How can I access in home servers with pfsense as my router
-
@dlohrke said in How can I access in home servers with pfsense as my router:
The computer that’s running Plex says it’s not accessible from outside my network and I can’t figure out how to get that working
That's typical.
When you hook up several PC's with an OS like 'Windows', they don't even really need a router (like pfSense) to communicate with each other.
That is, they still need a router like pfSense so they can get settings like an IP, mask, (gateway, DNS) during startup.
But afterwards, PC with IP 192.168.1.10 can communicate with 'the other PC' that uses 192.168.1.15, and the 'printer' on 192.168.1.35 etc.Don't let this choc you : modern OSs for PCs (MACs) also have a firewall ! Have a look at it. Especially the Microsoft Windows firewall rules overview.
It's very common to see applications listed, with their dedicated firewall rules. It wouldn't be a surprise that "Plex" sets up a firewall rule for itself where it only accepts connections from "local" devices. Local is your LAN, so connections will be accepted when they come from any device with the IP 192.168.1.x/24 = your other PC's and phones, or, to be more precise, everything connected to your LAN.
I'm pretty sure that the authors of Plex will warn you : do not enable that access to 'everybody' like : also all the connection coming from the Internet. As there are risks.@dlohrke said in How can I access in home servers with pfsense as my router:
other issues with certain file sharing apps on my phone are not allowing me access on my pc anymore
If you have an access point on your LAN, then your phone will get an IP like 192.168.1.x also (DHCP from pfSense).
For file sharing to work, again, all devices must be on the same LAN = 192.168.1.x/24Btw : all this has little or nothing to do with pfSense.
pfSense is a router firewall, pretty identical with it's default behavior as any other router firewall out there. -
@gertjan Yeah that is kind of what I thought too, it is just strange to me that I only started seeing the issues when I moved from my built in ISP router to a PFsense one. I understand that everything connected via LAN should be able to connect pretty seamlessly with one another but for some reason plex is having a hard time doing it and I also like using plex outside of my home with friends and family. For that I may need to go into the PFsense router and open the 34200 port or whatever that Plex uses correct? What about things like Air share on my ios device to my windows PC, when you open Air share on iOS it gives you an ip that you can enter into your webbrowser so that you can drag and drop files to your phone, but I had to disable all of my bitdefender security to even get that to notice anymore. It's really strange to me. My wifi network is all put together by a couple of Ubiquiti APs and the software for them runs 24/7 with the PC that is running plex too, could I need to recofigure those now that PFsense is the main router for all IP distribution? Could it be something built into the PFsense firewall? I haven't touched that at all.
-
@dlohrke said in How can I access in home servers with pfsense as my router:
I only started seeing the issues when I moved from my built in ISP router to a PFsense one
Something everybody sees, but actually few understand :
This :
as soon as you change your router, your PC (Windows, and soory, mine is french) will show you a dialog box here you have to chose.
This is because your PC doesn't 'know' the new router, pfSense. So it asks you if the 'new' network is a public one, like the one you use when you connect to a Wifi network @ Macdonalds, or if it is actually your home network, so you should trust it, and select Private.
If you select public, your PC will not be able to connect to any device on your LAN with one exception : the gateway, which is pfSense, so it can access the Internet.
Be sure that Plex doesn't do the same thing with 'new' networks, as if it does, you can't connect to it anymore. You have to tell it also to 'trust' the local LAN network and the devices on it. -
@gertjan Okay, my plex machine had private already selected, but my main machine did not. I changed that to private still shows indirect connection though, restart may fix that, but as far as the public one for computers outside of my network is that where I would need to at a port forward in PFsense?
-
@dlohrke said in How can I access in home servers with pfsense as my router:
I would need to at a port forward in PFsense?
That's the quick and dirty solution.
A huge medical event, during 2019, 2020 and 2021 made a new connection method popular.
It was actually known for decades already, but now everybody is using it :
VPN.If your PC, Phone etc needs to connect to your 'local' resources like your pfSense, your Plex or whatever, use a VPN. It has become a 'click and play' solution.
Opening ports : not needed anymore.That is : on the WAN interface there will be one (1) pass rule :
and on every device you install the OpenVPN app.
Done.When you want to connect to home, start the VPN connection, and now you can use local resources.
Be aware : your pfSense LAN is 192.168.1.x/24
Your VPN 'LAN' will be something like this 192.168.2.x/24 so, technically,you are still an 'another' network.So classic Windows Explorer Network browsing won't show your devices, but you could assign them host names (pfSense can help you with this) so you can access :
plex.yourlocalpfsensedomain.tld instead of using an IP.
You still have to inform plex that it should accept connections from everybody - and/or you change the firewall rule that it should accept connection from 192.168.1.x/24 and 192.168.2.x/24 so you're safe.
Do this for every PC and other device, if possible. -
This post is deleted! -
Also see: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html
Likely your ISP router was doing NAT reflection by default and pfSense does not.
Steve
-
@stephenw10 What is Nat reflection. I think I got it all working, looks like the main issue stemed from my main PC being in public mode and not private when I connected the pfSense box. That and after port forwarding Plex it seemed to fix it, my last box forwarded that port automatically.
-
If clients behind the firewall are trying to access internal resources using the external IP, as if they were outside, NAT reflection allows that.
https://docs.netgate.com/pfsense/en/latest/nat/reflection.htmlSteve
-
@stephenw10 Interesting, still a lot I need to learn on the networking side of things. Gertjan's post help a lot with getting the inital things sorted this morning, but man it was taking me some time there. Are there any things you recommend to new pfSense users, this system has so much more advanced options than I have ever seen in any standard consumer product and it's so overwhelming but very interesting.
-
Do one thing at a time and make sure that's working as expected before moving on.
-
@gertjan Your main post about private/public network looks like it may have been the main thing, then I forwarded the ports for Plex, my old box forwarded them automatically which is odd, looks like that has fixed the main issues. Thanks for the help there, I was losing my mind.
