timothyaw 0 Posted December 25, 2015 Share Posted December 25, 2015 (edited) Hello. I've ran into this issue on CentOS 7.2 with firewalld. The port fowarding is working fine. I'm using port 8920 for external. I have that port listed in firewalld but it's a no go. If I turn off firewalld, it works. Unfortunately firewalld doesn't have the capability yet to log rejected packets. So I can't see what port(s) are being rejected to add them. And ideas on what other ports emby is using or any ideas? Continuing from above....how does this fuction work? The server will attempt to automatically detect your external address. If for some reason you need to customize this value, or it is not detected properly, you can manually enter your external address here: For me, it doesn't automatically detect my address. I'm assuming it has something to do with the firewall. What/how does it use to automatically detect your external address? There has to be something else that's missing, port or something. Thank you for your help in advance. Edited December 25, 2015 by timothyaw Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 (edited) For the first problem you can manually insert an iptables rule just at the end of the input chain that only logs traffic. This way you will be logging any packets that doesn't match any rule and that will hit the default action that is reject or drop the packet. Regarding the second question I think Emby will try to access whatismyip site to get your public ip if that is failing it will be probably logged in Emby log. Please post the complete Emby log: http://emby.media/community/index.php?/topic/739-how-to-report-a-problem/ Sent from my iPad using Tapatalk Edited December 25, 2015 by fc7 Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 BTW regarding the ports Emby will just use 8920 for SSL connections and 8096 for unencrypted connections. That's all. Sent from my iPad using Tapatalk Link to comment Share on other sites More sharing options...
timothyaw 0 Posted December 25, 2015 Author Share Posted December 25, 2015 Here's a log file. Link to comment Share on other sites More sharing options...
timothyaw 0 Posted December 25, 2015 Author Share Posted December 25, 2015 And those are the ports I have in my firewall, but it's still blocked. I tried a custom port, still not go. It's gotta be something else.... Link to comment Share on other sites More sharing options...
timothyaw 0 Posted December 25, 2015 Author Share Posted December 25, 2015 I wonder if upnp being blocked has someting to do with it? When I turned the fw off, I saw forwards pop up in my upnp configuration. They weren't there before. Then when I added a custom port with the fw on, those ports weren't added to upnp. Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 (edited) Can you run this command on your Emby server, as root, with firewalld running, and paste the output here? # iptables -n -L Edited December 25, 2015 by fc7 Link to comment Share on other sites More sharing options...
timothyaw 0 Posted December 25, 2015 Author Share Posted December 25, 2015 Here you go. Chain INPUT (policy ACCEPT)target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHEDACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHEDACCEPT all -- 192.168.122.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachableREJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachableACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHEDACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_IN_ZONES (1 references)target prot opt source destination FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]Chain FORWARD_IN_ZONES_SOURCE (1 references)target prot opt source destination Chain FORWARD_OUT_ZONES (1 references)target prot opt source destination FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]Chain FORWARD_OUT_ZONES_SOURCE (1 references)target prot opt source destination Chain FORWARD_direct (1 references)target prot opt source destination Chain FWDI_public (3 references)target prot opt source destination FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 Chain FWDI_public_allow (1 references)target prot opt source destination Chain FWDI_public_deny (1 references)target prot opt source destination Chain FWDI_public_log (1 references)target prot opt source destination Chain FWDO_public (3 references)target prot opt source destination FWDO_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_allow all -- 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_allow (1 references)target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_deny (1 references)target prot opt source destination Chain FWDO_public_log (1 references)target prot opt source destination Chain INPUT_ZONES (1 references)target prot opt source destination IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]Chain INPUT_ZONES_SOURCE (1 references)target prot opt source destination Chain INPUT_direct (1 references)target prot opt source destination Chain IN_public (3 references)target prot opt source destination IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references)target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22501 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32400 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6881 ctstate NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8881 ctstate NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7881 ctstate NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33219 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16509 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33217 ctstate NEWACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 ctstate NEWACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ctstate NEWChain IN_public_deny (1 references)target prot opt source destination Chain IN_public_log (1 references)target prot opt source destination Chain OUTPUT_direct (1 references)target prot opt source destination Link to comment Share on other sites More sharing options...
timothyaw 0 Posted December 25, 2015 Author Share Posted December 25, 2015 I don't see 8920 8096. But it's enabled in the gui Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 I wonder if upnp being blocked has someting to do with it? When I turned the fw off, I saw forwards pop up in my upnp configuration. They weren't there before. Then when I added a custom port with the fw on, those ports weren't added to upnp. It shouldn't. Basically, if you are port-forwarding the Emby ports in your router to your Emby server it should work. upnp is used as a helper that's all, to open the ports for the users automatically if possible. Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 I don't see 8920 8096. But it's enabled in the gui Indeed you are missing the Emby ports in the firewall rules. How did you configured them in firewalld? Which GUI are you using? Link to comment Share on other sites More sharing options...
Solution fc7 123 Posted December 25, 2015 Solution Share Posted December 25, 2015 (edited) Maybe you want to try to configure the ports from the command line. As root, run: firewall-cmd --zone=public --add-port=8096/tcp --permanent firewall-cmd --zone=public --add-port=8920/tcp --permanent firewall-cmd --reload And then run the iptables command above, again to check it out or you can also run: firewall-cmd --list-all Edited December 25, 2015 by fc7 1 Link to comment Share on other sites More sharing options...
timothyaw 0 Posted December 25, 2015 Author Share Posted December 25, 2015 firewall-config Hmm that is strange. I've never ran into this issue before. That was it, it works. I do everything else from the command line EXCEPT iptables lol. Guess I need to learn that as at least a backup for firewall-config. Thanks again. Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 firewall-config Hmm that is strange. I've never ran into this issue before. That was it, it works. I do everything else from the command line EXCEPT iptables lol. Guess I need to learn that as at least a backup for firewall-config. Thanks again. Awesome. Just mark the thread as solved in case it can help anyone in the future. Merry Christmas! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now