Linux firewall settings for Apple Airplay (Shairport / Shairtunes / Shairplay)


The following has taken me an eternity to figure out. I use Airplay from a Linux server to Apple and other airplay devices on my network. Configuring the firewall properly for this to work has not been simple - many guides are vague and lack the specifics needed.

My actual configuration centres around Logitech's squeezeboxserver now known as logitechmediaserver 'LMS' whereby I use the following plugins:

AirPlay bridge - this enables Airplay devices to be used as if they were squeezebox devices, i.e. I can play my LMS stored music / radio / spotify on any of my Airplay devices

ShairTunes2 - this enables Squeezebox devices to be Airplayed to, i.e. I can Airplay from my iPhone/iPad/Mac etc. to any of my LMS squeezebox devices. This is an incarnation of shairplay / shairport .

For along time I have had to disable my firewall to enable my LMS device to connect to my Airplay devices and for music to flow. Once the connection is established I had to then re-enable my firewall - which is not ideal and very cumbersome. Whilst the Airplay devices always showed up in LMS and LMS client the music would just not stream. 

Here's how to configure a linux firewall with UFW to enable Airplay:

VNC Clipboard not working fix

Clipboard not working over VNC to Linux? To share clipboard over VNC if its not working (e.g. on xfce) try autocutsel.

sudo apt install autocutsel -y

Apple Script - prevent Mac OSX login items opening Script Editor at startup / login

To prevent Apple Scripts from opening the Apple Script Editor on Mac OSX login the script should be export to an application within Script Editor. The application (.app) should be added to OSX login items, not the script (.scpt).
To do this From the Script Editor menu, choose File -> Export and select “Application” from the File Format dropdown.
This is necessary because if you only save it as a script (.scpt file), when run at login it will simply open in AppleScript Editor. 
We want this to be an automated process so that the functionality runs without our having to do a thing. As an application, the script functionality will run the same as if you opened it in the editor and clicked the “Run” button.

Set up ipsec VPN with Strongswan on Ubuntu with PSK for roadwarrior use

This post shows how to setup an ipsec VPN connection in roadwarrior fashion. Roadwarrior mode is where you typically have a mobile device which has a dynamic address and you want to connect back to a VPN server. This post uses a simple pre shared key to establish the VPN connection using strongswan. This is much simpler than my past openswan approach which also relied on L2TP, Pluto etc. needing to be configured. Performance also seems to be better with VPN connections establishing much faster.

Ubuntu as an Apple Time machine capsule with Samba SMB2

Apple's TimeMachine now works with Samba SMB2. Apple also is moving to depreciate AFP which was the previously underpinned TimeMachine. Since Yosemite OSX 10.10 it is possible to use samba which in my view is easier and simpler to set up. Read on...

Get BBC iPlayer working on Logitech Media Server with Squeezebox Touch & Classic

Getting BBC iPlayer to work on Logitech Squeezebox has not been simple in the last 18 months due to BBC's ongoing changes to their iPlayer infrastructure. Here's how I have it working as of February 2012 on a Logitech Squeezebox Plus and Logitech Squeezebox Classic, read on...

Tail a log file for specific strings

I needed to tail a logfile in realtome for specific strings to understand why mpd was failing to update all of my music. To do this I tail the log file as follows:

PC audio & music to Squeezebox without the hassle

I've wanted for a while to play music / all audio from my linux PC on my Squeezeboxes, with ease. I've tried in the past to do this with BPA's Squeezebox WaveInput plugin but this route isn't for the faint hearted. It also limits the audio source just to the Squeezebox Server local machine unless you are advanced. Here is a very simple method which allows you to stream from any linux PC on your network to your Squeezebox. It relies on Video Lan Client VLC, Pulseaudio and Alsa. Here's how...

Enable Xubuntu remote desktop access with Vino VNC

Xubuntu 14.04 does not come with VNC working out of the box which is frustrating and feels like a step backwards. So here is how I enabled VNC on Xubuntu...

Dyndns no longer alternative

DynDns has closed its door and support for free accounts. Try for a free alternative dynamic dns service.

AirPlay to Linux / Ubuntu with Shairport v1.0

Linux can receive AirPlay audio using a program called Shairport that I covered over a year ago. Shairplay has since been re-written by the original developer James Laird to no longer rely on perl. The latest version is v1.0-dev here's how to get AirPlay working on Ubuntu using Shairport and iTunes to test it.

DynDns keep an active account with autologin

DynDns now requires users with free accounts to login every 30 days in order to keep their accounts... painful. Here is how to overcome the manual login using a scheduled auto-login script developed by kopf (thanks!).

Setting up password authentication for windows file sharing / samba (smb / cifs ) shares

Adding password based authentication to windows file shares / samba sharing on linux is never as simple as I'd expect. With the spread of cryptolocker (ransomware which can encrypt your network shares!)  I have been working to enhance the security and resilience of my windows samba network shares. Here are some simple pointers from my experience of setting up authentication on a Ubuntu machine running samba (tested on samba versions 3.4.7 and 3.6.3) :

Check integrity of file / folder transfer - recursive md5sum checksums

How to check that directories of copied files retain their integrity on linux. I use this command to check my photographs from my digital SLR SD / CF cards retain their integrity when copied to my PC. Read on...