS means you would have either had to re-enter it or DHCP may have assigned a new one.

Ooops just realised that you mentioned you'd tried connecting using your dynamic DNS entry so that isn't it.

2008-03-17, 18:57
As best as I can tell from SlimProtoTCPProtocol (http://wiki.slimdevices.com/index.cgi?SlimProtoTCPProtocol), which I just found :) you need to NAT TCP3843 and TCP9000 inbound to the server and NAT UDP3843 inbound to the client. (I've asked in the developers' forum to see if I got this right)

I'd suggest you go to one of the remote machines you're trying to connect to and try to telnet to your server on port 3848 - then type HELO and see if you get anything back. If you do, and you can get to the web interface at port 9000, then you probably have server-inbound connectivity.

I don't have any great ideas about testing the UDP3848 from the server to the client - sorry...

Liam Obrien
2008-03-18, 14:30
I'm afraid I don't completely understand what it means when you say, for example, NAT TCP3843; what does "NAT" mean? Does this mean I need to open port 3843 using TCP protocol? If so I have opened those ports, whith the exception of 3483 inbound to the client; I'm trying to access SqueezeCenter from work, and there is a 0% chance of them opening up their firewall to facilitate this. However, if I understand correctly this would only be necessary if I wanted to use softsqueeze? In the past I've simply used a media player such as winamp to play the stream, which meant that I only had to open up my home firewall. A couple of other things I'm wondering about: does it matter what the hostname is on the server? Currently it is set to localhost.localdomain. Is there anything I can try from the command line to double check that the software firewall is disabled on my server? According to the network configuration tool in GNOME it is, but maybe this is inaccurate?

Liam Obrien
2008-03-19, 19:47
I tried disabling my router's firewall and I still wasn't able to connect using either the wan IP address or dydns_example.com, so I'm really stuck. I guess this is getting sort of off-topic as the problem seems to lie in my setup and not SqueezeCenter, but if anybody happens to have any suggestions on how to troubleshoot this I'd appreciate it.

2008-03-19, 21:31
You should be able to connect to the mp3 stream at http://your.dyndns_example.org:9000/stream.mp3 without opening up any other ports. It's just a stream over http. And uses the same port as the server web interface. So if you can't get to the web interface from work, then you can't get to the stream either.

Also, the ip address your dyndns entry resolves to is the public ip address of your router, not the ip address of the server on your home network. Check whether the server ip address still matches the ip address in the port forwarding setup of the router, like Zaragon suggested.

Since you can connect from your home network, most likely the server firewall is not the issue, but to be sure, check whether it's running with iptables -L . When it is disabled, it reports just 3 empty chains.

Liam Obrien
2008-03-20, 02:12
Dear all,
Thank you very much for your suggestions, I just wanted to let you know that I think I finally got it working. In case there is anyone running MythDora in the future who runs into a similar problem, here's how I got around it. In SqueezeCenter settings, I changed the server port number to 8000 (I'm guessing that any other value !=9000 would work also), and then changed the router's port forwarding accordingly. As soon as I did this, I could connect from outside the firewall using dydns_example.com:8000. I guess that one of the other services is competing for port 9000 by default (maybe mythweb?) Does anyone know how to tell which programs are trying to use which ports?
Thanks again.

2008-03-20, 02:40
Hang on a minute. I've just seen that you said that you can connect to your SC using http://dyndns:9000. Do you mean this works both inside and outside of your network?

If this only works from inside your network, or doesn't work at all then the problem is with the router (trying it from inside doesn't always work, it depends on the router so don't worry about it not working from inside).

If it works from outside or both then I think that the problem has been misinterpreted.

Do you mean that you can't stream music, you can get to the SC web pages but can't stream? Is the player connecting but you are not getting music?

If this is the case then did you install LAME, don't forget that remote streaming is MP3 and possibly bit-rate limited. If your music isn't MP3 or at the required rate it will be transcoded using LAME. (I can't recall if it is part of the package.)

I wrote the above block but I'm having second thoughts about it. It is still valid but I'm not sure it is the problem. Time for a basic connectivity check. From the server can you access machines on the Internet eg ping forums.slimdevices.com you should get a response or from a web browser. If not then check that you have configured the networking correctly on your server. I'm beginning to suspect that the default route hasn't been configured (or configured correctly) especially if you are not using DHCP from the server.

Performing an actual check as above is best. You can also look to see what the server thinks it should do by using the route command in a terminal window. There should be a number of lines but one which is important is the default destination. Not sure how it will be labled on your machine. Destination is usually either * or default with gateway the IP address of your router (or a name that resolves to the IP address, the name may not be one you recognise but the IP address should be correct). The interface should be correct and probably eth0.

As an aside... If you are only streaming outside your network using say winamp then you don't need port 3483 forwarded it all. You only need that for SoftSqueeze. If you are exposing port 9000 I'd recommend that you enable a password on the SC web interface to stop a) someone changing your config/playing tracks at 2am. b) someone stealing your music. c) someone trying to use the open port to attack your server. I believe it has been recommended before that the preferred way of making your music accessible is to use SSL. (SoftSqueeze also has an SSL client built in.)

Liam Obrien
2008-03-20, 09:45
Dear Zaragon,
Thank you for your input; I think the problem is resolved, see post #10. For some reason port 9000 would work if I was behind the firewall, but not outside; switching SqueezeCenter (and the router forwarding) to port 8000 allows me to connect inside and outside the firewall. I'm currently locking down SqueezeCenter using username/password, but will look into implementing SSL as you suggest.

2008-03-20, 13:55
Sorry - got busy, lost this thread.
NAT's just slang for "port forward" (network address translation)

So... the problem was something blocking port 9000 in your firewall? It can't have been something blocking 9000 on your server or you wouldn't have been able to have accessed SC at 9000 internally.
If that's true, you could just leave SC at 9000 and do the 8000->9000 port translation at the firewall - although the only reason I can think of to change it is if you're using softsqueeze locally as I've seen at least one comment that it doesn't use a non-9000 port as specified in the strm message it received from the server (but I may have misread as I was just skimming).