Tuesday, September 8, 2015

how to setup EMBY server for access only from a certain network and your dynamic home ip

Assuming that you know how to:
-configure EMBY server 
-setup iptables
-using a linux machine 

I found a bit annoying from a security point of view to have my videos and pictures exposed as a public ip to the world.

the case: 
I have a static ip on one location on a linux machine 
and I'd love to access the Emby server only from my machine, and the network from where my phone is connected + my home network (this should also help in case of copyrighted material)

I first setup a dyndns for my router (which actually was already working)
then I focused on the iptables with the following script that I added to a cron job running every minute


#!/bin/bash

iptables -D INPUT -p tcp -m tcp --dport 8096 -j EMBY
iptables -D INPUT -p tcp -m tcp --dport 8290 -j EMBY
iptables -D INPUT -p tcp -m tcp --dport 8096 -j DROP
iptables -D INPUT -p tcp -m tcp --dport 8290 -j DROP

iptables -A INPUT -p tcp -m tcp --dport 8096 -j EMBY
iptables -A INPUT -p tcp -m tcp --dport 8290 -j EMBY
iptables -A INPUT -p tcp -m tcp --dport 8096 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 8290 -j DROP

iptables -A EMBY -j DYNAMIC # tell iptables to redirect the EMBY traffic on the DYNAMIC table

iptables -F DYNAMIC # Flush the DYNAMIC chain
iptables -A DYNAMIC -s <home hostname> -j ACCEPT # Accept packets from home
iptables -A DYNAMIC -s <network of emby> -j ACCEPT # Accept packets from my machine in the emby location
iptables -A DYNAMIC -s <wireless dhcp network> -j ACCEPT # Accept packets from my machine in the emby location wifi - needed for the mobile

that's basically all that is needed

Alex 

No comments:

Post a Comment