Smart TV App ZDF Mediathek - no connection to external

Hi,
I’m searching for some steps on how to trace issues for the German ZDF Mediathek that is running on my LG Smart TV. I’ve got problems with the connection to the app’s server.

The TV is running different apps like ARD Mediathek which is working fine, no connection issues whereas the Pro7 app shows similar connections issue like the one mention above.

Some details: I’m running webproxy (transparent) on green. SquidClamAV is running as well as the URL filter service. The firewalls default mode is blocked for outgoing. IPS is running, QoS and GeoIP blocks all country except those from DE.

For debugging I’ve already disabled WebProxy, URL filter, ClamAV to no avail. Additionally to the mentioned disabled services I’ve set the firewalls mode to allowed. None of those settings used at a time made the ZDF app working.

To narrow down the issue, I’ve set the mode of the FW to blocked again and set up a firewall for the TV’s IP address to destination any for all ports allowed and switched on logging.

To my surprise, no traffic got logged this way. So how would one test such a beast?
Using tcpdump on interface green for the TV’s IP address?
I will get lots of traffic I bet, but which of the packets is the one that get blocked?

Btw, the TV gets its IP address from IPFire DHCP server but even a static one did not change the game.

Thx,
Michael

Try to disable GeoIP blocking - maybe the server of ZDF Mediathek / Pro7 is located outside of Germany.

Regards,
Axel

I will give that a try later on.

However, so far I thought that GeoIP blocking only kicks in if someone tries to establish a connection from outside and not in case any device opened the connection itself?

OK, disabling GeoIP did not help!

What’s interesting: a tcpdump "host 192.168.12.4" -vv, running on IPFire did not reveal any connection attempt to the WWW at the time I started the app. Maybe I did something wrong?

So again I disabled the WebProxy and URL filter on IPFire to no avail. Letting those services disabled, I’ve set up the TV to use Wifi and checked if the app is now able to connect. No it doesn’t.

Next, I’ve set up the TV’s LAN connection to manual and assigned a second DNS server: IPFire. Previously the TV got the first DNS server from DHCP-server which is pointing the the DNS of my NAS (because of a running Active Directory Server, but that’s a different story).
Right after changing the DNS, the App connected successfully!

Now I’ve enabled the WebProxy und URL filter again and re-checked if the app is still able to connect. It does, so I switch off the TV.

BUT today in the morning, before posting here, I again tried the App and to my surprise, no connection again. Hence, I resetted the DNS server to the previous one but again no connection.

I now assume that the WebProxy, transparent or not and/or the URL filter are causing some issues. Both services already have the IP address of the TV in their exclusion/white list. So far I assumed that this is enough for the TV to work flawlessly. Obviously it dos not!

I encountered a similar issue some months back, where I had to manually exclude the IP addresses for my Sonos device in a .conf file of SquidClamAV (or was it a configuration file of the proxy, don’t remember right now). The IP addresses of Sonos have be excluded, too in the WebIF, to no avail!

Anyway, I will try similar steps for my TV now, because of the experiences with Sonos.

I wonder however why white listing the devices in WebIF does not work as expected?

Michael

Hi Hellfire,

please have a look at this https://wiki.ipfire.org/configuration/network/proxy/ext_info/opti it’s helped me with my radio-streams.

Edit: just tested it here on my Samsung Tv no problem with ZDF-Mediathek.

Proxy Green transparent with Squidclamav and clamav no geo-ip block.

Thanks Markus!

Not all apps cause issues on my TV, e.g. ARD works perfectly well, Pro7 not. Anyway, thanks for the link, I will check this and report back.

OTH the ZDF app does not even “boot” up, streaming will come in play later I guess, 'cause I did not even the the landing page of the app.
But one never knows. so let me check the exclusions you linked above…

Your setup is similar to mine, but disabled GeoIP. OTH I’m running Surricata and a DNS blocker for unbound that keeps some ads away from the local clients. But even when disabling IPS and the blocker, no connection either for the app.

Michael

Hello, Michael,

are you using pi-hole?

Is there anything in this log? related to the IP of the TV?

No to pi-hole and no to the logs - checked each available log more than once: IPS, system logs, URL filter, and more.

BUT I finally found the issue - mad bad! I’m using a DNS blocker (similar to pi-hole) and obviously the automatically downloaded DNS list, with host names to be blocked, contains the host names of hbbtv.zdf.de and some more.
Don’t know why the author wants us/me to block them, but after whitelisting some hosts, and rebuilding the blocker list, the ZDF Mediathek now runs well!

Thanks for all your suggestions and tips!

Michael

Hi Michael,

That sounds good. I can only imagine that the blocklist authors dismiss hbbtv as a data gathering octopus. Thanks for the feedback that certainly helps one or the other.

Solely, the ProSieben app makes some more troubles as expected. Obviously the hosts hbbtv.prosieben.de or hbbtv.redbutton.de are not called directly.

I’ve narrowed that down by using NSLOOKUP hbbtv.prosieben.de and notice that some more host are called, like hbbtv.prosieben.de.akamaized.net or hbbtv.redbutton.de.edgekey.net.

Even after white listing them, too, nothing happens, still no connection. Hence, I will have to dig deeper, maybe I’ve not found the correct hosts so far, but some sources in internet only revealed both host from the top ob this posting…

here some adresses in an list for hbbtv https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/smarttv.txt

HTH