2025-04-25, 02:40 AM
(This post was last modified: 2025-04-25, 02:43 AM by ramiferous. Edited 1 time in total.)
I've tried to research this for the past week and I'm now coming here as my last resort.
I found issues relating to this from over 4 years ago, but none with any concrete solution.
My setup:
Desktop PC connected via Ethernet to my router.
Running Fedora 42 Workstation
Jellyfin 10.10.7 (flatpak) -- (Yes, i also tried the meta package from Fedora's repo)
I've set rules in
I've opened the ports on my router.
Can post any config's or logs necessary to troubleshoot.
Here is what I feel is relevant:
System Info:
What's not the issue:
Flatpak-specific steps:
At this point, I’m out of ideas. Is there something specific with the Flatpak sandbox I’m missing? Maybe an extra Flatpak permission I need to grant?
Thanks in advance.
I found issues relating to this from over 4 years ago, but none with any concrete solution.
My setup:
Desktop PC connected via Ethernet to my router.
Running Fedora 42 Workstation
Jellyfin 10.10.7 (flatpak) -- (Yes, i also tried the meta package from Fedora's repo)
I've set rules in
firewalld to open ports.I've opened the ports on my router.
Can post any config's or logs necessary to troubleshoot.
Here is what I feel is relevant:
System Info:
- Fedora Linux (Workstation)
- Jellyfin 10.10.7 installed via Flatpak org.jellyfin.JellyfinServer
- Confirmed running:
ss -tulpn shows Jellyfin listening on 0.0.0.0:8096
- Firewall backend: firewalld using nftables
- Confirmed Jellyfin service is running.
- Verified it's bound to 0.0.0.0 (not just localhost).
- Verified network.xml is correctly configured:
- InternalHttpPort and PublicHttpPort are set to 8096
- LocalNetworkAddresses includes 0.0.0.0
- EnableRemoteAccess is true
- InternalHttpPort and PublicHttpPort are set to 8096
- Opened ports 8096 and 8920 in firewalld (using direct nftables rules):
- Verified with nft list ruleset
- Verified with nft list ruleset
- Switched active network zone to home for more permissive access:
- Used nmcli to assign the correct zone
- Reloaded firewalld
- Used nmcli to assign the correct zone
- Ensured I’m not behind CG-NAT (already confirmed working for other services)
- Confirmed devices on LAN can ping the Jellyfin host
- Can access Jellyfin from the host machine using the host's LAN IP
- Tried using Flatpak version after removing the DNF version (Flatpak was previously working)
What's not the issue:
- Jellyfin isn’t crashing; it runs fine and is accessible locally
- No SELinux denials or AppArmor interference
- Not a DNS resolution issue—direct IP access from other devices fails
- Not bound to localhost only — 0.0.0.0 is correctly set
Code:
~ % sudo firewall-cmd --zone=home --list-all
home (active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client mdns samba-client ssh
ports: 8096/tcp 8920/tcp 7359/udp
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" protocol value="icmp" acceptFlatpak-specific steps:
- Ran flatpak override --user --reset
just in case something got weird
- Considered Flatpak sandboxing — maybe the network namespace isn’t exposing the service externally?
At this point, I’m out of ideas. Is there something specific with the Flatpak sandbox I’m missing? Maybe an extra Flatpak permission I need to grant?
Thanks in advance.
