How to open tcp/udp port in firewall?

Hi everyone!
i was trying around with the yast firewall and tried to open the tcp port 8080 and the udp port 1900 to use pulseaudio-dlna…I was wondering around that it should be quite simply only by opening the firewall then go to “allowed services” and configure the ports in the “advanced” tab. But it seems that this does not help. I changed TCP to 8080 and UDP to 1900. After accepting the changes the application should be able to list the dlna device from the local (wireless) network. But it doesn´t and i don´t know why. If I stop the firewall the device is properly listed and i have access to it, that is why it has to do with the firewall…Any hints?
Thanks Benjamin.

Wildly guessing I would verify that the allowed services are open in the
right zone (external, internal, etc.) and that the actual network device
(eth0, etc.) is set to be in that zone. If you open TCP 8080 in the
Internal zone, but ext0 is in the external zone (also defined by the
firewall section of Yast), the open port is meaningless.

It may be useful to post the output from the following commands then that
may help us confirm your settings:


sudo /usr/sbin/iptables-save
sudo /usr/sbin/iptables -nvL


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

On Wed 30 Mar 2016 02:06:02 AM CDT, benjamin10 wrote:

Hi everyone!
i was trying around with the yast firewall and tried to open the tcp
port 8080 and the udp port 1900 to use pulseaudio-dlna…I was wondering
around that it should be quite simply only by opening the firewall then
go to “allowed services” and configure the ports in the “advanced” tab.
But it seems that this does not help. I changed TCP to 8080 and UDP to
1900. After accepting the changes the application should be able to list
the dlna device from the local (wireless) network. But it doesn´t and i
don´t know why. If I stop the firewall the device is properly listed
and i have access to it, that is why it has to do with the
firewall…Any hints?
Thanks Benjamin.

Hi
Sounds like the device is not using the ports you think it is…?

If you run wireshark and turn the firewall off you should see the
device connecting and check if it’s using port 1900 to connect.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 SP1|GNOME 3.10.4|3.12.53-60.30-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Hmm…thanks for the quick reply…
Here is the iptables output:

sudo /usr/sbin/iptables -nvL | grep 8080
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 tcp dpt:8080 flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP "
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
sudo /usr/sbin/iptables -nvL | grep 1900
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900

sudo /usr/sbin/iptables-save | grep 8080
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 8080 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 8080 -j ACCEPT
sudo /usr/sbin/iptables-save | grep 1900
-A input_ext -p udp -m udp --dport 1900 -j ACCEPT

I am actually using pulseaudio-dlna. Here is the output without running the firewall:

pulseaudio-dlna
03-30 10:40:36 pulseaudio_dlna.application                    INFO     Using version: 0.5.0.1
03-30 10:40:36 pulseaudio_dlna.application                    INFO     Using localhost: 192.168.0.17:8080
03-30 10:40:36 pulseaudio_dlna.application                    INFO     Loaded device config "/home/benji/.local/share/pulseaudio-dlna/devices.json"
03-30 10:40:36 pulseaudio_dlna.application                    INFO     Encoder settings:
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AVConvAacEncoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AVConvFlacEncoder available="False">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AVConvL16Encoder available="False" sample-rate="44100" channels="2">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AVConvMp3Encoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AVConvOggEncoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AVConvOpusEncoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AVConvWavEncoder available="False">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FFMpegAacEncoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FFMpegFlacEncoder available="False">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FFMpegL16Encoder available="False" sample-rate="44100" channels="2">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FFMpegMp3Encoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FFMpegOggEncoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FFMpegOpusEncoder available="False" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FFMpegWavEncoder available="False">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FaacAacEncoder available="True" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FlacFlacEncoder available="True">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <LameMp3Encoder available="True" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <NullEncoder available="True">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <OggencOggEncoder available="True" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <OpusencOpusEncoder available="True" bit-rate="192">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <SoxL16Encoder available="True" sample-rate="44100" channels="2">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <SoxWavEncoder available="True">
03-30 10:40:36 pulseaudio_dlna.application                    INFO     Codec settings:
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <AacCodec enabled="True" priority="12" mime_type="audio/aac" backend="generic">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <L16Codec enabled="True" priority="0" mime_type="audio/L16" backend="generic">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <OpusCodec enabled="True" priority="3" mime_type="audio/opus" backend="generic">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <Mp3Codec enabled="True" priority="18" mime_type="audio/mp3" backend="generic">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <FlacCodec enabled="True" priority="9" mime_type="audio/flac" backend="generic">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <WavCodec enabled="True" priority="15" mime_type="audio/wav" backend="generic">
03-30 10:40:36 pulseaudio_dlna.application                    INFO       <OggCodec enabled="True" priority="6" mime_type="audio/ogg" backend="generic">
03-30 10:40:37 pulseaudio_dlna.pulseaudio                     INFO     Added the device "Raspberry (DLNA)".

If i switch on the firewall the last line does not show up and hence the device is not being added…

On 03/30/2016 03:06 AM, benjamin10 wrote:
>
> Code:
> --------------------
> sudo /usr/sbin/iptables-save | grep 8080
> -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 8080 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
> -A input_ext -p tcp -m tcp --dport 8080 -j ACCEPT
> sudo /usr/sbin/iptables-save | grep 1900
> -A input_ext -p udp -m udp --dport 1900 -j ACCEPT
>
> --------------------

Is your device part of the External zone? Having the ‘grep’ added in
there lost that detail (which is why I did not include it) but we can at
least see that this is happening on the input_ext chain, so unless your
device is attached to that (again, Yast will tell you in another section)
this will not apply to the device you want.

Feel free to post the full output of both commands.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

…I tried it but it suceeds the char-limit of this forum, that is why i did a grep…

What device do you mean? The wlan0? Or do you mean the raspberry (192.168.0.20)? I am quite unexperienced with firewall stuff :wink:

Anyway interestingly it works now with the firewall on…maybe a restart did its job :wink: Thanks anyway for the help!"

Cheers!

When you need to post a very large amount of data, post that to a pastebin and provide a link to your paste in a Forum post.

The openSUSE pastebin
http://paste.opensuse.org/

The more general pastebin people use for everything

TSU