I’m trying to use GNOME Sharing (rygel behind the hood) on my local network.
I followed the following github comment for setting up the firewall rules to let rygel access the necessary ports (notably UDP:1900 for UPnP).
The rules are the following:
{
networking.firewall.allowedUDPPorts = [ 1900 ];
networking.firewall.extraPackages = [ pkgs.conntrack_tools ];
networking.firewall.autoLoadConntrackHelpers = true;
networking.firewall.extraCommands = ''
nfct add helper ssdp inet udp
iptables --verbose -I OUTPUT -t raw -p udp --dport 1900 -j CT --helper ssdp
'';
}
However, the firewall still blocks some traffic needed by rygel on some dynamic TCP ports. This is an example of what I’m seeing in the syslog:
Feb 02 18:02:30 <computer name> kernel: refused connection: IN=wlan0 OUT= MAC=<a mac address> SRC=192.168.0.10 DST=192.168.0.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=56112 DF PROTO=TCP SPT=45450 DPT=34765 WINDOW=29200 RES=0x00 SYN URGP=0
This connection request comes from the smart TV I would like to share media with. Unfortunately, I can’t just allow the TCP port 34765 as this is a dynamic port.
This bugreport on the redhat bugtracker suggests to allow all tcp traffic on non root ports, but I’m not sure exactly what that means. Should I add the following line to my config?
networking.firewall.allowedTCPPortRanges = [{ from = 1024; to = 65535; };];
Any ideas on how to config properly the firewall in that case?