[mythtv-users] Can anyone explain these MythTV/MythWeb access quirks?

Michael T. Dean mtdean at thirdcontact.com
Tue Mar 24 02:39:41 UTC 2009


On 03/23/2009 07:46 PM, Craig Huff wrote:
> I am still running MythTV version 0.20.2-164.fc6, so this may be
> overcome by events, but...
>
> When I browse within my lan, I can access the Program Listing screen
> and change it to another time frame, like opening it at 8am and
> switching to 5pm starting time.
>
> **However**, if I use ssh to get through my firewall from the wan and
> ssh-tunnel to the mythweb screen,

Meaning what?  Using a SOCKS proxy to pierce the firewall, i.e.:

PROXY_HOST=<the gateway between your network and the Internet>
PROXY_PORT=1080
DYNAMIC_SOCKS_PROXY_OPTS="-D ${PROXY_PORT}"
SSH_EXTRA_OPTS='-o ServerAliveInterval=30'
ssh ${SSH_EXTRA_OPTS} ${DYNAMIC_SOCKS_PROXY_OPTS} ${PROXY_HOST}

would work.  That basically allows you to send a request to the MythWeb
server from "within [your] lan" (from the gateway host), even when
you're not on the gateway host.  See, also, FoxyProxy (a Firefox
extension) to make using it easier.

>  it fails when I try to change the
> program listing to another timeframe, no matter what means I try to
> use to change it.  I would like to understand **why**.  I get the same
> symptoms when I try to do program searches.
>   

But I'm guessing you're doing a port-forward of a local port to port 80
(or whatever the MythWeb http server is listening on) on your MythWeb
host.  That will /not/ work because the hostname and cookie hosts/data
will be all wrong.  You'd have to use use a proxy config that does
rewriting (including cookie rewriting).  I actually have a MythWeb on my
system that's /only/ accessible from the internal network, but I have a
different Apache httpd running a mod_proxy to handle rewrites for
out-of-network access.

If you don't want MythWeb always available on the Internet at large, you
can go with the SOCKS proxy approach, above, or use something like SPA
(fwknop - http://www.cipherdyne.org/fwknop/ ) to leave the port closed
until you send a specially-crafted encrypted authorization packet
requesting that port be made available to only your host for some time
period.  (I.e. SPA is what port knocking tried--unsuccessfully--to be.)

> Another oddity is that if I redirect a high port number on the
> firewall/router to port 80 on the MythTV system, I can get the login
> prompt dialog from MythTV, but it won't accept the username and/or the
> password, so I can't get in.  What gives with that?
>   

Probably the same type of thing.

> Finally, if I try to ssh into the MythTV system from a remote (wan)
> system that supports X-windows, it doesn't exactly succeed if I try to
> run mythfrontend.  The screen background will appear, but the terminal
> window will log a log of errors about things like GLX not found, or
> something.  Is this a case where I have to put an option on the
> command line to force a different display mode, and if so, could
> someone refresh my (faulty) memory about what it is?  I tried looking
> at the help from "mythfrontend --help", but it didn't give me any
> clues.

mythfrontend -O ThemePainter=qt

Note, though, that you won't be able to do any video this way.  Closest
you could get is the "preview video" in the Watch Recordings screen (and
even discounting the size/lack of audio, that will be very unacceptable
quality).

Works great for mythtv-setup, though:

mythtv-setup -O ThemePainter=qt

or using mythfrontend to do non-video functions, like modifying settings
or managing MythVideo videos or ...

Mike


More information about the mythtv-users mailing list