Ace sleuth @CRo figured out you need to enable IGMP and broadcast networking, and mentioned
If you want I can also make some firewalld entries
I want . I created a simple firewalld service file for Roon server that opens the ports it uses (TCP 9100-9200 and UDP 9103); you can add to firewalld with firewall-cmd --permanent --new-service-from-file=/path/to/my/roon-server.xml and then it shows up in the Firewall Configuration UI as a nice service you can turn on and off , but it doesnât work: Android Roon controller is stuck âLooking for your Roon Core.â I believe I need to enable IGMP and broadcast when this service is running, but
I canât figure out how to enable broadcast. firewall-cmd --add-protocol=igmp seems to work (add --permanent should make it permanent), but I donât know the equivalent magic for broadcast.
I donât know how to tie turning these protocols on to enabling the Roon server.
Is there some way to get Linux to let you know when itâs blocking network packets? I think firewalld just configures the kernel, so getting it to log with something like sudo firewalld --nofork --debug 2 --log-file /tmp/firewalld_manual.log doesnât help.
Thanks for any insights! Sorry if I mis-format this, Iâm new.
Iâm afraid I canât help you too much from a Fedora point of view, but the settings for Ubuntu 18.04 below whilst based on UFW do translate fairly readily into iptables which should be easier to decipher. Youâll need to adjust for your subnet.
sudo ufw allow from 192.168.1.0/24 to any port 9100:9200 proto tcp sudo ufw allow from 192.168.1.0/24 to any port 9003 proto udp sudo ufw allow from 192.168.1.0/24 to any port 1900 proto udp
sudo nano /etc/ufw/user.rules
### IGMP ###
-A ufw-user-input -s 224.0.0.0/4 -j ACCEPT
-A ufw-user-input -d 224.0.0.0/4 -j ACCEPT
-A ufw-user-input -s 240.0.0.0/5 -j ACCEPT
-A ufw-user-input -m pkttype --pkt-type multicast -j ACCEPT
-A ufw-user-input -m pkttype --pkt-type broadcast -j ACCEPT
The first 3 lines above could be achieved using sudo ufw allow from ... but the later are too complex. However, line 4 is equivalent to firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT.
I have moved your post over to the #tinkering section, since we cant specify specific rules for firewalld.
As a note - I would suggest adding an application-based exception instead of specifying specific ports as Roon may be using randomized ports for certain aspects.
I canât figure out how to enable broadcast. firewall-cmd --add-protocol=igmp seems to work (add --permanent should make it permanent), but I donât know the equivalent magic for broadcast.
to your roonserver.service file (then systemctl daemon-reload). In my case Iâm manually starting and running Roon on my laptop not as root user but as a restricted user, so I prepend + to these two /usr/bin/firewall-cmd commands so they run as root. It seems to work: systemctl start roonserver enables this service in the firewall (use /usr/bin/firewall-cmd --list-services to check) and I can control Roon core, and systemctl stop roonserver disables it.
Is there some way to get Linux to let you know when itâs blocking network packets?
A: In the Firewall GUI, change menu > Options > Log Denied from âOffâ to âAllâ or âmulticastâ, then look for messages in journalctl on the particular network interface, e.g. ernel: FINAL_REJECT: IN=enp0s31f6 .... I was never able to find particular failure messages when my Roon controller couldnât find Roon core because of firewall blocking.