Server not working on public IP

[Bonfi 2]

Hi guys,

 

I've just started playing around with Emby, so maybe the problem it's just me, but I really can't figure out what I'm missing..

I've a machine with 2 network interface: eth0 (public IP) and tun0 (vpn interface).

For some reason, when the emby-server service starts up, it binds himself to the port 8096 (http) and 8920 (https) on both the interfaces, but I can't reach the server on the public ip while I can reach it with the vpn ip...

It doesn't seem an iptables problem, 'cause I tried to bind the server even to the port 80 (which I'm sure it was open) with no effects...

 

I'm attaching some more details, the o.s. is Ubuntu 14.04.2 64bit

# ifconfig
eth0      Link encap:Ethernet  HWaddr xxxx  
          inet addr:x.x.x.x  Bcast:x.x.x.x  Mask:255.255.255.0
          inet6 addr: fe80::222:4dff:feae:d44/64 Scope:Link
          inet6 addr: 2001:41d0:e:430::1/128 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:579154868 errors:0 dropped:0 overruns:0 frame:0
          TX packets:861548115 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:237701685071 (237.7 GB)  TX bytes:1149440273146 (1.1 TB)
          Interrupt:16 Memory:d0400000-d0420000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:240528 errors:0 dropped:0 overruns:0 frame:0
          TX packets:240528 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:32339910 (32.3 MB)  TX bytes:32339910 (32.3 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:328614 errors:0 dropped:0 overruns:0 frame:0
          TX packets:725603 errors:0 dropped:18 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:26661009 (26.6 MB)  TX bytes:872158718 (872.1 MB)

# netstat -putan
...
tcp        0      0 0.0.0.0:8920            0.0.0.0:*               LISTEN      23862/mono-sgen 
tcp        0      0 0.0.0.0:8096            0.0.0.0:*               LISTEN      23862/mono-sgen 
...

# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8096:8097 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8920:8921 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9091:9092 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 51413:51414 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s x.x.x.x/32 -d 10.8.0.0/24 -p tcp -j ACCEPT

# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

The current ports configuration in the Emby "Advanced-->Hosting" page is this:

 

 

 

Thanks

 

[fc7 123]

I would start by enterely disabling iptables. All chains set to accept and do a quick test. If it doesn't work then it may be a routing problem too. If Emby does work from the public ip then you will need to review your iptables setup. Emby seems to be correctly binded to all interfaces.

Always try to start from the most simple setup and once it's working start adding complexity to it.

 

Just my two cents.

 

 

Sent from my iPad using Tapatalk

Edited October 4, 2015 by fc7

[Bonfi 2]

Thanks for the reply, I forgot to mention it in the previous post, I already tried setting the INPUT chain on ACCEPT but it didn't work.

If it may be helpful, when I try to use the public IP the page goes on connection timed out after a while.

[Bonfi 2]

Problem solved, it is actually working, it's my workplace lan that blocks the traffic to all the ports, even if I'm on my vpn... I don't know why and how..

But now I have another question: in the  "Advanced-->Hosting" section I tried to put 2 different port (as you can see in the last image in my first post), but in the netstat on my server I see just one service binded to the "Local http port" (as you can see in 2nd image). Is this behaviour correct or I just misunderstood something?

[fc7 123]

I'm not 100% sure but I think that setting is useful when you use upnp from Emby to forward the ports from your router. So Emby will tell your router to forward those "public ports" to Emby's "local ports". So using netstat locally on your Emby server you will only see the "local ports".

 

 

Sent from my iPad using Tapatalk

Edited October 4, 2015 by fc7