search

rozhuk-im / msd_lite

Program for IP TV streaming on the network via HTTP
http://netlab.dhis.org/wiki/index?id=en:software:msd:lite
BSD 2-Clause "Simplified" License
185 stars 47 forks source link

ddns后端口转发不能用 #3

Open justsee233 opened 1 year ago

justsee233 commented 1 year ago

作为二级设备,内网lan设备能用,但是通过一级路由端口映射后,就不能使用了,有公网ipv4

rozhuk-im commented 1 year ago

Please use English. I suggest that issue is in your network configuration.

justsee233 commented 1 year ago

Please use English. I suggest that issue is in your network configuration.

Ipv4 public network address, set port forwarding on the main router, and then install msd_lite on the secondary router, it can only be used in the LAN, and cannot be played on the external network. The same setting uses udpxy and everything is normal

rozhuk-im commented 1 year ago
  1. Check listen address in msd_lite config
  2. Use tcpdump on router with msd_lite to debug network issue.
windybird commented 1 year ago
  1. Check listen address in msd_lite config
  2. Use tcpdump on router with msd_lite to debug network issue.

Please use English. I suggest that issue is in your network configuration.

Ipv4 public network address, set port forwarding on the main router, and then install msd_lite on the secondary router, it can only be used in the LAN, and cannot be played on the external network. The same setting uses udpxy and everything is normal

Yes,the same to you

billzbc commented 5 days ago

This code checks the flags of the HTTP request and returns a 403 Forbidden status code if the requested Host is not local. 这段代码检查HTTP请求的标志位,如果请求的Host不是本地的,就返回403 Forbidden状态码。

src/msd_lite.c line 611

if (0 == (req->flags & HTTP_SRV_RD_F_HOST_IS_LOCAL)) {
    resp->status_code = 403;
    return (HTTP_SRV_CB_CONTINUE);
}
rozhuk-im commented 5 days ago

All hosts names will be "local" if you have in config: <hostname>*</hostname> it is set in default/example config. https://github.com/rozhuk-im/msd_lite/blob/master/conf/msd_lite.conf#L37C4-L37C26

szNightFury commented 2 days ago

All hosts names will be "local" if you have in config: <hostname>*</hostname> it is set in default/example config. https://github.com/rozhuk-im/msd_lite/blob/master/conf/msd_lite.conf#L37C4-L37C26

Hi,

I’m experiencing an issue where accessing msd_lite from an external network still results in a 403 Forbidden error, despite having * set in the config file as recommended. The configuration should allow all hostnames to be treated as local, but the problem persists. Could there be any additional configurations or steps that I’m missing to allow external access without encountering the 403 error?

Thanks for your help!

rozhuk-im commented 2 days ago

Share your config, I will check.

szNightFury commented 2 days ago

Share your config, I will check.

For context, I have configured port 7088 for msd_lite and set up port 80 for another internal service running Nginx. When performing internal network penetration through port 7088, accessing it from an external network results in a 403 Forbidden error. However, internal network penetration through other ports, such as port 80 for Nginx, works fine.

Here is the current mds_lite configuration:

<?xml version="1.0" encoding="utf-8"?>

<!--
 Sizes in kb, time in seconds
-->

<!--
<skt> <rcvLoWatermark>XXXX</rcvLoWatermark> - DOES NOT WORK on Linux!
man socket(7):
...
The select(2) and poll(2) system calls currently do not respect the SO_RCVLOWAT
setting on Linux, and mark a socket readable when even a single byte of data is
available.
...
-->

<msd>
    <log>
        <file>/root/msd_lite/msd_lite.log</file>
    </log>

    <threadPool>
        <threadsCountMax>1</threadsCountMax> <!-- 0 = auto -->
        <fBindToCPU>yes</fBindToCPU> <!-- Bind threads to CPUs. -->
        <fCacheGetTimeSyscall>yes</fCacheGetTimeSyscall> <!-- Cache gettime() syscalls.. -->
        <timerGranularity>100</timerGranularity> <!-- 1/1000 sec -->
    </threadPool>

<!-- HTTP server -->
    <HTTP>
        <bindList>
            <bind><address>0.0.0.0:7088</address><fAcceptFilter>y</fAcceptFilter></bind>
            <bind><address>[::]:7088</address></bind>
        </bindList>

        <hostnameList> <!-- Host names for all bindings. -->
            <hostname>*</hostname>
        </hostnameList>
    </HTTP>

    <hubProfileList> <!-- Stream hub profiles templates. -->
        <hubProfile>
            <fDropSlowClients>no</fDropSlowClients> <!-- Disconnect slow clients. -->
            <fSocketHalfClosed>no</fSocketHalfClosed> <!-- Enable shutdown(SHUT_RD) for clients. -->
            <fSocketTCPNoDelay>yes</fSocketTCPNoDelay> <!-- Enable TCP_NODELAY for clients. -->
            <fSocketTCPNoPush>yes</fSocketTCPNoPush> <!-- Enable TCP_NOPUSH / TCP_CORK for clients. -->
            <precache>4096</precache> <!-- Pre cache size. Can be overwritten by arg from user request. -->
            <ringBufSize>1024</ringBufSize> <!-- Stream receive ring buffer size. Must be multiple of sndBlockSize. -->
            <skt>
                <sndBuf>512</sndBuf> <!-- Max send block size, apply to clients sockets only, must be > sndBlockSize. -->
                <sndLoWatermark>64</sndLoWatermark>  <!-- Send block size. Must be multiple of 4. -->
                <congestionControl>htcp</congestionControl> <!-- TCP_CONGESTION: this value replace/overwrite(!) all others cc settings: cc from http req args, http server settings, OS default -->
            </skt>
            <headersList> <!-- Custom HTTP headers (sended before stream). -->
                <header>Pragma: no-cache</header>
                <header>Content-Type: video/mpeg</header>
                <header>ContentFeatures.DLNA.ORG: DLNA.ORG_OP=01;DLNA.ORG_CI=0;DLNA.ORG_FLAGS=01700000000000000000000000000000</header>
                <header>TransferMode.DLNA.ORG: Streaming</header>
            </headersList>
        </hubProfile>
    </hubProfileList>

    <sourceProfileList> <!-- Stream source profiles templates. -->
        <sourceProfile>
            <skt>
                <rcvBuf>512</rcvBuf> <!-- Multicast recv socket buf size. -->
                <rcvLoWatermark>48</rcvLoWatermark> <!-- Actual cli_snd_block_min if polling is off. -->
                <rcvTimeout>2</rcvTimeout> <!-- STATUS, Multicast recv timeout. -->
            </skt>
            <multicast> <!-- For: multicast-udp and multicast-udp-rtp. -->
                <ifName>eth1.48</ifName> <!-- For multicast receive. -->
            </multicast>
        </sourceProfile>
    </sourceProfileList>
</msd>

Thanks for your help!

rozhuk-im commented 1 day ago

What URL do you send to msd? Do you redirect external connections to 127.0.0.1?

In code only 2 places that return 403 error:

  1. Wrong host name.
  2. Connection to loopback (127.0.0.1 / ::1) from non loopback. In that case in syslog will be message: syslog(LOG_NOTICE, "HACKING ATTEMPT: %s set in host header loopback address.", straddr);
szNightFury commented 1 day ago

What URL do you send to msd? Do you redirect external connections to 127.0.0.1?

In code only 2 places that return 403 error:

  1. Wrong host name.
  2. Connection to loopback (127.0.0.1 / ::1) from non loopback. In that case in syslog will be message: syslog(LOG_NOTICE, "HACKING ATTEMPT: %s set in host header loopback address.", straddr);

Thank you for your help!