Home of the Squeezebox™ & Transporter® network music players.
Page 10 of 13 FirstFirst ... 89101112 ... LastLast
Results 91 to 100 of 129
  1. #91
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,985

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > mea culpa i just forget the NAT/Routing Mode from some devices....
    >
    > There is the transparent Mode and the NAT/Routing Mode thats the one
    > Michael is using. That Mode really translates the external IP from
    > sender/receiver to the router.....


    Oh, good point. Thanks for the hint. I did have a check for non-local
    addresses in that code at some point. Should have left it in.

    --

    Michael

  2. #92
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,985

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > I therefore surmise that the SSH server is sending from the music
    > server's own IP address to the same address.


    Hmm... it depends on how your tool is setting up the tunnel. But when I
    ssh into my box and forward requests to the internal IP of the LMS
    machine, then LMS does see the IP address of the SSH server. If that was
    the router itself (which I doubt), then LMS would see the gateway
    address. If the router forwarded SSH to some other box, then LMS would
    see that other box' IP address.

    --

    Michael

  3. #93
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,703
    Quote Originally Posted by mherger View Post
    > I therefore surmise that the SSH server is sending from the music
    > server's own IP address to the same address.


    Hmm... it depends on how your tool is setting up the tunnel. But when I
    ssh into my box and forward requests to the internal IP of the LMS
    machine, then LMS does see the IP address of the SSH server. If that was
    the router itself (which I doubt), then LMS would see the gateway
    address. If the router forwarded SSH to some other box, then LMS would
    see that other box' IP address.

    --

    Michael
    My router is forwarding all incoming on port 22 to the music server where there is an SSH server, so that matches what you say.
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  4. #94
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,985

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > mea culpa i just forget the NAT/Routing Mode from some devices....
    >
    > There is the transparent Mode and the NAT/Routing Mode thats the one
    > Michael is using. That Mode really translates the external IP from
    > sender/receiver to the router.....


    Both modes now should be covered.

    --

    Michael

  5. #95
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    905
    I have not updated my LMS yet but I thought I'd try connecting via a VPN to see what happens.
    I installed OpenVPN on a Pi (not the one running LMS) and used port forwarding on intermediate routers to get the traffic from an iOS device using iPeng through the VPN server to the LMS server ... and it worked.
    LMS logs show that it saw the IP address of the connection as being the VPN server.
    So I think that when I update LMS this will still work without me needing to set a password on LMS.

    I know that my LMS is not reachable from outside except through this VPN so this is good for me.
    Paul Webster
    http://dabdig.blogspot.com
    Author Radio France (FIP etc) plugin

  6. #96
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,703
    Notwithstanding the recent LMS security improvements, I assume that explicitly specifying each of the local IP addresses that might use LMS in the 'Allowed' list, and not including the router, will achieve much the same effect, so I don't need to use the CLI password. If an SSH or VPN server is on the home network that could be explicitly included or excluded as required.
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  7. #97
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,703
    Quote Originally Posted by DJanGo View Post
    Hi,

    sounds like a "clever" idea but....

    1)
    Who should change that setting?

    The Installer/updater on a clean install -> yes
    The Installer/updater on a update install -> ????
    The Installer/updater on a update install where allowedHosts: 127.*, not in the Server.prefs-> yes

    2)
    Remember the guys we are talking about are "clever" - when Michael changes these settings for them -> They cant use lms from outside (and these clever guys are stupid enough to change that setting back to something they think of)

    IMHO Michael had the "better" Idea with "lms is available from everywhere but the settings are only from internal except Gateway....
    I'm not trying to be clever or better, just trying to understand my options. I'm the only (valid) user. Why would I need to change a setting on an update?

    I don't really understand what or who you mean about the "clever" guys (and presumably gals) and Michael changing settings for them, but it doesn't matter.
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  8. #98
    Senior Member
    Join Date
    Feb 2011
    Location
    Cheshire, UK
    Posts
    3,018
    Quote Originally Posted by mherger View Post
    > This unfortunately might be a very common problem as a VPN server is
    > often the GW (Mine is both, IPSEC and SSL)


    I doubt it'll be anywhere near "common". Please let me know if it causes
    you a problem.

    --

    Michael
    My gateway is also my VPN server. It may be more common than you think.
    VB2.4 storage QNAP TS419p (NFS)
    Living Room - Joggler & SB3 -> Onkyo TS606 -> Celestion F20s
    Office - Pi3+Sreen -> Sony TAFE320 -> Celestion F10s / Pi2+DAC & SB3 -> Onkyo CRN755 -> Wharfedale Modus Cubes
    Dining Room -> SB Boom
    Kitchen -> UE Radio (upgraded to SB Radio)
    Bedroom (Bedside) - Pi2+DAC ->ToppingTP21 ->AKG Headphones
    Bedroom (TV) - SB Touch ->Sherwood AVR ->Mordaunt Short M10s
    Everything controlled by iPeng

  9. #99
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,985

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > My gateway is also my VPN server. It may be more common than you think.

    Are you saying you're facing any issue due to these recent changes?

    I said it wasn't common because I doubt there are many LMS users using a
    VPN. That simple. And in a VPN situation you would dial in to the
    router, but AFAIK the client would receive its own IP address from
    through the VPN. In that case LMS would not see the gateway's address
    but the one of the remote client.

    --

    Michael

  10. #100
    Senior Member Jeff07971's Avatar
    Join Date
    Aug 2011
    Location
    London, England
    Posts
    1,034
    Quote Originally Posted by mherger View Post
    > My gateway is also my VPN server. It may be more common than you think.

    Are you saying you're facing any issue due to these recent changes?

    I said it wasn't common because I doubt there are many LMS users using a
    VPN. That simple. And in a VPN situation you would dial in to the
    router, but AFAIK the client would receive its own IP address from
    through the VPN. In that case LMS would not see the gateway's address
    but the one of the remote client.

    --

    Michael

    I don't think d6jg will have a problem, I think he uses the same system as I.
    I tried accessing via both IPSEC and SSL (To iPhone with iPeng ) and had no problems playing etc though I have not tried "settings"
    I could not work out how to see the accessing IP in the log ( I tried Plugin:cli @ info level logging ) though.

    Jeff
    Players: SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer x3,Wandboard
    Server: LMS Version: Latest Nightly on Centos 7 VM on ESXi 6.5.0U1 on Dell T320
    Plugins: AutoRescan/BBCiPlayer/PowerSave/PowerSwitchIII/Squeezecloud/Spotty/Player Groups
    Remotes: iPeng9/Orangesqueeze/PC/Jivelite/SqueezeLiteX
    Music: 522GB,1660 albums with 23087 songs by 5204 artists mostly FLACs

    Want a webapp ? See http://forums.slimdevices.com/showth...Webapp-for-LMS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •