ZMNinja Blank Monitors

[Quantum]

ZMNinja is working fine in my (Android) phone and sees all my monitors, except the screens are blank and only show ... .

On the server VM I am seeing firewall blocks from the phone to server of port 80/tcp... but ZM is not there, it's on 13080. I have all settings set to this but can't find any set to port 80.

Also I have almost nothing in the server's /var/lib/zmeventnotification/push/tokens.txt , only

Code: Select all

{"tokens":{}}

This means that I won't be getting notifications in ZMNinja. I use a firewall in my phone (AFWall+) so maybe that's blocking something, but I don't know what to allow.

Anyone know what's going on?

[iconnor]

When entering the url to zm, put the port in the url. http://serverip:port/zm

[Quantum]

Indeed in Settings I have set the correct port. I am seeing each of the four named monitor windows as I should... just no video. Only an ellipsis in each window.

My port is 13080, but I suspect that somewhere zmninja expects port 80, but there doesn't seem to be any place to set it.

[iconnor]

Ok let me replicate the setup and see if I can figure it out.

[Quantum]

Thanks iconnor. To give a little more detail, port 13080 appears on 10.2.3.1 of my WireGuard KVM VM. This is the IP visible only to outside incoming WG VPN requests like my phone (which is running ZMNinja).

To get 13080 here I set up a reverse SSH tunnel to the cameras server, which is another KVM VM that runs ZM, and is listening using nginx on 127.0.0.1:80. To the WG server for all intents and purposes, it thinks it's the one running ZM. I've done things with SSH tunnels this way for a decade.

So when a request comes in from ZMNinja on 13080 to 10.2.3.1 the WG server reaches into its bellybutton and pulls out the ZM server response through the SSH tunnel, transparently. I separate things this way for security partitioning as I'm an infosec type.

As a result port 13080 and only 13080 is available to the phone, strictly enforced by both the SSH tunnel, and nftables. I have a zero-trust LAN.

But it appears that ZMNinja wants port 80 for something, which is not visible in Settings. It seems that for your purposes all you'd have to do is set up nginx to listen only on 13080 (or other non-prived port), on an IP available to ZMNinja on an Android or iPhone, and allow access through firewall.

[Quantum]

As a bonus, after I try using ZMN many times, /var/lib/zmeventnotification/push/tokens.txt contains only:

Code: Select all

{"tokens":{}}

Why? It's a mystery to Science.

[Quantum]

Yes, but as I say I have set ZMNinja to use port 13080.

In fact though on my WireGuard server which the phone connects to my LAN through, I'm getting nftables blocks from the phone to port 80 when I run ZMNinja.

Code: Select all

[Wed Jan  3 07:45:07 2024] [nftables] Inbound Denied: IN=inWG OUT= MAC= SRC=10.2.3.20 DST=10.2.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47176 DF PROTO=TCP SPT=44136 DPT=80 SEQ=603914440 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020404D80402080A09503C64000000000103030C) 
[Wed Jan  3 07:45:08 2024] [nftables] Inbound Denied: IN=inWG OUT= MAC= SRC=10.2.3.20 DST=10.2.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47177 DF PROTO=TCP SPT=44136 DPT=80 SEQ=603914440 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020404D80402080A0950404F000000000103030C) 
[Wed Jan  3 07:45:10 2024] [nftables] Inbound Denied: IN=inWG OUT= MAC= SRC=10.2.3.20 DST=10.2.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47178 DF PROTO=TCP SPT=44136 DPT=80 SEQ=603914440 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020404D80402080A09504855000000000103030C) 
[Wed Jan  3 07:45:14 2024] [nftables] Inbound Denied: IN=inWG OUT= MAC= SRC=10.2.3.20 DST=10.2.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47179 DF PROTO=TCP SPT=44136 DPT=80 SEQ=603914440 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020404D80402080A0950582A000000000103030C) 

When I run ZMNinja on the phone... even though I have it set to port 13080, it nevertheless tries to connect also to port 80, which it is not/can not be allowed to do. I have so many servers, that I must set my ports to have as the first two digits the last two digits of the server's IP address. A given server's port is not usually on the machine it presents on, since I make extensive use of SSH reverse tunnels.

So in this case machine 10.2.0.13 is the ZM server and presents on port 80. Machine 10.2.0.1 is my WireGuard server, which sets up a reverse SSH tunnel to .13 of port 80, to port 13080 on the WG interface 10.2.1.1, which is visible to the phone. I can not present port 80 on the WG server as this conflicts with its own webserver.

So it looks like ZMNinja can not work for me. It disobeys my port setting.

[Quantum]

{nobody's here}

[iconnor]

(Why are we whispering?)