More > JRiver Media Center 29 for Linux

[SOLVED] Restrict IP range that Media Server listens to

(1/1)

afora:
SOLUTION: It's not clear if MC implements a reliable subnet restriction. The only safe approach would require a ufw configuration.
---

When I run


--- Code: ---sudo ss -tulpn
--- End code ---

after installing Media Centre it tells me that it opened a couple of ports to the whole wide net, e.g:


--- Code: ---Netid    State     Local Address:Port   Peer Address:Port    Process 
tcp      LISTEN   0.0.0.0:52199         0.0.0.0:*                 "mediacenter27",pid=9725,fd=15
--- End code ---

I do not like the idea of having ports wide open, and really would like to restrict it to the LAN subnet only, e.g. 172.22.1.0:52199. I looked inside MC options but cannot find anything to enable such a restriction (changing port numbers yes, fixing a wide open port not).

I appreciate managing applications in a graceful way rather than shuttingg them down with ufw, so the question is - how do I do it with Media Center without a third party firewall.

Many thanks!

max096:
Unless you have port forwarding setup or your box has a direct uplink (public ip) there is no way it could be accessed from the internet anyways. What Im getting at is that this setting does not really do anything unless you have multiple network interfaces all youŽre gonna end up is denying requests from localhost allowing requests from the only network interface you have anyways (probably). If you have multiple / a reason to lock it down on a PC level ufw is perfect for that and you donŽt have to trust the individual applications to do the right thing.

In media network you have an option for "Interfaces to ignore (list of network/bis)". Though, I think this does filter requests inside MC, so youŽd still see it bind to 0.0.0.0.

According to this there seeems to be an undocumented option to do this. https://yabb.jriver.com/interact/index.php?topic=131183.0

afora:
Thank you, I played around with the undocumented option and it does not seem to make any difference in my case.

I do have a public facing server running off my IP address, so it's accessible from the internet. I have a single interface apart from a vpn which is used only occasionally.

I guess my option is ufw for peace of mind.

Thanks again.

bob:
The Bind Only To option works. I use it all of the time.
I have a server with 8 interfaces on it and I only want MC to actually use one.

eve:

--- Quote from: bob on October 07, 2022, 01:46:22 pm ---The Bind Only To option works. I use it all of the time.
I have a server with 8 interfaces on it and I only want MC to actually use one.

--- End quote ---

This.


I was going to say you don't have anything to worry about since you're probably a home user without a public facing IP or DMZ but yeah, make sure you bind it in that case! Also for peace of mind, maybe run JRiver and other internal things on a server that ISNT your public facing one?
P.S I use IPTables to prevent my JRiver library server from talking to anything outside of my network.

Navigation

[0] Message Index