Mediatomb and iptables

Just a couple of tips on allowing access to mediatomb (or any other upnp server) with kernel packet filtering enabled via the iptables command.

The main thing to do is to allow clients access over the IGMP protocol.

iptables -I INPUT -p igmp -j ACCEPT

In /etc/sysconfig/iptables this would look like this:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [907:110531]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p igmp -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT

You will also have to open up upnp server’s listen ports. This is usually TCP port 49152 and udp port 1900 (discovery) at a minimum.

iptables -I INPUT -p tcp -m tcp --dport 49152 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 1900 -j ACCEPT

To make this persistent, insert the following lines in the iptables file:

-A INPUT -p tcp -m tcp --dport 49152 -j ACCEPT
-A INPUT -p udp -m udp --dport 1900 -j ACCEPT
This entry was posted in Uncategorized on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).