Nixpkgs: Chromecast doesn't work with NixOS firewall enabled
Issue description
AFAICT, I have to disable the NixOS firewall to get Chromecast to work from Google Chrome to my Chromecast device.
(AFAIK, Chromium and Chromecast don't play well together, regardless of OS/firewall, just as a refernce.)
FWIW, someone was asking about VLC -> Chromecast casting, but I haven't managed to get that working at all.
Maybe we could fix with a module or something that can do the right changes to the firewall? I wouldn't have thought it would be an issue, but maybe the firewall is filtering the upnp that Chromecast uses for discovery. I'll investigate more later.
Steps to reproduce
Install google-chrome. Try to chromecast to a local device. You won't be able to find them.
colemickens
All 11 comments
The first step towards a solution will be to research and document which ports need to be open for chromecast to work.
Whether modules/services should open firewall ports in NixOS is an unresolved and controversial topic, see e.g. discussion in #19504. I personally prefer to control the firewall centrally in my NixOS config over multiple modules each doing "something'.
xeji
on 3 Nov 2018
Chromecast needs incoming UPnP/SSDP traffic over the ephemeral port range. I was able to get chromecast working from chrome browser by allowing UDP over the (default) ephemeral port range with the following nixos configuration:
networking.firewall.allowedUDPPortRanges = [ { from = 32768; to = 60999; } ];
That said, this didn't help with other applications such as gnomecast. For that I ended up just disabling the firewall entirely.
rprije
on 16 Apr 2019
@rprije looking through the gnomecase issue tracker, I was pointed to https://blog.g3rt.nl/allow-google-chromecast-host-firewall-iptables.html, which also only shows a (slightly altered) port range.
Can you check by setting networking.firewall.logRefusedConnections / networking.firewall.logRefusedPackets to true what else is missing?
flokli
on 23 Jun 2019
Btw, for VLC chromecast support, this looks like this: https://github.com/NixOS/nixpkgs/pull/58588/files#diff-5d985ea964eaf18562d8f8034602059dR21
flokli
on 23 Jun 2019
I got this working without making explicit changes to the firewall. I enabled Avahi:
{
services.avahi.enable = true;
}
And then made sure that chrome://flags/#load-media-router-component-extension was enabled. You can obviously do this within the browser, but I prefer to do it the declarative & reproducible way:
{
environment.systemPackages = with pkgs; [
(chromium.override {
commandLineArgs = "--load-media-router-component-extension=1";
})
];
}
NOTE: this led to quite a long nixos-rebuild so I'm wondering if it caused recompilation of chromium. From the derivation it doesn't look like it should, but just as fair warning.
matt-snider
on 1 May 2020
Hmm, looking for load-media-router-component-extension, it seems this is wildly recommended across the internet to fix chromecast streaming support.
I'm not sure why it doesn't default to ON in chromium (I'd expect this to hit other distro users with firewalls enabled by default too?), but I'd be a bit hesitant with deviating from upstreams defaults, without further understanding why.
@primeos, any ideas?
flokli
on 1 May 2020
@flokli unfortunately I'm not familiar with this topic (didn't try to use a Chromecast with Chromium yet)
For now it seems like a good idea at least to document this in the wiki: https://nixos.wiki/wiki/Chromium
Additionally we could consider adding an option to the firewall module (maybe something generic like allowLanDiscovery or specific options like allowUpnp) or to the Chromium module (for the CLI flag + Avahi). But I'm not sure if that would help enough to justify the additional module options (though a generic firewall option for such things could be pretty useful).
primeos
on 1 May 2020
@primeos we documented necessary firewall changes for VLC chromecast streaming in nixos/doc/manual/release-notes/rl-1909.xml - but in that case, it was a new feature, and adding it to the module system was a bit too much (there's no VLC module anyways)
I'm not sure if Chromecast ever worked in Chromium/Google Chrome on NixOS before. Did you check nixos/modules/programs/chromium.nix if your proposed change can be done without recompiling chromium, by writing to some of these files in /etc defined there?
flokli
on 5 May 2020
Did you check
nixos/modules/programs/chromium.nixif your proposed change can be done without recompiling chromium, by writing to some of these files in /etc defined there?
I only shared my personal thoughts of approaches to resolve this, I didn't have a concrete implementation in mind. But e.g. the approach mentioned in https://github.com/NixOS/nixpkgs/issues/49630#issuecomment-622498732 wouldn't require recompiling Chromium (and could be integrated into the chromium module if deemed necessary).
primeos
on 5 May 2020
Yeah, I think documenting how to get it to work, and eventually adding it to the chromium module seems to be the way forward here. @colemickens, WDYT?
flokli
on 5 May 2020
I marked this as stale due to inactivity. → More info
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 1 Nov 2020
Related issues
matthiasbeyer
路
3Comments
ghost
路
3Comments
edolstra
路
3Comments
sid-kap
路
3Comments
teto
路
3Comments
Most helpful comment
I got this working without making explicit changes to the firewall. I enabled Avahi:
And then made sure that
chrome://flags/#load-media-router-component-extensionwas enabled. You can obviously do this within the browser, but I prefer to do it the declarative & reproducible way:NOTE: this led to quite a long
nixos-rebuildso I'm wondering if it caused recompilation of chromium. From the derivation it doesn't look like it should, but just as fair warning.