Plex Blocked for External Access

rubber_duck13

Hello, I have a Plex server running in my LAN that works great internally and is able to download meta data, etc. However, the remote access is not working to watch plex outside my network. This did work at one time, not sure when it quit or what changed that would have caused the issue. For those familiar with Plex, in the Remote access area, when I test external access, it will show it working right after a test, but after about 5 seconds, it then switches to not available.

I have port 32400 forwarded to the server and a NAT entry as well.

In the firewall logs I am seeing blocks from that could be causing this on the LAN interface to external. The rule blocking these is "Default deny rule IPv4 (1000000103)". The weird thing is that the protocol is "TCP:FPA" and "TCP:RA" for these entries in the logs. All "TCP" protocol entries are allowed/not blocked.

I did some reading and the info I found talks about asymmetric routing. I do have a dual WAN setup, the gateway group is setup for "member down" as the trigger. I did try to set my gateway to WAN1 (take it out of multiwan), but that didn't work.

I found this article and tried to do the manual fix under it, but that didn't work (its possible I set it up incorrectly...).
https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html

Anyone know how I can resolve this issue so Plex can be reachable from outside my network?

Jarhead

@rubber_duck13
The only reasonable reply is do not open any ports and setup a vpn for remote access. Opening ports is never a good idea especially for known ports like plex.

Someone else will chime in and be able to help you if you really want to keep the port open but it's too easy to use a vpn not to.

rubber_duck13

@jarhead

That sounds fine, I have a vpn setup for other reasons, I can see if I can jump off that to get this working.

I would still like to know the answer either way, just for curiousitys sake.

rubber_duck13

@jarhead
I was able to setup a VPN, things seem to be working after going that route.

johnpoz

@rubber_duck13 if you have dual wan - then yeah sure you could have an issue where replies maybe go out the wrong wan.

But if you have vpn that works for you - that works too.

rubber_duck13

@johnpoz
I assume that is why I was having issues. My question is, is there a way to force the replied to go out on the same WAN they came in one unless the WAN is down? I thought the way I was setup, that it would only fail to WAN2 if WAN1 was completely down.

johnpoz

@rubber_duck13 have no idea how your setup - but reply to should be set and yeah should return via the connection that came in on..

https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#disable-reply-to