FireFly Media Server › Firefly Media Server Forums › Firefly Media Server › Setup Issues › DAAP tunneling.. halfway there.. Help!
- This topic has 21 replies, 6 voices, and was last updated 16 years, 5 months ago by matthewpiatt.
-
AuthorPosts
-
14/03/2007 at 1:40 AM #5664sansp00Participant
Looks like your local 3689 port is already used … Could you do this:
netstat -an|grep 3689
If you get a port with listening or doing something else, you’ll have to find out who’s using it or reroute to another port.
Patrick S.14/03/2007 at 2:03 AM #5665hankh95ParticipantThanks Patrick,
The local (client machine) I am connecting from has nothing on that port. When I SSH into the server machine, it is listening on port 3689, but I figured that was the mt-daapd server…
Might this be because the firewall is forwarding port 3689 already to that machine inside the firewall?
14/03/2007 at 2:45 AM #5666rpeddeParticipant@hankh95 wrote:
hankh@Gimli:~$ ssh user1@#home.ip.address.# -L 3689:#home.ip.address.#:3689 -g
user1@#.home.ip.address.#’s password:
bind: Address already in use
Linux silmarillion 2.6.15-28-386 #1 PREEMPT Thu Feb 1 15:51:56 UTC 2007 i686 GNU/LinuxThat bind error has to be coming from your local machine. Doesn’t matter much, though, you can always pick a different address:
ssh [email protected] -L 9999:mt-daapd-server:3689
Then you don’t have to worry about collisions.
There is a firewall on the home network with port 3689 forwarded to the mt-daapd server. (So I do see the server at http://#home.ip.address.#:3689/status.html
Eeek! Don’t do that. Just leave your firewall all locked down. Instead, use the ssh tunnel to connect to the internal machine.
I don’t know how your network is set up. I imagine you have some kind of linux box running as a gateway. Maybe a dedicated machine running a full linux distro, maybe an embedded device like a wrt54g or something.. whatever. Doesn’t matter. Let’s call the outside IP address 70.1.1.25. We’ll call the inside interface 192.168.1.1. In addition, you have a separate mt-daapd server, right? At 192.168.1.2 or something?
Right now, you say you have a firewall rule on the gateway machine that inbound nats anything to 3689 on the outside interface to 3689 on 192.168.1.2, right?
I’m saying don’t do that. Instead, from work, do:
ssh [email protected] -L 9999:192.168.1.2:3689
Then when you do
from your machine at work, you should get the admin page. Then just set up proxy mdns for _daap._tcp on localhost:9999 using mDNSPosixProxy or avahi.
— Ron
14/03/2007 at 5:55 PM #5667hankh95ParticipantThanks for the great help. I made all the changes listed and dropped a service file into the avahi services directory, but I still do not see the share when I am in iTunes on the work network. Here is what is in the service file:
Silmarillian Music
_daap._tcp
9999
Silmarillian
I have restarted the avahi-daemon but still no share from the home network… Any other suggestions?
Thanks, 98% there
14/03/2007 at 8:30 PM #5668sansp00ParticipantIm not very familiar with the avahi or the syntax, but shouldn’t this be the proper way …
Silmarillian Music
_daap._tcp 9999 Silmarillian
It’s worth trying … Hope it helps
Patrick S.15/03/2007 at 4:15 AM #5669rpeddeParticipant@hankh95 wrote:
Thanks for the great help. I made all the changes listed and dropped a service file into the avahi services directory, but I still do not see the share when I am in iTunes on the work network. Here is what is in the service file:
Remember, this is on the “remote” machine you are advertising via avahi — you need to be able to see it from the remote side of the network, so we’re setting up avahi on the far side so machines over there can see the server at home.
Oh, and I’m assuming that “Silmarillian” was a typo. 🙂
Silmarillion Music
_daap._tcp
9999
127.0.0.1
_rsp._tcp
9999
127.0.0.1
_http._tcp
9999
127.0.0.1
That should do it. Generally, you should be advertising 127.0.0.1:9999 as the server you want to connect to — that will get you connected to the *real* host.
15/03/2007 at 9:56 PM #5670masParticipantI have such a setup running without a tunnel so I cannot comment on the ssh tunnel stuff but please note that
1. You dont have to touch the avahi config. The mt-daapd beta will automatically connect to the avahi-daemon (vid dbus or so) and tell it to announce. So the avahi config on your server side is not the problem. I did not need to change anything on avahi to get my system to run.
2. You need to run RendezvousProxy on the LOCAL side where you want to play the music. And this RendezvousProxy needs to announce either
a) If you use ssh tunnel: The LOCAL IP:port that ssh will automatically tunnel to the remote site. Not the IP:port of the remote mt-daapd side!
b) If you use no tunnel and have a firewall forward on your home router (as Ron disrecommended): Only then you need to have the RendezvousProxy point to the remote (outside – WAN) IP:port.
I am running this setup with a password set on the mt-daapd since a while without problems. If you are afraid about the exposure of the port and the possible security problems then you need to do a). But as a test to exclude any problems from the ssh tunnel stuff it could be useful anyway.See:
http://forums.rokulabs.com/viewtopic.php?t=10526and
http://forums.fireflymediaserver.org/viewtopic.php?t=5374
for details.
Which also contains some discussions about the security. I have in the meantime patched my personal mt-daapd version to report failed logins. So far no problems.
16/03/2007 at 2:56 AM #5671rpeddeParticipant@mas wrote:
1. You dont have to touch the avahi config.
Avahi can do mdns proxying, and that’s what it’s doing in the config above — it’s acting as the rendezvous proxy on the “far” side of the connection.
— Ron
17/03/2007 at 10:18 PM #5672hankh95ParticipantRon,
I put the service profile in the services directory and restarted the avahi daemon and still no luck. (This is while at work.) While at home on the local network, everything works well, and I turned of the port forwarding on the router.
After I set up the ssh tunnel I can log into mt-daapd, so that part is working correctly also. So the problem is still avahi on the laptop while at work. Some interesting notes (all on the remote work network):
– When I use the avahi browser, I can see all the other itunes libraries and other mDNS services on the network.
– When I open Rhythmbox on the laptop (with its library sharing turned on) I see all the other iTunes libraries and other machines can see the one that Rbox is sharing.So, I wonder if ubuntu/gnome put the avahi services files in another place than the /etc/avahi/services directory. Any other suggestions? – Hank
18/03/2007 at 12:45 AM #5673rpeddeParticipant@hankh95 wrote:
So, I wonder if ubuntu/gnome put the avahi services files in another place than the /etc/avahi/services directory. Any other suggestions? – Hank
Might also be that I don’t understand avahi config well enough to give you a working config.
You could use mdnsproxyresponder, which comes with apple’s bonjour:
http://bonjour.macosforge.org/
Or possibly the RendezvousProxy mentioned by mas above… I believe it’s java, so it should work as well.
— Ron
-
AuthorPosts
- The forum ‘Setup Issues’ is closed to new topics and replies.