After an eternity I've finally figured out the Linux firewall settings to make this work details...
1. First avahi / mdns needs to be allowed through the firewall, this allows the Airplay devices to be advertised on the network: ufw allow 5353/tcp 2. Configure the ports to enable Airplay to stream. This is not so simple as Airplay uses a dynamically assigned port on the server to stream from, so you cannot just open this port as it always changes. Matters are further complicated since linux by standard has no application level firewall - making it impossible to allow and whitelist the shairtunes 'shairport' application. Solution - from watching a packet sniffer it seems that the Airplay protocol commonly uses port 5000:5005 TCP to setup an Airplay connection. Typically Airplay uses 5000 but if there are other instances or issues locking the port it seems to try a higher port - so I allow 5 ports. Once the connection is established by TCP, Airplay then uses UDP to stream the audio to destination ports in the range of 6000:6005 on the target device. To avoid the dynamic port issue on the server side I take the reverse approach - allowing in any packets that originate from ports 6000:6005 within my network and allowing out any packets to go out to destination 6000:6005 within my network. This is a little more vulnerable than just opening a specific server port, as a result I restrict this to within my LAN by using 192.168.1.0/24 ** you should change this ** to match your LAN IP range. TCP settings sudo ufw allow in from 192.168.1.0/24 port 5000:5005 proto tcp to any sudo ufw allow out from any to 192.168.1.0/24 port 5000:5005 proto tcp UDP settings sudo ufw allow in from 192.168.1.0/24 port 6000:6005 proto udp to any sudo ufw allow out from any to 192.168.1.0/24 port 6000:6005 proto udp ------------------------------------------------------------------------ atca's Profile: http://forums.slimdevices.com/member.php?userid=56880 View this thread: http://forums.slimdevices.com/showthread.php?t=105198 _______________________________________________ plugins mailing list plugins@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/plugins
