[mythtv-users] firewalld settings to allow mythtv to work?

Stephen Worthington stephen_agent at jsw.gen.nz
Wed Aug 10 15:15:10 UTC 2022


On Wed, 10 Aug 2022 08:50:05 -0400, you wrote:

>I do worry about all the smart devices like Nest thermostats, Amazon Echo,
>smart light switch and receptacles, etc.  They communicate to hosts outside
>the home to set up some link for your phone to control them.  That looks
>like trouble brewing.

I have a separate IoT subnet where I put all my untrusted devices.
That subnet has Internet access, but the only access it has to the
rest of my network is to the DNS and NTP servers - anything else is
blocked.  The parts of my network that are trusted can talk to the IoT
subnet to access the devices as required.  The WiFi SSID on the IoT
subnet is set up to disallow devices from talking to each other.

For some IoT devices that normally call home to external servers, it
can be possible to set up a local server for them to talk to and have
your router divert their traffic to the local server.  I think Tuya
based devices can be used that way, for example.  Then you block all
external access for those devices.  I have just got a Tuya based WiFi
mains socket and will be trying that out shortly.  I am hoping to use
it to be able to remote control the power to my MythTV server, so that
when I am away on holiday, I can power it off and on again if
necessary.

As to how to set up firewalld, I have never used it myself, but what
you need to get it to do is allow traffic to all the ports used by
mythbackend, and also mysqld.  So run these commands:

root at mypvr:~# netstat -anp | grep mythbackend
tcp        0      0 0.0.0.0:6744            0.0.0.0:* LISTEN
3840/mythbackend
tcp        0      0 0.0.0.0:6554            0.0.0.0:* LISTEN
3840/mythbackend
tcp        0      0 0.0.0.0:6543            0.0.0.0:* LISTEN
3840/mythbackend
tcp        0      0 0.0.0.0:6544            0.0.0.0:* LISTEN
3840/mythbackend
tcp        0      0 0.0.0.0:6549            0.0.0.0:* LISTEN
3840/mythbackend
tcp        0      0 127.0.0.1:6543          127.0.0.1:36876
ESTABLISHED 3840/mythbackend
tcp        0      0 10.0.2.4:6543           10.0.2.4:51640 ESTABLISHED
3840/mythbackend
tcp        0      0 127.0.0.1:6543          127.0.0.1:36874
ESTABLISHED 3840/mythbackend
tcp6       0      0 :::6744                 :::* LISTEN
3840/mythbackend
tcp6       0      0 :::6554                 :::* LISTEN
3840/mythbackend
tcp6       0      0 :::6543                 :::* LISTEN
3840/mythbackend
tcp6       0      0 :::6544                 :::* LISTEN
3840/mythbackend
tcp6       0      0 :::6549                 :::* LISTEN
3840/mythbackend
udp        0      0 255.255.255.255:1900    0.0.0.0:* 3840/mythbackend
udp        0      0 239.255.255.250:1900    0.0.0.0:* 3840/mythbackend

root at mypvr:~# netstat -anp | grep mysqld
tcp6       0      0 :::3306                 :::* LISTEN
3547/mysqld
tcp6       0      0 10.0.2.4:3306           10.0.2.4:44694 ESTABLISHED
3547/mysqld

For the sake of brevity, I have not posted all the Unix sockets that
are in use, as they are only used on the local machine.

The results show you the port numbers for the listening ports that
need to be open.  So in my case, tcp ports 3306 for mysqld and 6543,
6544, 6549, 6554 and 6744 for mythbackend, in both IPv4 and IPv6.
Mythbackend also has an IPv4 UDP port listening on the broadcast
address and the multicast address on port 1900 - if you are using
UPnP, those will need to be open also.  You can then look up the
documentation to see what those ports are used for and if you want
them open, and the firewalld documentation for how to open a port.


More information about the mythtv-users mailing list