sasagr 1 Posted September 15, 2021 Posted September 15, 2021 Since I installed Wireguard on my raspberry pi4, where I have emby server runnin, I got the logs flooded with: 2021-09-15 00:01:03.504 Error App: Error sending socket message from 10.6.0.1:33412 to 239.255.255.250:1900 *** Error Report *** Version: 4.6.4.0 Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_armhf.deb Operating system: Linux version 5.10.60-v7l+ (dom@buildbot) (arm-linux-gnueabihf-gcc-8 (Ubuntu/Linaro 8.4.0-3ubuntu1) 8.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #144 Framework: .NET Core 3.1.13 OS/Process: arm/arm Runtime: opt/emby-server/system/System.Private.CoreLib.dll Processor count: 4 Data path: /var/lib/emby Application path: /opt/emby-server/system System.Net.Sockets.SocketException: System.Net.Sockets.SocketException (0xFFFFFFFF): Bad value for ai_flags at Rssdp.SsdpCommunicationsServer.SendFromSocket(Tuple`3 socketTuple, Memory`1 messageData, IPEndPoint destination, CancellationToken cancellationToken) Source: System.Private.CoreLib TargetSite: Void Throw() 2021-09-15 00:01:03.712 Error App: Error sending socket message from 10.6.0.1:33412 to 239.255.255.250:1900 *** Error Report *** Version: 4.6.4.0 Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_armhf.deb Emby seems to be working fine so maybe it is not a real problem but I would like to hear if any suggestion on how to avoid this. Thanks
kikinjo 179 Posted September 15, 2021 Posted September 15, 2021 Check out DLNA settings / options, turn off if u dont need it. I also got spammed by same message.
sasagr 1 Posted September 15, 2021 Author Posted September 15, 2021 I unchecked everything in Settings/Devices/DLNA, restarted the server, but I still get the messages: 2021-09-15 15:44:16.919 Error App: Error sending socket message from 10.6.0.1:45728 to 239.255.255.250:1900 .... 2021-09-15 15:44:17.127 Error App: Error sending socket message from 10.6.0.1:45728 to 239.255.255.250:1900 Any idea what else to do?
sasagr 1 Posted September 15, 2021 Author Posted September 15, 2021 I tried to blacklist 10.6.0.1 (being the wireguard ip) but I still get the same error.
Luke 38841 Posted September 15, 2021 Posted September 15, 2021 Dlna doesn't check the remote access filter because it's not something that is generally used over the internet. Removing the Dlna plugin is one approach but it is not the true source of the problem. Your real problem, in both of your cases, is that you've got all ports on the server machine completely exposed on the internet. As a result, you're getting Dlna traffic from random internet addresses. If you just want to make the problem go away quickly, then sure, you can remove the Dlna plugin, but I would strongly suggest closing the ports and only opening the ones you need, as you're really asking for trouble by fully exposing the machine like that.
sasagr 1 Posted September 15, 2021 Author Posted September 15, 2021 (edited) 57 minutes ago, Luke said: Dlna doesn't check the remote access filter because it's not something that is generally used over the internet. Removing the Dlna plugin is one approach but it is not the true source of the problem. Your real problem, in both of your cases, is that you've got all ports on the server machine completely exposed on the internet. As a result, you're getting Dlna traffic from random internet addresses. If you just want to make the problem go away quickly, then sure, you can remove the Dlna plugin, but I would strongly suggest closing the ports and only opening the ones you need, as you're really asking for trouble by fully exposing the machine like that. I will definitely remove the DLNA plugin since I m not using it anyway but I m really curious to know why you said that all ports of this machine are exposed to internet. It is true that if I run a sudo lsof -i -P -n | grep LISTEN I see many ports listening, considering all the dockers, Emby, and some other services I use but only a few of them are visible to outside my network. I counted 3 ports including Emby and Wireguard. So I m not sure I m following. If you refer to Wireguard, then yes, it allows connection from any external/internal ip to any port in my network but that goes only through VPN secure tunneling. Pls let me understand better where you see the issue, I know it is outside the Emby consideration, but in some you worried me. Thanks in advance Edited September 15, 2021 by sasagr
sasagr 1 Posted September 15, 2021 Author Posted September 15, 2021 and by the way... after removing the DLNA plugin and restarted the server I still see.. 2021-09-15 20:31:32.452 Error App: Error sending socket message from 10.6.0.1:53433 to 239.255.255.250:1900 *** Error Report *** Version: 4.6.4.0 Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_armhf.deb Operating system: Linux version 5.10.60-v7l+ (dom@buildbot) (arm-linux-gnueabihf-gcc-8 (Ubuntu/Linaro 8.4.0-3ubuntu1) 8.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #144 Framework: .NET Core 3.1.13 OS/Process: arm/arm Runtime: opt/emby-server/system/System.Private.CoreLib.dll Processor count: 4 Data path: /var/lib/emby Application path: /opt/emby-server/system System.Net.Sockets.SocketException: System.Net.Sockets.SocketException (0xFFFFFFFF): Bad value for ai_flags at Rssdp.SsdpCommunicationsServer.SendFromSocket(Tuple`3 socketTuple, Memory`1 messageData, IPEndPoint destination, CancellationToken cancellationToken) Source: System.Private.CoreLib TargetSite: Void Throw() 2021-09-15 20:31:32.662 Error App: Error sending socket message from 10.6.0.1:53433 to 239.255.255.250:1900
Luke 38841 Posted September 15, 2021 Posted September 15, 2021 Complete log file? The server still has general network device detection features even without the dlna plugin. Again, the root cause is you have your server machine fully exposed on the internet. If you close that up then this traffic will never even reach your emby server.
sasagr 1 Posted September 15, 2021 Author Posted September 15, 2021 here is the log embyserver.txt but you say that my server machine is fully exposed? There are only 3 ports opened to outside the network and the ip 10.6.0.1 the I see in the logs is the wireguard server running in the same machine. Maybe the issue can be solved to block emby to communicate with the 10.6.0.1 but as said before blacklisting it was not enough.
Luke 38841 Posted September 15, 2021 Posted September 15, 2021 7 minutes ago, sasagr said: blacklisting it was not enough. Again this is not your answer. What are you going to do when you start seeing more ip addresses with the same thing? Are you going to keep blocking them one by one? It's the port that you want to worry about. You probably are exposing port 0 which means all ports.
Luke 38841 Posted September 15, 2021 Posted September 15, 2021 But if you want to bandaid it, you'll need to remove the port mapper plugin as well. It's looking for wan ip connection managers on your network and you've got some random ip's on the internet responding to that.
Happy2Play 9142 Posted September 15, 2021 Posted September 15, 2021 @Luke but that is a local network according to Emby, so is this a manually configure LAN network? Quote 2021-09-15 20:28:26.483 Info NetworkManager: Detected local ip addresses: 192.168.1.163, 192.168.1.213, 172.17.0.1, 172.19.0.1, 172.18.0.1, 127.0.0.1, 10.6.0.1, fe80::79ec:6146:a6d:3aa4%2, fe80::42:d7ff:fee0:76ea%5, fe80::42:d9ff:fe47:ea67%6, fe80::42:fdff:fe7d:7e68%7, fe80::b88e:1ff:feea:4bd9%9, fe80::30ad:18ff:fe93:36c4%11, fe80::3496:bdff:fe24:fe75%13, fe80::8c1d:6aff:feb5:7e75%15, fe80::3801:aff:feb8:dbcf%17, fe80::1028:9ff:fe09:8c3a%19, ::1
Luke 38841 Posted September 15, 2021 Posted September 15, 2021 1 minute ago, Happy2Play said: @Luke but that is a local network according to Emby, so is this a manually configure LAN network? That could be due to their server network settings, and/or a vpn virtual network adapter, which if that's the case, can be solved via server network settings.
sasagr 1 Posted September 15, 2021 Author Posted September 15, 2021 15 minutes ago, Luke said: Again this is not your answer. What are you going to do when you start seeing more ip addresses with the same thing? Are you going to keep blocking them one by one? It's the port that you want to worry about. You probably are exposing port 0 which means all ports. Well on my wg conf file I have AllowedIPs = 0.0.0.0/0, ::0/0 but this is allowed within the VPN It means that WG is allowing all the ip and ports. I still don’t get the point why you say it is all exposed to internet
Luke 38841 Posted September 15, 2021 Posted September 15, 2021 17 minutes ago, sasagr said: Well on my wg conf file I have AllowedIPs = 0.0.0.0/0, ::0/0 but this is allowed within the VPN It means that WG is allowing all the ip and ports. I still don’t get the point why you say it is all exposed to internet Because you can stop this behavior by disabling features in Emby Server if you really want to, but normally this traffic never even reaches the server because it's blocked higher layers (router, reverse proxy, etc).
sasagr 1 Posted September 15, 2021 Author Posted September 15, 2021 I stopped the wg service, restarted emby and this is the log now. I m getting still some other errors but I m not getting the socket message from 10.6.0.1 I m still not sure what practically do to avoid this message when WG is enabled. embyserver.txt
sasagr 1 Posted September 16, 2021 Author Posted September 16, 2021 12 hours ago, Luke said: That could be due to their server network settings, and/or a vpn virtual network adapter, which if that's the case, can be solved via server network settings. I tried to filter out all the rest, but the socket messages are still there Error sending socket message from 10.6.0.1:45825 to 239.255.255.250:1900 I checked with https://www.yougetsignal.com/tools/open-ports/ and only 3 ports (intended) are open to internet from the server machine. I also changed the profile wg conf file to AllowedIPs = 192.168.1.0/24, if that could make a difference. The only solution so far it is to remove DLNA and Port Mapper Plugin
sasagr 1 Posted September 16, 2021 Author Posted September 16, 2021 Actually the solution (or band-aid) seems to be to disable the automatic port mapping from Network settings, no need to remove DLNA or Port Mapper Plugin
kikinjo 179 Posted September 16, 2021 Posted September 16, 2021 16 hours ago, Luke said: Dlna doesn't check the remote access filter because it's not something that is generally used over the internet. Removing the Dlna plugin is one approach but it is not the true source of the problem. Your real problem, in both of your cases, is that you've got all ports on the server machine completely exposed on the internet. As a result, you're getting Dlna traffic from random internet addresses. If you just want to make the problem go away quickly, then sure, you can remove the Dlna plugin, but I would strongly suggest closing the ports and only opening the ones you need, as you're really asking for trouble by fully exposing the machine like that. This is not true and it is not the root cause. I have firewall active and only 2 ports are active, one for emby and one for ssh, dlna is not available at all.Still had this spamming issue also.
sasagr 1 Posted September 17, 2021 Author Posted September 17, 2021 (edited) @Luke how do I edit my own posts? it seems I cannot from the 3 dots. It seems I cannot edit the older posts. I just noticed that the logs I put here contains sensitive informations (like ip) that should have been masked. Can you pls remove them? Thanks Edited September 17, 2021 by sasagr
Happy2Play 9142 Posted September 17, 2021 Posted September 17, 2021 17 minutes ago, sasagr said: @Luke how do I edit my own posts? it seems I cannot from the 3 dots. It seems I cannot edit the older posts. I just noticed that the logs I put here contains sensitive informations (like ip) that should have been masked. Can you pls remove them? Thanks Edit was limited to 10 minute as a few users were going back and clearing entire posts. Do you still have access to your attachments via the dropdown on your username at the top of the forum. If you can not remove them from there let me know and I will remove them.
sasagr 1 Posted September 17, 2021 Author Posted September 17, 2021 1 hour ago, Happy2Play said: Edit was limited to 10 minute as a few users were going back and clearing entire posts. Do you still have access to your attachments via the dropdown on your username at the top of the forum. If you can not remove them from there let me know and I will remove them. I managed. Thanks!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now