Firestarter Setup–Firewall Issues–I Think I Got It!!!

FireFly Media Server Firefly Media Server Forums Firefly Media Server Setup Issues Firestarter Setup–Firewall Issues–I Think I Got It!!!

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #1024
    bbjonz
    Participant

    Hi Everyone,

    It seems that my firewall (Firestarter) on Ubuntu Server 6.06 (Dapper Drake) won’t allow Firefly to broadcast. When I turn Firstarter off, iTunes sees the playlist from the server, but when it’s on no dice. I’ve done quite a bit of searching and implemented all the solutions I’ve found. I’ve enabled ports 3689 and 5353 incoming and outcoming. Any suggestions would be helpful. I use the GUI for firestarter which seems pretty easy and intuitive. If another filewall is a better choice I’ll give it a try. Thanks in advance.

    Joe

    #8649
    rpedde
    Participant

    @bbjonz wrote:

    Hi Everyone,

    It seems that my firewall (Firestarter) on Ubuntu Server 6.06 (Dapper Drake) won’t allow Firefly to broadcast. When I turn Firstarter off, iTunes sees the playlist from the server, but when it’s on no dice. I’ve done quite a bit of searching and implemented all the solutions I’ve found. I’ve enabled ports 3689 and 5353 incoming and outcoming. Any suggestions would be helpful. I use the GUI for firestarter which seems pretty easy and intuitive. If another filewall is a better choice I’ll give it a try. Thanks in advance.

    Joe

    I’ve never been able to get firestarter to work, and never got any feedback from anyone that they have managed to get it to work either.

    It may be as simple as a fundamental misunderstanding on my part, but I just can’t get it to go.

    Any firewall that will allow multicast should work, and failing that, if you can pass traffic to/from 224.0.0.251 to and from 5353, it should work.

    I wish I could help, since I’ve gotten this question several times and I’ve never been able to help, even despite loading a system from scratch and installing firestarter. I somehow just don’t get it.

    To be completely truthful, I’ve found that working with the raw iptables commands much more intuitive and a lot less work than firestarter. That’s just me, I guess.

    — Ron.

    #8650
    bbjonz
    Participant

    Hi Ron,

    I appreciate your help. I tried a couple of different GUI firewalls, including Guarddog. I like it’s interface just fine but, alas, I can’t configure it correctly either. Working with IP tables seems very complicated–almost like learning another language (although I get the logic). I’m used to just picking services on the Mac and having them work through the firewall. I’ll keep trying and will report back with any progress.

    Joe

    #8651
    bbjonz
    Participant

    After lots of searching and a rebuild of my server, I think I found how to make Firestarter and Firefly play nice. The problem is in multicasting, I think. There’s no obvious way to handle it in the GUI. However, in the /etc/firestarter directory there’s a file called “firewall.” Near the bottom, you’ll see the following:

    # Block Multicast Traffic
    # Some cable/DSL providers require their clients to accept multicast transmissions
    # you should remove the following four rules if you are affected by multicasting
    $IPT -A INPUT -s 224.0.0.0/8 -d 0/0 -j DROP
    $IPT -A INPUT -s 0/0 -d 224.0.0.0/8 -j DROP
    $IPT -A OUTPUT -s 224.0.0.0/8 -d 0/0 -j DROP
    $IPT -A OUTPUT -s 0/0 -d 224.0.0.0/8 -j DROP

    As can be seen, the default configuration is to drop multicasting transmissions. If you comment out the last 4 lines and save, you just might see your playlist in iTunes with Firestarter running.

    BTW, you should make rules to allow 3689 and 5353 as incoming traffic, and you can do that from the GUI. (I left the default “permissive” for outgoing traffic.) Let me know if this works for anyone else.

    Joe

    #8652
    rpedde
    Participant

    @bbjonz wrote:

    As can be seen, the default configuration is to drop multicasting transmissions. If you comment out the last 4 lines and save, you just might see your playlist in iTunes with Firestarter running.

    Sweet. No wonder I could never find it, or not get the changes to accept it — the rules I tried to make were proabably overwritten by the tail of that script.

    Nice. Thanks for the info.

    — Ron

    #8653
    bbjonz
    Participant

    You’re welcome. From what I can tell, FS flushes (or saves to a different file) the iptables when it starts up, then uses its own rules. You can edit those in the /etc/firestarter directory. There are several files in there that one can modify as needed.

    Joe

Viewing 6 posts - 1 through 6 (of 6 total)
  • The forum ‘Setup Issues’ is closed to new topics and replies.