Roon server on Linux- firewall configuration

Phorize · Jan 13, 2023

I have recently gone back to a roon set up, having previously stopped using roon mainly due to frustrations around Linux support. I’ll be sticking with it this time but remain appalled at roons frankly amateur documentation effort for roon server. I’m running roon server on a Linux box sans a firewall as I can’t reliably figure out the port access requirements. There is a lot of speculation on roons ‘support’ forums but no actual support from roon. Does any one here have anymore insight into this? Yours grumpily, Kristian

kysa · Feb 1, 2023

These ports worked for me:

Phorize · Feb 1, 2023

kysa said:
These ports worked for me:
View attachment 261463

Interesting, thanks. I had a quick try of these settings and the core was blocked. Back to the drawing board.

kysa · May 15, 2023

I just migrated to gentoo and ran into the same problem. Installing roon server via nix helped me. You can also try to open the ports listed in the .nix file:


    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPortRanges = [
        { from = 9100; to = 9200; }
        { from = 9330; to = 9339; }
        { from = 30000; to = 30010; }
      ];
      allowedUDPPorts = [ 9003 ];
      extraCommands = optionalString (!config.networking.nftables.enable) ''
        ## IGMP / Broadcast ##
        iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT
        iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT
        iptables -A INPUT -s 240.0.0.0/5 -j ACCEPT
        iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
        iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT
      '';
      extraInputRules = optionalString config.networking.nftables.enable ''
        ip saddr { 224.0.0.0/4, 240.0.0.0/5 } accept
        ip daddr 224.0.0.0/4 accept
        pkttype { multicast, broadcast } accept
      '';
    };

Phorize · May 15, 2023

kysa said:
I just migrated to gentoo and ran into the same problem. Installing roon server via nix helped me. You can also try to open the ports listed in the .nix file:

networking.firewall = mkIf cfg.openFirewall { allowedTCPPortRanges = [ { from = 9100; to = 9200; } { from = 9330; to = 9339; } { from = 30000; to = 30010; } ]; allowedUDPPorts = [ 9003 ]; extraCommands = optionalString (!config.networking.nftables.enable) '' ## IGMP / Broadcast ## iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT iptables -A INPUT -s 240.0.0.0/5 -j ACCEPT iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT ''; extraInputRules = optionalString config.networking.nftables.enable '' ip saddr { 224.0.0.0/4, 240.0.0.0/5 } accept ip daddr 224.0.0.0/4 accept pkttype { multicast, broadcast } accept ''; };

Thanks. I basically just set firewalld to accept all incoming traffic from a single subnet on my lan. Works fine now. It’s not a perfect solution but is fairly low risk. I should probably run snort locally anyway given the number of IOT devices I have around.

Roon server on Linux- firewall configuration

Phorize

Major Contributor

kysa

Member

Phorize

Major Contributor

kysa

Member

Phorize

Major Contributor

Similar threads