# How to jail miniDLNA with NAT



## klu (Feb 4, 2018)

Hi I'm trying to set up a miniDLNA server inside a jail. When it's inside a jail, my LAN clients cannot access it. But if miniDLNA is installed outside of the jail, my LAN clients can successfully access it.

My jail has it's private IP (192.168.60.3) address on host's lo1 interface. I then attempt to use `pf` in host to direct traffic to the jail with miniDLNA:


```
rdr proto tcp from any to any port 8200 -> 192.168.60.3
    rdr proto udp from any to any port 1900 -> 192.168.60.3
```

UDP port 1900 is for uPnP. TCP 8200 is for miniDLNA's simplistic status web page. I can access the web page from LAN, using *host's IP*: http://<bsd_host>:8200. And in the jail, miniDLNA can receive UDP port 1900 traffic which I sent from LAN.

However, DLNA clients just CANNOT find the media resources when it's running in jail!


----------



## SirDice (Feb 5, 2018)

Kay said:


> However, DLNA clients just CANNOT find the media resources when it's running in jail!


DLNA discovers resources by using broadcasts. Those broadcasts don't traverse your NAT.


----------



## PacketMan (Feb 8, 2018)

SirDice said:


> DLNA discovers resources by using broadcasts. Those broadcasts don't traverse your NAT.



Broadcast or multicast? I thought DLNA was multicast based. Ether way you are still right (unless using a router that can be, and has been, configured to route multicast).  ((And in a L2 switched environment, without multicast lan optimizations turned on, multicast is forwarded like broadcast.))


----------



## SirDice (Feb 8, 2018)

PacketMan said:


> Broadcast or multicast? I thought DLNA was multicast based.


You are correct, it's multicast, not broadcast. 



PacketMan said:


> Ether way you are still right (unless using a router that can be, and has been, configured to route multicast).


Indeed, the issue remains the same, it doesn't traverse the NAT so the DLNA receiver never gets the discovery request.


----------

