Subsonic Forum

[DocHoss]

First, I'd like to say great work on Subsonic! I think it's going to be the best media solution I could think of...once I get it working. I've followed the SubSonic Guide at monroeworld.com, had a clean installation on an Ubuntu Server 12.04 box, no problems there. I accessed the server configuration page at 192.168.1.100:4040 and set everything up. I have access from within my network. However, I can't seem to get access from outside it. I have the ports forwarded correctly on my router (TCP and UDP) and am able to SSH into the server, but I can't seem to get Subsonic to talk to any devices outside the local network. I have UFW running on the server, ports are properly opened for TCP and UDP traffic, and if I disable UFW I still get no access, so the problem isn't there. When I type the external address into a browser, it just comes back with a "page not found" error. Any ideas?

[BKKKPewsey]

How are you trying to access SS externally? Are you using the yourname.subsonic.org url?

[DocHoss]

I'm just using my external IP address. I don't have a domain set up right now. I'm adding :4040 to the end of it so it knows which port to use. Still no dice. I do notice that netstat tells me port 4040 is only listening on tcp6 but not tcp. Could this be an issue?

EDIT: When I try to register a <me>.subsonic.org address from within the setup, it says this function has expired, that I have to donate to use it. While I'm certainly not against donating (and I plan to once everything is running), I'm not in a position to do so right now.

[GJ51]

Go to canyouseeme.org and test to see if the port is opened properly. Most of this type of problem is usually related to improper port forwarding.

Subsonic should have been fully functional for 30 days from date of installation. If you've been up that long and haven't worked out external connection, then you either have to donate or do a clean reinstallation.

10 Euro isn't all that much.

It works.

[DocHoss]

I just installed it yesterday. Like I say, it works on my home network.

I agree, the major suspect seems to be port forwarding, but I can't seem to figure out any other way to open the ports. I'll keep trying, and when I get home tonight I'll try canyouseeme.org. Thanks for the tip!

Any other ideas?

[GJ51]

I'm a Windows guy and don't know all the details of your particular setup, but when trying to get connected from outside you have to remember that in today's environment safety is the primary concern so most standard setups try to raise obstacles to making intrusive connections from outside. Therefore to get a connection to Subsonic you have to identify anything along the network path that can be blocking access.

The first hurddle is to get the port open on the router and get it forwarded to the ip address where Subsonic is listening to accept the traffic. Second, if the port is being forwarded properly, the firewall on the Subsonic host has to allow the traffic in to the Host to get to Subsonic. The Subsonic installation process should have already made the proper firewall entries, but if you're not making the connection, it's another place to check.

That's pretty much it. Make sure that ip:port# entries match throught the pathway. If SS works inside your network, it will also work from outside as long as the pathway to the server is open.

PS - It's always the port forwarding.

[DocHoss]

I'm typically a Windows guy as well, but I'm trying to get my feet wet with Linux to learn some more marketable skills. Long story there...

I'll mess with canyouseeme tonight when I get home, but I can get to my router and have double and triple-checked the port forwarding. Incoming port 4040 with tcp/udp -> port 4040 on the server. Server has a static IP so no problems there. I've double and triple-checked the UFW rules to make sure it lets traffic through on port 4040...no problems there. Doesn't work even with UFW disabled, so it's not UFW. I think you're probably right, it's likely the port forwarding, but I'll be damned if I can figure out what else I should do to get it to work.

I'll keep tinkering. Thanks for the advice.

[bushman4]

Make sure that the static IP assigned to the server is the same as the IP that the router is forwarding the ports too... frequently that is the issue.

And if it works inside your network, it is not going to be a problem with the firewall on the Subsonic server... that would usually block local traffic as well.

Glenn

[DocHoss]

AHA! I figured it out. There was a setting in the port forwarding (I know, you're shocked...) that was asking for source port and destination port. I was doing source 4040 and destination 4040. I changed source to "Any" and it worked right away. Not sure of the security implications of this, but it works

Thanks a lot for your help.

[GJ51]

"Any" is normal on my router and has been working for years with no security issues.

Glad to hear you got it.

[bushman4]

That is because the source port of http or https traffic is random... Your computer chooses a high-numbered port and makes a request to the server using a known port (in this case, 4040).

Glenn

[GJ51]

Thanks Bushman,

That's (another) one I never got a full handle on. I've never read a good outline of browser communication and how the browser uses or selects ports for outgoing requests. Like others, I'm sure, I was under the impression that browser traffic all went in and out through port 80 on most systems, therefore using "Any" in the forwarding never made much logical sense to me.

So if I'm understanding you correctly, the user PC outside your network trying to connect to Subsonic can generate the request from its browser using any random port which then gets routesd over the internet to your external ip:port#

So then the origin and destination ip:port#'s are in the request header? Which enables the response from the server to get back to the requesting PC though the router at the recieving end??

Just guessing as I try to think it through. I never did get into figureing out how the router knew how to make sure the right PC got the right info.

[bushman4]

You've got it...

Try this sometime... open a web page, let it load, and then immediately go to a command prompt and type "Netstat."

You will get output which will include something similar to this:

Code: Select all

Active Connections

  Proto  Local Address          Foreign Address        State

  TCP    10.35.3.1:55268        dsl-67-55-1-226:http   TIME_WAIT
  TCP    10.35.3.1:55271        dsl-67-55-1-226:http   TIME_WAIT


or, with "netstat -n"

Code: Select all

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.35.3.1:55402        67.55.1.226:80         ESTABLISHED
  TCP    10.35.3.1:55403        67.55.1.226:80         ESTABLISHED
  TCP    10.35.3.1:55404        67.55.1.226:80         ESTABLISHED
  TCP    10.35.3.1:55405        67.55.1.226:80         ESTABLISHED
  TCP    10.35.3.1:55406        67.55.1.226:80         ESTABLISHED
  TCP    10.35.3.1:55407        67.55.1.226:80         ESTABLISHED


These are two different snapshots of communications with my computer to the forum.subsonic.org server, located at 67.55.1.226 (which reverse resolves to dsl-67-55-1-226.acanac.net). In the first one, netstat resolved all know port numbers to abbreviations (ie, 80 becomes http) and resolves all IP addresses that it can to DNS names.

But, as you can see, in the first case my computer had opened two connections to the web server hosting this forum, one originating on port 55268 and the other on 55271, but those connections had been idle for a bit and were getting ready to be closed down completely (TIME_WAIT).

In the second case, I had JUST refreshed the forum page, and you can see that my PC made 6 outbound connections to the web server, originating on ports 55402 through 55407.

But they all ended at port 80 on the web server.

Source port filtering is seldom used in home environments. At work I have used it before, when I could control the originating port, and been able to direct different clients to different locations based on what port we had pre-configured the device we provided them to initiate communications on. But in the real world, most traffic originates on random high number ports and is directed to known end port numbers.

Make sense?

Glenn

[GJ51]

Thanks Glenn,

That's an issue you never see discussed anywhere. Your explanation makes it clear.

Thanks agan,

G

[bushman4]

Glad to help. Sometimes my wife wonders why I can't remember our family calendar and all that happy stuff, and the I pull something like this off the brain shelf and realize it is what is taking up all the room!

(then again I still break out the 32 column graph paper and convert IP addresses to binary when laying out subnets, just to make sure that it is right... just because there are lots of shortcuts doesn't mean that knowing WHY something works won't come in handy. That is my biggest problem with "new math;" there no discussion about WHY you do something, just an explanation of HOW you do something. It reminds me of the scene in The Matrix movie with the Councillor and Neo in the engineering level... "Almost no one comes down here unless there's a problem. That's how it is with people. No one cares how it works as long as it works.")

Let me know if anyone has any questions,

Glenn