title: Mediatomb and iptables link: https://onemoretech.wordpress.com/2013/02/27/mediatomb-and-iptables/ author: phil2nc description: post_id: 4405 created: 2013/02/27 21:22:50 created_gmt: 2013/02/28 01:22:50 comment_status: closed post_name: mediatomb-and-iptables status: publish post_type: post

Mediatomb and iptables

Just a couple of tips on allowing access to mediatomb (or any other upnp server) with kernel packet filtering enabled via the iptables command. The main thing to do is to allow clients access over the IGMP protocol.

iptables -I INPUT -p igmp -j ACCEPT

In /etc/sysconfig/iptables this would look like this:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [907:110531]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p igmp -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT

You will also have to open up upnp server's listen ports. This is usually TCP port 49152 and udp port 1900 (discovery) at a minimum.

iptables -I INPUT -p tcp -m tcp --dport 49152 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 1900 -j ACCEPT

To make this persistent, insert the following lines in the iptables file:

-A INPUT -p tcp -m tcp --dport 49152 -j ACCEPT
-A INPUT -p udp -m udp --dport 1900 -j ACCEPT

Copyright 2004-2019 Phil Lembo