Jump to content

CentOS 7.2 and FirewallD

timothyaw

By timothyaw
in Linux

 Share
Go to solution Solved by fc7,

Recommended Posts

timothyaw

timothyaw   0

Posted
Posted (edited)

Hello.  I've ran into this issue on CentOS 7.2 with firewalld.  The port fowarding is working fine.  I'm using port 8920 for external.  I have that port listed in firewalld but it's a no go.  If I turn off firewalld, it works.  Unfortunately firewalld doesn't have the capability yet to log rejected packets.  So I can't see what port(s) are being rejected to add them.  And ideas on what other ports emby is using or any ideas?

 

Continuing from above....how does this fuction work?  The server will attempt to automatically detect your external address. If for some reason you need to customize this value, or it is not detected properly, you can manually enter your external address here:   For me, it doesn't automatically detect my address.  I'm assuming it has something to do with the firewall.  What/how does it use to automatically detect your external address?  There has to be something else that's missing, port or something.  Thank you for your help in advance.

Edited by timothyaw
Link to comment
Share on other sites
fc7

fc7   123

Posted
Posted (edited)

For the first problem you can manually insert an iptables rule just at the end of the input chain that only logs traffic. This way you will be logging any packets that doesn't match any rule and that will hit the default action that is reject or drop the packet.

 

Regarding the second question I think Emby will try to access whatismyip site to get your public ip if that is failing it will be probably logged in Emby log. Please post the complete Emby log: http://emby.media/community/index.php?/topic/739-how-to-report-a-problem/

 

 

Sent from my iPad using Tapatalk

Edited by fc7
Link to comment
Share on other sites
fc7

fc7   123

Posted
Posted

BTW regarding the ports Emby will just use 8920 for SSL connections and 8096 for unencrypted connections. That's all.

 

 

Sent from my iPad using Tapatalk

Link to comment
Share on other sites
timothyaw

timothyaw   0

Posted
  • Author
Posted

And those are the ports I have in my firewall, but it's still blocked.  I tried a custom port, still not go.  It's gotta be something else....

Link to comment
Share on other sites
timothyaw

timothyaw   0

Posted
  • Author
Posted

I wonder if upnp being blocked has someting to do with it?  When I turned the fw off, I saw forwards pop up in my upnp configuration.  They weren't there before.  Then when I added a custom port with the fw on, those ports weren't added to upnp.

Link to comment
Share on other sites
fc7

fc7   123

Posted
Posted (edited)

Can you run this command on your Emby server, as root, with firewalld running, and paste the output here?

# iptables -n -L
Edited by fc7
Link to comment
Share on other sites
timothyaw

timothyaw   0

Posted
  • Author
Posted

Here you go.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (3 references)
target     prot opt source               destination         
FWDI_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_public (3 references)
target     prot opt source               destination         
FWDO_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (3 references)
target     prot opt source               destination         
IN_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
IN_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
IN_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22501 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:32400 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:6881 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:8881 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:7881 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:33219 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:16509 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:33217 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:1194 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67 ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination 

Link to comment
Share on other sites
fc7

fc7   123

Posted
Posted

I wonder if upnp being blocked has someting to do with it?  When I turned the fw off, I saw forwards pop up in my upnp configuration.  They weren't there before.  Then when I added a custom port with the fw on, those ports weren't added to upnp.

 

It shouldn't. Basically, if you are port-forwarding the Emby ports in your router to your Emby server it should work.

upnp is used as a helper that's all, to open the ports for the users automatically if possible.

Link to comment
Share on other sites
fc7

fc7   123

Posted
Posted

I don't see 8920 8096.  But it's enabled in the gui

 

Indeed you are missing the Emby ports in the firewall rules.

 

How did you configured them in firewalld? Which GUI are you using?

Link to comment
Share on other sites
  • Solution
fc7

fc7   123

Posted
  • Solution
Posted (edited)

Maybe you want to try to configure the ports from the command line. :)

 

As root, run:

firewall-cmd --zone=public --add-port=8096/tcp --permanent
firewall-cmd --zone=public --add-port=8920/tcp --permanent
firewall-cmd --reload

And then run the iptables command above, again to check it out or you can also run:

firewall-cmd --list-all
Edited by fc7
  • Like 1
Link to comment
Share on other sites
timothyaw

timothyaw   0

Posted
  • Author
Posted

firewall-config  Hmm that is strange.  I've never ran into this issue before. That was it, it works.  I do everything else from the command line EXCEPT iptables lol.  Guess I need to learn that as at least a backup for firewall-config.  Thanks again.

Link to comment
Share on other sites
fc7

fc7   123

Posted
Posted

firewall-config  Hmm that is strange.  I've never ran into this issue before. That was it, it works.  I do everything else from the command line EXCEPT iptables lol.  Guess I need to learn that as at least a backup for firewall-config.  Thanks again.

 

Awesome. :)

 

Just mark the thread as solved in case it can help anyone in the future.

 

Merry Christmas!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...