We added a new device which can expose a connected USB drive via DLNA, internally it uses minidlna which uses SSDP for service discovery. For some strange reason that rendered my *existing* minidlna (hosted on a raspberry pi) invisible. When researching the problem, it looks like neighbor discovery (which didn’t happen before as there were no other devices) uses a multicast 188.8.131.52/8 address which my rpi was blocking due to reasons (only allows traffic via the local network and a vpn gateway). My theory is that the new minidlna device took over as “primary” and then couldn’t find other peers and so the old server wasn’t visible anymore. The solution was to allow the specific multicast address used by SSDP.
#!/bin/bash iptables -F #Tunnel interface iptables -A INPUT -i tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT #Localhost and local networks iptables -A INPUT -s 127.0.0.0/16 -j ACCEPT iptables -A OUTPUT -d 127.0.0.0/16 -j ACCEPT iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT #multicast for minidlna/SSSP iptables -I OUTPUT -d 184.108.40.206 -j ACCEPT iptables -I INPUT -d 220.127.116.11 -j ACCEPT #Allow VPN establishment, this is the port in the config's #remote iptables -A OUTPUT -p udp --dport 1198 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --sport 1198 -m state --state ESTABLISHED,RELATED -j ACCEPT #Drop everything else iptables -A INPUT -j DROP iptables -A OUTPUT -j DROP