Feb 102014
 

like many others behind corporate/personal firewalls, i have struggled to get the spotify web player (http://play.spotify.com) working reliably. after working with a network admin at work, we have finally gotten it resolved.

Sorry but it seems that we cannot stream music to you at this time. This is probably because of restrictions placed on your network, but we are working on ways to get around this

the spotify faq tells you to open tcp/4070 to 78.31.8.0/21 – and nothing else. this is not quite complete – apparently the web player also requires a connection to a macromedia-fcs server, which they appear to run out of amazon cloudfront. i found cloudfront’s public ip list , and added access to tcp/1935 on all ranges. the final list looked like:

source any any dest 54.192.0.0/16 tcp/1935
source any any dest 54.230.0.0/16 tcp/1935
source any any dest 54.239.128.0/18 tcp/1935
source any any dest 54.239.192.0/19 tcp/1935
source any any dest 54.240.128.0/18 tcp/1935
source any any dest 204.246.164.0/22 tcp/1935
source any any dest 204.246.168.0/22 tcp/1935
source any any dest 204.246.174.0/23 tcp/1935
source any any dest 204.246.176.0/20 tcp/1935
source any any dest 205.251.192.0/19 tcp/1935
source any any dest 205.251.249.0/24 tcp/1935
source any any dest 205.251.250.0/23 tcp/1935
source any any dest 205.251.252.0/23 tcp/1935
source any any dest 205.251.254.0/24 tcp/1935
source any any dest 216.137.32.0/19 tcp/1935
source any any dest 78.31.8.0/21 tcp/4070
source any any dest 193.182.8.0/21 tcp/4070

hope this helps someone else!

  5 Responses to “spotify web player behind a firewall”

  1. Thanks for knowledge. Recently I have blocked almost everything with new firewall and tried 4070 like spotify’s faq tells but it also needed 1935 like above.

  2. This reads like Greek to me, how do I get this to work?

    • Implementing these rules depends heavily on the router/firewall you use – most commercial ones make it rather simple (i.e. no command line, all web GUI). The ACLs read like this:

      source any any dest 54.192.0.0/16 tcp/1935

      where..

      source any any means from any address and any port (in that order)
      dest 54.192.0.0/16 means the destination address range is 54.192.0.0/16. The /16 is CIDR notation, and in this case means any address in the range 54.192.0.0 to 54.192.255.255. More on CIDR here.
      tcp/1935 means the destination port is the TCP protocol (versus UDP, or perhaps ICMP), on port number 1935.

      Sorry of that still reads like greek! If you tell me the model number of your router I may be able to give you more specific insight as to how to implement this – no guarantees though 😉

  3. hey dude. just wanted to say I experienced the same problems and added in the IPs and freed up the ports you said and it’s completely fixed. this is really great, i can listen to music without annoying pauses!

    thanks so much! you’re doing the lord’s work

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>