INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: [SOLVED] Restrict IP range that Media Server listens to  (Read 1094 times)

afora

  • Recent member
  • *
  • Posts: 29
[SOLVED] Restrict IP range that Media Server listens to
« on: October 06, 2022, 08:38:38 pm »

SOLUTION: It's not clear if MC implements a reliable subnet restriction. The only safe approach would require a ufw configuration.
---

When I run

Code: [Select]
sudo ss -tulpn
after installing Media Centre it tells me that it opened a couple of ports to the whole wide net, e.g:

Code: [Select]
Netid    State     Local Address:Port   Peer Address:Port    Process 
tcp      LISTEN   0.0.0.0:52199         0.0.0.0:*                 "mediacenter27",pid=9725,fd=15

I do not like the idea of having ports wide open, and really would like to restrict it to the LAN subnet only, e.g. 172.22.1.0:52199. I looked inside MC options but cannot find anything to enable such a restriction (changing port numbers yes, fixing a wide open port not).

I appreciate managing applications in a graceful way rather than shuttingg them down with ufw, so the question is - how do I do it with Media Center without a third party firewall.

Many thanks!
Logged

max096

  • MC Beta Team
  • Galactic Citizen
  • *****
  • Posts: 363
Re: Restrict IP range that Media Server listens to
« Reply #1 on: October 07, 2022, 08:00:09 am »

Unless you have port forwarding setup or your box has a direct uplink (public ip) there is no way it could be accessed from the internet anyways. What Im getting at is that this setting does not really do anything unless you have multiple network interfaces all youŽre gonna end up is denying requests from localhost allowing requests from the only network interface you have anyways (probably). If you have multiple / a reason to lock it down on a PC level ufw is perfect for that and you donŽt have to trust the individual applications to do the right thing.

In media network you have an option for "Interfaces to ignore (list of network/bis)". Though, I think this does filter requests inside MC, so youŽd still see it bind to 0.0.0.0.

According to this there seeems to be an undocumented option to do this. https://yabb.jriver.com/interact/index.php?topic=131183.0
Logged

afora

  • Recent member
  • *
  • Posts: 29
[SOLVED] Re: Restrict IP range that Media Server listens to
« Reply #2 on: October 07, 2022, 10:35:13 am »

Thank you, I played around with the undocumented option and it does not seem to make any difference in my case.

I do have a public facing server running off my IP address, so it's accessible from the internet. I have a single interface apart from a vpn which is used only occasionally.

I guess my option is ufw for peace of mind.

Thanks again.
Logged

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13874
Re: [SOLVED] Restrict IP range that Media Server listens to
« Reply #3 on: October 07, 2022, 01:46:22 pm »

The Bind Only To option works. I use it all of the time.
I have a server with 8 interfaces on it and I only want MC to actually use one.
Logged

eve

  • Citizen of the Universe
  • *****
  • Posts: 689
Re: [SOLVED] Restrict IP range that Media Server listens to
« Reply #4 on: October 07, 2022, 03:51:19 pm »

The Bind Only To option works. I use it all of the time.
I have a server with 8 interfaces on it and I only want MC to actually use one.

This.


I was going to say you don't have anything to worry about since you're probably a home user without a public facing IP or DMZ but yeah, make sure you bind it in that case! Also for peace of mind, maybe run JRiver and other internal things on a server that ISNT your public facing one?
P.S I use IPTables to prevent my JRiver library server from talking to anything outside of my network.
Logged
Pages: [1]   Go Up