Allowing broadcast and multicast with firewalld

Hello. I am trying to set up roon server on my fedora 37 server box, but having looked at the firewalld documentation I can’t figure out how to allow both broadcast and multicast traffic with firewalld. Unfortunately roon don’t provide any documentation for on port access requirement, so its very much a process of trial and error. Any suggestions appreciated!

By default, firewalld does not restrict outgoing traffic including broadcast and multicast.
You can list ports open by services like this:

sudo ss -lnpAinet

Tcpdump or Wireshark can help you capture and analyze traffic.
If necessary, you can stop the firewalld service to test successful connection.

Once you have determined the required ports, allow them in the current zone:

sudo firewall-cmd --get-active-zones
sudo firewall-cmd --permanent --add-port=123/tcp --add-port=456-789/udp
sudo firewall-cmd --reload 
sudo firewall-cmd --list-all
1 Like

Thank you, thats a very helpful response. Seems that roon uses a staggering number of ports, so listing them one by one is going to be challenging.:

Netid State  Recv-Q Send-Q                   Local Address:Port  Peer Address:PortProcess                                                       
udp   UNCONN 0      0                              0.0.0.0:37458      0.0.0.0:*    users:(("RAATServer",pid=2044,fd=87))                        
udp   UNCONN 0      0                              0.0.0.0:45828      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=183))                    
udp   UNCONN 0      0                              0.0.0.0:41736      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=215))                    
udp   UNCONN 0      0                              0.0.0.0:9001       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=293))                    
udp   UNCONN 0      0                              0.0.0.0:9001       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=286))                    
udp   UNCONN 0      0                              0.0.0.0:9003       0.0.0.0:*    users:(("RAATServer",pid=2044,fd=89))                        
udp   UNCONN 0      0                              0.0.0.0:9003       0.0.0.0:*    users:(("RAATServer",pid=2044,fd=86))                        
udp   UNCONN 0      0                              0.0.0.0:9003       0.0.0.0:*    users:(("RAATServer",pid=2044,fd=84))                        
udp   UNCONN 0      0                              0.0.0.0:9003       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=219))                    
udp   UNCONN 0      0                              0.0.0.0:9003       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=218))                    
udp   UNCONN 0      0                              0.0.0.0:9003       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=214))                    
udp   UNCONN 0      0                              0.0.0.0:45902      0.0.0.0:*    users:(("RAATServer",pid=2044,fd=85))                        
udp   UNCONN 0      0                              0.0.0.0:5353       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=265))                    
udp   UNCONN 0      0                              0.0.0.0:5353       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=263))                    
udp   UNCONN 0      0                              0.0.0.0:46524      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=287))                    
udp   UNCONN 0      0                        192.168.1.245:58867      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=184))                    
udp   UNCONN 0      0                              0.0.0.0:38414      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=266))                    
udp   UNCONN 0      0                              0.0.0.0:59116      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=172))                    
udp   UNCONN 0      0                              0.0.0.0:55059      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=181))                    
udp   UNCONN 0      0                      239.255.255.250:1900       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=283))                    
udp   UNCONN 0      0                              0.0.0.0:1900       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=173))                    
udp   UNCONN 0      0                              0.0.0.0:1900       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=171))                    
udp   UNCONN 0      0                              0.0.0.0:51520      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=175))                    
udp   UNCONN 0      0                              0.0.0.0:35356      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=264))                    
udp   UNCONN 0      0                              0.0.0.0:60430      0.0.0.0:*    users:(("RAATServer",pid=2044,fd=88))                        
udp   UNCONN 0      0                              0.0.0.0:56691      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=174))                    
udp   UNCONN 0      0                              0.0.0.0:36308      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=294))                    
udp   UNCONN 0      0                        192.168.1.245:53219      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=280))                    
udp   UNCONN 0      0                              0.0.0.0:45123      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=178))                    
udp   UNCONN 0      0                              0.0.0.0:45454      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=292))                    

tcp   LISTEN 0      128                      192.168.1.245:42367      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=277))                    
tcp   LISTEN 0      10                             0.0.0.0:9200       0.0.0.0:*    users:(("RAATServer",pid=2044,fd=91))                        
tcp   LISTEN 0      10                             0.0.0.0:9150       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=295))                    
tcp   LISTEN 0      100                            0.0.0.0:55000      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=140))                    
tcp   LISTEN 0      4096                         127.0.0.1:37075      0.0.0.0:*    users:(("RoonServer",pid=1023,fd=37))                        
tcp   LISTEN 0      100                            0.0.0.0:37963      0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=242))                    
tcp   LISTEN 0      10                             0.0.0.0:9331       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=221))                    
tcp   LISTEN 0      100                            0.0.0.0:9330       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=135))                    
tcp   LISTEN 0      10                             0.0.0.0:9332       0.0.0.0:*    users:(("RoonAppliance",pid=1278,fd=224))                    
tcp   LISTEN 0      4096                         127.0.0.1:9004       0.0.0.0:*    users:(("RAATServer",pid=2044,fd=42))                        

I’m going look again at what the ranges are and decide what to do next.

1 Like

Multicast is within subnet 224.0.0.0/4, so in your list is 239.255.255.250 within this range. By definition multicast transmitting is outgoing, so you can ignore firewalld, but you have to define the outgoing route for multicast with "ip route add 224.0.0.0/4 dev < multicast output interface > " The multicast is sent with “from address” = “server ip address”, “destination address” is “multicast address”. In a client firewalld, if you assign the server’s IP to the trusted zone, you have a catch-all to start with. Using the Fedoraworkstation zone, which has all high ports open, is another option.

1 Like