Hello. I am trying to set up roon server on my fedora 37 server box, but having looked at the firewalld documentation I can’t figure out how to allow both broadcast and multicast traffic with firewalld. Unfortunately roon don’t provide any documentation for on port access requirement, so its very much a process of trial and error. Any suggestions appreciated!
By default, firewalld does not restrict outgoing traffic including broadcast and multicast.
You can list ports open by services like this:
sudo ss -lnpAinet
Tcpdump or Wireshark can help you capture and analyze traffic.
If necessary, you can stop the firewalld service to test successful connection.
Once you have determined the required ports, allow them in the current zone:
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --permanent --add-port=123/tcp --add-port=456-789/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
Thank you, thats a very helpful response. Seems that roon uses a staggering number of ports, so listing them one by one is going to be challenging.:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
udp UNCONN 0 0 0.0.0.0:37458 0.0.0.0:* users:(("RAATServer",pid=2044,fd=87))
udp UNCONN 0 0 0.0.0.0:45828 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=183))
udp UNCONN 0 0 0.0.0.0:41736 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=215))
udp UNCONN 0 0 0.0.0.0:9001 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=293))
udp UNCONN 0 0 0.0.0.0:9001 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=286))
udp UNCONN 0 0 0.0.0.0:9003 0.0.0.0:* users:(("RAATServer",pid=2044,fd=89))
udp UNCONN 0 0 0.0.0.0:9003 0.0.0.0:* users:(("RAATServer",pid=2044,fd=86))
udp UNCONN 0 0 0.0.0.0:9003 0.0.0.0:* users:(("RAATServer",pid=2044,fd=84))
udp UNCONN 0 0 0.0.0.0:9003 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=219))
udp UNCONN 0 0 0.0.0.0:9003 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=218))
udp UNCONN 0 0 0.0.0.0:9003 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=214))
udp UNCONN 0 0 0.0.0.0:45902 0.0.0.0:* users:(("RAATServer",pid=2044,fd=85))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=265))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=263))
udp UNCONN 0 0 0.0.0.0:46524 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=287))
udp UNCONN 0 0 192.168.1.245:58867 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=184))
udp UNCONN 0 0 0.0.0.0:38414 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=266))
udp UNCONN 0 0 0.0.0.0:59116 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=172))
udp UNCONN 0 0 0.0.0.0:55059 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=181))
udp UNCONN 0 0 239.255.255.250:1900 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=283))
udp UNCONN 0 0 0.0.0.0:1900 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=173))
udp UNCONN 0 0 0.0.0.0:1900 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=171))
udp UNCONN 0 0 0.0.0.0:51520 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=175))
udp UNCONN 0 0 0.0.0.0:35356 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=264))
udp UNCONN 0 0 0.0.0.0:60430 0.0.0.0:* users:(("RAATServer",pid=2044,fd=88))
udp UNCONN 0 0 0.0.0.0:56691 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=174))
udp UNCONN 0 0 0.0.0.0:36308 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=294))
udp UNCONN 0 0 192.168.1.245:53219 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=280))
udp UNCONN 0 0 0.0.0.0:45123 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=178))
udp UNCONN 0 0 0.0.0.0:45454 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=292))
tcp LISTEN 0 128 192.168.1.245:42367 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=277))
tcp LISTEN 0 10 0.0.0.0:9200 0.0.0.0:* users:(("RAATServer",pid=2044,fd=91))
tcp LISTEN 0 10 0.0.0.0:9150 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=295))
tcp LISTEN 0 100 0.0.0.0:55000 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=140))
tcp LISTEN 0 4096 127.0.0.1:37075 0.0.0.0:* users:(("RoonServer",pid=1023,fd=37))
tcp LISTEN 0 100 0.0.0.0:37963 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=242))
tcp LISTEN 0 10 0.0.0.0:9331 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=221))
tcp LISTEN 0 100 0.0.0.0:9330 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=135))
tcp LISTEN 0 10 0.0.0.0:9332 0.0.0.0:* users:(("RoonAppliance",pid=1278,fd=224))
tcp LISTEN 0 4096 127.0.0.1:9004 0.0.0.0:* users:(("RAATServer",pid=2044,fd=42))
I’m going look again at what the ranges are and decide what to do next.
Multicast is within subnet 224.0.0.0/4, so in your list is 239.255.255.250 within this range. By definition multicast transmitting is outgoing, so you can ignore firewalld, but you have to define the outgoing route for multicast with "ip route add 224.0.0.0/4 dev < multicast output interface > " The multicast is sent with “from address” = “server ip address”, “destination address” is “multicast address”. In a client firewalld, if you assign the server’s IP to the trusted zone, you have a catch-all to start with. Using the Fedoraworkstation zone, which has all high ports open, is another option.