Music streaming and firewall rules

[Mathieu]

Good evening all

I've experienced for years random issues when streaming a popular digital music service to some of my older hardware. Those would generally be solved - temporarily - with a smooth unplugging of the gear from the mains, a reasonable waiting time, and subsequent hazardous replug. But the technique has pitfalls, and after my last shocker, and perhaps owing to that, I had an epiphany, and thought that it may have to do with my firewall.

My firewall settings are RMerlin's default.

Still, considering a setup comprised of:

-An 8 years Onkyo 'Music streaming system' capable Receiver, with DHCP set to 'off', a fixed IP address and DNS servers equal to the router's IP. [The Receiver is hard-plugged into the router]
-A mixed ecosystem (love that word), mostly Mac OS/iOS/Android
-A Music streaming provider who I understand mostly uses port 4070 UDP/TCP, and a couple of IP ranges
-Each client on the network has an assigned IP, the Receiver's being fixed outside of the router's DHCP pool, and,
-The interaction between clients/Receiver/worldwide web is implemented by way of the Music service's 'Connect' app, on iOS devices. [The commercial documentation of the app say that works if clients are on the same 'wifi' network. I've experienced the same symptoms whether with a plugged of wifi-connected Receiver]

The questions I'd like to submit to this learned forum are:

- If it were the case that for reasons I will never fathom, the router would block the Receiver to access port 4070, then would giving the client unrestricted UDP/TCP access to such port solve the issue?
-In that case, well, errm... How do I do that?
-It being a triangular relationship (I know they can be painful): iOS Device / router / Receiver, should I consider firewall rules for the iOS device too (acting as a remote control as far as I am concerned)?
-I know thus far that exposing a port to the web is akin to ask Pandora to lift the top of her box: are there any mitigating measures that could get the job done and at the same time offer minimal security?

Thanks to those of you who reached this point without falling asleep...

 

[ColinTaylor]

This is all too vague.

Some "random issues" - What issues?
"a popular digital music service" - Are we supposed to guess what service that is?
"Mostly uses port 4070 UDP/TCP, and a couple of IP ranges" - Used in what way? What IP ranges?

What does Onkyo support say?

 

[Sonyrolfy]

Spotify streams on several receivers are not working/broken on port 4070.

You can try 2 things.

1: Port forwarding, look in the router WAN Page and search on Spotify forums for ip’s
2: Easy Way. Buy a chrome cast audio dongle and put it in your Onkyo.

 

[bbunge]

Did you consider it could be the add blocker causing issues?
I would not open a port in the firewall just for a music streaming service.
Your device may need to have UPNP enabled (but I would try the service with UPNP enabled and disabled).

 

[Mathieu]

Thanks guys for watching.

To Colin:

This is all too vague.

Some "random issues" - What issues?

Receiver randomly losing streamed music. Receiver disappearing from the map of available clients (on the app). Receiver not being reachable from its assigned IP address.

"a popular digital music service" - Are we supposed to guess what service that is?

Spotify

"Mostly uses port 4070 UDP/TCP, and a couple of IP ranges" - Used in what way? What IP ranges?

Well, to send digital music from Spotify servers.
Historically, IP ranges have been:
78.31.8.0/21 193.182.8.0/21 194.68.28.0/22
Although this suggests they have changed and are not willing to be more specific.

What does Onkyo support say?

That their gear is fully functional, and the issue must be on the online service side.

To Sonyrolfy:
I will try your first option, thanks. At the moment I would rather not add more hardware to the setup.

To bbunge:
I will check the blacklist for anything obvious, thanks for the lead. Strange thing is it works at times, when supposedly the adblocker is working.
As for UPNP, the Receiver's networking capabilities are very limited, and I could not see any option for UPNP. Or did you mean that this should be enabled at the Router level?

 

[ColinTaylor]

Receiver not being reachable from its assigned IP address.

This would appear to be the root cause of your problems so concentrate on this. Just to be clear, you're saying that you cannot ping the Onkyo's IP address from other clients on your network? Try pinging from a wired client as well as a wireless one. Do they both fail? Replace the cable between the Onkyo and the router.

 

[miroco]

What does the router log say? Why a fixed IP-address on the receiver? Are you convinced that its IP-address is on the outside of the DHCP-server scoop? Like 192.168.1.14 on the receiver and a DHCP scoop of 192.168.1.2 - 192.168.1.13 and the subnet mask 255.255.255.240. Your router would in this scenario use IP-address 192.168.1.1.

 

[Mathieu]

This would appear to be the root cause of your problems so concentrate on this. Just to be clear, you're saying that you cannot ping the Onkyo's IP address from other clients on your network? Try pinging from a wired client as well as a wireless one. Do they both fail? Replace the cable between the Onkyo and the router.

Cable and wireless clients are able (now) to ping into the receiver. Receiver still doesn't appear in the list of eligible devices (on the app)... [Edited due to fat finger]

 

[ColinTaylor]

Cable and wireless clients are able (now) to ping into the receiver. Receiver still doesn't appear in the list of eligible devices (on the app)... [Edited due to fat finger]

Check the status of "Enable IGMP Snooping" under Wireless Professional for each band. I would guess the best setting would be for them all to be disabled, but if that's currently the case try the opposite.

(There's a similar discussion here)

 

[Mathieu]

What does the router log say? Why a fixed IP-address on the receiver? Are you convinced that its IP-address is on the outside of the DHCP-server scoop? Like 192.168.1.14 on the receiver and a DHCP scoop of 192.168.1.2 - 192.168.1.13 and the subnet mask 255.255.255.240. Your router would in this scenario use IP-address 192.168.1.1.

The log (log only msgs>= info) only shows entries about the vpn clients. Those are rules-based and the Receiver doesn't go through VPN
I assign a fixed IP to each and every regular client, because it makes my life easier, I think.
I went for a fixed IP outside of DHCP because I have experienced issues in the past where the router would indiscriminately assign the hard wired reserved IP to the Wifi card or the hardwired card of the Receiver, in spite of similar-yet close enough-mac addresses. That was causing conflicts on my network.
Yes I confirm the IP assigned to the Receiver (192.168.1.3) is outside of the DHCP range, which starts at 192.168.1.50
The router is on 192.168.1.1

Here's a snap of 'Online IP Subnet Calculator', as I assume you suggested I ran that.



Thank you for your interest. [Edit for correcting ´hardwired [card of the] router Receiver'

 

[ColinTaylor]

Here's a snap of 'Online IP Subnet Calculator', as I assume you suggested I ran that.

You made a typo in the calculator , you put in 192.168.0.1 instead of 192.168.1.1. But apart from that everything looks fine.

 

[Mathieu]

Check the status of "Enable IGMP Snooping" under Wireless Professional for each band. I would guess the best setting would be for them all to be disabled, but if that's currently the case try the opposite.

(There's a similar discussion here)

I will try that now, reboot and report back.

 

[Mathieu]

IGMP Snooping was disabled for either band. I enabled it.
That did not seem to have any effect. Slightly frustrated, I resorted to my old unplug/plug trick, which worked.
The general log was not showing meaningful (to me) info on the period going from pre to post op, but the page System log / connections, which I had never visited before (blessed be the simple minded...) has different entries for the Receiver's IP (partial screenshots attached, can't capture the whole lot). I am not sure about the chronology, but the one nearer the top:

(assuming that is unplug/replug) is clearly different from the one at the bottom:

or the middle guy:

Could this help explain my problem?

 

[ColinTaylor]

I don't use Spotify myself but the connection information looks to be correct. You could try looking at the connections again when you're having the problem and seeing if port 4070 is still established.

TBH I don't think this has anything to do with your problem.

 

[Mathieu]

Thank you Colin, gentlemen, for your time.