Punching Pulseaudio-RTP through a firewall

As I mentioned in the previous post, I recently set up a network audio server computer using pulseaudio-rtp. Because it would have been a waste of resources to use it only for audio work, I started using it for some other services, too. For security and access control reasons I ended up installing and setting up a firewall there (UFW in my case). Of course, at that point pulseaudio-rtp stopped working…

I do not want to go through all the different setups I tried to make pulseaudio-rtp to work through a firewall, lack of proper documentation made the task quite laborous. Here’s just the working setup:

  1. On the client (i.e. the desktop), in the /etc/pulse/default.pa, set module-rtp-send port=<portofyourchoice>
  2. On the server, in the /etc/pulse/default.pa, set module-rtp-recv sap_address=
  3. In the /etc/default/ufw, set DEFAULT_FORWARD_POLICY="ACCEPT"
  4. In the firewall setup, open the <port>/udp you set up in step 1, and port 9875/udp

I found out about the undocumented port 9875 only after debugging the network traffic with tcpdump and netstat. I couldn’t find any information about that port anywhere in the pulseaudio-rtp documentation (or if it is there, it’s hidden so well that I didn’t find it).

This entry was posted in Linux and tagged , , , . Bookmark the permalink.