Enjoying your music from another place
Scope of this info
Initially this section will concern itself with Windows. Most of the concepts apply equally to all versions of SBS so where possible <other> will be used to show equivalent commands or procedures.
Many will argue that "tunneling" and "VPN" connections are necessary for security purposes. This section will assume that users do not have geek skills and it will concentrate on making "Enjoying your music from another place" possible for slightly technical users using the security features of SBS.
Using these procedures assumes the gentle user assumes all responsibility for following the copyright law that exists in their jurisdiction.
It is assumed that the gentle user has an internet connection that does not involve a traditional phone-line with modem. The term "modem" in this information should be read as a modem that makes a DSL/cable/satellite connection. Also, this information assumes the gentle user has connected to this modem with an ethernet connection (which resembles a "fat" phone cable.) Connections using USB to a modem are too stupid to explain.
The "reference" for this information is SBS 7.4.1. Menu options and selections may change. If you edit, please reference future versions and text/menus rather than replacing information.
The term "PC" is used generically to represent whatever you are using and is not intended to disparage Apple products in any way.
Here is a simple network diagram:
Your modem has an IP address assigned to it which it uses to communicate with the "outside" world of the internet.
This address is either "static" (permanent) or "dynamic" (temporary.) Most cable modems have static IP's because that's the way cable infrastructure works.
DSL connections often have dynamic IP's, especially for "basic" low speed or "lite" plans. As the speeds increase with the higher associated monthly rates, you will reach a point where a static IP on the DSL line is a given. You can usually pay an monthly fee to have a static IP on low-speed connection but it's usually a very expensive proposition. It's better to just pay for the data rate that includes a static IP.
For users with dynamic IP's, there are a number of service providers who will also provide you a pipe to your home from the outside internet for a monthly fee. These involve installing software on your PC that communicates with the provider, telling it when your IP has changed. You should also investigate DYNDNS This discussion won't be telling you how to use these services.
If you are still using dial-up, you probably don't want to pursue remotely playing your music (AND you didn't read the introduction above.)
So here's how your modem works:
In short, your modem knows when it receives data from the internet that it didn't ask for, and blocks it from getting into your "intranet."
Concepts of the "inbound connection"
Since your Modem will reject any data it did not ask for, you cannot talk to your Squeezebox Server from the "outside" internet without telling your Modem that it should let you in.
Here's how you do that:
To get to this configuration web site, you need to know your Modem's "inside" IP address. You can get this info a number of ways:
1. Windows: While your computer is using the internet, open a "Command Prompt" and type the command
The computer may have more than one piece of hardware that can talk to the internet. (Laptops have wireless and wired hardware and they each have their own IP. Bluetooth devices also have their own IP.)
The IP number you want is labeled as the "Gateway Address." Write it down.
2. Vista/Windows 7: Open Control Panel/Network and Sharing Center and click "View full map" in the upper right corner. Hover the cursor over the "Gateway" and the IP address and other information will be shown. Write down the "IPv4" address.
3. Windows XP: Open Control Panel/Network Connections and RIGHT click on the active connection. Select "Status." When the window appears, select the "Support" tab at the top. Write down the "Default gateway" address.
4 Linux: Open a terminal window and enter the command
Usually, the gateway will be the not zeroes one on a line ending with eth0. Write it down.
5. Call your internet provider's technical support line.
Many "intranet" addresses start with 192.168 so if your gateway address does, you can be slightly reassured (for just a few seconds because the worst is yet to come..)
Making the "inbound connection"
One of the important things you need to know is the "inside" IP address of your SqueezeBox Server PC. Get this from the WebGUI using Settings/Information. It is shown as the "Server IP Address" in the top paragraph. Write it down and call it that so you do not confuse it with the Modem's "inside" address.
Now would also be a good time to get the technical support telephone number for your internet provider (and to make sure your phone has a good charge.)
As shown in the diagram above, usually your Modem will assign your SqueezeBox Server PC it's "inside" IP address. Each time your SqueezeBox Server PC restarts, it will ask to use the same address it had last time. So far so good. If your SqueezeBox Server PC is turned-off, however, and a "new" device asks your Modem for an address, it JUST MIGHT GIVE IT THE ADDRESS your SqueezeBox Server HAS BEEN USING. Both remote streaming and your SqueexeBoxes will be very confused if the Server is not where it used-to-be.
It is a very good idea to manually assign your SqueezeBox Server's "inside" IP address so it always lives in the same place on your network. Use Google or any of the other lame search engines to find "making windows use a static IP"
Open the web browser you like and enter the "inside" IP address of your Modem into the address bar. Just enter the numbers and the periods (dots) and make sure you do not include any spaces between the numbers and the dots.
Press Enter (or click the "go" arrow.)
If you are lucky, you will be shown the configuration screen, If you were born on a rotten day, you will be asked for a user name and/or a password.
Most Modem's user names are:
The password is often:
The password is also often the SERIAL NUMBER of the Modem or it may be A DIFFERENT NUMBER near the serial number on the sticker on the Modem. Use a magnifying glass and carefully write the number and be equally careful keying it in. If it doesn't work the first time, look back at the sticker and MAKE SURE you are using the correct number.
When you get a configuration screen, the option you want is probably going to be on the "Expert" or "Advanced" screen so go there. The term for our endeavor is "PORT FORWARDING." It is sometimes called "Pinholes." My Modem has the option under "Configure"/"NAT" which is not at all what we are doing. We ARE NOT interested in anything called DMZ.
Note that some Modems MAY allow you to use the SqueezeBox Server PC's NAME when entering the PORT FORWARDING rules, and that the SBS PC usually needs to be turned-on when you are configuring the Modem.
Here's the concept:
Now: If you were not able to get to the configuration screen because you did not have the password or you could not figure out how to add the "PORT FORWARDING RULES," call you internet provider's technical support. Tell them you want to "CONFIGURE PORT FORWARDING." There are no rules that I am aware-of that would prevent you from this capability and I have dealt with some technical support staff who are happy to set up your Modem from their end.
Most Modems will ask for a "range" of port numbers to forward. Just enter the same number for the "from port" and "to port," as from port 9000 to port 9000.
It is good to know how to configure your Modem's Port Forwarding because you can also use it to get access to your home computers from the internet AND if you do a Factory Reset of your Modem, the rules will have to be re-entered.
The last part we need to know to talk to our Modem from the internet is it's "outside" IP. While you are using the SqueezeBox Server PC, use a web browser to go to the address:
This site will tell you your Modem's "outside" IP. Email it to one of your web mail accounts so you don't have to remember it.
When you are on the "outside" internet you will use the web address:
To access/control your SqueezeBox Server WebUI just like you use it at home.
You will use the "dotted" "outside" IP address to configure your remote SqueezeBoxes:
If you have installed "Community Softsqueeze" as a plug-in, you can use the WebGUI to install it on your remote PC. This will automatically configure Softsqueeze to use the SBS PC you were pointing-to in your web browser and will create a desktop icon that will allow you to start it from the remote location.
Please see and use the sections below to establish security for your SqueezeBox Server. If you do not, ANYBODY will be able to use your hardware !
NEEDLESS TO SAY:
If you are accessing your SBS PC from the internet, ALL USER ACCOUNTS should have passwords. If you use the "Block Incoming Connections" option below, it's still a good idea for the user accounts to have passwords: an open account can expose the "inside" IP of your SBS PC through the WebGUI.
Network speed and the magic of LAME
This section will be of concern if your music library is higher quality (read "either lossless" or "higher bitrate.")
Current modem connections (especially DSL) have faster download speeds than upload speeds.
This makes sense: you have a short request for information (go to this web address) and then a lot of data (your requested web page) is downloaded.
When SBS is used to play music to you remotely, it is important to understand that the connection coming to your player from SBS over the internet is generally slower than the connection used inside your home.
To ensure you can have a good experience, SBS includes a feature that lets it "step down" the speed required for you to play your music remotely.
If you have, for example, apple or flac lossless music in your library, this feature allows SBS to convert it (on-the-fly) to a lower bit-rate MP3 stream that your network connection can reliably deliver to your remote player.
This is a far easier approach than to keep a separate version of all your music for remote use.
LAME is the piece of software that SBS expects to be installed for this capability.
Note that each player can and will have different "fidelity" settings. These settings can be found under Server Settings/Player/Audio. If you take one of your players to another location, you can easily modify it's settings to make continuous playback possible.
There are two settings that control this feature in SBS:
This is either "No Limit" or the network speed the player will use. Various players support "network tests" that allow you to see the speed and effectiveness of your connection.
- Lame Quality Level
This setting will depend on the load you want to put on the SBS computer while the player is used. Most modern machines will probably be fine with (0-Highest Quality, very slow) It belongs to you. Play with it.
Note that this settings page also indicates under "Bitrate Limiting" whether SBS thinks lame is installed. My page says "The LAME encoder appears to be correctly installed on your system."
"Install" in Windows
LAME for Windows can be found here: LAME Download
Be sure you note which versions are "experimental." If you get the "wrong" version, it will be easy to change.
You want the version "compiled with Intel Compiler." Whether you need the "64-bit" version" can be determined by opening Control Panel/System: if you have a 64-bit Windows version will be shown.
As the site explains, your package will have lame.exe and lame.dll. You will only need the lame.exe program.
The downloaded file will be a .zip file that contains both versions. If you do not know how to find the downloaded file or "unzip" it, you are kaboshed.
Move or copy lame.exe to the proper directory, which in C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread (or whatever similar directory is at the top of Bin..) This directory will include alac.exe, flac.exe, and others.
Restart SBS after the file is "installed."
Keeping others out
Two methods are available to keep others from accessing your SBS.
These methods both work at the same time, if turned-on. They apply equally to your "local" players as well as access from the internet.
If you plan to enable either (or both) method(s,) please read both sections thoroughly.
Both methods are controlled in Server Settings/Advanced/Security
User/Password protection allows you to specify a user name and password that allows access to your SBS.
This has no relation to your Windows/Linux/Mac user name and password.
If you activate this option, you will need to use the remote/controller's input to type out the user name and password on each of your players.
You will also have to provide the user/password each time you connect via the WebGUI (unless you have your browser remember the password.)
User/password's also complicate changing players from one SqueezeBox Server to another if you have more than one music source.
As always, UPPERCASE and lowercase makes a difference.
Using "Block Incoming Connections" to establish security
In the WebUI, Settings/Advanced/Security has the option "Block Incoming Connections." This will let you keep users on the internet (read "who are not you") from using your SqueezeBox Server after you have setup your Modem to let you in.
When you turn this option on, you will need to add (at least) two addresses in the "Allowed IP Addresses" field. They will look like this:
The 127.0.0.1 is a special address that stands for "localhost" which is the machine SqueezeBox Server is running on. The 192.168.1.* should reflect the first three "dotted" numbers of your "inside" addresses. The asterisk means allow any machine on the 192.168.1 network have access to the SqueezeBox Server program/WebGUI.
If your "inside" addresses are 192.168.2.x, specify:
When we want an "outside" location to use the Server, we will add a comma and ALL FOUR dotted numbers of the origin. As an example, in your remote office/home, browse to whatismyip.com to determine the "remote" origin IP, and then add it to the list.
Note that most serious places of employment will probably have ports 3483 and 9000 blocked by their corporate firewalls/routers so don't count on listening absolutely everywhere..
"Letting yourself in" from a remote location
If you have a significant other/bff in the vicinity of your SqueezeBox Server PC, you can call them to add your desired remote location. (Don't forget to click "Apply!") You can do it when you get home if it's a regular remote place.
If you don't, you can configure SqueezeBox Server by taking control of your SBS PC from the internet:
1. Remote desktop (RDP) is part of Windows (except for the Starter/Home Version.) If your SBS PC is running XP PRO, Vista/Win 7 Business or Ultimate editions, you can turn this access on in Control Panel/System/Remote. There are "patches" available on the internet that add RDP to Home versions of Windows. Some work. Some may be infected. Some may break your system. CREATE A RESTORE POINT before you play.
2. REALVNC has a free copy of the VNC program that allows you to control a "VNC server" from a remote PC running either a "VNC viewer" program or a web browser. The "VNC server" will need to be installed on your SBS PC (and it will usually run automatically as a service at startup. You can set this during the install.)
An interesting design feature of VNC is that you can control a Mac from a Windows machine or a Linux machine or any mix of connections. It is a program originally created by the AT&T. Go figure.
For either 1 or 2, you will need to make a port forwarding rule so your Modem will let your traffic in and direct it to your SBS PC.
When making this rule, common sense says: Don't use the "standard" port numbers on the "outside" world side of the rule. The modem can take one port from the "outside" and send it to a different port on the "inside." It's part of the rule set-up.
For example, the "standard" port for RDP is TCP 3389. Don't make your rule TCP 3389 sent to 3389 on SBS PC. Use a non-standard (you pick it) number above say, 5000.
So make your rule TCP 5574 to 3389 on SBS PC. VNC requires two ports to be forwarded. Again, do not send the "standard" ports.
You will make contact from your "remote" PC (all versions of Windows have Start/Accessories/<communications>/remote desktop connection) by using:
Both RDP and VNC use the colon to specify the port to use. VNC uses two colons:
3. GOTOMYPC and other services install a version of the free program called VNC and allow you to take control of your home machine remotely.
Other Things mentioned here
"Home networking" as sold by your internet provider
In many locations, "home networking" is sold as a monthly service.
There really isn't an issue with this except that once the "home network" is set-up, it will work indefinitely.
For the most part, you can use ahem "Networking 101" to achieve the same thing without paying a monthly charge. When it comes to wired connections, use of "switches" works fine.
When you use wireless access, things are a little more complicated. You should understand the difference between switches and routers and most importantly, how do the computers in your home get IP addresses. (Once again, see Networking 101.)
"Who's got the DHCP?? and why does it matter?
As above, cable and DSL Modem's have DHCP servers and they are usually enabled, passing out automatically assigned "inside" IP addresses.
There is another culprit: if you are using a Wireless Router/Access Point (WAP), chances are it will also be running a DCHP server and passing out IP addresses.
As long as both the Modem and the WAP are on the same network, there usually is no issue but a high percentage of the time they are not on the same network.
Example: Modem is on 192.168.1 and the WAP (some linksys) is on 192.168.2
Wireless computers (and perhaps some wired ones) will not be on the same network. This is why laptops cannot see printers attached to the "base" network.
Use the web configuration tool on you WAP to TURN-off DHCP and assign the router a local IP address outside the range of DHCP on your Modem. Make the Gateway address in the WAP the "inside" address of you Modem and wireless PC's will get their IP's from the Modem.
(I have all my WAP's assigned starting at 192.168.1.100 so I can set firefox buttons for them.)
If you are stuck and don't know your DNS addresses, you can always use 220.127.116.11 and 18.104.22.168 (google public dns servers.)