Hello
I've upgraded my LMS, running on an Ubuntu Server, to v7.9.1 build 1516346293
And I have a new issue when tying to access to settings using an internet connection (no problem when browsing on my local network)
192.168.0.254 is the IP address of my router on the local networkCode:Slim::Web::HTTP::generateHTTPResponse (975) Access to settings pages is restricted to the local network or localhost: 192.168.0.254 -> settings/index.html
Is it a new function of LMS?
Is it possible, using a setting, to allow or not to use setting as yesterday?
Thanks
Pierre
Results 1 to 10 of 17
-
2018-01-21, 10:21 #1
Access to settings pages is now restricted?
Pierre (Grenoble - France)
2 Squeezebox Touch (main HIFI system & headphone) + 1 Squeezebox Duet (kitchen HIFI system) + 3 Squeezebox Radio
Ubuntu server with LMS 7.9
-
2018-01-21, 11:20 #2
Access to settings pages is now restricted?
> Code:
> --------------------
> Slim::Web::HTTP::generateHTTPResponse (975) Access to settings pages is restricted to the local network or localhost: 192.168.0.254 -> settings/index.html
> --------------------
>
> 192.168.0.254 is the IP address of my router on the local network
>
> Is it a new function of LMS?
Yes, it's a new feature. Can you tell us more about your system?
- on what system is your LMS running?
- what's your LMS' IP address?
- how do you get access to your network from the outside? SSH tunnel?
VPN? Or did you simply port forward your LMS to the internet?
--
Michael
-
2018-01-21, 16:04 #3
Hi Michael
- LMS is running on Ubuntu Server
- IP @ of LMS server is 192.168.0.1
- I forward my LMS 9000 port to the internet ... of course using a non standard port (differs from 9000)
But this new feature is a good thing: in the pass I had attacks on my LMS server (before I changed the port)... just stupid guys that changed the skin and some basic settings
PierreLast edited by ltsv38; 2018-01-21 at 16:11.
Pierre (Grenoble - France)
2 Squeezebox Touch (main HIFI system & headphone) + 1 Squeezebox Duet (kitchen HIFI system) + 3 Squeezebox Radio
Ubuntu server with LMS 7.9
-
2018-01-22, 07:56 #4
Access to settings pages is now restricted?
> - LMS is running on Ubuntu Server
> - IP @ of LMS server is 192.168.0.1
> - I forward my LMS 9000 port to the internet ... of course using a non
> standard port (differs from 9000)
Ok, a perfect test for the new code :-). Yes, that way the settings are
no longer accessible from the internet. And the most important aspect of
this feature is that it lets us tell you that you should must not port
forward LMS. It's dangerous. Just don't. Not even on a non-standard port.
--
Michael
-
2018-09-04, 04:28 #5
- Join Date
- Sep 2018
- Posts
- 2
Hi,
I upgraded to 7.9.2-0.1.1535981655 and I can't access settings page from local net anymore.
LMS is running on Fedora 27 with 2 NICs: Internet (dhcp) and local network (192.168.147.1). When I tried to access settings from 192.168.147.2:
Code:[18-09-04 10:22:41.2305] Slim::Web::HTTP::generateHTTPResponse (991) Access to settings pages is restricted to the local network or localhost: 192.168.147.2 -> 84.251.xx.xxx (settings/server/basic.html)
Code:[root@gw ~]# netstat -an | grep 9000 tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN
-
2018-09-04, 07:49 #6
-
2018-09-05, 22:17 #7
- Join Date
- Sep 2018
- Posts
- 2
Thanks Michael, that worked!
I tried earlier to add httpaddr to /etc/squeezeboxserver/server.conf but that didn't help.
BR
--
Wille
-
2018-10-26, 12:16 #8
- Join Date
- Oct 2018
- Posts
- 6
Hmmm really, and on Ubuntu?
Hi thanks for the tip, but this file and nothign like it exists on my Ubuntu.
If I look at the server process then I see it is using a file /var/lib/squeezeboxserver/prefs/server.prefs.
In here I find
allowedHosts: x.x.x.x
and just below
bindAddress: 127.0.0.1
In this file after install there is a direct reference to my public IP interface. (allowedHosts: <mypublicaddress>). This is hardcoded when the package gets installed. NICE! Thank God for iptables!
If you try and change this, and restart the server it simply ignores the change. The bind setting on the other hand....if I try changing to any local interface address the server refuses to start.
So finally the only way I could get this to work was to also dodging a setting for allowedHosts to 127.0.0.1. But the only way I could make this change and get the server to start was to de-install and purge the deb package. Unplug the public interface, install the package without the Internet connection active and then the loopback address was written into the prefs file and the server started.
What the hell is that all about?
Some feature! Inverted security.
-
2018-10-27, 05:24 #9
- Join Date
- Sep 2005
- Posts
- 2,853
Hi,
please calm down and take a look at this
after that just make sure:
Code:grep ^allowed /var/lib/squeezeboxserver/prefs/server.prefs allowedHosts: 192.168.199.*
Code:/etc/default/logitechmediaserver
-
2018-10-27, 10:01 #10
- Join Date
- Sep 2005
- Posts
- 2,853
Hi again,
Code:cat /etc/debian_version buster/sid
Code:grep ^bind /var/lib/squeezeboxserver/prefs/server.prefs bindAddress: 127.0.0.1
Code:service logitechmediaserver stop
Code:sed -i 's|bindAddress: 127.0.0.1|bindAddress: 192.168.199.11|g' /var/lib/squeezeboxserver/prefs/server.prefs
Code:grep ^bind /var/lib/squeezeboxserver/prefs/server.prefs bindAddress: 192.168.199.11
Code:service logitechmediaserver start
Code:tail /var/log/squeezeboxserver/server.log 2018-10-27 18:55:22 squeezeboxserver_safe stopped. 2018-10-27 18:58:09 squeezeboxserver_safe started. [18-10-27 18:58:10.0442] main::init (387) Starting Logitech Media Server (v7.9.2, 1539967036, Fri Oct 19 19:15:30 CEST 2018) perl 5.026001 - x86_64-linux-gnu-thread-multi
What the hell is that all about?