Android Roon Remote looses connection to Core (daily)

@Noris,

it’s been three days since the last Linux Roon core restart, and the Android remotes / endpoints are continuing to connect fine.

The Roon documentation currently does not treat IGMP and Broadcast as something that needs to be addressed in the local firewall configuration, only that it’s possibly an issue on the switch.

At this point, IGMP snooping is ON on my switch, and I don’t think it is relevant on or off. The point is that the Linux firewall natively blocks IGMP and broadcast (rightly so.)

I would suggest that perhaps you add to the Roon Linux documentation that the Roon core must be reachable not just via UDP 9003 and TCP 9100 - 9200 ports, but multicast and broadcast communication must also be allowed in the firewall.

Most Linux distributions use either iptables or firewalld (Red Hat Enterprise Linux and CentOS have iptables as default up to Version 6, as of RHEL 7 / CentOS 7 firewalld is started by default, iptables is also fully supported.)

iptables is the “classic” firewall daemon of Linux and IMHO much easier to configure if you haven’t wrapped your head around firewalld. I use iptables with CentOS 7. Hence here again, distilled down to the point, are the Linux iptables entries that are required for Roon to work properly:

## IGMP / Broadcast - required by Roon ##
-A INPUT -s 224.0.0.0/4 -j ACCEPT
-A INPUT -d 224.0.0.0/4 -j ACCEPT
-A INPUT -s 240.0.0.0/5 -j ACCEPT
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-A INPUT -m pkttype --pkt-type broadcast -j ACCEPT

## Roon ##
# Core
-A INPUT -s [Your Subnet]/[Subnet Mask] -p udp --dport 9003 -j ACCEPT
-A INPUT -s [Your Subnet]/[Subnet Mask] -p tcp --match multiport --dports 9100:9200 -j ACCEPT

[Your Subnet] would typically be for example 192.168.0.0 and [Subnet mask] is typically 24, ergo the UDP and TCP port entries would be for 192.168.0.0/24 .

Even if you don’t want to get into the details of how to enable the required ports because they are dependant on the user’s subnet, whatever that may be, the IGMP and broadcast entries are essentially universal; IGMP is not specific to any local network config, and can be documented for everyone.

If you want I can also make some firewalld entries, then just about every modern Linux distribution is covered. We could even cover IPv6 (but seriously, everything about Roon networking is based on the assumption of IPv4 networking, which is obviously the only sane thing to do at home.)

-Chris

10 Likes