Shoutcast can be installed to run on Linux w/o a sound card. It streams the .mp3 files over the internet. Yay! Here is my tutorial on setting it up:
How to setup a multiple-stream SHOUTcast server on Red Hat Linux AS 2.1 w/ipchains configuration or Red Hat Linux AS 3.0 w/iptables configuration.
The following was performed on a custom built (old) PIII 833Mhz processor (overclocked to 945Mhz) with 512Mb PC133
RAM w/Red Hat Adv Server 2.1 kernel ver. 2.4.9-e.38.
Linux configuration:
- stop/disable any unnecessary processes/daemons such as telnet, sendmail, mouse
- do not run Xwindows, Gnome, KDE, etc. GUI’s will only use up valuable resources
- patch everything up to date as the intention is to get this thing on the internet
1. Download latest Shoutcast server for Linux:
http://www.shoutcast.com/download/serve.phtml#scdownload
*As of 9/12/04:
http://www.shoutcast.com/downloads/sc1-9-4/shoutcast-1-9-4-linux-glibc6.tar.gz
2. Download latest SHOUTcast DSP Plug-In for Mac OS X, Linux and FreeBSD:
http://www.shoutcast.com/download/broadcast.phtml
*As of 9/12/04:
http://www.shoutcast.com/downloads/sc_trans_posix_040.tgz
3. Install server:
a. cd /usr/local
b. mkdir shoutcast
c. copy or download the shoutcast-1-9-4-linux-glibc6.tar.gz to /usr/local/shoutcast
d. gunzip shoutcast-1-9-4-linux-glibc6.tar.gz
e. tar -xvf shoutcast-1-9-4-linux-glibc6.tar
4. Install the DSP plugin w/in /usr/local/shoutcast
a. Make directories for each stream you want to run. IE. if you are going to run
seperate streams for different genres or artists....mkdir sc_trans_techno,
mkdir sc_trans_hiphop
b. gunzip sc_trans_posix_040.tgz (into each sc_trans* directory)
c. tar -xvf sc_trans_posix_040.tar (into each sc_trans* directory)
5. Add content
a. After install of server, you will have a "content" directory. Make new directories
in \content for each genre or artist. IE. mkdir techno, mkdir hiphop.
b. Move .mp3 files into the respective content directories.
c. Create a play list:
find /usr/local/shoutcast/content/techno -type f -name "*.mp3" > techno.lst
6. Configure Shoutcast server:
a. First, copy the sc_serv and sc_serv.conf files to each genre or artist directory
you created in step 5a.
b. Edit the sc_serv.conf files. Each .conf file in each directory created in Step 5a
will have different port numbers, but same IP address and password.
7. Configure Shoutcast DSP plugins:
a. Copy the sc_trans_linux, sc_trans.conf to each directory created in step 4a.
b. Move the playlist you created in step 5c to the appropriate sc_trans_<genre> folder
you created in step 4a. IE. mv techno.lst /usr/local/shoutcast/sc_trans_techno
c. Edit the sc_trans.conf file. You will need to specify the file list (techno.lst in
the last example), and specify bit rate (128k), and same password you used in step
6c, and servername or IP, and same port # used in the sc_serv.conf you edited in
step 6b.
8. Start your server from /usr/local/shoutcast/content/<genre or artist folder>
IE. ./sc_serv&
9. Start your DSP plugin from each /usr/local/shoutcast/sc_trans_<genre or artist folder>
you created in step 4a.
IE. ./sc_trans_linux&
Note: you can put the above start commands in a bash script
-- You should now be able to connect using Winamp or from MusicMatch by either adding a
URL or clicking a hyperlink on a webpage:
IE. http://<ip_address>:<port# of the genre>/listen.pls
Example: http://192.168.120.70:8010/listen.pls
Example hyperlink on my webpage:
<a href="http://192.168.120.70:8020/listen.pls">Techno</a>
-- To connect to the Shoutcast svr to via administration web page http to your server’s IP
ort # w/password:
http://192.168.0.4:8050/admin.cgi?pass=<your password here>
***If you are going to host this on the internet, configure a firewall. The following is
my ipchains configuration for the 4 streams I host, each on a seperate port number
(8000, 8010, 8020, 8030). More port numbers would definitely be necessary the more
users that access the server.
The following ipchains configuration allows only DHCP, DNS, SSH and SHOUTcast ports in/out. Additionally, it uses TOS to give outbound SHOUTcast TCP traffic priority over other traffic….a definite benefit:
#!/bin/bash
# Anti-spoofing
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
# Flush all rules
ipchains -F input
ipchains -F output
ipchains -F forward
#Deny anything not prevented by following rules except output
ipchains -P input DENY
ipchains -P forward DENY
ipchains -P output ACCEPT
# Do not forward any ICMP and drop incoming ping
ipchains -A forward -p icmp -j DENY
ipchains -A input -j DENY -p icmp --icmp-type ping -i eth0 -s 0/0 -d 192.168.120.70
# Allow all inputs from loopback/internal
ipchains -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
# Allow DHCP, DNS and SSH
ipchains -A output -i eth0 -p UDP -s 0.0.0.0 68 -d 0/0 67 -j ACCEPT
ipchains -A input -i eth0 -p UDP -s 0.0.0.0 67 -d 0/0 68 -j ACCEPT
ipchains -A input -s 200.150.110.250 53 -d 0/0 -p udp -j ACCEPT
ipchains -A input -s 203.151.0.7 53 -d 0/0 -p udp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 22 -p tcp -j ACCEPT
# Allow inbound outbound Shoutcast
ipchains -A input -i eth0 -p TCP -s 0/0 -d 0/0 8000 -j ACCEPT
ipchains -A input -i eth0 -p TCP -s 0/0 -d 0/0 8010 -j ACCEPT
ipchains -A input -i eth0 -p TCP -s 0/0 -d 0/0 8020 -j ACCEPT
ipchains -A input -i eth0 -p TCP -s 0/0 -d 0/0 8030 -j ACCEPT
#Speed up output of Shoutcast w/TOS arguments
ipchains -A output -p tcp -s 0.0.0.0/0 8000 -t 0x01 0x08
ipchains -A output -p tcp -s 0.0.0.0/0 8010 -t 0x01 0x08
ipchains -A output -p tcp -s 0.0.0.0/0 8020 -t 0x01 0x08
ipchains -A output -p tcp -s 0.0.0.0/0 8030 -t 0x01 0x08
iptables configuration
Ok, so you asked “iptables superseded ipchains, how about a iptables configuration?” Here is a the iptables script I use for just a single stream on default port 8000 on a Red Hat Adv Svr 3.0, the install steps for SHOUTcast server and DSP are the same regardless. Notice the TOS rules and the drop rules.
#!/bin/bash
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
#Flush
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Rules for incoming packets from LAN
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
# Drop invalid connections:
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
# Packets for established connections
iptables -A INPUT -p ALL -d 192.168.10.6 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.10.6 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Reject everything else first:
#iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
#Rules for Shoutcast packets
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.10.6 --dport 8050 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.10.6 --dport 8050 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.10.6 --dport 8051 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.10.6 --dport 8051 -j ACCEPT
#TOS Shoutcast
iptables -A OUTPUT -t mangle -p tcp --sport 8050 -j TOS --set-tos Maximize-Throughput
iptables -A OUTPUT -t mangle -p tcp --sport 8051 -j TOS --set-tos Maximize-Throughput
#Rules for allowed inbound
iptables -A INPUT -p tcp -m tcp -s 192.168.10.0/8 -d 192.168.10.6 --dport 22 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.10.0/8 -d 192.168.10.6 --dport 22 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp -s 192.168.10.6 --syn -j ACCEPT
#iptables -A INPUT -p udp -m udp -s 192.168.10.6 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 225.132.101.254 --sport 53 -d 0/0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 225.132.0.5 --sport 53 -d 0/0 -j ACCEPT
# Drop the avalanche of Microsoft broadcasts
iptables -A INPUT -p udp -i eth0 -d 192.168.10.255 --destination-port 135:139 -j DROP
iptables -A INPUT -i eth0 -d 224.0.0.0/8 -j DROP
#Output rules:
iptables -A OUTPUT -d 192.168.10.0/8 -m state --state NEW,ESTABLISHED,RELATED -p udp --dport 22 -o eth0 -j ACCEPT
iptables -A OUTPUT -d 205.152.111.254 -p udp -o eth0 -j ACCEPT
iptables -A OUTPUT -d 225.132.0.5 -p udp -o eth0 -j ACCEPT
ACCEPT
iptables -A OUTPUT -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -p udp --dport 8050 -o eth0 -j ACCEPT
iptables -A OUTPUT -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -p udp --dport 8051 -o eth0 -j ACCEPT
iptables -A OUTPUT -d 192.168.10.1 -m state --state NEW -p udp --dport 67:68 -o eth0 -j ACCEPT
iptables -A OUTPUT -d 192.168.10.0/8 -m state --state NEW -p udp --dport 123 -o eth0 -j ACCEPT
#Block shoutcast shenanigans
iptables -I INPUT 1 -s 65.113.250.253 -j DROP
iptables -I OUTPUT 1 -d 65.113.250.253 -j DROP
iptables -I FORWARD 1 -d 65.113.250.253 -j DROP
iptables -I FORWARD 1 -s 65.113.250.253 -j DROP
#Default Drop
iptables -A INPUT -j DROP