Alexa allowing ports

Hi there, I have couple Alexa behind ipfire and I cannot play some audio services(TuneIn).
The ports are:

• • 123
  • 443
  • 4070
  • 5353
  • 33434
  • 40317
  • 49317
    How can I add all these ports in one rule, for Alexa only? Thank you.

First go to the WUI menu Firewall - Firewall Groups - Services

https://www.ipfire.org/docs/configuration/firewall/fwgroups/service

and add each port in as a service name if they don’t already exist in the list.

Then go to the WUI menu Firewall - Firewall Groups - Service Groups

https://www.ipfire.org/docs/configuration/firewall/fwgroups/servicegroups

and create a Service Group called, for example, Alexa and add in each of the Services that you list.

Then you can use that Service Group name, Alexa, in a firewall rule. Select preset from the Protocol drop down box and then select the Service Groups section and then in the drop down box select the Service Group name you created.

Thank you.

I rushed a little, but the problem still exists. Alexa cannot play TuneIn radio.

Screenshot 2024-02-11 at 17.09.532242×1214 178 KB

Screenshot 2024-02-11 at 17.11.572062×1104 170 KB

This is strange.
I have Alexa device and have no firewall rules for it.
We stream Radio and Spotify.
And use as alarm clock.

I don’t use Alexa (or Amazon Echo) but you may want to do some Internet searches. I don’t think these devices need port forwarding enabled to make them work. So there may be something else blocking it from working. Maybe a Firewall Rule or Blue Access causing the block.

The firewall above looks like too open to me. If port forwarding is needed, then it should be more pin point to a specific IP address for the Alexa.

Before you added the Service Group, etc. What did you see in the Firewall Logs for the Alexa device??

Looking at your firewall rule you need to make that less permissive. Currently it allows everyone on the internet to try and access all clients on all of your networks with that list of ports.

In the Firewall Groups menu you should define hosts with the name Alexa1 and Alexa2 using either their ip or mac address.

Then define a host/network group which could be called Alexa Hosts and add Alexa1 and Alexa2 to the group. Then in the firewall rule replace the Standard Networks Any with selecting Network/Host Groups and your group Alexa Hosts can be selected.

This will limit any access from people on the internet to the Alexa machines.

A question I would have is why the TuneIn service needs to be able to access Alexa even if Alexa has not tried to contact the TuneIn service.
Normally I would expect that Alexa makes the connection to the TuneIn service and then the return traffic occurs naturally as the connection tracking links the two.
Is Alexa requiring an Amazon server to contact your Alexa machines as and when it wants to?

I will give it a try. I will comeback with feedback.
LE_

Screenshot 2024-02-11 at 20.21.491980×1362 198 KB

Probably need to be in continuous connection with Amazon. If I go offline(like when I restart IPFire and DNS stop working ) Alexa devices stops working. So, yes, probably must communicate with their server.

No, The Destination is still set for Any.

Just a question, have you solved your DNS problems yet?

Nope. Still 10 min. clicks after every restart.

IMO, without solving this problem it is really hard to do configurations for any application in our LAN.