Port minidlna (8200/tcp) unavailable for external networks?

Peterc · September 6, 2025, 12:52pm

Hi all,

Debian GNU/Linux 13 (trixie) and FreedomBox version 25.10. FreedomBox is up to date.

My freedombox is behind a home router and is setup to use DMZ. The freedombox firewall is set for internal.

I have used nmap from the internet to check to see if the DMZ is setup OK.

The read out from namp:

22/tcp open ssh
53/tcp closed domain
80/tcp open http
443/tcp open https
8200/tcp open trivnet1

I have minidlna installed on my freedombox but it looks like port 8200 for minidlna open to the internet when it should be closed.

From freedombox Diagnostics read out for minidlna says.

Port minidlna (8200/tcp) unavailable for external networks passed

But from a internet nmap scan say the 8200 is open !

Regards and thanks : peter

joseph · September 6, 2025, 2:17pm

Can you do a tcp ping to 8200 from outside? I could imagine a case where NMAP passing the DMZ router through 8200 could be success only to be blocked by FreedomBox firewall and be the way you’d hope. I’m not sure.

Also, if you suspect the fire wall status page is not right you can confirm with cockpit or another tool from inside your FreedomBox.

Maybe also check the journal to see if there are external minidlna connections.

Peterc · September 6, 2025, 2:35pm

Hello @joseph

I have ping the port from the internet with:

sudo nping --tcp -p 8200 example.fbx.one

And No lost packets:

Raw packets sent: 5 (200B) | Rcvd: 5 (220B) | Lost: 0 (0.00%)

Regards: peter

joseph · September 6, 2025, 3:05pm

I’m inclined to agree with that if that’s from outside your home network.

For myself I’ve confirmed that Cockpit and FreedomBox Firewall page agree that 8200 is for internal zone. That would lead me to think that the issue may be a rule. You could maybe confirm this if there are other “Internal” ports reachable from the outside… except,

sudo nft list ruleset for me says that 8200 has the same rule as 53 which you have as closed (filter_IN_internal_allow is the chain)

Look at your logs and see if there are any connection attempts. Set the log level to debug and see what you get for minidlna.

I only see messages about my WG VPN server (10.84.0.1) in the logs.