Server Setup / Work

RHEL 8 machine as AirPlay receiver

by , , revisited on

Step 1. Install Fedora repositories

While there are no EPEL or other releases for RHEL 8, use Fedora ones.

Step 2. Install shairport-sync

sudo su
dnfplus install shairport-sync

Step 3. Enable and start service

sudo systemctl enable --now shairport-sync

Step 4. Create FirewallD service /etc/firewalld/services/airplay-server.xml:

<?xml version="1.0" encoding="utf-8"?>
  <description>Airplay Server</description>
  <port protocol="tcp" port="5000"/>
  <port protocol="udp" port="6001"/>
  <port protocol="udp" port="6002"/>
  <port protocol="udp" port="6003"/>

Step 5. Configure your home network properly

A quick recap on setting up FirewallD at home 🙂 FirewallD has a great concept of zones.

But the important gotcha is that while you can assign specific firewall zone to a network interface, the latter can have multiple connections (profiles) defined for it in NetworkManager.

NetworkManager has its own setting for which connection of the same interface is bound to which FirewallD zone. It’s nice to have when you have RHEL 8 on your laptop and roaming around between home and work.

NetworkManager connections are easily understood as different profiles (settings) for the same interface.

By default, you have 1:1 mapping between an interface and profile, that is you have one profile for each interface and its name matches to the name of the interface. E.g. eno1 interface and connection name eno1.

Let’s fix this a bit and have connection name reflect its physical location.

Considering that you’re home now and using wired network. Let’s rename the current connection profile eno1-home to eno1-home:

nmcli connection modify eno1 eno1-home

The interface name itself stays the same, eno1.

Then bind this profile to home FirewallD zone:

nmcli connection modify eno1-home home

Finally, allow all the necessary AirPlay service in home zone:

sudo firewall-cmd --zone=home --add-service=airplay-server --permanent
sudo firewall-cmd --zone=home -add-service=mdns --permanent # not really needed as this is the default for home zone
sudo firewall-cmd --reload

To verify firewall configuration I usually ran iptables -L -n, however neither tha nor iptables-save would show complete firewall state, e.g. if you run iptables-save you would see the following at the end of output:

> # Table `firewalld' is incompatible, use 'nft' tool.

Conclusion? Use one tool for the task: firewall-cmd --info-zone=home would yield:

home (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno1
  services: airplay-server cockpit dhcpv6-client mdns samba-client ssh
  masquerade: no
  rich rules:


If things don’t work as expected, try editing /etc/shairport-sync.conf with:

alsa =
  output_device = "hw: 0"; 


alsa =
  output_device = "hw: 1"; 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.