You might find yourself having a hard time making Chromecast work on your openSUSE or Linux-box in general. Well, the issue lies in your firewall settings.
In this article, I will focus on firewalld, a zone-type firewall - rules based on zone, that's pre-installed in openSUSE, Fedora, etc. You can skip this article if you're using ufw that's pre-installed in Ubuntu.
Basically, all you need to do is:
nmcli connection modify 'YourConnectionName' connection.zone home
This setting will change your connection to the home zone that will be more compromised than the default public zone, allowing you to connect with your Chromecast devices. This setting will also persist on reboot, so you only have to do it once. I will explain in detail below.
Do not change your device zone, change a connection zone instead
Why changing your device/interface zone is a bad idea? Let's assume that on this interface, a wireless card in your laptop, for example, you might use to connect to your home's wifi hotspot, your school's wifi hotspot, coffee shop's wifi hotspot, etc. Well, you wouldn't trust all those hotspots equally, would you? Yes, that's why changing your device/interface zone is a bad idea. And that's also the reason why the device/interface zone is set to public by default. It's needless to say that changing the default zone, or open a specific port range, would be the worst idea 😂
I recommend you change your most trusted connection zone, your home network, for example, to home, so you can use Chromecast on this network, along with many connection types that wouldn't work otherwise.
Knowing your current connection zone, and changing the zone
It's surprisingly hard to find your connection zone, as the zone is not presented in GNOME Settings (issue #1425), nor YaST Firewall. Google doesn't help much either. Here's how to find your zone before making any change.
-
Finding your active connection name first:
nmcli connection show --active
This will return something like:
NAME UUID TYPE DEVICE YourConnectionName xxxxxxxxxxxxxxxxxxxxxxxxxxxxx wifi xxxxxx
-
Finding its zone:
nmcli connection show 'YourConnectionName' | grep zone
This will return:
connection.zone: public
-
Changing your connection zone to home
nmcli connection modify 'YourConnectionName' connection.zone home
-
Checking your connection zone again:
nmcli connection show 'YourConnectionName' | grep zone
It should return:
connection.zone: home
After this, you should be able to cast to Chromecast devices on openSUSE or any system with firewalld. It's worth to check whether you have the default allowed services on your home zone in YaST Firewall. You should have dhcpv6-client
, mdns
, samba-client
, and ssh
services on the allowed list.
I hope this helps.
Cover photo by Viktor Forgacs on Unsplash
Zone on The Road photo by David Clarke on Unsplash
A Map photo by Hendrik Morkel on Unsplash
Top comments (6)
Worked like a charm! Thanks!
Thanks! I'm glad it works out for you.
This doesn't seem to work. I confirmed changing the connection to home, and that dhcpv6-client, mdns, samba-client, and ssh service are allowed in home. When I cast, it Chrome still doesn't see devices. When I turn off the firewall, it works fine. I also tried adding ssdp as well, but it doesn't help
Are you sure? I just tested again a minute ago, it's working as expected with firewall enabled.
Make sure your connection is in the zone
home
, andmdns
is allowed. It won't work with VPN, make sure to disable it, or use split tunneling if available. This should be enough to make the cast to Chromecast. There's no need to allowssdp
.If you don't use YaST, you might to try reloading your firewall after the change manually by:
Strangely I had to add "upnp-client" service to home. It seems like Roku is using it to advertise itself, which is what "ssdp" is typically used for. When I add unpnp-client, I now see 3 out of 4 devices I can cast to.
I need to do some more testing as I think I saw additional devices when I added "ssdp."
For testing, you need to do a full reload, "firewall-cmd --complete-reload", to kill off existing connections, or your changes might not be apparent. I'm not sure service stop/start will kill existing connections.
Using tshark, I also saw Roku using igmp. I had to add that service to OpenSUSE, as it isn't defined in "/usr/lib/firewalld/services". It doesn't seem to need it, but will check after a reboot. I'm not sure if there is some stuff with multicast connections and state that might be cached in the stack.
Define igmp for firewalld
cat < /usr/lib/firewalld/services/igmp.xml
<?xml version="1.0" encoding="utf-8"?>
igmp
IGMP
EOF
chown root:root /usr/lib/firewalld/services/igmp.xml
chmod 644 /usr/lib/firewalld/services/igmp.xml
Wow! Thanks! This is a very informative post. I'm glad it works out for you.