ssh tunnel question

Viewing 10 posts - 1 through 10 (of 12 total)
  • Author
  • #169

    Hi all,

    ok i have a question about the ssh tunneling proces.

    i have a Ubuntu server, and i did a apt-get install mt-daapd and now im trying to tunnel true ssh to my share @home (yes im wasting the boss’s time hehe)

    the tunnel works great i can acces the webinterface, but i cant see the share. this is probably the fault of mdns. but the moment i apt-get the mt-daapd package it should install de mdns services right?

    and if so if i try to install the zeroconf i get this

    apt-get install zeroconf
    Reading package lists… Done
    Building dependency tree… Done
    You might want to run `apt-get -f install’ to correct these:
    The following packages have unmet dependencies:
    daapd: Depends: libstdc++5 (>= 1:3.3.4-1) but it is not going to be installed
    Depends: libvorbisfile3 (>= 1.1.0) but it is not going to be installed
    Depends: mdnsresponder but it is not installable
    E: Unmet dependencies. Try ‘apt-get -f install’ with no packages (or specify a solution).

    so do you guys have any tips or tricks?

    thnx in advace


    don’t know how your package is configured, but mt-daapd has it’s own mdns responder built-it, or it can use howl. I don’t know how your package is configured (if it’s the Sarge one, it uses the built-in — don’t need mdnsreponder).

    wrt seeing across a tunnel — the mdns won’t tunnel. You’ll need a mdns proxy. Check the faq page — that gives links to some different proxies.

    — Ron


    there are links, i seen them. but this software is running on a webserver ๐Ÿ˜‰ so there really isnt a gui interface

    so any other link that gets me out of this problem would be great ๐Ÿ˜€


    You are using iTunes, right? That’s where the mdns proxy goes. On the machine running iTunes.

    Maybe I’m missing something.

    What exactly is it you are trying to do?


    I agree you will need something like RendezvousProxy running on the client machine pointing to the tunnel.

    If the client is a linux machine you can configure HOWL to do the same thing.


    Check the documentation link and look for the link on ssh tunneling.

    Read that, and come back with specific questions.

    — Ron


    I am curious to know why you have opted to run mt-daapd at work, rather than at home. Nevertheless, there are a couple of ways to do what you desire — both require a relay system of some sort on your home LAN.

    In either case (unless I am missing an alternative), you will need a machine on your home LAN which is capable of acting as an mDNS beacon relay. (Basically, this entails a system with Howl, Apple’s mDNSPosix package or the like capable of proxy service installed. Once configured, the tunnel can be created by one of two methods.

    Initiate the tunnel from your relay system to the machine at your employer. Once established, create the mDNS beacon with local subnet broadcast. The SoundBridge should be able to recognize the share broadcast and make use of it for play. I say should for this will work when dealing with other, software-based clients on your home subnet (e.g. iTunes), but I do not have a Roku hardware client and cannot attest to its robustness in this regard.

    The other option is to create a reverse SSH tunnel from your work machine back to your home subnet. Proceed as described above from that point. This method is a little more cumbersome and I am not sure why one would need to do it this way, but I offer it for completeness. (One reason might be if your employer allows outbound SSH connections, but not those inbound.)

    Either way it is accomplished, you will need to establish a beacon relay on your home LAN to rebroadcast the share served by mt-daapd at that location.

    To completely avoid any potential SoundBridge issues, it would be easiest to move your music library from work to home and then follow the instructions at the documentation node for an SSH tunnel and make use of iTunes at work.



    You are almost there. The 3689 is the port for the web interface and actually browsing and fetching the songs. Say a connection to the external address of work on port 3689 connects to port 3689 on your mt-daapd server. So the address/port you need to connect to is the outside address of your work firewall (say, on port 3689.

    That’s where the mdns thing comes in. mdns is what “pushes” the icon into your itunes. It advertises a daap server (that is, a service of type ‘_daap._tcp’) on port 3689 of

    Where you need the mdns, though, is on the *soundbridge* side of the network, since the mdns doesn’t route. Even if you had a full vpn connection, you’d still need a mdns responder on your side of the network.

    I think there are howl packages for openwrt somewhere.

    Anyway, once you have howl on your openwrt, you’ll have to run something like this on your wrt:

    mDNSProxyResponderPosix remote "Remote Music" _daap._tcp. 3689 &

    to advertise a daap server at on port 3689. mDNSProxyResponderPosix is part of howl. Other mdns servers will likely have different commands.

    — Ron


    Port forwarding alone is insufficient… at least since about a month after iTunes was released. Due to belly-aching by the RIAA, Apple made it a requirement that DAAP clients be on the same subnet in order to “see” a share. That said, I do not know (since it is the actual client in this instance) whether the SoundBridge has the same limiations. Regardless, port forwarding alone is not going to relay your mt-daapd service at work to your home LAN. You are still going to need a beacon relay on your home subnet and I am not sure one can do so by installing mDNSPosix on the router — or even if the latter is possible.

    Interesting idea: creating the SSH tunnel to the router. It should work, but, again, I think is insufficient in and of itself. The beacon is the integral part. A relay must exist on your subnet to rebroadcast the share made available by the remote mt-daapd.

    WRT the command in the wiki, that is both obsolete and partially incorrect. It is obsolete, because the -R switch is no longer required. The error derives from a point Ron brought to my attention in this thread. Apple’s mDNS implementation does not support proxy beacons. However, Apple still maintains the mDNSPosix package, which does contain mDNSProxyResponderPosix. That command should be something along the lines of:

    mDNSProxyResponderPosix <serverIP> squeal “shareName” _daap._tcp. 3689 &

    You could experiment with that command and substitute the IP address of your router or, perhaps, that of your mt-daapd machine at work for the serverIP, but I have never tried the latter. Using the router address should work; providing you can successfully tunnel port 3689 from your work machine. However, I think you will still need to initiate it from a machine on your home LAN.



    Take a look at the linksys NSLU2. Over at they have easy step-by-steps on hacking it to run linux. A debonaras loaded slug will run mt-daapd well, as will one running unslung.

    Unslung packages are on the nightly feeds.

    That’s what I use to feed my soundbridge — a nslu2 running unslung. I’m listening to it right now, even as I write this. ๐Ÿ™‚

    — Ron

Viewing 10 posts - 1 through 10 (of 12 total)
  • The forum ‘Setup Issues’ is closed to new topics and replies.