Firewall advice - DVR

Reception, channel detection, network issues, CableCARD setup, etc.
Post Reply
mail@erintech.co.uk
Posts: 4
Joined: Thu Jan 07, 2021 4:29 am

Firewall advice - DVR

Post by mail@erintech.co.uk »

Hi

Not sure why, but no-one else seems to be asking this question:

I am running the DVR on Linux and by default discovery fails so I use netstat to find which ports hdhomerun is listening on

eg

tcp 44737
udp 39945
udp 65001

So OK, I open up those ports and discovery works fine, all DVR functions working fine

But if I restart, the ports change and I have to open other ports!

tcp 36409
udp 40783
(udp 65001)

Is there any way to lock/define the ports?

And why is no-one else commenting on this - am I doing something wrong?

Thanks for any advice!

Online
Ken.F
Posts: 2363
Joined: Fri Apr 05, 2013 9:20 am
Device ID: 1041A706, 1043EB32, 104BAD9E, 13168DC5, 1322A7AC
Location: West Rockhill, PA
x 9

Re: Firewall advice - DVR

Post by Ken.F »


mail@erintech.co.uk
Posts: 4
Joined: Thu Jan 07, 2021 4:29 am

Re: Firewall advice - DVR

Post by mail@erintech.co.uk »

Thanks Ken, but I have port 65001 open anyway and that isn't enough

On Linux, the other two ports change after every restart - and I find I then need to add (both?) these to make DVR available to clients on the network

r.

Online
Ken.F
Posts: 2363
Joined: Fri Apr 05, 2013 9:20 am
Device ID: 1041A706, 1043EB32, 104BAD9E, 13168DC5, 1322A7AC
Location: West Rockhill, PA
x 9

Re: Firewall advice - DVR

Post by Ken.F »

The instructions I linked tell you how to set the port in the hdhomerun.conf file.
Linux: Add the following to hdhomerun.conf:
Port=<port number>

Then allow incoming TCP connections to this port number.
You only set one port number in hdhomerun.conf. I don't know what the other one that you are seeing is.

signcarver
Expert
Posts: 9532
Joined: Wed Jan 24, 2007 1:04 am
Device ID: 10802091 131B34B7 13231F92 1070A18E 1073ED6F 15300C36
x 28

Re: Firewall advice - DVR

Post by signcarver »

Not sure where it is breaking for you (discovery of devices or discovery of dvr from clients).

Keep in mind requests are dynamic so the requesting port makes a udp broadcast to 65001 for discovery. Typically your firewall must allow "any" random port to that and treat such as established to allow the reply to come back. The clients discovering the dvr make a broadcast to 65001 (again from anywhere local/any port) the reply will be unicast to the ip/port making the request.

Once discovered communication is done to the engine via "http" requests to the engine's port (suggest setting such as static in config... note though using http it isn't usually the http port that way you can have a webserver on the machine I mention this as some firewalls the mention of http means port 80)

Also note the engine will make http/https requests to various hdhomerun.com domains (my.hdhomerun.com/api.hdhomerun.com/etc.)

mail@erintech.co.uk
Posts: 4
Joined: Thu Jan 07, 2021 4:29 am

Re: Firewall advice - DVR

Post by mail@erintech.co.uk »

To reproduce the problem:

#
# Note the ports hdhomerun is listening to - I have all 3 in the firewall
#

[root@boromir HDHomeRun]# netstat -tulpn|grep -i home
tcp 0 0 0.0.0.0:36409 0.0.0.0:* LISTEN 1069136/hdhomerun_r
udp 0 0 192.168.1.60:40783 0.0.0.0:* 1069136/hdhomerun_r
udp 0 0 0.0.0.0:40783 0.0.0.0:* 1069136/hdhomerun_r
udp 0 0 0.0.0.0:65001 0.0.0.0:* 1069136/hdhomerun_r

#
# Now stop and start the service
#

[root@boromir HDHomeRun]# ./hdhomerun_record stop
HDHomeRun RECORD stopped
[root@boromir HDHomeRun]# ./hdhomerun_record start
HDHomeRun RECORD started

#
# Now check the ports HDHomerun is listening on - 65001 is the same but the other two have changed!
#

[root@boromir HDHomeRun]# netstat -tulpn|grep -i home
tcp 0 0 0.0.0.0:39319 0.0.0.0:* LISTEN 1079229/hdhomerun_r
udp 0 0 192.168.1.60:43145 0.0.0.0:* 1079229/hdhomerun_r
udp 0 0 0.0.0.0:43145 0.0.0.0:* 1079229/hdhomerun_r
udp 0 0 0.0.0.0:65001 0.0.0.0:* 1079229/hdhomerun_r

#
# Now start HDHomerun client on my windows PC and go to the DVR:
#

"Your HDHomeRun DVR wasn't found"

#
# Now add the new ports tcp 39319 and udp 43145 as allowed inbound to the linux server where the DVR server is running and restart the windows HDHomeRun client
#

-> DVR window is now fine - I can see all my recordings

As i understand it the discovery port is 65001 but the other two ports must also be allowed by the firewall but change every time there is a restart

signcarver
Expert
Posts: 9532
Joined: Wed Jan 24, 2007 1:04 am
Device ID: 10802091 131B34B7 13231F92 1070A18E 1073ED6F 15300C36
x 28

Re: Firewall advice - DVR

Post by signcarver »

Have you set up a static port in the service in the config?

One of those ports you can configure (tcp) as it is what is used to communicate with the engine. The 65001 port is what is used for discovery (the target when the engine discovers as well as a port the engine responds to for it to be discovered). It may use other ports as it makes further requests... same way a browser works, a random port is used to make the request and the response is sent back to it. Some firewalls have a problem that the broadcast request (to port 65001 from some random port) won't consider the response to that port an established connection (i.e. the request went to the broadcast address such as 192.168.1.255 but the response(s) back was from the tuner or other engine at 192.168.1.18 (and 192.168.1.19, ... ) and thus different ip addresses than what the firewall considers "established") however usually the firewall is smart enough for such (provided it allows for established connections) and only really needs to allow the listening on the configured port (If you are trying to make such firewall rules it should be configured) as well as an "open" (or slightly locked down) 65001.

mail@erintech.co.uk
Posts: 4
Joined: Thu Jan 07, 2021 4:29 am

Re: Firewall advice - DVR

Post by mail@erintech.co.uk »

The 2 ports other than 65001 are listening for incoming connections, and if they are not open in the firewall my windows app can't recognise the DVR

netstat shows this:

tcp 0 0 0.0.0.0:39319 0.0.0.0:* LISTEN 1079229/hdhomerun_r
udp 0 0 0.0.0.0:43145 0.0.0.0:* 1079229/hdhomerun_r

So the hdhomerun_r process on the Linux hdhomerun DVR server is listening on ports 39319 and 43145 for incoming commections, eg from my hdhomerun client on windows

I appreciate the time given by other respondents to helping me with this, but I think the usage of these ports is undocumented so support will need to come from the developers/maintainers of the code. What is the best way to get an answer from that community?

Just to reiterate: the problem for me is that these ports change on every restart/reboot and that stops access to the DVR untill I find the new ports and update the firewall. And I am curious why I appear to be the only person with this problem.

jasonl
Expert
Posts: 15486
Joined: Sun Oct 28, 2007 9:23 pm
x 38

Re: Firewall advice - DVR

Post by jasonl »

Edit the hdhomerun.conf file and add a line like:

Code: Select all

Port=39319
From then on, any time you start the DVR it will use that same port.

Post Reply