Set up instructions

For help and support with Universal Media Server in general
Forum rules
Please make sure you follow the Problem Reporting Guidelines before posting if you want a reply
Post Reply
Oofy Prosser
Posts: 2
Joined: Mon Jun 26, 2017 6:37 am

Set up instructions

Post by Oofy Prosser » Mon Jun 26, 2017 6:45 am

I just started using UMS and had a heck of a time finding a step-by-step setup manual. I also notice a few other people with the same problem. So I wrote a simple set of instructions. You can use these as a starting block for a better set or ignore them, up to you. I just thought it a good idea to do so here it is.
--------------------------
Below are the steps I used to install and use Universal Media Server (UMS) on a MacBook Air (Sierra) successfully to show videos on my Samsung SmartTV. Don’t ask my any questions, I don’t know anything other than what you see below. ;-)
---------------------
Download and install UMS. Do not run it yet.

If your computer does not have Java installed, download and install it. If you are not sure, download and install it anyway, it can’t hurt. (On the other hand, if you think Java will open your computer to hackers, don’t install it, but you won’t be able to use UMS.)

Turn on the TV, make sure it is connected to wifi on the same network as the computer. How you do that depends on your TV, so read your manual. Leave the TV on.

Start UMS. In the setup dialogue boxes, just pick the defaults. They can be changed later.

When UMS starts, it should find your TV and show it in the “Detected media renderers” box. (A “renderer” is a hardware/software combo that takes your data file and converts it to signals that show on a screen: TV, computer monitor, etc.) If you see “No renderers were found” at the bottom of this window, then start over. Check your TV to be sure it is wifi-connected and turned on. Restart UMS. Wait a few minutes for UMS to find the TV. If all fails, ask for help.

Click on the Navigation/Share Settings tab. At the bottom of this screen, under “Shared folders,” click on the folder icon and navigate to the folder on your computer that has the files you want to show on the TV.

Back to the TV. Press the “Source” button on the TV’s remote control. (This did not work with my cable remote, only the remote that came with the TV. Try your TV’s remote first.) Highlight the UMC Server icon (clicking the Source button will highlight the various inputs in turn). Push the “OK” button on the remote.

If this all works, the UMS will open on the TV and you can navigate to the folder that has your files and you can open one.

Nadahar
Posts: 1401
Joined: Tue Jun 09, 2015 5:57 pm

Re: Set up instructions

Post by Nadahar » Mon Jun 26, 2017 8:20 am

Thank you for writing this, even though the steps aren't the same for everyone. I'll just add some comments.

UMS is a Java application, so you need to have Java installed to run it. On Windows (which is used by the majority of UMS users), the installer will download and install Java if it's not already installed. On OS X and Linux, Javas need to be installed before you can run UMS if it's not already installed. Apple's Java 6 is no longer supported, so either Oracle or OpenJDK version 7 or 8 are the most obvious choices.

Java won't open your computer to hackers, what has been considered a security risk by some is to have Java enabled in your internet browser. That means that you can start Java programs directly from your browser, and if you start "the wrong program" that can obviously be risky. You don't have to enable Java in your browser to use UMS or any other Java application locally though. I think most browsers these days disable Java by default.

UMS and the renderer(s) need to be on the same network, and also on the same IPv4 subnet. It won't work with IPv6 only, but dual IPv4 and IPv6 should work. Some people have trouble with the "same subnet" part because they don't know enough about networking, but it basicly means that there can't be a router "between" UMS and the renderer. If UMS is connected with wired network and the renderer(s) with wireless, there's often a wireless router between them that doesn't forward the signals they need to detect eachother. Many wireless routers can be run in "bridged", "transparant" or "access point" mode. If run this way, they won't operate as a router and won't block the signals. Likewise, a firewall on the computer running UMS is a common cause for trouble.

If the network is working properly, UMS and the renderer will find each other within a few seconds, usually as soon as you've started UMS. If you have to wait more than 30 seconds, your network is probably configured wrong (with a router or firewall between them only letting some signals through). Some times the signals will travel one way but not the other, which can lead to detection working some times only, or that you have to turn things on in a particular order for them to discover each other. All this is an indication of an improperly configured network. UMS doesn't define the "rules" for how the network must be configured to work, it's in the UPnP/DLNA protocols themselves and apply to all eqipment that rely on this to communicate.

Oofy Prosser
Posts: 2
Joined: Mon Jun 26, 2017 6:37 am

Re: Set up instructions

Post by Oofy Prosser » Tue Jun 27, 2017 5:53 am

Thanks for the further explanation. As I said, this is what I did to connect my Mac to a Samsung Smart TV. Of course the installation process will be different for different set-ups, but your clarifications are useful and I hope someone will put all this into a simple (!) format, all in one place that newbies will be able find easily.

OzBrickie
Posts: 17
Joined: Sat Nov 19, 2016 4:47 pm

Re: Set up instructions. Networking Basics

Post by OzBrickie » Sun Jul 09, 2017 8:35 am

Here are a few things I have learnt over the years if it helps any. There is a setting in modern routers that explicitly denies wireless clients access to the internal network. This is so guests can browse the net, use email and chat from behind a firewall but not browse your computers and access printers and cams and stuff. Logical really.

In my Asus RT-N66U it is in a semi hidden area called "Professional" and the setting says "Set AP Isolated". If you have this selected then wireless clients will not be able to see your shares. End of story. I reckon this is one of the main reasons people have problems seeing the Library using a wireless topology. Wired networks always work because the router has a seperate built in switch which has no routing or filter rules to follow whatsoever so it simply forwards all packets to the correct place. Having said that my old router was getting flaky in the wireless department last year and didn't have the Isolated AP setting either. It would intermittently stop my wireless clients from browsing network shares completely at random so that's how I figured the router was the culprit. There is no real way to monitor and check this as nothing showed in the logs, you just have to bite the bullet and fuck it off if you are suspicious. I now use that router as a plain old bridged modem with wireless turned off completely and I put a brand new YEEHAH router behind it to do all the work. Anyway there is absolutely no reason why a properly configured access point would stop wireless clients browsing shares on a properly configured network

As for sub nets, that is easy. Windows sets your subnet automatically according to the IP you type into the network adapter IPv4 settings. Remember that you need to choose an IP set in the Class A range. These IP addresses cannot pass a router into the big bad outside world so they are therefore called "Non Routable". There are a few sets you can use. Google it. The easiest to remember are 10.0.0.1 - 10.0.0.254 and 192.168.1.1 - 192.168.1.254. Your router will be either 1 or 254 by default. It's the easiest to remember so leave it. The subnets for 192.168 range is 255.255.255.0 and for the 10.0 range is 255.0.0.0 . You must use the correct subnet for a given IP range. When I learnt networking I was taught to calculate the subnet manually but who has more than 253 computers at home? Use the sets I just gave you. There is no better or faster range, they are just binary numbers. On/Off.

The other thing you then need to do in the IPv4 dialog is set your default gateway which is always your router's IP. Now this has absolutely nothing to do with your media server and renderers as it simply means you won't get out past the router to browse the net or email or chat. (uTorrent will however work if you use UPnP and your router supports it. In fact anything that uses UPnP to open ports or anything that you manually port forward will work but that's a whole other story) You will notice here that when you enter the addresses manually the settings for your primary and secondary DNS servers can also be configured. You can put your router IP here too or any other DNS server you choose. Your ISP or google or whatever. You don't actually need to enter both a Primary and a Secondary DNS server if you don't want to and you can leave it completely blank too.You can go into your Routers DNS server settings and input a downstream DNS server there as well. The beauty of DNS is that the system automatically goes to the next hop down the line and queries domain names from anyone who will answer. If there is no answer it will ask someone else further downstream and so on. Basically if you leave it blank you will end up 9 times out of 10 using your ISP's DNS server. This can sometimes be bad because ISP's are sneaky and may use caching proxies to give the impression of a fast service. I use Dodo in Australia and I know they often do. There is info on the web about this, Google it. VPN's are different again and not in the scope here however as I said earlier, your internal network will function perfectly well without any connection to the internet whatsoever and that's what we are really trying to achieve here. Leave the local IPv6 settings on auto and you do not need an IPv6 DHCP server running on your Router. IPv6 is starting to be used because IPv4 TCP/IP is 32 bit and has actually run out of numbers. (Hence the use of subnetting and Class A IP addresses). IPv6 is a new 128 bit system and as such has a shitload of numbers. You can safely assign any random 128 bit address to a machine and be sure it will be unique so we don't even need to use it on an internal network. It's for the internet only and won't be fully implemented for a while. Again, Google it but don't set up a DHCP server to use it on your network. Do Not, I repeat Do Not change WINS settings in the advanced part of your network adapter settings no matter what anyone else tells you, no matter how much of an expert they reckon they are. In fact don't change any of the settings at all apart from the IPv4 settings. We are not using Windows 95, 1/10Coaxial cable,token rings and dumb hubs. This is the modern era with smart switches and routers. Your Router is much cleverer and way more powerful than any old 386 with Win95 anyway. It also happens to be a very effective firewall so for the good of mankind, disable the windows inbuilt firewall. Don't argue, just do it. :D

Go into your network and sharing settings and make sure you are on a private network. Then go to advanced and select these:- Turn on Network Discovery. Turn on File and Printer Sharing. Turn on Sharing for anyone to access Public Folder. Media Streaming doesn't matter. Use 128 Bit Encryption. Turn Off Password protected sharing. Let Windows Manage Homegroups. Now I'm old skool and even though it is selected here, I don't use homegroups at all so when we share a folder we need to give everyone at least read access to it in your permissions. Simplest method is to add the "Everyone" user. If it's not there, type it into the box. If you have a folder shared with only you as the admin/owner, then run Kodi from a user account on another machine you will not see the files in those shares even if you have manually typed in the path. This is critical for windows or Mac access when browsing windows/SAMBA shares for example but doesn't matter on a PS3 because UMS doesn't require that a local folder be shared in order to add it to the library and it essentially takes ownership of the file when it muxes or transcodes it. The reason I don't like using Homegroups is it takes most of the access control out of your hands and sets it up the way Micro$oft reckon is easiest. When I first saw it I didn't understand what it was and I left it. Problem was you could browse the admin's documents from a user account. Not Good. When you get the little wizard that pops up after you add a new network as I described above simply answer all the questions but when you get to the one about Homegroups with all the check boxes just click cancel. Everything will work just fine. I don't know how DLNA media servers or UPnP rendereres deal with Homegroups either so that's another reason I refuse to set them up. I know permissions and I know this way works every time. Finally go to advanced system settings, click on the computer name tab, click on the change button and make sure all your PC's are in the same workgroup. Give em a nice simple name, all unique of course, and make the work group anything you want as long as it's the same on all your machines. Don't use the wizard or join a domain unless you really are on one, if you're already using Server as a domain controller then you don't need any of this anyway. If you are using Server because it sounds cool but in reality don't know a thing about networking then you're on your own. That is way beyond the scope of this post and I don't have the time or inclination to help other than to say that if you insist on running it, Server has an option when you boot up to act as a plain old file server on a workgroup. The only advantage here over a desktop OS is that server can use multiple processors if you have them. Windows home server is a different beast altogether, I have never used it but I assume its networking procedure is the same as I have described for Windows Desktop, however it uses a different method to install applications. My suggestion for setting up a server once you get into networking is get a reasonably modern computer with a quad core and lots of SATA ports, your old video card and a gigabit NIC then sit it in the corner with a UPS and access it from a console like RDS.


I know this can be a bit of a headfuck at first but try to nut it out, however if you are struggling, don't stress. Set your network cards to auto, fill in the addresses on the router and enable DHCP. Done.(Remember, when it comes to DHCP servers, "There can be only one"). I usually put my router on 1, my secondary WAP on 2, my modem on 254, assign 3 - 100 as my DHCP pool and use the remainder (101 - 253) for my static addresses ( I choose multiples of 10 so it's easy to remember). To check you are doing it right, turn off all your clients then save your settings and reboot your router. Then one by one turn everything back on starting with the machine that is your media server. Next launch a command prompt and type in "ipconfig /all". Along side to your NIC you will see your IP, the gateway, DNS servers and all sorts of lovely information. If your IP is 169.254.x.y, that is a default windows uses when it can't reach a DHCP server and is totally unroutable so you will be cut off from EVERYTHING, even your internal network. You need to find out why you can't access the DHCP server in your router or if in fact the DHCP server is acually running at all. If any of your clients/renderers have a funky IP address then same deal. Also if you ever see 127.0.0.1, that is the IP for " Local Machine". It's how your computer talks to itself when using TCP/IP or Loop Back and has no affect on anything else. You can browse local webservers using this IP. For example, on your UMS machine, open up a browser and type in 127.0.0.1:9001 (9001 being the port) Voila!


UPnP can mean different things depending what you are referring to. Basically it stands for Universal Plug and Play but it has nothing to do with USB hardware. There is heaps of reading via google but basically it refers to a system where networking infrastructure and applications can sort themselves out with a minimum of user interaction. Great in theory but it ended up being way more complicated, hence the need for re definition and addition of protocols such as DLNA and mDNS etc. UPnP will allow a renderer to play files that are shared over a network without additional complicated networking setup other than the what should already be present in your physical layer. This is what a PS3 does. It will also allow a program to talk directly to a firewall and tell it which ports to open outwards and which IP and ports to forward return packets to, ie. automatic port forwarding. This is what uTorrent does. There is also some very interesting things happening with BubbleUPnP and the OpenHome protocol. BubbleUPnP server sits between UMS and your renderer and lets you do some really cool things. Check it out. https://bubblesoftapps.com
One tip. If you use a wireless control point like I do then you may find it handy to set the IP/Subnet manually on the renderer machine so the control point app will always find it. My wife uses YATSE on a tablet to control our KODI machine in the bedroom so this is a necessity for us. If you use Foobar2000 and control it from your tablet then same deal.(PS3's can't make use of UPnP Control Points BTW so forget it, I'm talking Foobar, Kodi and the likes). Most modern routers have a system to assign a static IP to a specific MAC address so you can do everything from one place in the Router's web page and leave the client set to auto. Up to you. I also put my server on a static address so it's always easy to find. MAC addresses are 100% unique and are hard coded into a NIC so this method works well.

Sorry to ramble but it really is simple, Microsoft were trying to make it difficult in the past to keep their techs in work. As long as these few basic things are done, with no exceptions, your DLNA network will simply "Work" I guarantee it.

There is no such thing as a stupid question.

Cheers and Beers
Oz
Last edited by OzBrickie on Wed Jul 12, 2017 10:20 pm, edited 10 times in total.

OzBrickie
Posts: 17
Joined: Sat Nov 19, 2016 4:47 pm

Re: Set up instructions

Post by OzBrickie » Wed Jul 12, 2017 8:37 pm

Just clarified a couple of points and added a few more networking tips that might help folks

Oz

Nadahar
Posts: 1401
Joined: Tue Jun 09, 2015 5:57 pm

Re: Set up instructions

Post by Nadahar » Thu Jul 13, 2017 6:05 am

There's a lot of assertions in your post @OzBrickie, and while I appreciate the effort, I don't agree on everything you say. Networking can be very complex if you dive into enough detail, although at the level most people interface with it it's actually much simpler than people tend to believe.

I didn't know about the "wireless isolation" setting, as I tend to stay as far away as I can from the type of "consumer products" that make all the decisions for you. This is a good example of why I dislike the concept, "wireless isolation" is actually a firewall function in the router whose rules are invisible and unconfigurable to the user. Although I see the need to isolate networks into different zones (which is one of the fundamental concepts of traditionsal firewalls), it would be much better if the configuration was transparent on what it did and and that it was possible to define the traffic rules manually. I guess that's Apple's legacy that we all will have to suffer from for many years to come, the fact that removing choice and freedom has somehow been celebrated as "user friendly" by ignorant people. What I don't understand is why it's so difficult to do both with a system of templates that applies actual rules that can be viewed and configured. The ignorant could then simply apply templates (for example "wireless isolation") while those that bothered to spend more than 2 minutes researching the subject could make more intelligent and tailored decisions. But, that's a different discussion ;)

What is relevant to UMS is simply that any shape or form of firewall that blocks the traffic that's needed between UMS and the renderer, will create problems. Thus, putting UMS and a renderer on separate sides of a "wireless isolation" firewall won't work.

When it comes to unstable/buggy routers it's certainly not something that can be ruled out, but it can be very difficult to pinpoint. That's why I prefer that people connect UMS and the renderer to wired networks just separated by a switch when trying to diagnose problems. But, that's not always possible either because ethernet ports aren't available or because it would require a great deal of wiring. People should try to temporarily move some of the equipment so that they can be connected with wires if at all possible when diagnosing, it could quickly reveal if it's a UMS or a network problem. In my experience unstable/buggy routers is most common in the cheapest routers, and can be caused both by buggy firmware or failing hardware. In most cases, the router won't reveal anything in logs. I've for example seen routers that slowly consume their state table, and when it's full it starts doing all kind of weird stuff (because it can no longer track the different connections it's handling). A restart will make it work well again - until the state table is full again. If no firmware update fixing the problem is available, such a router belongs to the bin unless it's possible to install dd-wrt or another custom firmware on it. The "unofficial" firmwares generally gets much more attention and bug fixes.

When it comes to subnets I agree that it's easy once you understand it. The problem is that the terms used is foreign to most people, and that subnet masks only make sense to people that's used to "binary math" - which is mostly confined to developers of fairly low level software/firmware. The fact that there's two different notations and the fact that there seems to be fairly random which notation is used in a given configuration makes it even more confusing. The fact that IPv6 use a lot more bits and use hexadecimal notation instead of decimal makes this even more of a mess, not to mention the "short forms" implemented in IPv6 which implies values "impossible" to guess for those that doesn't know it. In short, there's a lot of reasons why the really simply underlying system of IP addresses and subnets are obscured and made difficult to grasp.

To try to explain it simple I'd say that a subnet mask is a set of numbers that limits the allowed values for the corresponding IP address numbers. The problem is that since this restriction is on a binary level, it's not obvious the a person thinking in decimal. The fact that the first "value" of a subnet is used to describe the subnet it self and isn't a valid IP address is also something that can confuse. The easiest way to know the effect of a given mask, is to use a subnet calculator. In IPv4, 192.168.10.10 with a subnet mask of 255.255.255.255 is confined only to that address itself. You could say it's a subnet of only 1 address. On the other extreme, 10.0.0.0 with subnet mask 255.0.0.0 describes all addresses from 10.0.0.1 to 10.255.255.254. It's easier to see why in binary notation, the first example is in binary:

Code: Select all

1100 0000.1010 1000.0000 1010.0000 1010 with subnet mask 1111 1111.1111 1111.1111 1111.1111 1111
The second example is in binary:

Code: Select all

0000 1010.0000 0000.0000 0000.0000 0000 with subnet mask 1111 1111.0000 0000.0000 0000.0000 0000
The subnet mask simply allows any bit with a "0" in the mask to change, while any bit with a "1" in the mask is "frozen".
Thus, is the first example all bits are frozen and only the one address itself is allowed, while in the second example only the first value (10) is frozen and the rest can be anything, meaning that the described range is:

Code: Select all

0000 1010.0000 0000.0000 0000.0000 0000 to 0000 1010.1111 1111.1111 1111.1111 1111 (10.0.0.1 to 10.255.255.255)
But, since the last address of any subnet is reserved for broadcast, the allowed range is

Code: Select all

0000 1010.0000 0000.0000 0000.0000 0000 to 0000 1010.1111 1111.1111 1111.1111 1110 (10.0.0.1 to 10.255.255.254)
Because of the broadcast address reservation, the subnet described in my first example isn't a valid subnet, as the one available address would be the broadcast address. It's still used though, as a broadcast address isn't relevant in a single IP context (there's nobody to broadcast to). The smallest "valid" subnet therefore has a mask of 255.255.255.252, which mathematically gives an address space of 4 - of which the first is lost to the "subnet description address" and the last is lost to the broadcast address, ending up with and effective range of only 2 addresses. Thus, 192.168.0.0/255.255.255.252 allows IP addresses 192.168.0.1 and 192.168.0.2.

As a consequence, what you're saying about Windows automatically setting the correct subnet mask isn't correct. There is no "correct" subnet mask, it's up to whoever that defines the subnet (address range) what the subnet mask should be. What Windows does is to suggest the "default" subnet mask for the private IPv4 address space the value you enter belongs to. It works well for the 192.168.x.x range (as the 255.255.255.0/254 address/class C subnet has become a de-facto standard subnet for home networks), but it is in my opinion completely useless for the 10.x.x.x range where it suggest a subnet of 16777214 addresses. I'd like to see the home, or business, where that's a reasonable address space. As such, the range you suggest of 10.0.0.1 - 10.0.0.254 doesn not correspond to the 255.0.0.0 subnet mask you describe for that subnet. The subnet confined to addresses 10.0.0.1 - 10.0.0.254 is actually 10.0.0.0/255.255.255.0.

When it comes to the default gateway I also disagree. The default gateway is simply an address to which the NIC will send request for all addresses for which is doesn't already know where to find. As such, it should be your router if you have a single subnet and a single router because that means that the router will be queried for any addresses not belonging to the local subnet that doesn't have a defined route. However, when there are multiple subnets and routers involved, it might not be so obvious where the default route should be. There are multiple ways to configure this, so I won't go into the defails here, I'd just like to state that it shouldn't "always be your router's IP", and that it could very well have to do with your media server and renderers if your network isn't a single subnet, single router configuration.

When it comes to DNS that's a chapter in itself, where many things come into play. Usually you'd not want to use your ISP's DNS if you don't want to be sensored or watched by your government. DNS has nothing to do with UMS and DLNA though, as DLNA forbids the use of name resolution and requires the use if IP addresses in all but a few rare circumstances. UMS and the renderers will therefore communicate without DNS being configured or working at all. To give a very short description of what DNS is, it stands for Domain Name System and what it does is to translate to domain names into IP addresses (e.g http://www.universalmediaserver.com -> 65.23.155.8). Think of the domain names as names of people or businesses, IP addresses as phone numbers and DNS servers as the phone directory which translates a given name into a phone number. A networked device always use IP addresses (phone numbers) to make the actual connection/request, so it always first has to query DNS to "translate" a domain name into an IP address. This is why governments love to both sensor and record DNS'es, it allows them to tell your ISP which names they are forbidden to give out the numbers to and the log of your DNS queries can tell them a lot of what internet resources you access. It's very easy to use other DNS servers though, the problem can be to find one that you know you can trust not to report your activity to the government or sensor you. One big problem with DNS is that the standard doesn't support encryption, so all your queries are sent out on the internet readable to everyone that can get their hands on your packet (which is anyone controlling any of the routers you have to pass to get to the DNS server and those controlling the DNS server itself). If you run your own DNS server (some routers do, although most only implement a DNS proxy which only forwards your DNS requests to the DNS servers configured in your router) you can avoid this alltogether, because your query never leaves your local network. DNS servers themselves has to get the information from the internet though, but it's done in a different way where your DNS server will contact one of several pre-defined "root DNS servers" that will forward it to one of the DNS servers responsible for the domain name in question. Once your DNS server has retrieved this information, it will store it and won't query the same information again until the value has expired (a given amount of time has passed, which is defined per domain). The traffic is still unencrypted and possible to track, but it's more difficult to both sensor and get a complete picture of which internet resources you visit. The only way to be able to use DNS to resolve resources (like your home computers) on a private network, is to run your own DNS server - and even then it might not be straight forward.

When it comes to the WINS settings I disagree as well. There is no "danger" in changing the WINS setup, in most circumstances it won't make any difference though, as you need to have access to a WINS server for it to work. Ironically WINS is short for Windows Internet Name Service, although to my knowledge it has never actually been used on the Internet. It was one of Microsoft's solutions for name resolution, but it was beated by DNS. It has some major disadvantages for use on the internet, it doesn't have the well known dotted "scope" notation that DNS does (foo.bar.com), so instead of "www.universalmediaserver.com" it would be just "universalmediaserver". While this is simpler to use, it doesn't go well with all the different jurisdictions that the real world consists of where different entities control different "top level domain names". It has no encryption or authentication just like DNS, but unlike DNS it also allows clients to register for a given IP address. On the internet that would mean complete anarchy, e.g anyone could claim "universalmediaserver". On a private network on the other hand, it's perfect as I see it. You don't have a problem with your devices trying to steal eachothers names on a private network, neither do you have the need for different entities controlling different parts of the name space - and the fact that every device that supports it automatically registers its address makes it more or less "maintenance free". Normal DNS requires manual registration and configuration, which means any name that is to be resolved has to be put there by someone. There is something called dynamic DNS that allows the same kind of automatic registration as WINS, but in my experience it's not well enough standardized or commonly enough implemented to be really useful outside corporate Windows networks. However you put it, if you want name resolution on your local network using WINS or DNS, you'll need to run a local DNS or WINS server. I love and still use WINS both because it requires so little configuration to work and because it's nice to be able to separate local name resolution from internet name resolution. The two will work simultaneously, allowing the network device to query both services, which nicely encapsulates your local name resolution and makes it completely independent.

I do agree with you that most people should disable their Windows firewall because their router should do the firewalling task. When private IP subnets are used, something called NAT is used in the router which "translates" your private address to the router's public/internet address. That means that any device going out on the internet looks like its your router, and it's not possible to contact them from the outside since the private addresses aren't routable from the internet. However, "port forwarding" limits this protection somewhat, and that what it actually does is to tell your router that any incoming traffic on the specified port or port range should be forwarded to a given private address, effectively exposing that or those ports to access from the internet. Depending on which ports are being forwarded and what services is listening to those ports on the target address, it might or might not pose any security threat. Normally it's quite harmless, but what I really dislike it routers with UPnP enabled. What it does is that it allows devices on the inside, to set up port forwarding without the user's knowledge. The rationale is that most people don't understand port forwarding and that it's the only way to get services that requires internet access to work. The downside is that it effectively allows any sneaky software or device connected to your private network to open up any "holes" they want in your router, exposing internal devices. It's like having a top quality lock on your house and then give away the key to anyone that visits the house. It's not something I'd recommend, so I'd say that assuming that you've disabled UPnP in your router, turning off the Windows firewall is safe. There is one more problem though, and that is IPv6. If your network is configured with IPv6 without NAT, your network might be reachable from the outside, again depending on how your router is configured. I don't see the need for IPv6 on private networks though, so if you just stick to IPv4 on your internal network, that won't pose a risk either. When it comes to laptops that you sometimes use to connect to other Wifi networks, it's a different matter. You have no control or knowledge of whether such a network is "secure", so running a local firewall under such circumstances is a must. To sum it up, if you:
  • Use a private IPv4 network range in your home network and either has disabled IPv6 or your routers is configured to now allow any incoming IPv6 traffic.
  • UPnP is disabled in your router.
  • You don't travel and connect to other networks with the computer running UMS.
  • You trust the other devices on your local network (i.e that there's noone there with malicious intent)
It should be safe to turn of your local firewall on the computer running UMS. I believe that the above applies, or can very easily be configured to apply, to most home networks - and thus the whole firewall headache could be avoided.

When it comes to your description of network discovery, file and printer sharing, share permissions and homegroups, this is completely unrelated to UMS. UMS only needs read access to the shared files locally (given that the files are stored locally), and it will share them using UPnP/DLNA. It's a completely independent system from all the other things mentioned. Be aware however, that UPnP/DLNA doesn't support authentication so it will share its content to anyone on the local network. There is no way to restrict sharing to only a given user, as the concept of a user doesn't exist. You can limit access to UMS per IP address, but in a typical home network with dynamically assigned IP addresses and no "enforcement" of IP address use, it's not much of a security barrier.

I'd also like to know that desktop OS'es use multiple processors just like server OS'es. In reality, there is little or no difference between a "server OS" and a "desktop OS". The core part of the OS is the same, and the difference is mostly what the OS maker allows on the different versions. A Windows "server" are bundled with a lot of "network software" like DNS, WINS permission and policy management tools, Active Directory etc, which Microsoft doesn't make available for a "desktop version" of Windows. In addition, a "desktop OS" usually has more "bloatware" (software you don't need or want) installed, and you can expect other defaults (generally assuming that you're stupid and that everything should benefit Microsoft, not you). If Microsoft did make those services available for download for a "desktop OS" and skipped the bloatware and the stupid defaults, it would be no difference between the two. That's why when you install Linux, you can often choose if you want to install a "server" or a "desktop". It simply a matter of which features/software are installed and what the default configuration is.

UPnP is simply a standard that define a set of protocols to use when network devices communicate with each other. It's not very strict, so it leaves a lot of room for incompatible implementations, and it makes some assumption about your network that limits under which circumstances it will work. There are different "sub standards" of UPnP, one of which is UPnP AV (Audio Video) which is what DLNA is based on. UPnP AV has nothing to do with UPnP used to configure routers except that the basic discovery and service scheme is the same. UMS or DLNA renderers cannot communicate with an UPnP enabled router any further than actually seeing that it's there. The "rest of the rules" for communications belong to different "sub standards" which makes them unable to actually interact in any meaningful way. The most "limiting" part of UPnP is the assumption is makes about all devices being on the same IP subnet. Because of the widespread use of wireless routers, that's often not the case anymore, and this is what causes the most trouble. "Normal" IP traffic is unicast, that is a communication from one address to another address. This communications isn't sent to all the other devices on the network. UPnP use multicast for discovery, which behaves differently. Multicast is sent to all devices, and anyone that listens will receive the information. Think of unicast as a normal phone conversation and multicast as a radio broadcast. Multicast is "one way", you can't reply directly to a multicast message (just like a radio broadcast). However, anyone receiving the information can either broadcast their own message (setting up your own radio station) which could works as a very inefficient way to reply, or the listeners interested in the message could contact the sender directly via unicast (like when someone makes a call to a radio show after they have broadcast something that the listener is interested in replying to) which is how UPnP actually work.

The problem with multicast is that since it doesn't have a destination address and is meant for "everyone", networks would quickly be heavily congested if routers forwarded multicast messages to other subnets. If would mean that if I send a multicast message while being connected to the internet, that message would travel to every other router on the internet and in the end to every device connected to the internet. It's easy to see how this would instantly overload the network and make it break down. As a consequence, multicast packages aren't routed by default, and many cheap routers doesn't even support routing multicast packages. In addition, it has to be configured how you want the multicast traffic to be routed. In short, this is way to difficult for the regular user, which is why I usually just state that "UMS and the renderers must be on the same subnet". It's not actually true, but because of the challenges with multicast routing (difficult configuration, often not supported) that is the reality for all but the tech savvy. To be able to correctly identify each other, multicast needs to work both from UMS to the renderers and the other way. Once the initial communication is estabilished, most of the communication is done using regular unicast that doesn't have any problems traversing subnets. Multicast is still needed after discovery though, as every device has to announce its presence at regular intervals, and the UPnP standard dictates what when the regular broadcast isn't received, a device is to assume that the other device isn't connected to the network anymore.

OzBrickie
Posts: 17
Joined: Sat Nov 19, 2016 4:47 pm

Re: Set up instructions

Post by OzBrickie » Fri Jul 14, 2017 6:28 am

Yeah mate. I'm with you on that.

The wireless isolation setting is something I noticed recently when I set up my new router, and I remembered that quite a few people were having problems with wireless clients. Thought it may be handy info. I definitely wasn't calling you out, simply sitting at home after a few to many sherberts!

UPnP and DLNA is way beyond my understanding unfortunately. Apart from the basics you outlined it was all just a theory when I learned networking. I figured that if the majority of users have a small home network then getting it set up to function correctly would by elimination solve 95% of the problems people face getting UMS to work, regardless of whether 3/4 of the steps affects DLNA functionality or not. I outlined the easiest and quickest method to attack TCP/IP home networking knowing that even though my theory was not always correct, my practice was.

At the end of the day instead of rambling and confusing things more I should have said don't use wireless, run a DHCP server and turn your bloody windows firewall off! :mrgreen: OH, and make sure all your plugs are nice and tight. Hehe

I apologise if I made things kerfuffled, feel free to edit/delete my post.

Oz

Nadahar
Posts: 1401
Joined: Tue Jun 09, 2015 5:57 pm

Re: Set up instructions

Post by Nadahar » Fri Jul 14, 2017 7:31 am

By all means, I appreciate the effort, I just felt the need to correct what I thought was wrong.

OzBrickie
Posts: 17
Joined: Sat Nov 19, 2016 4:47 pm

Re: Set up instructions

Post by OzBrickie » Fri Jul 14, 2017 8:23 pm

Of course you did, it's your nickel.

The path to truth and the path to right are both lengthy and diverse, tho never the twain shall meet

Apologies to RK

Post Reply