Hello
A slight variation on past queries, so I hope the regular reader will forgive me ....
Key questions is in bold at foot of this post for those who just want to get to the point (rest is just background)
I am using LMS 7.9.1 - 1504317335 on a Synlology NAS with the following excellent plug-ins
BBC iPlayer 1.6.4
BBC iPlayer Extra 2.3.0
Whilst I am located within the UK, in an attempt to improve my online privacy I have for a number of years routed all my outbound internet traffic via VPN's with no un-encrypted traffic allowed out via the normal WAN
I did initially run into issues whereby I was unable to stream the high bit BBC radio streams, but this I overcame by configuring a separate VPN with a UK based IP outlet. This has worked successfully for a considerable period of time.
More recently, whilst I am still able to stream "live" BBC High bit rate streams via the UK VPN outlet, I am running into problems when trying to play past BBC programs using the above plug-ins. Everything appears normal up to the stage when the program fails to actually play (error along lines of unable to open stream).
However Its not entirely consistent as sometimes the Plugins will play past programs, other times not who knows, it may be dependent from where the individual stream is being served.
Viewing my Logitech Media Server Logs I am seeing (by way of example)
Plugins::BBCiPlayer::DASH::__ANON__ (418) Closing stream - Fetch MPD error HTTP status = 403 Reason: Forbidden
which I assume is because my UK VPN IP has been blacklisted by the provider.
I am unaware of a reliable way around this issue (unless anyone knows otherwise?) and I don't want to play "wack a mole" playing around with different VPN's.
As I am actually domiciled within the UK I can configure rules on my firewall to allow internet access from the NAS via my "normal" WAN link.
So far I have configured the an Outbound NAT Rule to allow the NAS only to access the WAN interface un-encrypted
I have also created a rule on the firewall LAN Interface to route outbound HTTP (80) from my NAS via the WAN interface. All none port 80 traffic will continue to be routed via the VPN's
With these rules in place using the above plugins BBC service play as expected
I am however anxious to screw this outbound WAN access down as tightly as possible (not got the tin foil hat yet!)
There are additional firewall rule configurations available eg
(1) Source Port or Port Range (ie from NAS outbound)
(2) Destination Address or Network (can be specific IP address or whole subnets)
(3) Destination Port or Port Range (Currently restricted to just using destination HTTP 80)
I was wondering if anyone knows if it is possible to identify the destination BBC servers/subnets used by the above plug-ins so i can further restrict the use of my WAN outside of the VPN link.
As regards outbound ports from LMS I presume these will be random, so it will not be possible to restrict via option (1) above ?
Thanks
A slight variation on past queries, so I hope the regular reader will forgive me ....
Key questions is in bold at foot of this post for those who just want to get to the point (rest is just background)
I am using LMS 7.9.1 - 1504317335 on a Synlology NAS with the following excellent plug-ins
BBC iPlayer 1.6.4
BBC iPlayer Extra 2.3.0
Whilst I am located within the UK, in an attempt to improve my online privacy I have for a number of years routed all my outbound internet traffic via VPN's with no un-encrypted traffic allowed out via the normal WAN
I did initially run into issues whereby I was unable to stream the high bit BBC radio streams, but this I overcame by configuring a separate VPN with a UK based IP outlet. This has worked successfully for a considerable period of time.
More recently, whilst I am still able to stream "live" BBC High bit rate streams via the UK VPN outlet, I am running into problems when trying to play past BBC programs using the above plug-ins. Everything appears normal up to the stage when the program fails to actually play (error along lines of unable to open stream).
However Its not entirely consistent as sometimes the Plugins will play past programs, other times not who knows, it may be dependent from where the individual stream is being served.
Viewing my Logitech Media Server Logs I am seeing (by way of example)
Plugins::BBCiPlayer::DASH::__ANON__ (418) Closing stream - Fetch MPD error HTTP status = 403 Reason: Forbidden
which I assume is because my UK VPN IP has been blacklisted by the provider.
I am unaware of a reliable way around this issue (unless anyone knows otherwise?) and I don't want to play "wack a mole" playing around with different VPN's.
As I am actually domiciled within the UK I can configure rules on my firewall to allow internet access from the NAS via my "normal" WAN link.
So far I have configured the an Outbound NAT Rule to allow the NAS only to access the WAN interface un-encrypted
I have also created a rule on the firewall LAN Interface to route outbound HTTP (80) from my NAS via the WAN interface. All none port 80 traffic will continue to be routed via the VPN's
With these rules in place using the above plugins BBC service play as expected
I am however anxious to screw this outbound WAN access down as tightly as possible (not got the tin foil hat yet!)
There are additional firewall rule configurations available eg
(1) Source Port or Port Range (ie from NAS outbound)
(2) Destination Address or Network (can be specific IP address or whole subnets)
(3) Destination Port or Port Range (Currently restricted to just using destination HTTP 80)
I was wondering if anyone knows if it is possible to identify the destination BBC servers/subnets used by the above plug-ins so i can further restrict the use of my WAN outside of the VPN link.
As regards outbound ports from LMS I presume these will be random, so it will not be possible to restrict via option (1) above ?
Thanks