Author Topic: SOLVED! Firewall settings to enable Sonos Wireless Music System  (Read 18441 times)

merk

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
SOLVED! Firewall settings to enable Sonos Wireless Music System
« on: October 07, 2012, 03:41:41 pm »
I have a new install of Zentyal 3.0.2, in use as a very basic home gateway/firewall/fileshare system, supporting a small number of local hosts, both Windows and OSX. This has replaced a previous system based on Ubuntu 10.04 managed with a combination of Webmin and CLI. .

The most important use in our home is as a file server of over 500G of music files. These are played through several Sonos components which also live in the same subnet as the PCs and laptops. This all worked great under the old Linux/Webmin setup, with sharing via samba and a firewall I managed with Shorewall.

I want to add on a little basic VOIP/Asterisk setup, and maybe a few other services, and thought Zentyal might be a better platform to smoothly integrate more functions, so I switched.

After switching to Zentyal, I have got my basic functionality all working on the new Zentyal install, including DNS caching, DHCP, gateway to internet, pppoe, plus minimal users and groups, just enough to support ACLs in samba. Firewall is working fine for basic internet access through this system from local hosts.

I have got the samba music shares working, at least so that they are accessible by local hosts.

But trying to bring the Sonos system up, I get errors which appear to be firewall related.

From the Sonos support FAQ, here is what that system needs in a firewall:

QUOTE

During firmware updates, the Sonos system accesses the Internet via port 80. During normal operation and use, the system utilizes the specified ports and services below.

The Sonos Wireless HiFi System uses the following ports:


TCP/IP:

80 (HTTP)
445 (CIFS)
3400 (UPnP incoming events)
443 (Rhapsody, Napster, and SIRIUS Internet Radio)
4070 (Spotify incoming events)


UDP:

136-139 (NetBIOS)
1900 (UPnP advertisements / device discovery)
1901 (UPnP m-search responses)
2869 (UPnP connection to Windows Media Player 11 Network Sharing Service)
6969 (Getting Started process)
10243 (UPnP connection to Windows Media Player 11 Network Sharing Service)
10280-10284 (UPnP connection to Windows Media Player 11 Network Sharing Service)[/font][/font][/color]

END QUOTE

I am by no means a serious linux or network expert, just a guy willing to jump into the deep water. I eventually make stuff work. In my old system I used Shorewall to manage the firewall, but iptables is new and a bit confusing to me.

I presume that the needed NetBIOS and CIFS ports are already implemented properly, since my Zentyal samba shares and user/group ACLs seem to work fine with my non-Sonos hosts. Unfortunately, the setup dialog in the Sonos desktop app doesn't tell me why it chokes, and doesn't provide a log I can inspect, it just says it is probably firewall settings.  I presume it is related to some of these other ports.

Grateful if someone would show me one or two sample entries of what I should make to the Zentyal Firewall setup which can make the above work.

Many thanks
« Last Edit: October 08, 2012, 07:32:49 am by merk »

FarquahrWindsor

  • Guest
Re: Firewall settings to enable Sonos Wireless Music System
« Reply #1 on: October 07, 2012, 03:59:03 pm »
I am going to have to be honest there are outstanding issues but its amazing how fast the zentyal dev's are going with the New 3.0.

I have to say really we are on RC3 as especially with samba there are issues to be sorted.

I can't knock zentyal though as we are on Samba4 RC2 and it shows Zentyal's intent in keeping at the forefront of bleeding edge technology.

I can say it will be a matter of days but just at this moment a few things need to bed down.

If you are using zentyal on the internal lan then the firewall shouldn't be a problem.

Is this for external access?

merk

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
RESOLVED: Firewall settings to enable Sonos Wireless Music System
« Reply #2 on: October 07, 2012, 06:26:41 pm »
Resolved!

Thanks for taking time to give this a little thought.

Fact is, it was a silly error - I had done all my setup through a terminal or on the interface, as well as, embarrassingly, my testing to that point. After taking the time to set up MAC adds for all my hosts, as objects, I simply forgot I had to also set up the additional DHCP static IP assignments in that module.  :-[ I use no general lease range at all, so obviously no Sonos boxes were able to get very far talking to the zentyal machine.

Fixed that, and presto, all good.

Incidentally, thanks also due to you FqW for installation advice on a recent post elsewhere. I had no luck getting samba working installing straight from the iso (3.0.0 at that point), but your method worked fine save for a couple of blind moments on my part.

And no, the shares and the whole domain are not for external access at all. Though one day I might open ssh to outside, or maybe VPN, so I can administer and enjoy the home site while travelling. In fact, I think my next project will be to try to figure out how to set up VPN client and some way to route certain hosts through a tunnel to an external server, but others through the normal route. Have not spent enough time looking at the docs and forum on this idea, but I fear that this little plan might get me into slightly more difficult area given my basic skills.

and if my first post sounded at all like a gripe, I didn"t intend that. I am pleased with Zentyal thus far.

anyway, thanks again
« Last Edit: October 07, 2012, 06:32:51 pm by merk »

FarquahrWindsor

  • Guest
Re: RESOLVED! Firewall settings to enable Sonos Wireless Music System
« Reply #3 on: October 07, 2012, 06:32:20 pm »
Its ok I am the worst, in fact it the simple obvious things that I seem to fall over. Doh! and thats at me :)