Home of the Squeezebox™ & Transporter® network music players.
Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member ltsv38's Avatar
    Join Date
    Jul 2008
    Location
    Grenoble - France
    Posts
    88

    Access to settings pages is now restricted?

    Hello

    I've upgraded my LMS, running on an Ubuntu Server, to v7.9.1 build 1516346293
    And I have a new issue when tying to access to settings using an internet connection (no problem when browsing on my local network)
    Code:
    Slim::Web::HTTP::generateHTTPResponse (975) Access to settings pages is restricted to the local network or localhost: 192.168.0.254 -> settings/index.html
    192.168.0.254 is the IP address of my router on the local network

    Is it a new function of LMS?
    Is it possible, using a setting, to allow or not to use setting as yesterday?

    Thanks
    Pierre
    Pierre (Grenoble - France)
    2 Squeezebox Touch (main HIFI system & headphone) + 1 Squeezebox Duet (kitchen HIFI system) + 3 Squeezebox Radio
    Ubuntu server with LMS 7.9

  2. #2
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    20,311

    Access to settings pages is now restricted?

    > Code:
    > --------------------
    > Slim::Web::HTTP::generateHTTPResponse (975) Access to settings pages is restricted to the local network or localhost: 192.168.0.254 -> settings/index.html
    > --------------------
    >
    > 192.168.0.254 is the IP address of my router on the local network
    >
    > Is it a new function of LMS?


    Yes, it's a new feature. Can you tell us more about your system?

    - on what system is your LMS running?
    - what's your LMS' IP address?
    - how do you get access to your network from the outside? SSH tunnel?
    VPN? Or did you simply port forward your LMS to the internet?

    --

    Michael

  3. #3
    Member ltsv38's Avatar
    Join Date
    Jul 2008
    Location
    Grenoble - France
    Posts
    88
    Quote Originally Posted by mherger View Post
    > Code:[color=blue]
    Can you tell us more about your system?
    - on what system is your LMS running?
    - what's your LMS' IP address?
    - how do you get access to your network from the outside? SSH tunnel?
    VPN? Or did you simply port forward your LMS to the internet?
    Michael
    Hi Michael
    - LMS is running on Ubuntu Server
    - IP @ of LMS server is 192.168.0.1
    - I forward my LMS 9000 port to the internet ... of course using a non standard port (differs from 9000)

    But this new feature is a good thing: in the pass I had attacks on my LMS server (before I changed the port)... just stupid guys that changed the skin and some basic settings

    Pierre
    Last edited by ltsv38; 2018-01-21 at 16:11.
    Pierre (Grenoble - France)
    2 Squeezebox Touch (main HIFI system & headphone) + 1 Squeezebox Duet (kitchen HIFI system) + 3 Squeezebox Radio
    Ubuntu server with LMS 7.9

  4. #4
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    20,311

    Access to settings pages is now restricted?

    > - LMS is running on Ubuntu Server
    > - IP @ of LMS server is 192.168.0.1
    > - I forward my LMS 9000 port to the internet ... of course using a non
    > standard port (differs from 9000)


    Ok, a perfect test for the new code :-). Yes, that way the settings are
    no longer accessible from the internet. And the most important aspect of
    this feature is that it lets us tell you that you should must not port
    forward LMS. It's dangerous. Just don't. Not even on a non-standard port.

    --

    Michael

  5. #5
    Junior Member
    Join Date
    Sep 2018
    Posts
    2
    Quote Originally Posted by mherger View Post
    > Code:
    > --------------------
    > Slim::Web::HTTP::generateHTTPResponse (975) Access to settings pages is restricted to the local network or localhost: 192.168.0.254 -> settings/index.html
    > --------------------
    >
    > 192.168.0.254 is the IP address of my router on the local network
    >
    > Is it a new function of LMS?


    Yes, it's a new feature. Can you tell us more about your system?

    - on what system is your LMS running?
    - what's your LMS' IP address?
    - how do you get access to your network from the outside? SSH tunnel?
    VPN? Or did you simply port forward your LMS to the internet?

    --

    Michael
    Hi,

    I upgraded to 7.9.2-0.1.1535981655 and I can't access settings page from local net anymore.
    LMS is running on Fedora 27 with 2 NICs: Internet (dhcp) and local network (192.168.147.1). When I tried to access settings from 192.168.147.2:

    Code:
    [18-09-04 10:22:41.2305] Slim::Web::HTTP::generateHTTPResponse (991) Access to settings pages is restricted to the local network or localhost: 192.168.147.2 -> 84.251.xx.xxx (settings/server/basic.html)
    LMS seems to listen all interfaces:
    Code:
    [root@gw ~]# netstat -an | grep 9000
    tcp        0      0 0.0.0.0:9000            0.0.0.0:*               LISTEN
    Is there settings to bind LMS to specific IP/interface only?

  6. #6
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    20,311
    Quote Originally Posted by WilbertS View Post
    Is there settings to bind LMS to specific IP/interface only?
    Use the --httpaddr startup parameter (most likely in /etc/sysconfig/squeezeboxserver)
    Michael

    http://www.herger.net/slim-plugins - Spotty, MusicArtistInfo

  7. #7
    Junior Member
    Join Date
    Sep 2018
    Posts
    2
    Thanks Michael, that worked!

    I tried earlier to add httpaddr to /etc/squeezeboxserver/server.conf but that didn't help.

    BR
    --
    Wille

  8. #8
    Junior Member
    Join Date
    Oct 2018
    Posts
    6

    Hmmm really, and on Ubuntu?

    Quote Originally Posted by mherger View Post
    Use the --httpaddr startup parameter (most likely in /etc/sysconfig/squeezeboxserver)
    Hi thanks for the tip, but this file and nothign like it exists on my Ubuntu.

    If I look at the server process then I see it is using a file /var/lib/squeezeboxserver/prefs/server.prefs.

    In here I find

    allowedHosts: x.x.x.x

    and just below

    bindAddress: 127.0.0.1

    In this file after install there is a direct reference to my public IP interface. (allowedHosts: <mypublicaddress>). This is hardcoded when the package gets installed. NICE! Thank God for iptables!

    If you try and change this, and restart the server it simply ignores the change. The bind setting on the other hand....if I try changing to any local interface address the server refuses to start.

    So finally the only way I could get this to work was to also dodging a setting for allowedHosts to 127.0.0.1. But the only way I could make this change and get the server to start was to de-install and purge the deb package. Unplug the public interface, install the package without the Internet connection active and then the loopback address was written into the prefs file and the server started.

    What the hell is that all about?

    Some feature! Inverted security.

  9. #9
    Senior Member
    Join Date
    Sep 2005
    Posts
    2,845
    Hi,

    Quote Originally Posted by aidy_w View Post
    Hi thanks for the tip, but this file and nothign like it exists on my Ubuntu.

    If I look at the server process then I see it is using a file /var/lib/squeezeboxserver/prefs/server.prefs.

    In here I find

    allowedHosts: x.x.x.x

    Some feature! Inverted security.
    please calm down and take a look at this

    after that just make sure:
    Code:
    grep ^allowed /var/lib/squeezeboxserver/prefs/server.prefs
    allowedHosts: 192.168.199.*
    If you take a look in your init.script -> the file for the startup paramaters in debian/ubuntu is this one
    Code:
     /etc/default/logitechmediaserver

  10. #10
    Senior Member
    Join Date
    Sep 2005
    Posts
    2,845
    Quote Originally Posted by aidy_w View Post
    So finally the only way I could get this to work was to also dodging a setting for allowedHosts to 127.0.0.1. But the only way I could make this change and get the server to start was to de-install and purge the deb package. Unplug the public interface, install the package without the Internet connection active and then the loopback address was written into the prefs file and the server started.

    What the hell is that all about?

    Some feature! Inverted security.
    Hi again,
    Code:
    cat /etc/debian_version
    buster/sid
    Code:
     grep ^bind /var/lib/squeezeboxserver/prefs/server.prefs
    bindAddress: 127.0.0.1
    Code:
    service logitechmediaserver stop
    Code:
    sed -i 's|bindAddress: 127.0.0.1|bindAddress: 192.168.199.11|g' /var/lib/squeezeboxserver/prefs/server.prefs
    Code:
    grep ^bind /var/lib/squeezeboxserver/prefs/server.prefs
    bindAddress: 192.168.199.11
    Code:
    service logitechmediaserver start
    Code:
    tail /var/log/squeezeboxserver/server.log
    2018-10-27 18:55:22 squeezeboxserver_safe stopped.
    2018-10-27 18:58:09 squeezeboxserver_safe started.
    [18-10-27 18:58:10.0442] main::init (387) Starting Logitech Media Server (v7.9.2, 1539967036, Fri Oct 19 19:15:30 CEST 2018) perl 5.026001 - x86_64-linux-gnu-thread-multi
    What the hell is that all about?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •