PDA

View Full Version : Ports used by Squeezebox / slimserver?



Robin Bowes
2004-07-16, 04:49
There is a list of ports used in the user manual (9000, 9090, 3483) but this doesn't give any indication of the direction in which the port should be opened on a firewall. For example, my firewall will allow outgoing access on any port (Squeezebox -> slimserver) but I need to explicitly open up incoming ports if any connections are made back from (slimserver -> Squeezebox).

Is there a definitive list of the ports used by Squeezebox and slimserver and the direction in which they are used?

R.
--
http://robinbowes.com

Jack Coates
2004-07-16, 07:15
> There is a list of ports used in the user manual (9000, 9090, 3483) but
> this doesn't give any indication of the direction in which the port should

the server is listening on these three ports. 9000 is the web console,
9090 is for CLI interaction, and 3483 is for music clients.

> be opened on a firewall. For example, my firewall will allow outgoing
> access on any port (Squeezebox -> slimserver) but I need to explicitly
> open up incoming ports if any connections are made back from (slimserver
> -> Squeezebox).
>
> Is there a definitive list of the ports used by Squeezebox and slimserver
> and the direction in which they are used?
>
> R.
> --
> http://robinbowes.com
>
>

Robin Bowes
2004-07-16, 07:52
On Fri, July 16, 2004 15:15, Jack Coates said:
>

>> There is a list of ports used in the user manual (9000, 9090, 3483) but
>> this doesn't give any indication of the direction in which the port should
>
> the server is listening on these three ports. 9000 is the web console, 9090 is for CLI
> interaction, and 3483 is for music clients.

Jack,

This doesn't tell me which ports I need to open incoming on my firewall.

My firewall allows all outgoing connections, i.e. any device on the internal network (192.168.2.x) can connect to any device on the external network (192.168.1.x) on any port.

The problem arises when the device on the external network needs to open up a port on a device on the internal network. I need to know on what ports slimserver will attempt to open connections back to the client devices.

My current suspicion is that 9000 and 3483 do not need to be open for incoming connections, whereas 9090 does.

Can anyone confirm this, or otherwise?

R.
--
http://robinbowes.com

Jack Coates
2004-07-16, 08:07
> On Fri, July 16, 2004 15:15, Jack Coates said:
>>
>
>>> There is a list of ports used in the user manual (9000, 9090, 3483) but
>>> this doesn't give any indication of the direction in which the port
>>> should
>>
>> the server is listening on these three ports. 9000 is the web console,
>> 9090 is for CLI
>> interaction, and 3483 is for music clients.
>
> Jack,
>
> This doesn't tell me which ports I need to open incoming on my firewall.
>

OHHH, I see what your problem is. You're trying to do a firmware update
across a router, which is unsupported and therefore poorly documented.
Why, you might ask? Because of the greatly increased risk of it not
working. Anyway, firmware updates go over port 31337.

Ethereal is your friend. http://ethereal.com/

--
Jack At Monkeynoodle.Org: It's A Scientific Venture...
"Believe what you're told; there'd be chaos if everyone thought for
themselves." -- Top Dog hotdog stand, Berkeley, CA

Robin Bowes
2004-07-16, 09:39
On Fri, July 16, 2004 16:07, Jack Coates said:
>

>> On Fri, July 16, 2004 15:15, Jack Coates said:
>>
>>>
>>
>>>> There is a list of ports used in the user manual (9000, 9090, 3483) but
>>>> this doesn't give any indication of the direction in which the port should
>>>
>>> the server is listening on these three ports. 9000 is the web console, 9090 is for
>>> CLI
>>> interaction, and 3483 is for music clients.
>>
>> Jack,
>>
>>
>> This doesn't tell me which ports I need to open incoming on my firewall.
>>
>>
>
> OHHH, I see what your problem is. You're trying to do a firmware update
> across a router, which is unsupported and therefore poorly documented. Why, you might
> ask? Because of the greatly increased risk of it not working. Anyway, firmware updates
> go over port 31337.
>
> Ethereal is your friend. http://ethereal.com/

This should be documented as it would also fail if I had less relaxed firewall settings on my linux server. In fact, I'm about to replace the existing server with my new 1TB server and will have the firewall switched on so connections will only be allowed on ports 22, 25, and 80. From what you're saying, I also need to open up port 31337 to allow slimserver to connect to the Squeezebox to do firmware updates.

So, to summarise:

Client connects to Server on ports 9000 (http), 9090 (cli), 3483 (music)
Server connects to Client on port 31337 (firmware updates)

Would that be correct?

R.
--
http://robinbowes.com

jacobdp
2004-07-16, 16:25
On Fri, 16 Jul 2004 17:39:22 +0100 (BST), Robin Bowes
<robin-lists (AT) robinbowes (DOT) com> wrote:
> Client connects to Server on ports 9000 (http), 9090 (cli), 3483 (music)
> Server connects to Client on port 31337 (firmware updates)

I would put it as:

Client connects to Server on ports 3483 (control), 9000 (music data)
Server connects to Client on port 31337 (firmware updates)

Port 9090 isn't actually used by the players; it's an alternative to
the HTTP interface for control of SlimServer by other programs.

- Jacob

Jack Coates
2004-07-16, 17:04
> On Fri, July 16, 2004 16:07, Jack Coates said:
....
>
> This should be documented as it would also fail if I had less relaxed
> firewall settings on my linux server. In fact, I'm about to replace the
> existing server with my new 1TB server and will have the firewall switched

who firewalls outbound? Very few indeed, and they should be expected to
know how to use a sniffer and figure out what they broke by doing so.

> on so connections will only be allowed on ports 22, 25, and 80. From what
> you're saying, I also need to open up port 31337 to allow slimserver to
> connect to the Squeezebox to do firmware updates.
>
> So, to summarise:
>
> Client connects to Server on ports 9000 (http), 9090 (cli), 3483 (music)
> Server connects to Client on port 31337 (firmware updates)
>
> Would that be correct?
>
> R.

9000 and 9090 aren't used by the hardware, they're just for web and cli
interface.

--
Jack At Monkeynoodle.Org: It's A Scientific Venture...
"Believe what you're told; there'd be chaos if everyone thought for
themselves." -- Top Dog hotdog stand, Berkeley, CA

Robin Bowes
2004-07-16, 22:48
On Sat, July 17, 2004 1:04, Jack Coates said:
>
> who firewalls outbound? Very few indeed, and they should be expected to know how to use
> a sniffer and figure out what they broke by doing so.

Jack,

It's not outbound that's the problem; it's the incoming connection on port 31337 that would be blocked by the firewall.

>
> 9000 and 9090 aren't used by the hardware, they're just for web and cli
> interface.

OK, how about:

Outgoing:
Playback devices (inc. software players) connect to the Server on port 3483
Clients connect to the server on ports 9000 (http) and 9090 (cli)

Incoming:
Server connects to Squeezebox on port 31337 (firmware updates)

R.
--
http://robinbowes.com

Jack Coates
2004-07-16, 23:16
>
> On Sat, July 17, 2004 1:04, Jack Coates said:
>>
>> who firewalls outbound? Very few indeed, and they should be expected to
>> know how to use
>> a sniffer and figure out what they broke by doing so.
>
> Jack,
>
> It's not outbound that's the problem; it's the incoming connection on port
> 31337 that would be blocked by the firewall.
>

that is true in your situation, but was not true in the hypothetical
situation you mentioned as support for why this should be documented :)

>>
>> 9000 and 9090 aren't used by the hardware, they're just for web and cli
>> interface.
>
> OK, how about:
>
> Outgoing:
> Playback devices (inc. software players) connect to the Server on port
> 3483
> Clients connect to the server on ports 9000 (http) and 9090 (cli)
>
> Incoming:
> Server connects to Squeezebox on port 31337 (firmware updates)
>

right.

--
Jack At Monkeynoodle.Org: It's A Scientific Venture...
"Believe what you're told; there'd be chaos if everyone thought for
themselves." -- Top Dog hotdog stand, Berkeley, CA

dean
2004-07-17, 06:23
On Jul 16, 2004, at 5:04 PM, Jack Coates wrote:
>> Client connects to Server on ports 9000 (http), 9090 (cli), 3483
>> (music)
>> Server connects to Client on port 31337 (firmware updates)
>>
>> Would that be correct?
>>
>> R.
>
> 9000 and 9090 aren't used by the hardware, they're just for web and cli
> interface.
Not quite true. The player connects to port 9000 on the server to
stream audio.

To summarize:

Client connects to server on ports 9000 & 3483.
The server connects to the client on port 31337 to do firmware updates
(up to version 20, after which it uses 3483.)

The server also listens on port 9000 for web interface and 9090 for
command line interface.

Jack Coates
2004-07-17, 07:49
>
> On Jul 16, 2004, at 5:04 PM, Jack Coates wrote:
>>> Client connects to Server on ports 9000 (http), 9090 (cli), 3483
>>> (music)
>>> Server connects to Client on port 31337 (firmware updates)
>>>
>>> Would that be correct?
>>>
>>> R.
>>
>> 9000 and 9090 aren't used by the hardware, they're just for web and cli
>> interface.
> Not quite true. The player connects to port 9000 on the server to
> stream audio.

is that Squeezebox only? I just have a SliMP3.

> To summarize:
>
> Client connects to server on ports 9000 & 3483.
> The server connects to the client on port 31337 to do firmware updates
> (up to version 20, after which it uses 3483.)
>
> The server also listens on port 9000 for web interface and 9090 for
> command line interface.
>
>

Robin Bowes
2004-07-17, 17:16
On Sat, July 17, 2004 14:23, dean blackketter said:
> To summarize:
>
>
> Client connects to server on ports 9000 & 3483.
> The server connects to the client on port 31337 to do firmware updates
> (up to version 20, after which it uses 3483.)
>
>
> The server also listens on port 9000 for web interface and 9090 for
> command line interface.

Dean,

Can you confirm which protocols are used on these ports?

I'm just installing slimserver on a new Fedora Core 2 server with the firewall enabled so I need to explicitly enable all ports and protocols that I want to use to connect to the server.

For example, before altering anything for slimserver the configuration was this:

# Configuration file for system-config-securitylevel

--enabled
--port=443:tcp
--port=22:tcp
--port=25:tcp
--port=80:tcp

I've modified it to read:

# Configuration file for system-config-securitylevel

--enabled
--port=443:tcp
--port=3483:tcp
--port=9000:tcp
--port=9090:tcp
--port=22:tcp
--port=25:tcp
--port=80:tcp


I'm wondering if any of the slimserver ports need to be UDP as well as / instead of tcp?

R.
--
http://robinbowes.com