Emby Server IP filtering feature has an issue

January 2, 2023

31 minutes ago, justinrh said:

Have you described your network topology between the phone and embyserver.exe?

Android 12 OnePlus 8T --> AT&T mobile network ---> Cox Communications cable modem --> Untangle firewall appliance --> HP switch --> Windows 2016 server. Everything from the cable modem to the server is hard-wired CAT5.

Edited January 2, 2023 by instrumentally

January 2, 2023

27 minutes ago, pwhodges said:

Of course, the logs from Emby might help diagnose this, unless you prefer to continue this guessing game.

Just tell me specifically what you want. I'm not into games.

January 2, 2023

@Emby Is it possible for the client app to show the user what client IP address it thinks it is using?

@instrumentally would you be happy with adding the 166 mask to the 107 mask? Since you could get either anyway...

Edited January 2, 2023 by justinrh

January 2, 2023

18 minutes ago, instrumentally said:

Just tell me specifically what you want. I'm not into games.

Emby server writes a log which rotates each day. You can download one covering the time you were trying the failed access from the "Logs" section of the dashboard, and drop it on a post here to upload it.

Paul

January 2, 2023

Testing connecting to OP server shows Forbidden so restriction is working, but to the complete accuracy can only be tested with given info.

But will try to test on my server to see if my iPhone can be resticted.

January 2, 2023

At the same time I do not see a mobile network keeping that same IP so allowing access by IP will be rather useless. But I guess allowing the entire network would do.

Edited January 2, 2023 by Happy2Play

January 2, 2023

Not seeing an issue in my test but was on beta server.

Set filter to device IP and Whitelist

Connected to server

Logged in

Restarted phone to change IP

verified IP changed

Failed to connect

Retested

Setting to 107.0.0.0/8

Connected

But had issue when selecting Server "View Server info" did not show remote server info.

January 3, 2023

4 hours ago, pwhodges said:

You can download one covering the time you were trying the failed access from the "Logs" section of the dashboard, and drop it on a post here to upload it.

See attachment. I fail to see any instance of the two IP addresses that I've discussed anywhere in this log file, however.

embyserver.txt

January 3, 2023

4 hours ago, Happy2Play said:

I do not see a mobile network keeping that same IP so allowing access by IP will be rather useless

No, of course the IP address will change over time, but the network range is unlikely to change, unless I drive cross country. If I stay within a 60 mile radius of the server, a #.0.0.0/8 filter should suffice even if the mobile IP address changes.

Edited January 3, 2023 by instrumentally

January 3, 2023

3 hours ago, Happy2Play said:

Restarted phone to change IP

You did turn OFF Wi-Fi on the mobile device prior to rebooting the mobile device, no?

January 3, 2023

Just now, instrumentally said:

You did turn OFF Wi-Fi on the mobile device prior to rebooting the mobile device, no?

Yes it was all on LTE data in my test.

January 3, 2023

4 hours ago, justinrh said:

would you be happy with adding the 166 mask to the 107 mask? Since you could get either anyway.

That is currently what I ended up doing, but that really should not be necessary and a reason for the IP confusion needs to be sought.

January 3, 2023

To add - this appears to work as designed on my setup. (nginx rp)

4G tested, whitelisted to individual mobile assigned IP, plays ok, any other ip and it fails, assigned /8 supernet and it then works again, vpn to another subnet then fails.

So I don't see any issues.

It's possibly the IIS config not passing the correct remote IP ?

IP 'confusion' may be something around the CGNAT that the mobile carrier is no doubt using - but it's usually transparent - so not sure what is going on there.

Personally, I would not use emby to do the IP whitelisting - Use your Untangled appliance and block it at the perimeter - maybe also use Geo Blocking etc as blocking ranges will be a maintenance headache imo.

Edited January 3, 2023 by rbjtech

January 3, 2023

1 hour ago, rbjtech said:

It's possibly the IIS config not passing the correct remote IP ?

Thanks, but I don't see what IIS has to do with Emby. I only brought IIS into the conversation because IIS maintains access logs that contain IP addresses for those GET requests from visitors. I used the mobile device to access a web site maintained by IIS so as to see what IIS saw with regards to the mobile IP. Does Emby use IIS? I would find that rather unusual.

January 3, 2023

38 minutes ago, instrumentally said:

Thanks, but I don't see what IIS has to do with Emby. I only brought IIS into the conversation because IIS maintains access logs that contain IP addresses for those GET requests from visitors. I used the mobile device to access a web site maintained by IIS so as to see what IIS saw with regards to the mobile IP. Does Emby use IIS? I would find that rather unusual.

Ah sorry perhaps I misunderstood - I thought you were using IIS as a reverse proxy for emby ?

If you are not, then I agree 100% - IIS has nothing to do with Emby - and ignore any comments I made about it lol.

On your Untangled f/w - you are NATing the incoming WAN Interface and Forwarding the emby ports (8096/8920) directly to the Emby Host (assuming the same Windows Server) ?

Edited January 3, 2023 by rbjtech

January 5, 2023

On 1/3/2023 at 6:47 AM, instrumentally said:

Thanks, but I don't see what IIS has to do with Emby. I only brought IIS into the conversation because IIS maintains access logs that contain IP addresses for those GET requests from visitors. I used the mobile device to access a web site maintained by IIS so as to see what IIS saw with regards to the mobile IP. Does Emby use IIS? I would find that rather unusual.

It doesn't, unless you are using it as a reverse proxy in front of Emby Server. Are you?

January 5, 2023

On 1/2/2023 at 10:43 PM, instrumentally said:

See attachment. I fail to see any instance of the two IP addresses that I've discussed anywhere in this log file, however.

embyserver.txt 700.99 kB · 2 downloads

The log is anonymized so there are no ip addresses. Please download it from the server web interface and while doing so, disable the anonymizing to get the original file.

January 10, 2023

On 1/5/2023 at 2:41 PM, Luke said:

It doesn't, unless you are using it as a reverse proxy in front of Emby Server. Are you?

I have no idea what a "reverse proxy" is, so the most likely answer to your question is "no".

January 10, 2023

On 1/5/2023 at 2:41 PM, Luke said:

lease download it from the server web interface and while doing so, disable the anonymizing

There is no option to turn off something called "anonymizing" during the download of the Emby server log files from the web interface. See https://www.youtube.com/watch?v=A1YKPOItqqs

January 10, 2023

1 hour ago, instrumentally said:

There is no option to turn off something called "anonymizing" during the download of the Emby server log files from the web interface. See https://www.youtube.com/watch?v=A1YKPOItqqs

You need to open (click on) the log you'd like anonymized, there you'll have Anonymize toggle and Download button on top.

January 10, 2023

So I finally found the "anonymizing" toggle.

After turning this feature off, the log file shows that my Android device is being identified with the 166.170.x.x IP address. This IP address, however, is not the IP address that is shown when the device visits whatismyipaddress.com or whatismyip.com, which shows 107.77.x.x

February 21, 2023

On 1/10/2023 at 1:08 PM, instrumentally said:

So I finally found the "anonymizing" toggle.

After turning this feature off, the log file shows that my Android device is being identified with the 166.170.x.x IP address. This IP address, however, is not the IP address that is shown when the device visits whatismyipaddress.com or whatismyip.com, which shows 107.77.x.x

Can you please PM me the log file? Thanks !

February 27, 2023

Thanks for the log file. From looking at this, I can confirm that the server sees 166.X as the remote address of your mobile device. Why is it seeing 166.X as opposed to 107.X I don't know the answer. I may just not know enough about how AT&T's mobile network works, but even if I did, I can't think of anything that can be done in Emby Server to make it see the 107 value.

Can you just base the IP block on the 166 address rather than 107? Or put both in the whitelist?

February 28, 2023

Yes, using both IP blocks was the solution I came up with several months ago.

Now, changing subjects...

I've noticed that the Emby app for Android has a problem with handling the transition from wifi to cellular. Example. So, at the office I have wifi to the Emby server. I listen via the Android app. All is well while I am within wifi range. But let's say I wish to take a walk outside. So picture an audio file being streamed via wifi as I walk out the door. Then, when I'm outside wifi range and the phone has switched to cellular, as soon as the streaming buffer is exhausted, or the next randomized track in my playlist is reached, the audio will stop playing. At that point I either have to advance to the next track or else hit the PLAY button. At that point the playlist continues.

This problem can easily be repeated/recreated.

I realize it is a small problem, but I'm surprised that the transition from wifi to cellular is so clunky.

Sign In

Emby Server IP filtering feature has an issue

Recommended Posts

instrumentally 8

instrumentally 8

justinrh 260

pwhodges 2012

Happy2Play 9780

Happy2Play 9780

Happy2Play 9780

instrumentally 8

instrumentally 8

instrumentally 8

Happy2Play 9780

instrumentally 8

rbjtech 5284

instrumentally 8

rbjtech 5284

Luke 42077

Luke 42077

instrumentally 8

instrumentally 8

GrimReaper 4739

instrumentally 8

Luke 42077

Luke 42077

instrumentally 8

Create an account or sign in to comment

Create an account

Sign in

Activity