DLNA and the firewall

Giving this one last try… :frowning:
Have several media serving devices on my network (ASUS + Fritz!Box routers, a Fetch PVR, and a Ubuntu PC running Gerbera), and trying to connect to them using Leap15.1 x64 and VLC.
If I connect using my default settings (WiFi - WLan3 - set to Internal Zone, and Firewall set to Internal with this + this settings), I cannot see any of the media servers.
If I turn OFF the firewall, *(https://drive.google.com/open?id=1NZJEJE77mLUWtuXFdVVaWI6nnjwn2pJn).
I’ve run out of ideas as to what else I can add to the settings, to enable me to access them.
As can be seen, I have Port 1900 open, as stated in the Gerbera config, also have opened 49153, which is configured in the config files, have added any of the DLNA/UPNP generic services in the Firewall settings, and still can see nothing (with the Firewall on…)

Open to any other suggestions!*

I’m not familiar with Gerbera at all, but I note that their network setup guide mentions port 49152 (unless you specifically configure it otherwise)…

You should also make sure that your firewall is not blocking port UDP port 1900 (required for SSDP) and UDP/TCP port of Gerbera. By default Gerbera will select a free port starting with 49152, however you can specify a port of your choice in the configuration file.

BTW, without digging into this deeper, (and I could be wrong about this), you likely need connection tracking enabled too:

firewall-config menu > View > enable Helpers, then Options > Runtime to Permanent

Yep, specifically configured:
/usr/bin/gerbera -c /etc/gerbera/config.xml -l /var/log/gerbera.log -p 49153

firewall-config menu > View > enable Helpers, then Options > Runtime to Permanent

Can’t seem to find this in Leap15.1 Yast/Firewall…?

Thanks.

Use the firewalld GUI. (It’s more comprehensive than the basic YaST utility.) From a terminal do

firewall-config

You may need to install the ‘firewall-config’ package first…

sudo zypper in firewall-config

This will show us your current config…

firewall-cmd --zone=internal --list-all

You can add minidlna to the services:

erlangen:~ # firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s31f6
  sources: 
  services: dhcpv6-client http mdns minidlna
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

erlangen:~ # 

Perhaps that works for other dlna services too.*

The OP has allegedly done that (if you read their first post). They shared graphical images of the YaST firewall configuration. But, yes it would be good to confirm it with the command I gave already.

OK, bit of an update…
Installed firewall-config, but can’t run, keep getting this message

Have run firewall-cmd --zone=internal --list-all, and get this:

firewall-cmd --zone=internal --list-all
internal
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client http https mdns minidlna samba-client ssh transmission-client upnp-client
  ports: 49153/tcp 49153/udp 1900/udp 1900/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Thanks.

There are no interfaces assigned to that zone. Try restating the firewall

sudo systemctl restart firewalld

and then run the command again. Report back.

The zone “internal” is not assigned to an interface.

Use

# firewall-cmd --get-active-zones

to find out which zone is assigned to which active interface.

Regards

susejunky

Hmmmmm,
Something a bit wierd happening here??

Yes, restarted and running firewall-cmd --zone=internal --list-all shows there are no interfaces attached:

firewall-cmd --zone=internal --list-all
internal
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client http https mdns minidlna samba-client ssh transmission-client upnp-client
  ports: 49153/tcp 49153/udp 1900/udp 1900/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

and:

firewall-cmd --get-active-zones
public
  interfaces: wlan3

(if I am following this correctly…)

And yet the Yast interface shows that wlan3 is attached to “Internal”.
How do I attach it from the command line…?

Confused…

Are you using NetworkManager or wicked ?

Regards

susejunky

If you’re using NetworkManager, assign it via the connection editor.

If using wicked…

YaST > System > Network Settings > Overview Tab > Edit > General Tab > Assign interface to Firewall zone, choose the desired zone, then Next > Ok when done

OK, I’m an idiot…
Using Network manager, and was assuming that, as I had used Wicked initially, and Yast was showing in Firewall that the current network device, was connected to internal, that that part was all correct… (which IS a bit confusing!)
Obviously assumed too much!
Going into Network manager, there was no selection for the Firewall, so therefore obviously using Default. Changing the Firewall Zone in Network manager, I can now see 3 of the 4 DLNA sources (other one probably turned off…)
Thanks for all the help, and sorry that I wasted your time.
Hopefully, I have learnt something!! :X

Glad to have been of guidance. That’s why commands and output are so important for nailing down issues like this. Always good to learn new things. :slight_smile:

Still an idiot, and still having issues with this…
Is there any way I can add an IP Address to the firewall, to allow all traffic from that address (my media servers), through to my local machine??
Have updated to 15.2, and again can’t access my media servers…
Have double (triple?) checked all my Zones/Interfaces, and sure all is correct, but trying to let standard DLNA ports through, I get nothing.
Thanks.

The OP will start a new thread with his new question to draw the attention of a wider audience.

This thread is closed.