GNOME Bugzilla – Bug 699691
rygel is impossible to use with a firewall
Last modified: 2013-05-13 20:17:34 UTC
This seems to have been discussed again and again, but I haven't been able to find a solution. What ports is one supposed to open to get rygel to work? Various scattered sources on the internet say 1900/udp should be enough, but it doesn't seem to be. There is *no* mention of firewall configuration in the docs at all. I understand that the idea is that the user not know what ports are required etc, but the way it's being done is broken. I haven't been able to use rygel at all because I can't figure out what ports need to be opened. [ankur@ankur-pc ~]$ sudo netstat -nlp | egrep rygel tcp 0 0 192.168.1.17:57260 0.0.0.0:* LISTEN 30429/rygel tcp 0 0 127.0.0.1:49854 0.0.0.0:* LISTEN 30429/rygel udp 0 0 192.168.1.17:41985 0.0.0.0:* 30429/rygel udp 0 0 239.255.255.250:1900 0.0.0.0:* 30429/rygel udp 0 0 192.168.1.17:1900 0.0.0.0:* 30429/rygel udp 0 0 239.255.255.250:1900 0.0.0.0:* 30429/rygel udp 0 0 127.0.0.1:1900 0.0.0.0:* 30429/rygel udp 0 0 127.0.0.1:51382 0.0.0.0:* 30429/rygel [ankur@ankur-pc ~]$ Do I do this each time I run rygel and then open all these ports? Which ones? 1900/udp, and? If rygel crashes, when you rerun it, you have a new list of ports: [ankur@ankur-pc ~]$ sudo netstat -nlp | egrep rygel [sudo] password for ankur: tcp 0 0 192.168.1.17:51444 0.0.0.0:* LISTEN 2444/rygel tcp 0 0 127.0.0.1:57219 0.0.0.0:* LISTEN 2444/rygel udp 0 0 192.168.1.17:37667 0.0.0.0:* 2444/rygel udp 0 0 239.255.255.250:1900 0.0.0.0:* 2444/rygel udp 0 0 192.168.1.17:1900 0.0.0.0:* 2444/rygel udp 0 0 127.0.0.1:38764 0.0.0.0:* 2444/rygel udp 0 0 239.255.255.250:1900 0.0.0.0:* 2444/rygel udp 0 0 127.0.0.1:1900 0.0.0.0:* 2444/rygel [ankur@ankur-pc ~]$ There really has to be a better way of doing this. There's a bug against system-config-firewall at fedora which has been open since Fedora 13. We're into Fedora 19 now, and it hasn't been fixed since there isn't a simple way of finding what port s-c-f, or firewalld now, needs to open. https://bugzilla.redhat.com/show_bug.cgi?id=626188#c6 Comparatively, other tools like minidlna are much simpler to set up. They also have complete documentation on what port is to be opened exactly. https://wiki.archlinux.org/index.php/MiniDLNA I'd really like to use rygel since it integrates with gnome and can use tracker etc data, but it's really not easy to do at the moment. One cannot switch off the firewall (which makes it work) or keep manually modifying ports every time rygel runs. Suggestions: 1. Use static ports only, or provide a configuration option that would let a user use static ports only. I don't know if this is possible since rygel uses libsoup or something which allocates a random port. 2. Provide firewall configuration documentation at least until a way of automatically opening ports has been decided on.
[ankur@ankur-pc ~]$ rpm -q rygel rygel-0.18.1-1.fc19.x86_64 [ankur@ankur-pc ~]$ sudo firewall-cmd --list-ports 1900/udp 8200/tcp It isn't working. Neither my smart tv nor my wdtv live box show my laptop where I have rygel running.
This is not really a bug in rygel. We can't do anything about firewall. If you just want to know which ports to open, please ask on list/IRC.
That said, it might get better with the zone support in NetworkManager/firewalld which we're currently discussing.
(In reply to comment #0) Also: > Suggestions: > 1. Use static ports only, or provide a configuration option that would let a > user use static ports only. I don't know if this is possible since rygel uses > libsoup or something which allocates a random port. rygel.conf, section [general], port= or command-line option -p or RYGEL_PORT environment variable.
(In reply to comment #2) > This is not really a bug in rygel. We can't do anything about firewall. If you > just want to know which ports to open, please ask on list/IRC. Well, system-config-printer asks the user and opens ports in the firewall when you want it to look for network printers, iirc. I was hoping you could do something similar to that. Anyway, can this please be documented on the wiki instead of me asking on the mailing list/irc channel? It'll save you from having to answer this question again and again, each time someone tries to use rygel. (Users do want to know how to set it up, and tips on how they could set up the firewall would be nice, even if you can't do anything about the firewall from code) If you google for this information, you'll come across a lot of folks who've been looking for this. Thanks, Warm regards, Ankur
(In reply to comment #5) > (In reply to comment #2) > > This is not really a bug in rygel. We can't do anything about firewall. If you > > just want to know which ports to open, please ask on list/IRC. > > Well, system-config-printer asks the user and opens ports in the firewall when > you want it to look for network printers, iirc. I was hoping you could do > something similar to that. Oh it does? How does it look like? We'll have to do this in every UPnP/DLNA server at least, not just rygel then. Probably also clients would need this? Also rygel is not a UI so we can't really do the same even if its appropriate to do this in rygel. > Anyway, can this please be documented on the wiki instead of me asking on the > mailing list/irc channel? Sure thing. Please keep in mind that its a wiki so anyone can help out it there: https://live.gnome.org/Rygel/FAQ > It'll save you from having to > answer this question again and again, each time someone tries to use rygel. This only happens on fedora afaik. I have not only filed bug against that (as you found out) but have also provided a patch on demand. For some reason the bug has been ignored especially after providing the patch. It not really our fault.
Created attachment 243871 [details] s-c-g asking to modify firewall That's what it looks like. Anyway, thank you for your help. I'll follow up the Fedora bug and see if I can get the patch etc. accepted. Ankur
(In reply to comment #3) > That said, it might get better with the zone support in > NetworkManager/firewalld which we're currently discussing. Where is this discussion? Btw, fedora/firewall folks are asking rygel folks to talk to firewalld https://bugzilla.redhat.com/show_bug.cgi?id=626188