[opensuse] DLNA video problem
12.3, minidlna streaming to WD TV live /etc/mindlna.conf ... media_dir=V,/home/lynn/Videos ... Hi Certain videos, usually .mp4's, sometimes don't appear on the client. They can sometimes be made to appear by restarting the server and client (a pain). I think that this is an openSUSE or minidlna issue since I can transfer the same .mp4 to my Android tablet and DNLA it from there where it _always_ appears. I observe the same behaviour with the firewall turned off. I've checked the file and folder permissions and they're all lynn:users. The logs seem fine: [2013/04/01 10:19:15] minidlna.c:884: warn: Starting MiniDLNA version 1 .0.25 [SQLite 3.7.14.1]. [2013/04/01 10:19:15] minidlna.c:990: warn: HTTP listening on port 8200 and photos and mp3's always appear without fail. Any dlna users? Thanks, L, x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2013-04-01 at 12:59 +0200, lynn wrote:
12.3, minidlna streaming to WD TV live
View this thread: <http://forums.opensuse.org/showthread.php?t=485294> - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlFZcSkACgkQtTMYHG2NR9Wp9wCfeWZmJUpeyfxEzw/8UQmiNBkT 68sAniPEMHyKBCQ2Fq5gV1B3W5rbgoce =2nmk -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/04/13 11:59, lynn wrote:
12.3, minidlna streaming to WD TV live /etc/mindlna.conf ... media_dir=V,/home/lynn/Videos ...
Hi Certain videos, usually .mp4's, sometimes don't appear on the client. They can sometimes be made to appear by restarting the server and client (a pain). I think that this is an openSUSE or minidlna issue since I can transfer the same .mp4 to my Android tablet and DNLA it from there where it _always_ appears. I observe the same behaviour with the firewall turned off. I've checked the file and folder permissions and they're all lynn:users. The logs seem fine:
[2013/04/01 10:19:15] minidlna.c:884: warn: Starting MiniDLNA version 1 .0.25 [SQLite 3.7.14.1]. [2013/04/01 10:19:15] minidlna.c:990: warn: HTTP listening on port 8200
and photos and mp3's always appear without fail.
Any dlna users? Thanks, L, x
As you can see some files (but not .mp4s), I guess it's not a firewall problem. Nevertheless, this *may* help: Edit the following lines in /etc/sysconfig/SuSEfirewall2 FW_DEV_EXT="eth0" # may be different interface in your case FW_SERVICES_EXT_TCP="8200" FW_SERVICES_EXT_UDP="1900" FW_SERVICES_EXT_IP="igmp" Bob -- Bob Williams System: Linux 3.7.10-1.1-desktop Distro: openSUSE 12.3 (x86_64) with KDE Development Platform: 4.10.1 "release 545" Uptime: 06:00am up 2 days 8:27, 3 users, load average: 0.12, 0.16, 0.15 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/04/13 16:23, Bob Williams wrote:
On 01/04/13 11:59, lynn wrote:
12.3, minidlna streaming to WD TV live /etc/mindlna.conf ... media_dir=V,/home/lynn/Videos ...
Hi Certain videos, usually .mp4's, sometimes don't appear on the client. They can sometimes be made to appear by restarting the server and client (a pain). I think that this is an openSUSE or minidlna issue since I can transfer the same .mp4 to my Android tablet and DNLA it from there where it _always_ appears. I observe the same behaviour with the firewall turned off. I've checked the file and folder permissions and they're all lynn:users. The logs seem fine:
[2013/04/01 10:19:15] minidlna.c:884: warn: Starting MiniDLNA version 1 .0.25 [SQLite 3.7.14.1]. [2013/04/01 10:19:15] minidlna.c:990: warn: HTTP listening on port 8200
and photos and mp3's always appear without fail.
Any dlna users? Thanks, L, x
As you can see some files (but not .mp4s), I guess it's not a firewall problem. Nevertheless, this *may* help:
Edit the following lines in /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="eth0" # may be different interface in your case FW_SERVICES_EXT_TCP="8200". FW_SERVICES_EXT_UDP="1900" FW_SERVICES_EXT_IP="igmp"
Bob Hi everyone I'm getting somewhere with it. It seems to be something to do with how you launch it. If I start it using Yast>system>runlevels it doesn't work. If I start it from a terminal with: minidlna -R it refreshes the root folders and everything shows:) To stop it, I killall it. I'm sure that's very wrong, but it works.
If I do it the official way using Yast, how do I pass the -R to it? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/01/2013 04:23 PM, Bob Williams wrote:
On 01/04/13 11:59, lynn wrote:
Hi Certain videos, usually .mp4's, sometimes don't appear on the client. They can sometimes be made to appear by restarting the server and client (a pain). I think that this is an openSUSE or minidlna issue since I can transfer the same .mp4 to my Android tablet and DNLA it from there where it _always_ appears. I observe the same behaviour with the firewall turned off. I've checked the file and folder permissions and they're all lynn:users. The logs seem fine:
[2013/04/01 10:19:15] minidlna.c:884: warn: Starting MiniDLNA version 1 .0.25 [SQLite 3.7.14.1]. [2013/04/01 10:19:15] minidlna.c:990: warn: HTTP listening on port 8200
and photos and mp3's always appear without fail.
As you can see some files (but not .mp4s), I guess it's not a firewall problem. Nevertheless, this *may* help:
Edit the following lines in /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="eth0" # may be different interface in your case FW_SERVICES_EXT_TCP="8200" FW_SERVICES_EXT_UDP="1900" FW_SERVICES_EXT_IP="igmp"
I guess the OP is using the minidlna within the home network, so my question is why do you want these EXT_ ports and protocols to be opened to the world. If they are indeed needed than these should be INT_ but by default SuSEFfirewall2 does not protect from internal networks so they should not be needed -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/04/13 10:00, Togan Muftuoglu wrote:
On 04/01/2013 04:23 PM, Bob Williams wrote:
On 01/04/13 11:59, lynn wrote:
[snipped]
As you can see some files (but not .mp4s), I guess it's not a firewall problem. Nevertheless, this *may* help:
Edit the following lines in /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="eth0" # may be different interface in your case FW_SERVICES_EXT_TCP="8200" FW_SERVICES_EXT_UDP="1900" FW_SERVICES_EXT_IP="igmp"
I guess the OP is using the minidlna within the home network, so my question is why do you want these EXT_ ports and protocols to be opened to the world. If they are indeed needed than these should be INT_ but by default SuSEFfirewall2 does not protect from internal networks so they should not be needed
Last year I was having difficulty getting my minidlna traffic through the SuSEfirewall to my Bluray player attached to my router. I received a lot of help here, mainly from you [see thread in http://lists.opensuse.org/opensuse/2012-08/msg00706.html], which ended up with the above settings. In the light of your comments, I shall try editing SuSEfirewall2, changing EXT to INT, to see if that works as well. Bob -- Bob Williams System: Linux 3.7.10-1.1-desktop Distro: openSUSE 12.3 (x86_64) with KDE Development Platform: 4.10.1 "release 545" Uptime: 06:00am up 3 days 8:27, 3 users, load average: 0.33, 0.32, 0.32 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/04/13 11:30, Bob Williams wrote:
On 02/04/13 10:00, Togan Muftuoglu wrote:
On 04/01/2013 04:23 PM, Bob Williams wrote:
On 01/04/13 11:59, lynn wrote:
[snipped]
As you can see some files (but not .mp4s), I guess it's not a firewall problem. Nevertheless, this *may* help:
Edit the following lines in /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="eth0" # may be different interface in your case FW_SERVICES_EXT_TCP="8200" FW_SERVICES_EXT_UDP="1900" FW_SERVICES_EXT_IP="igmp"
I guess the OP is using the minidlna within the home network, so my question is why do you want these EXT_ ports and protocols to be opened to the world. If they are indeed needed than these should be INT_ but by default SuSEFfirewall2 does not protect from internal networks so they should not be needed
Last year I was having difficulty getting my minidlna traffic through the SuSEfirewall to my Bluray player attached to my router. I received a lot of help here, mainly from you [see thread in http://lists.opensuse.org/opensuse/2012-08/msg00706.html], which ended up with the above settings.
In the light of your comments, I shall try editing SuSEfirewall2, changing EXT to INT, to see if that works as well.
Bob
Actually, on further thought, I've come to the conclusion I haven't got a clue about this. From the point of view of SuSEfirewall2 running on this computer (which is running the minidlna server), my router *is* an external device. So what I want is DLNA traffic to pass unimpeded from this machine, through the router to the Bluray player/TV, without being exposed to the *real* outside world. That is, the internet cannot see that ports 8200 and 1900 are open. I need to do some homework. Bob -- Bob Williams System: Linux 3.7.10-1.1-desktop Distro: openSUSE 12.3 (x86_64) with KDE Development Platform: 4.10.1 "release 545" Uptime: 06:00am up 3 days 8:27, 3 users, load average: 0.33, 0.32, 0.32 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 2013-04-02 at 14:06 +0100, Bob Williams wrote:
Actually, on further thought, I've come to the conclusion I haven't got a clue about this. From the point of view of SuSEfirewall2 running on this computer (which is running the minidlna server), my router *is* an external device. So what I want is DLNA traffic to pass unimpeded from this machine, through the router to the Bluray player/TV, without being exposed to the *real* outside world. That is, the internet cannot see that ports 8200 and 1900 are open.
I need to do some homework.
/sbin/iptables -F /sbin/ip6tables -F /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD DROP /sbin/ip6tables -P INPUT DROP /sbin/ip6tables -P OUTPUT ACCEPT /sbin/ip6tables -P FORWARD DROP /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/ip6tables -A INPUT -i lo -j ACCEPT /sbin/ip6tables -A INPUT -s fe80::/10 -j ACCEPT /sbin/ip6tables -A INPUT -d ff00::/8 -j ACCEPT /sbin/iptables -A INPUT -s ipv4.home.range/24 -j ACCEPT <------ allow any home PC on your home LAN ipv4 /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/ip6tables -A FORWARD -s ipv6:home:range/64 -j ACCEPT <------ allow any home PC on your home ipv6 LAN if not using IPv6 ignore all ip6tables commands (I assume this DLNA box is not acting as a router) NOTE: I give the example of -m state --state ... above, although with modern netfilter, the preferred method is iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -m state was obsoleted in one recent version of netfilter, but a link was put back in the current version because it bit too many people.
On 03/04/13 00:01, Noel Butler wrote:
On Tue, 2013-04-02 at 14:06 +0100, Bob Williams wrote:
Actually, on further thought, I've come to the conclusion I haven't got a clue about this. From the point of view of SuSEfirewall2 running on this computer (which is running the minidlna server), my router *is* an external device. So what I want is DLNA traffic to pass unimpeded from this machine, through the router to the Bluray player/TV, without being exposed to the *real* outside world. That is, the internet cannot see that ports 8200 and 1900 are open.
I need to do some homework.
/sbin/iptables -F /sbin/ip6tables -F
etc, etc. Many thanks for this Noel. I can't pretend to understand it yet, but as I said, more homework needed. As an amateur, hobbyist computer user, I really appreciate the help provided here by those who have worked 'in the trade' all their lives. I also like your point about NAT not providing security after a move to ipv6 provision, in your reply to Togan. Bob -- Bob Williams System: Linux 3.7.10-1.1-desktop Distro: openSUSE 12.3 (x86_64) with KDE Development Platform: 4.10.1 "release 545" Uptime: 06:00am up 4 days 8:27, 3 users, load average: 0.11, 0.19, 0.70 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/04/13 10:00, Togan Muftuoglu wrote:
I guess the OP is using the minidlna within the home network, so my question is why do you want these EXT_ ports and protocols to be opened to the world. If they are indeed needed than these should be INT_ but by default SuSEFfirewall2 does not protect from internal networks so they should not be needed
Many people have each computer/device connected to their (isp provided) internet router so there is little if any distinction between INT and EXT connections so far as he firewall is concerned - there is one network connection with one IP address. Dylan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/02/2013 12:35 PM, Dylan wrote:
On 02/04/13 10:00, Togan Muftuoglu wrote:
I guess the OP is using the minidlna within the home network, so my question is why do you want these EXT_ ports and protocols to be opened to the world. If they are indeed needed than these should be INT_ but by default SuSEFfirewall2 does not protect from internal networks so they should not be needed
Many people have each computer/device connected to their (isp provided) internet router so there is little if any distinction between INT and EXT connections so far as he firewall is concerned - there is one network connection with one IP address.
In my understanding that is not a good way to limit yourself to outside attacks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 2013-04-02 at 12:40 +0200, Togan Muftuoglu wrote:
Many people have each computer/device connected to their (isp provided) internet router so there is little if any distinction between INT and EXT connections so far as he firewall is concerned - there is one network connection with one IP address.
In my understanding that is not a good way to limit yourself to outside attacks.
You are correct, security by NAT works by accident, too many people forget that, however, what if one day, your ISP reset your connection without telling you, and when you automatically reconnect, you find yourself with an IPv6 address range, NAT no longer exists, you are no longer "protected" by that accidental security, turning on your network equipped VDR or TV which may pref a 6 address, and voila, your "file sharing" from your VDR to the world :) Not to mention the risks anyone using 6 autoconfig takes in that case. At the very least, the home router should be configured to block everything in (including forwarding) that is not explicitly allowed (or RELATED/ESTABLISHED)
participants (6)
-
Bob Williams -
Carlos E. R. -
Dylan -
lynn -
Noel Butler -
Togan Muftuoglu