iptables firewall problem…

[davy_gravy]

I am running firefly 1489 debian ppc on a KuroHG that has eBox installed over that. eBox runs a firewall that is rather stiff, but integrated…so I cant just turn it off.

I cannot get my Roku or my other machines (Macs w/ iTunes) to see the Kuro-eBox Firefly server. I have tried for about 3 days now to open 3689 and 5353 (correctly)… but I’m having no luck… any help at all would be appreciated. I have done all the obvious things, I think…

I can tell you that I can load Firefly’s web page in my browswer at http://10.0.1.6:3689/index.html, but still neither my Macs nor my Roku can see it for music.

I understand this may be a multicasting issue, and I have tried the fix listed here : http://forums.fireflymediaserver.org/viewtopic.php?t=5505&highlight=firewall+multicast firefly firewall http://wiki.mt-daapd.org/wiki/FAQ and other places — but to no avail.

Here is my iptable listing w/ numbers:

iptables -L --line-numbers

Chain INPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     all  --  anywhere             anywhere

2    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

3    ACCEPT     icmp !f  anywhere             anywhere

4    inospoof   all  --  anywhere             anywhere

5    iexternalmodules  all  --  anywhere             anywhere

6    inoexternal  all  --  anywhere             anywhere

7    imodules   all  --  anywhere             anywhere

8    iintservs  all  --  anywhere             anywhere

9    iobjects   all  --  anywhere             anywhere

10   iglobal    all  --  anywhere             anywhere

11   idrop      all  --  anywhere             anywhere



Chain FORWARD (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

2    ACCEPT     icmp !f  anywhere             anywhere

3    fnospoof   all  --  anywhere             anywhere

4    fredirects  all  --  anywhere             anywhere

5    fmodules   all  --  anywhere             anywhere

6    ffwdrules  all  --  anywhere             anywhere

7    fnoexternal  all  --  anywhere             anywhere

8    fdns       all  --  anywhere             anywhere

9    fobjects   all  --  anywhere             anywhere

10   fglobal    all  --  anywhere             anywhere

11   fdrop      all  --  anywhere             anywhere



Chain OUTPUT (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     all  --  anywhere             anywhere

2    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

3    ACCEPT     icmp !f  anywhere             anywhere

4    omodules   all  --  anywhere             anywhere

5    ACCEPT     udp  --  anywhere             10.0.1.1            state NEW udp dpt:domain

6    ACCEPT     udp  --  anywhere             216.165.129.157     state NEW udp dpt:domain

7    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ntp



Chain fdns (1 references)

num  target     prot opt source               destination

1    ACCEPT     udp  --  anywhere             10.0.1.1            state NEW udp dpt:domain

2    ACCEPT     udp  --  anywhere             216.165.129.157     state NEW udp dpt:domain



Chain fdrop (2 references)

num  target     prot opt source               destination

1    DROP       all  --  anywhere             anywhere



Chain ffwdrules (1 references)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  anywhere             anywhere            state NEW

2    ACCEPT     udp  --  anywhere             anywhere            state NEW



Chain fglobal (1 references)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  anywhere             10.0.1.9            state NEW tcp dpt:daap

2    ACCEPT     udp  --  anywhere             10.0.1.9            state NEW udp dpt:daap

3    ftoexternalonly  all  --  anywhere             anywhere            state NEW



Chain fmodules (1 references)

num  target     prot opt source               destination



Chain fnoexternal (1 references)

num  target     prot opt source               destination



Chain fnospoof (1 references)

num  target     prot opt source               destination



Chain fobjects (1 references)

num  target     prot opt source               destination



Chain fredirects (1 references)

num  target     prot opt source               destination



Chain ftoexternalonly (1 references)

num  target     prot opt source               destination

1    fdrop      all  --  anywhere             anywhere



Chain idrop (1 references)

num  target     prot opt source               destination

1    DROP       all  --  anywhere             anywhere



Chain iexternalmodules (1 references)

num  target     prot opt source               destination

1    RETURN     all  --  anywhere             anywhere



Chain iglobal (1 references)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp-data

2    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ntp

3    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp

4    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh

5    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:www

6    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp-data

7    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https

8    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp

9    ACCEPT     all  --  anywhere             anywhere            state NEW



Chain iintservs (1 references)

num  target     prot opt source               destination



Chain imodules (1 references)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:3128



Chain inoexternal (1 references)

num  target     prot opt source               destination



Chain inospoof (1 references)

num  target     prot opt source               destination



Chain iobjects (1 references)

num  target     prot opt source               destination



Chain omodules (1 references)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:www

2    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https

[rpedde]

@davy_gravy wrote:

I am running firefly 1489 debian ppc on a KuroHG that has eBox installed over that. eBox runs a firewall that is rather stiff, but integrated…so I cant just turn it off.

Well, normally I’d say to try it in two passes. First pass would be to make sure it can send *out* traffic for mdns. When the mdns server starts, it spams out mdns replies (to queries that haven’t been asked) to pre-cache mdns and notify of new service availability. So if you can send *out* multicast packets, you will see it pop into iTunes when it starts. Might have problems later if it can’t receive multicast (like it subsequently falling out of the iTunes list), but if it pushes itself into iTunes when it starts, then the *outbound* packet rule is okay.

Sounds like yours isnt, but if I look at your rules, it looks like your output chain first rule is everything everywhere. So I can’t imagine why it’s blocked.

Next question would be – are you sure your workstations can see shared iTunes? Have you check the “look for shared music” box on the workstation iTunes? Can the see *other* iTunes shares?

Also, how are the workstatons and this box connected? Is there a wireless link between them? That could cause problems, too….

[Author]

Posts