Home of the Squeezebox™ & Transporter® network music players.
Page 255 of 284 FirstFirst ... 155205245253254255256257265 ... LastLast
Results 2,541 to 2,550 of 2836
  1. #2541
    Senior Member
    Join Date
    May 2006
    Location
    Silicon Valley
    Posts
    581
    Quote Originally Posted by PasTim View Post
    Ron F. I tried this.
    I removed my over-generous 30000:60000 port range access from a UPnP device.
    I installed ipset, and entered the 3 commands (under sudo) exactly as in the article, ie:
    Code:
    sudo ipset create upnp hash:ip,port timeout 3
    sudo iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
    sudo iptables -A INPUT -p udp -m set --match-set upnp dst,dst -j ACCEPT
    My server sends broadcasts from its IP, a port like 53067 (for instance) to 239.255.255.250 port 1900.

    However, the responses from a UPnP device, port 1900, to my server IP, matching port 53067 (for instance), are blocked. When I quickly look at
    Code:
    sudo ipset list upnp
    I see no entries (which I assumed were going to be transiently created by the 1st iptables command)

    I have to admit that every time I look at a ufw log I seem to find different things going on, so I can't be sure that the above is consistent.

    Have you tried?
    Hi PasTim,

    I have been playing with this and I cannot get it to work either. I increased the ipset timeout to 60 seconds, in case I was missing the creation of any temporary rules, and I have concluded that they are just not being created. I guess I have to do a lot more reading about how ipset works. I see the two rules that were added to iptables, according to the directions - and they look correct, but the setup is not working.

    Additionally, I see using Wireshark, that BubbpleUPnP sends a bunch of SSDP Notify messages to port 1900, without being prompted, when it starts up. I have port 1900 open on my server, but the UPnPBridge plugin does not appear to see them. It periodically sends out a SSDP M-Search broadcast, not aware that a bunch of Notify packets had been received on port 1900.

    Amusingly, psad is now telling me that my phone, running BubbleUPnP, because of all the port knocking going on during my testing, is potentially trying to hack into my server!
    Living Room: SB Touch + DIY PSU > CI Audio VDA.2 DAC + VAC.1 PSU > VRX.1 cables > Emotiva XSP-1 Gen 2 preamp + XPA-DR2 amp > Blue Jeans cables > B&W 804 speakers
    Laptop: System76 Galago + Ubuntu 16.04 + Squeezelite + Vivaldi/Material Skin > Emotiva Little Ego DAC > Grado PS500 headphones
    Phone: Pixel 3a Phone + SB Player + Material web app > Bluetooth > Bose SoundLink Revolve
    Server: Puget Systems Serenity + Ubuntu 18.04 + LMS 8.0
    Music: Personal FLAC, Radio Paradise FLAC, Qobuz, Spotify

  2. #2542
    Senior Member
    Join Date
    May 2006
    Location
    Silicon Valley
    Posts
    581
    Quote Originally Posted by Ron F. View Post
    Hi PasTim,

    I have been playing with this and I cannot get it to work either. I increased the ipset timeout to 60 seconds, in case I was missing the creation of any temporary rules, and I have concluded that they are just not being created. I guess I have to do a lot more reading about how ipset works. I see the two rules that were added to iptables, according to the directions - and they look correct, but the setup is not working.

    Additionally, I see using Wireshark, that BubbpleUPnP sends a bunch of SSDP Notify messages to port 1900, without being prompted, when it starts up. I have port 1900 open on my server, but the UPnPBridge plugin does not appear to see them. It periodically sends out a SSDP M-Search broadcast, not aware that a bunch of Notify packets had been received on port 1900.

    Amusingly, psad is now telling me that my phone, running BubbleUPnP, because of all the port knocking going on during my testing, is potentially trying to hack into my server!
    I guess "temporary" rules are not going to be created; we simply have the two rules we added to iptables. I think what we need to figure out is which one failed, the OUTPUT, or the INPUT?
    Living Room: SB Touch + DIY PSU > CI Audio VDA.2 DAC + VAC.1 PSU > VRX.1 cables > Emotiva XSP-1 Gen 2 preamp + XPA-DR2 amp > Blue Jeans cables > B&W 804 speakers
    Laptop: System76 Galago + Ubuntu 16.04 + Squeezelite + Vivaldi/Material Skin > Emotiva Little Ego DAC > Grado PS500 headphones
    Phone: Pixel 3a Phone + SB Player + Material web app > Bluetooth > Bose SoundLink Revolve
    Server: Puget Systems Serenity + Ubuntu 18.04 + LMS 8.0
    Music: Personal FLAC, Radio Paradise FLAC, Qobuz, Spotify

  3. #2543
    Senior Member
    Join Date
    May 2006
    Location
    Silicon Valley
    Posts
    581
    Quote Originally Posted by Ron F. View Post
    I guess "temporary" rules are not going to be created; we simply have the two rules we added to iptables. I think what we need to figure out is which one failed, the OUTPUT, or the INPUT?
    Hi PasTim,

    Part of my problem, is that iptables has to be set up to use ipset. I found this article: https://www.linuxjournal.com/content...urations-ipset

    In a nutshell, we have to install a module for iptables, so that it can use sets created by using ipset:
    sudo apt install xtables-addons-source
    sudo module-assistant auto-install xtables-addons

    OK - great. It still doesn't work. I must be getting closer to properly locking down the use of SSDP Discovery however. I don't know. Something else is still missing.
    Living Room: SB Touch + DIY PSU > CI Audio VDA.2 DAC + VAC.1 PSU > VRX.1 cables > Emotiva XSP-1 Gen 2 preamp + XPA-DR2 amp > Blue Jeans cables > B&W 804 speakers
    Laptop: System76 Galago + Ubuntu 16.04 + Squeezelite + Vivaldi/Material Skin > Emotiva Little Ego DAC > Grado PS500 headphones
    Phone: Pixel 3a Phone + SB Player + Material web app > Bluetooth > Bose SoundLink Revolve
    Server: Puget Systems Serenity + Ubuntu 18.04 + LMS 8.0
    Music: Personal FLAC, Radio Paradise FLAC, Qobuz, Spotify

  4. #2544
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    3,048
    Quote Originally Posted by Ron F. View Post
    Hi PasTim,

    Part of my problem, is that iptables has to be set up to use ipset. I found this article: https://www.linuxjournal.com/content...urations-ipset

    In a nutshell, we have to install a module for iptables, so that it can use sets created by using ipset:
    sudo apt install xtables-addons-source
    sudo module-assistant auto-install xtables-addons

    OK - great. It still doesn't work. I must be getting closer to properly locking down the use of SSDP Discovery however. I don't know. Something else is still missing.
    I'll try that.

    Before doing so I did have some success last night by inserting the new OUTPUT rule to be rule no 1. My UPnP device was then discovered, and seemed to play but with no sound. The other weird effect was that I got no UFW logs. I think there's some interaction between the ufw entries for INPUT and OUTPUT and the new entries. I may have even less hair soon.

    I also note that the ipset rule disappears on a reboot. Maybe it needs to be saved, or added each boot - I'm not sure.

    To see if anything was happening I used:
    Code:
    sudo ipset list upnp
    sudo watch --interval=5 'iptables -nvL | grep -v "0     0"'
    The first showed me some entries created when I had the OUTPUT rule as number 1, and the 2nd showed some real time firewall counters.

    I just tried installing xtables-addons-source, and I get:
    Code:
    Error in `/usr/share/doc-base/netfilter-hacking', line 9: all `Format' sections are invalid.
    Error in `/usr/share/doc-base/netfilter-extensions', line 9: all `Format' sections are invalid.
    Only documentation, so I guess it's no problem. I'm not sure why I need the source of the addons anyway, but I'm none too keen on a module called ...-hacking.

    On running the 2nd command I see there's a dkms module. There were a couple of errors on the initial install of xtables-addons-modules, and I'm not sure if that means I have to re-add it each time I get a kernel update, but it then says that the DKMS modules "exactly matches what is already found in kernel 4.15.0-58-generic" so maybe that's all unnecessary.
    LMS 7.9.3 on PC, Xubuntu 18.04, FLACs 16->24 bit, 44.1->192kbps. 2 Touchs & EDO.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Also Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 18.04 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  5. #2545
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    3,048
    Quote Originally Posted by Ron F. View Post
    Hi PasTim,

    Part of my problem, is that iptables has to be set up to use ipset. I found this article: https://www.linuxjournal.com/content...urations-ipset

    In a nutshell, we have to install a module for iptables, so that it can use sets created by using ipset:
    sudo apt install xtables-addons-source
    sudo module-assistant auto-install xtables-addons

    OK - great. It still doesn't work. I must be getting closer to properly locking down the use of SSDP Discovery however. I don't know. Something else is still missing.
    I got it working, but quite a lot of effort and googling was needed. I'm not sure this is really the thread for the details of this. I could PM you if you wish. Briefly:
    - sudo install ipset xtables-addons-source iptables-persistent netfilter-persistent
    - sudo module-assistant auto-install xtables-addons
    - create a service for ipset so as to be able to makes the settings persistent - see https://selivan.github.io/2018/07/27...stent-and.html , and enable the service
    - add firewall rules (I use gufw) for ports 49152:49158 tcp for my network (nnn.nnn.nnn.0/24) (a range - I need several for my different upnp services) - these are needed to play music (not to detect players)
    - sudo ipset create upnp hash:ip,port timeout 3
    - sudo ipset save > /etc/iptables/ipset (but I had to list the rule and edit it manually)

    Then, on my ubuntu 18.04 system (but others may be different)
    - sudo iptables -I OUTPUT 4 -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
    - sudo iptables -I INPUT 4 -p udp -m set --match-set upnp dst,dst -j ACCEPT

    I used rule 4, this is between ufw rules on OUTPUT and INPUT that seemed appropriate (using sudo iptables -L OUTPUT and so on). Using -A did not work for me.
    Once all working save iptables to be persistent over reboots:
    - sudo netfilter-persistent save

    I thinks that's it, but I may have missed something. Whether the firewall still works properly for everything else I still need to double-check.
    LMS 7.9.3 on PC, Xubuntu 18.04, FLACs 16->24 bit, 44.1->192kbps. 2 Touchs & EDO.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Also Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 18.04 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  6. #2546
    Senior Member
    Join Date
    May 2006
    Location
    Silicon Valley
    Posts
    581

    It works!

    Quote Originally Posted by PasTim View Post
    I got it working, but quite a lot of effort and googling was needed. I'm not sure this is really the thread for the details of this. I could PM you if you wish. Briefly:
    - sudo install ipset xtables-addons-source iptables-persistent netfilter-persistent
    - sudo module-assistant auto-install xtables-addons
    - create a service for ipset so as to be able to makes the settings persistent - see https://selivan.github.io/2018/07/27...stent-and.html , and enable the service
    - add firewall rules (I use gufw) for ports 49152:49158 tcp for my network (nnn.nnn.nnn.0/24) (a range - I need several for my different upnp services) - these are needed to play music (not to detect players)
    - sudo ipset create upnp hash:ip,port timeout 3
    - sudo ipset save > /etc/iptables/ipset (but I had to list the rule and edit it manually)

    Then, on my ubuntu 18.04 system (but others may be different)
    - sudo iptables -I OUTPUT 4 -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
    - sudo iptables -I INPUT 4 -p udp -m set --match-set upnp dst,dst -j ACCEPT

    I used rule 4, this is between ufw rules on OUTPUT and INPUT that seemed appropriate (using sudo iptables -L OUTPUT and so on). Using -A did not work for me.
    Once all working save iptables to be persistent over reboots:
    - sudo netfilter-persistent save

    I thinks that's it, but I may have missed something. Whether the firewall still works properly for everything else I still need to double-check.
    PasTim ... You are the man! The key was moving the OUTPUT rule to position #4. No question; there is an interaction/conflict between the rules ufw had originally created, and these new rules for temporarily allowing UPnP SSDP Notify messages to get back in during device discovery.
    Living Room: SB Touch + DIY PSU > CI Audio VDA.2 DAC + VAC.1 PSU > VRX.1 cables > Emotiva XSP-1 Gen 2 preamp + XPA-DR2 amp > Blue Jeans cables > B&W 804 speakers
    Laptop: System76 Galago + Ubuntu 16.04 + Squeezelite + Vivaldi/Material Skin > Emotiva Little Ego DAC > Grado PS500 headphones
    Phone: Pixel 3a Phone + SB Player + Material web app > Bluetooth > Bose SoundLink Revolve
    Server: Puget Systems Serenity + Ubuntu 18.04 + LMS 8.0
    Music: Personal FLAC, Radio Paradise FLAC, Qobuz, Spotify

  7. #2547
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    3,048
    Quote Originally Posted by Ron F. View Post
    PasTim ... You are the man! The key was moving the OUTPUT rule to position #4. No question; there is an interaction/conflict between the rules ufw had originally created, and these new rules for temporarily allowing UPnP SSDP Notify messages to get back in during device discovery.
    Thanks. I don't know why the OUTPUT rule at position 1 stops ufw logging - somehow the other ufw rules don't get fully processed. Anyhow, it's working for me now, and I am still seeing unwanted input getting blocked, so the other input rules still work. I think the need for other 4915n ports is due to have a couple of other servers on my music server (minimserver and minidlna), so 49152 isn't enough for me.
    LMS 7.9.3 on PC, Xubuntu 18.04, FLACs 16->24 bit, 44.1->192kbps. 2 Touchs & EDO.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Also Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 18.04 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  8. #2548
    Senior Member
    Join Date
    May 2008
    Location
    Canada
    Posts
    5,818
    Quote Originally Posted by PasTim View Post
    Thanks. I don't know why the OUTPUT rule at position 1 stops ufw logging - somehow the other ufw rules don't get fully processed. Anyhow, it's working for me now, and I am still seeing unwanted input getting blocked, so the other input rules still work. I think the need for other 4915n ports is due to have a couple of other servers on my music server (minimserver and minidlna), so 49152 isn't enough for me.
    I'm trying up to 32 ports from 49152

    With all these efforts you've made, maybe it would be worth an entry in the user guide + a note on the 1st post of this thread?
    LMS 7.7, 7.8 and 7.9 - 5xRadio, 3xBoom, 4xDuet, 1xTouch, 1 SB2. Sonos PLAY:3, PLAY:5, Marantz NR1603, JBL OnBeat, XBoxOne, XBMC, Foobar2000, ShairPortW, JRiver 21, 2xChromecast Audio, Chromecast v1 and v2, , Pi B3, B2, Pi B+, 2xPi A+, Odroid-C1, Odroid-C2, Cubie2, Yamaha WX-010, AppleTV 4, Airport Express, GGMM E5

  9. #2549
    Senior Member
    Join Date
    Feb 2008
    Posts
    5,037

    Yamaha XD-010 and bluetooth

    I've run into a strange problem.

    I've set up a Yamaha WX-010 to use the bridge. The Yamaha can be set to forward the output via bluetooth. I'm streaming SWR 1 - a 128 kbs mp3 stream. This works fine using a Creative WP-350 headset. However if I use a Sennheiser headset the mp3 stream stops audio, but counter shows as playing.

    So, I tried the transcode options - these work and the stream audio plays okay except for a microsecond blip every few minutes which I can detect on the Sennheiser.

    As far as I can tell this only happens with SWR and NDR streams.

    Very strange. I'll try another headset brand (B&O) and report back.

    update: tried the B&O - same audio problem with no transcode. PCM sorts the issue.
    Last edited by castalla; 2019-08-23 at 03:43.
    LMS server: O2 Joggler with Jivelite, Pi Zero W with PcP 6.0

    Amp: Denon PMA-50

    Players/Speakers: Touch, Logitech Radios, Sonos Play 1s & Beam, Libratone Zipp, GGMM E2 & E3, Yamaha WXAD-010, Loewe Airspeaker, Google Chromecast Audio, Home Mini & Nest Hub, Amazon Echo 2,3 and Show5, Pioneer WX-SMA1, Roberts S1, O2 Joggler, Cisco Joggler, Fiio M6, Avantree Priva BT transmitter



    ------------------------------------------------------------------------------------

  10. #2550
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    3,048
    Quote Originally Posted by philippe_44 View Post
    I'm trying up to 32 ports from 49152

    With all these efforts you've made, maybe it would be worth an entry in the user guide + a note on the 1st post of this thread?
    Thanks. It's really down to Ron F. for finding this in the first place.

    I'll have a think. I have a couple of details I want to look at further. I also don't know how applicable this solution is to other linux platforms, let alone Windoze.
    LMS 7.9.3 on PC, Xubuntu 18.04, FLACs 16->24 bit, 44.1->192kbps. 2 Touchs & EDO.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Also Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 18.04 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •