![]() |
SOLVED: Accessing the web server - Printable Version +- Jellyfin Forum (https://forum.jellyfin.org) +-- Forum: Support (https://forum.jellyfin.org/f-support) +--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting) +---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access) +---- Thread: SOLVED: Accessing the web server (/t-solved-accessing-the-web-server) |
RE: Accessing the web server - TheDreadPirate - 2025-03-19 And you have NOT made any changes to Jellyfin's network config? For testing, can you bring down your wireguard interface and then restart Jellyfin? After it finishes starting, can you check the log to see if it found any interfaces? "Filtered interface addresses". I don't THINK that should matter. Plenty of other people running wireguard, or other VPNs on top of wireguard, and Jellyfin would find both the physical interface and VPN interface. Didn't see your post before submitting. Are you able to access Jellyfin via the WG or LAN IP now? Is port 8096 open on the host? RE: Accessing the web server - ArbitraryRenaissance - 2025-03-19 Sorry for the sporadic posts. I thought that the undetected interface addresses might have had something to do with me explicitly defining the bind address to 0.0.0.0 in the Jellyfin network settings, which I undid later. Anyway, no -- I'm not able to access Jellyfin via the LAN IP now. As for port 8096 being open, I thought the Jellyfin service did that automatically. The output of sudo ss -tulpn isCode: Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process Code: (# ufw status numbered) RE: Accessing the web server - TheDreadPirate - 2025-03-19 The UFW rule is what I'm looking for. Jellyfin does not open the host firewall automatically on Linux (it does on Windows during install). The "Automatic port mapping" is for creating a uPnP rule on your router. Which would be used for remote access. What is the output of "sudo ufw status verbose"? Did you set any additional UFW restrictions? Like default deny on outgoing traffic? I'm assuming no based on your current rules, but I have to ask. I also don't know what your network topology is like. Sounds like it is more complex than a typical user's "flat" (single VLAN) network. Are your server and clients on the same VLAN? RE: Accessing the web server - ArbitraryRenaissance - 2025-03-19 Code: (# ufw status verbose) If my network topology is more complex than a typical user's network, it's not by intention. As I said in my initial post, I have a road warrior setup through wireguard, which I built using the OPNsense documentation as a guide. Here's the link, which will spell out the interfaces and firewall rules that I would have on my system associated with this: https://docs.opnsense.org/manual/how-tos/wireguard-client.html In addition to this, I've installed a gateway to Mullvad's VPN servers, which I built using a guide spelled out on the OPNsense forums: https://forum.opnsense.org/index.php?topic=38550.0 In order to get SSH working, I had to introduce one extra rule to force local traffic to bypass this gateway. I'll include a picture of the table that includes the floating rules in my firewall. "Moles" is an alias of devices (identified with the wg0 interface) for which WAN traffic is meant to be tunneled through Mullvad first. This at the moment includes my NAS (which holds the Jellyfin server) and my main computer (which is trying to access it). HomeVPN is the more descriptive name for wg0. ![]() RE: Accessing the web server - TheDreadPirate - 2025-03-19 Can you add a rule for Jellyfin in the same manor as your ssh rule? RE: Accessing the web server - ArbitraryRenaissance - 2025-03-19 I'm not entirely sure what you mean. I didn't directly place an SSH rule into my firewall. All I did with SSH was edit /etc/ssh/sshd_config, and I think it automatically added the TCP rule over port 22 in the iptables. RE: Accessing the web server - TheDreadPirate - 2025-03-19 I'm not familiar with OPNSense nor the guides you've linked. But if your HOST firewall is open on port 8096 and Jellyfin is running, but you're still not able to access it this tells me something about how your router is configured is preventing the connection attempts. I don't know enough about OPNSense or your setup to get more specific than that. RE: Accessing the web server - ArbitraryRenaissance - 2025-03-19 The frustrating thing is that when I look at the firewall logs on my router, they are explicitly permitting these connection attempts when I attempt to make a connection over wireguard. When I attempt to connect over LAN, however, the logs are silent. I guess I'll keep doing some troubleshooting. Maybe I can try tracing the path of a connection attempt to see where it gets refused. RE: Accessing the web server - ArbitraryRenaissance - 2025-03-19 I don't know if this is helpful information, but I figured doing a tcpdump might point to some clues. The following command was run on my NAS, with the output below -- each line wiht at timestamp corresponds to when I hit the refresh button on my browser when trying to connect to my jellyfin server on my main computer: Code: [arby@Nash ~]$ sudo tcpdump -i any port 8096 So my NAS is receiving the connection request. It just doesn't seem to be responding to it. RE: Accessing the web server - TheDreadPirate - 2025-03-19 Try specifying the interface. Based on the warning at the beginning, I'm wondering if it isn't capturing the responses in the non-promiscuous mode it is running in. When I do a tcpdump I am seeing the responses. |