atca wrote: > After an eternity I've finally figured out the Linux firewall settings > to make this work details... > > 1. First avahi / mdns needs to be allowed through the firewall, this > allows the Airplay devices to be advertised on the network: > > ufw allow 5353/tcp > > 2. Configure the ports to enable Airplay to stream. This is not so > simple as Airplay uses a dynamically assigned port on the server to > stream from, so you cannot just open this port as it always changes. > Matters are further complicated since linux by standard has no > application level firewall - making it impossible to allow and whitelist > the shairtunes 'shairport' application. > > Solution - from watching a packet sniffer it seems that the Airplay > protocol commonly uses port 5000:5005 TCP to setup an Airplay > connection. Typically Airplay uses 5000 but if there are other instances > or issues locking the port it seems to try a higher port - so I allow 5 > ports. > > Once the connection is established by TCP, Airplay then uses UDP to > stream the audio to destination ports in the range of 6000:6005 on the > target device. To avoid the dynamic port issue on the server side I take > the reverse approach - allowing in any packets that originate from ports > 6000:6005 within my network and allowing out any packets to go out to > destination 6000:6005 within my network. > > This is a little more vulnerable than just opening a specific server > port, as a result I restrict this to within my LAN by using > 192.168.1.0/24 ** you should change this ** to match your LAN IP > range. > > TCP settings > > sudo ufw allow in from 192.168.1.0/24 port 5000:5005 proto tcp to any > > sudo ufw allow out from any to 192.168.1.0/24 port 5000:5005 proto tcp > > UDP settings > > sudo ufw allow in from 192.168.1.0/24 port 6000:6005 proto udp to any > > sudo ufw allow out from any to 192.168.1.0/24 port 6000:6005 proto udp This is all very strange stuff. I struggled as well, and came to a different set of working conclusions.
allow 5353/udp in from my device (see https://support.apple.com/en-gb/HT202944) Plus other generic incoming settings for UPnP and other protocols for other music servers. This includes 80 and variable ports in the 30000 to 60000 range. I don't have 5000/5 or 6000/5 open. I don't limit outgoing tcp/udp/. LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard. LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers. Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers. Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones. Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver. ------------------------------------------------------------------------ PasTim's Profile: http://forums.slimdevices.com/member.php?userid=41642 View this thread: http://forums.slimdevices.com/showthread.php?t=105198 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
