+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: DLNA Errors; jellyfin's documentation for fail2ban is false and not working (/t-dlna-errors-jellyfin-s-documentation-for-fail2ban-is-false-and-not-working)
DLNA Errors; jellyfin's documentation for fail2ban is false and not working - Tone - 2025-10-23
I noticed my logs are getting huge (~90MB per day), so my fail2ban isn't working anymore because of the size.
I noticed the problem comes from the DLNA plugin:
Code:
at Rssdp.Infrastructure.SsdpCommunicationsServer.SendFromSocket(Socket socket, Byte[] messageData, IPEndPoint destination, CancellationToken cancellationToken) │
│[2025-10-23 14:17:08.828 +00:00] [ERR] [140] Rssdp.Infrastructure.SsdpCommunicationsServer: Error sending socket message from "172.16.17.1" to "239.255.255.250:1900" │
│System.Net.Sockets.SocketException (101): Network is unreachable │
│ at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.CreateException(SocketError error, Boolean forAsyncThrow) │
│ at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.SendToAsync(Socket socket, CancellationToken cancellationToken) │
│ at Rssdp.Infrastructure.SsdpCommunicationsServer.SendFromSocket(Socket socket, Byte[] messageData, IPEndPoint destination, CancellationToken cancellationToken) │
│ at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](TStateMachine& stateMachine) │
│ at Rssdp.Infrastructure.SsdpCommunicationsServer.SendFromSocket(Socket socket, Byte[] messageData, IPEndPoint destination, CancellationToken cancellationToken) │
│ at System.Threading.Tasks.Task.WhenAll(IEnumerable`1 tasks) │
│ at Rssdp.Infrastructure.SsdpCommunicationsServer.SendMulticastMessage(String message, Int32 sendCount, IPAddress fromLocalIPAddress, CancellationToken cancellationToken) │
│ at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) │
│ at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.AsyncStateMachineBox`1.MoveNext(Thread threadPoolThread) │
│ at System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(IAsyncStateMachineBox box, Boolean allowInlining) │
│ at System.Threading.Tasks.Task.RunContinuations(Object continuationObject) │
│ at System.Threading.Tasks.Task.DelayPromise.CompleteTimedOut() │
│ at System.Threading.TimerQueueTimer.Fire(Boolean isThreadPool) │
│ at System.Threading.ThreadPoolWorkQueue.Dispatch() │
│ at System.Threading.PortableThreadPool.WorkerThread.WorkerThreadStart() │
│--- End of stack trace from previous location --- I've installed jellyfin with docker (official repo) and used it first in normal nat-mode.
However, I got problems with my reverse proxy in combination with the webos client, so I had to directly connect my tv with jellyfin.
So I set network_mode to host.
This was many months (if not years) ago.
But if I read the log correctly the dlna-plugin still uses the docker-nat-ip 172.16.17.1, which I guess is causing the problem.
I havn't found this IP anywhere in the configuration, so I don't know, why it uses this IP anymore.
Anyone has a idea how I can fix it?
RE: DLNA Errors, Jellyfin uses old IP - Log is exploding - Tone - 2025-10-23
Ok, I checked with tcpdump.
Looks like it uses the normal host ip.
Don‘t know where the log gets the old ip.
But then the question is what else is the issue.
RE: DLNA Errors, Jellyfin uses old IP - Log is exploding - Tone - 2025-10-24
Looks like I could solve it with adding this to my docker file:
Code:
cap_add:
- NET_BROADCASTBUT
I noticed my original problem is still there (fail2ban doesn't work).
I know this is a jellyfin forum and not fail2ban, but the offical jellyfin documention provides a fail2ban filter and this is painfully slow (at least on my system).
This is my filter:
Code:
│$ cat /etc/fail2ban/filter.d/jellyfin.conf
[Definition]
failregex = ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.And thats how long f2b need for 600 lines:
Code:
fail2ban-regex /var/lib/jellyfin/config/log/log_20251024.log "/etc/fail2ban/filter.d/jellyfin.conf" --print-all-matched
Running tests
=============
Use failregex filter file : jellyfin, basedir: /etc/fail2ban
Use log file : /var/lib/jellyfin/config/log/log_20251024.log
Use encoding : UTF-8
Results
=======
Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [317] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T| ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [1] ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T| ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
`-
Lines: 604 lines, 0 ignored, 1 matched, 603 missed
[processed in 79.86 sec]
|- Matched line(s):
| [2025-10-24 07:59:19.118 +00:00] [INF] [56] Jellyfin.Server.Implementations.Users.UserManager: Authentication request for "erg" has been denied (IP: "192.168.10.146").
`-
Missed line(s): too many to print. Use --print-all-missed to print all 603 lines80 seconds!!
in comparison I tested the apache-auth filter:
Code:
fail2ban-regex /var/log/apache2/error.log /etc/fail2ban/filter.d/apache-auth.conf --print-all-matched
Running tests
=============
Use failregex filter file : apache-auth, basedir: /etc/fail2ban
Use datepattern : {^LN-BEG} : Default Detectors
Use log file : /var/log/apache2/error.log
Use encoding : UTF-8
Results
=======
Prefregex: 101 total
| ^\[\]\s\[(:?error|(?!evasive)\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (?:\[?(?:(?:::f{4,6}:)?(?P<ip4>(?:\d{1,3}\.){3}\d{1,3})|(?P<ip6>(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)))\]?|(?P<dns>[\w\-.^_]*\w))(:\d{1,5})?\] (?:AH\d+: )?(?P<content>.+)$
`-
Failregex: 79 total
|- #) [# of hits] regular expression
| 1) [79] ^client (?:denied by server configuration|used wrong authentication scheme)\b
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [107] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 107 lines, 0 ignored, 79 matched, 28 missed
[processed in 0.01 sec]Ok, just 100 line and not 600, but 0.01s vs 80s!
Looks like something is wrong here.
EDIT:
I completly removed my old logs and now it works fine. But my fail2ban-problem is still there.
But I think I finally found the reason, but still investigating how to fix it.
Code:
fail2ban-client status jellyfin
Status for the jail: jellyfin
|- Filter
| |- Currently failed: 0
| |- Total failed: 21
| `- File list: /var/lib/jellyfin/config/log/log_20251019.log /var/lib/jellyfin/config/log/log_20251018.log /var/lib/jellyfin/config/log/log_20251020.log
`- Actions
|- Currently banned: 0
|- Total banned: 1
`- Banned IP list:f2b does not update the file list. See, last file is log_20251020.log. but in reality my last log is log_20251024.log
RE: DLNA Errors, Fail2ban-filters needs very long - Tone - 2025-10-24
Ok, last update:
It's a fail2ban limitation.
It just reads the files at start and jellyfin always has a different names for the current log (date), so f2b will always work just a day if you're not restarting it daily.
So the offical documenation (https://jellyfin.org/docs/general/post-install/networking/advanced/fail2ban) doesn't really work, which is very dangerous, because people test it and it will work, but after a day, it's all over.
PLEASE make at least a warning in the documentaion for now, so that people do not lull themselves into a false sense of security.
In the meantime, I created this feature request:
https://features.jellyfin.org/posts/3541/change-lognaming-for-proper-fail2ban-support
As a workaround, you probably can fiddle around with the logging.json as described here
https://github.com/jellyfin/jellyfin/issues/11438#issuecomment-2089208548