I might enable firewall on my Ubuntu desktop where my Roon server is installed. The instructions for Linux install mention firewall settings.
But they are referred to a somewhat cryptic for me post:
Can anyone please post the commands that would enable broadcast rules in Ubuntu’s firewall? I think I know how to open ports but I don’t know what to do with the broadcast/multicast rules. I think Ubuntu uses some “simple firewall” by default, not iptables.
If you’re using UFW, the following commands will get you halfway there…
sudo ufw allow proto udp to any port 9003 from 192.168.1.0/24
sudo ufw allow proto tcp from any to any port 9100:9200
…but discovery will fail with the firewall up. Therefore, it’s necessary to manually add iptables to UFW (it’s an iptables frontend) by manually editing some config files. This is where the second post comes in.
Is it just the port I needed to open in my router for ARC? Like this?
sudo ufw allow proto tcp from any to any port "myport_number"
By the way, in your rules why is the first rule from a subnet but the second rule is from “any”? I suppose they can be equal. I’d prefer “from any”. The server is behind the NAT anyway.
roon@roon-vmpc:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
I did not understand what you meant here. There are 3 items.
And
All of them are incoming. OK, the first one allows connections only from a subnet. But the second has “from any” and the third has no mention of “from”. Can you briefly describe why the second and third line are different?
Why the second line couldn’t be like this?
sudo ufw allow 9100:9200/tcp
Or the third line couldn’t be like this?
sudo ufw allow proto tcp from any to any port <port number>
I am an old dog trying to learn new tricks and install arc which the systen currently can’f find/ access at port 55000. Thanks to the community for your support, I just moved my Roon server to a dedicated mini pc i5-1235u w 16 G ram. my router home address is 192.168.68.1, but when I try to set up mu ufw rules it defaults back to 196.168.68.0. I am using he excellent work done by Alex , **
Create application profile for Roon** sudo nano /etc/ufw/applications.d/roon
[Roon]
title=Roon Server
description=Roon Labs Core Music Server
ports=9003/udp|9100:9200/tcp|1900/udp|9330:9339/tcp|30000:30010/tcp
2. Activate UFW application profile for Roon sudo ufw allow from 192.168.1.0/24 to any app roon <<< I changed to 192.168.68.1/24
192.168.68.1/24 (192.168.1.0/24) should be 192.168.68.0/24 (or the ip address of your Roon server), assuming that your home router is using 192.168.68.1/24.
192.168.68.1/24 is the ip address of your home router, 192.168.68.0/24 is your network address. I don’t see the ip address of your Roon server mentioned. It should be somewhere in the 192.168.68.1-192.168.68.254 range, but not the same ip address as any other device in your network (i.e. 192.168.68.1, your home router).
This ufw rule allows tcp/udp ports outbound, but 55000/tcp should be inbound.
I think this has to be changed to:
ports=9003/udp|9100:9200/tcp|1900/udp|9330:9339/tcp|30000:30010/tcp|55000/tcp
But I’m no ufw expert. I suspect the [Roon] application profile settings in /etc/ufw/applications.d/roon don’t specify inbound/outbound.
I expect if you change this line to sudo ufw allow app roon tcp/udp ports will be opened inbound and outbound.