Raspbmc firewall port rules vs ZNC
Tonight I ran into trouble trying to make it possible to connect to my install of ZNC the IRC bouncer running on my Raspbmc setup Raspberry Pi media centre, until now I hadn’t actually tried to connect to it from outside of my home. With help from 2Brains and MixWizard I was eventually able to get it working. The key was that Raspbmc firewall port rules are set up using iptables to lock down access to the RPi from access outside of the local network. This is because many people don’t change the default password to the standard account, which has root access.
In order to make it possible to connect to a particular port from outside my home network I had to forward the ports on my router, and add a rule to the RPi to enable access. As ever this was achieved through SSH.
Changing Raspbmc firewall port rules
$ sudo iptables -D INPUT 3 $ sudo iptables -A INPUT -i eth0 -p tcp --dport 65001 -j ACCEPT $ sudo iptables -A INPUT -j DROP $ sudo iptables -L
By default the rule which locks access is on the third line, so first we tell the RPi to remove that, if you’ve edited the iptable you’ll need to adjust appropriatedly. Then we set a rule to allow access on a port, I’ve put in 65001 here just to demonstrate since ports in the range 42-65500 are used for custom setups but you should use whichever port ZNC is listening on. Then we reinstate the lockdown rule after this so that all other ports are refused externally. The final entry above should give you a list of the Raspbmc firewall port rules, the last value in the Chain INPUT section will be a DROP.
Setting new Raspbmc firewall port rules for the future
In order to ensure this remains after a reboot you need to make one adjustment to the raspbmc firewall script.
$ sudo nano /etc/network/if-up.d/secure-rmc
Once you are in the file scroll to the bottom to find where the iptable lines are defined and add in your rule (2nd line above) to make sure when the unit restarts you don’t have to do it all again.
