SOLVED: Accessing the web server

SOLVED: Accessing the web server - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: SOLVED: Accessing the web server (/t-solved-accessing-the-web-server)

Pages: 1 2 3

RE: Accessing the web server - ArbitraryRenaissance - 2025-03-19

It's the same thing. I think this confirms that the responses aren't there. Something is perhaps misconfigured on my end, and it's causing the jellyfin server to completely ignore connection requests coming from anywhere besides the host itself.

RE: Accessing the web server - ArbitraryRenaissance - 2025-03-20

I have solved the problem. It turns out my nftables were misconfigured. I ran sudo nft list ruleset and the first entry was the inet filter:

Code:
table inet filter {

    chain input {

        type filter hook input priority filter; policy drop;

        ct state invalid drop comment "early drop of invalid connections"

        ct state { established, related } accept comment "allow tracked connections"

        iif "lo" accept comment "allow from loopback"

        ip protocol icmp accept comment "allow icmp"

        meta l4proto ipv6-icmp accept comment "allow icmp v6"

        tcp dport 22 accept comment "allow sshd"

        meta pkttype host limit rate 5/second burst 5 packets counter packets 346 bytes 59136 reject with icmpx admin-prohibited

        counter packets 1154 bytes 235090

        tcp dport 8096 accept

    }

    chain forward {

        type filter hook forward priority filter; policy drop;

    }

}

The rule tcp dport 8096 accept comes at the very end of the list, after a rate limiting rule. This rule was intercepting my connection attempts, leaving me unable to reach the server remotely. (It didn't block the localhost connections because of the "allow from loopback" rule earlier in the stack.) To fix this, I just moved the 8096 accept rule higher up. This can either be done by editing the table directly in /etc/nftables.conf, or by lazily copying the rule to the top of the list with sudo nft insert rule inet filter input tcp dport 8096 accept (though this latter option won't be persistent).