• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can access plex via my IOT vlan but not my inhouse vlan.

L2/Switching/VLANs
3
27
2.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Daniel_Hyde
    last edited by Jun 8, 2023, 12:50 PM

    Try enabling Static route filtering if this fixes it you know it is a firewall rule causing the issue.
    It is under System>Advanced>Firewall & NAT>Advanced Options

    Thanks
    Dan

    N 1 Reply Last reply Jun 8, 2023, 1:42 PM Reply Quote 0
    • N
      Nath2125 @Daniel_Hyde
      last edited by Jun 8, 2023, 1:42 PM

      @Daniel_Hyde just enabled that setting now and tried on the in house VLAN. Still doesn't give a connection. I also tried a few other applications I allow port access too, and they also don't work additionally, so It's not just Plex. It's like I've set something up to overrule any allow rule I have for the in-house VLAN.

      D 1 Reply Last reply Jun 9, 2023, 10:05 AM Reply Quote 0
      • D
        Daniel_Hyde @Nath2125
        last edited by Jun 9, 2023, 10:05 AM

        @Nath2125 That would indicate it is not the firewall blocking it as that setting should bypass the firewall for traffic staying on the same interface.

        Thanks
        Dan

        N 1 Reply Last reply Jun 11, 2023, 1:41 PM Reply Quote 0
        • N
          Nath2125 @Daniel_Hyde
          last edited by Jun 11, 2023, 1:41 PM

          @Daniel_Hyde Then what would it be? Still dont understand whats stopping access.

          J 1 Reply Last reply Jun 11, 2023, 1:51 PM Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator @Nath2125
            last edited by johnpoz Jun 11, 2023, 1:54 PM Jun 11, 2023, 1:51 PM

            @Nath2125 if you want to access plex from a different vlan directly.. the only rule you need is tcp 32400.. On the interface your traffic would be coming into pfsense on.. So if you want vlan X to talk to your plex on vlan Y. On the vlan X interface allow tcp port 32400 to the IP of your plex server, or just allow tcp port 32400 from vlan X to vlan Y..

            You could be having a problem with dns, for plex to work locally you really need to be able to resolve the local IP via the special url that plex provides that ends in direct

            server:
private-domain: "plex.direct"

            In the custom options box of unbound. For example here is mine

            192-168-9-10.90a72(snipped)b25c.plex.direct

            If you do not set this to private in unbound, you would never get that answer back because it would be considered a rebind.

            login-to-view

            This is talked about here on the plex support page..

            https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/

            See the dns rebinding section of that link.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            N 2 Replies Last reply Jun 15, 2023, 1:35 PM Reply Quote 0
            • N
              Nath2125 @johnpoz
              last edited by Jun 15, 2023, 1:35 PM

              @johnpoz said in Can access plex via my IOT vlan but not my inhouse vlan.:

              server:
              private-domain: "plex.direct

              Your first point that is what this is ment to allow.
              login-to-view
              Ive now also added this to the inhouse vlan rules as well as the one on the existing interface group that has all the vlans in it. (screenshot in my top post). Still no changes

              I use pihole as a dns and have added the below already to my "/etc-dnsmasq.d" Directory under plex.conf:

              server:
              private-domain: "plex.direct"

              Still cant see any changes. I dont know what im missing here. Since basically all the vlans have the same rules and purpose, other then in-house vlan (the one im talking about in this post) needing access to self hosted applications from my server one of which is plex and the other vlans can and should be able to accces but inhouse vlan cant.

              N 1 Reply Last reply Jun 15, 2023, 2:02 PM Reply Quote 0
              • N
                Nath2125 @Nath2125
                last edited by Jun 15, 2023, 2:02 PM

                @Nath2125 I also have dns resolver enabled on pfsense also i should add

                N 1 Reply Last reply Jun 16, 2023, 2:35 AM Reply Quote 0
                • N
                  Nath2125 @Nath2125
                  last edited by Nath2125 Jun 16, 2023, 2:39 AM Jun 16, 2023, 2:35 AM

                  @Nath2125 I now added it to that rule to every individual vlan interface rules and removed it from the group alias to see if that was the issue and every vlan has now lost access to plex directly and is coming up with a 172.0.0.1 address using plex relay. After putting it back to how it was originally every vlan now has recovered access other then inhouse vlan. This whole issue is so werid.

                  1 Reply Last reply Reply Quote 0
                  • N
                    Nath2125 @johnpoz
                    last edited by Jun 16, 2023, 2:53 AM

                    @johnpoz Also just tried putting the inhouse vlan on another vlan 31 and change ip address to 192.168.32.x range.

                    login-to-view

                    Getting this when im trying to track what happens when trying to access that plex port against the firewall i created.

                    J 1 Reply Last reply Jun 16, 2023, 8:52 AM Reply Quote 0
                    • J
                      johnpoz LAYER 8 Global Moderator @Nath2125
                      last edited by Jun 16, 2023, 8:52 AM

                      @Nath2125 well you sent a syn and never got an answer - so you yeah it was closed by the client. If you get no answer - but other vlans can access it - that would point that 10.4 box not allowing it.

                      I would sniff on the 10.4 interface - allow ping, and ping the 10.4 from your 31.12 do you see the pings being sent on to 10.4, any answers? If not then its not getting to your plex or its not answer, or sending the answer to something else? Or you blocking it via a floating on the outbound side?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      N 1 Reply Last reply Jun 16, 2023, 1:18 PM Reply Quote 0
                      • N
                        Nath2125 @johnpoz
                        last edited by Jun 16, 2023, 1:18 PM

                        @johnpoz when you say sniff the interface and allow ping. What do you mean by that? Do you mean go to the ping option and try and ping or setup another firewall rule to try and ping. Little confused sorry.

                        I shouldn't be blocking anything in floating rules in regards to your last comment.

                        J 1 Reply Last reply Jun 16, 2023, 1:29 PM Reply Quote 0
                        • J
                          johnpoz LAYER 8 Global Moderator @Nath2125
                          last edited by johnpoz Jun 16, 2023, 1:31 PM Jun 16, 2023, 1:29 PM

                          @Nath2125

                          here - I am pinging and doing a packet capture on pfsense.. see the ping request go out, I get a response.. What does yours show?

                          login-to-view

                          I am doing a packet capture on my lan interface, where my 9.10 box sits - and pinging from my phone on the 192.168.2 network - it is routed through pfsense and pfsense sends it on, see the ping request.. Then my box answers, the reply..

                          If you see the request go out, but no reply then something on your box your pinging is not answering, or its sending it somewhere else - or something is happening to it after pfsense puts it on the wire and that what your pining never got it.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          N 1 Reply Last reply Jun 16, 2023, 1:50 PM Reply Quote 0
                          • N
                            Nath2125 @johnpoz
                            last edited by Nath2125 Jun 16, 2023, 1:51 PM Jun 16, 2023, 1:50 PM

                            @johnpoz Ok so i ran this with these settings. The perslan is where plex sits on the 192.168.10.4 as well as pfsense sitting on the same subnet lan network. I put in the 192.168.31.12 address which is my iphone trying to connect to plex with and put the capture below. I should add also the 192.168.10.5 is my pihole dns
                            login-to-view

                            23:48:00.979978 IP 192.168.31.12.50683 > 192.168.10.5.53: UDP, length 42
23:48:01.006151 IP 192.168.10.5.53 > 192.168.31.12.50683: UDP, length 186
23:48:02.558459 IP 192.168.31.12.51849 > 192.168.10.5.53: UDP, length 76
23:48:02.558490 IP 192.168.31.12.54760 > 192.168.10.5.53: UDP, length 35
23:48:02.558511 IP 192.168.31.12.64819 > 192.168.10.5.53: UDP, length 25
23:48:02.558534 IP 192.168.31.12.59725 > 192.168.10.5.53: UDP, length 77
23:48:02.558555 IP 192.168.31.12.65396 > 192.168.10.5.53: UDP, length 78
23:48:02.561450 IP 192.168.31.12.50602 > 192.168.10.5.53: UDP, length 75
23:48:02.561477 IP 192.168.31.12.56388 > 192.168.10.5.53: UDP, length 32
23:48:02.561500 IP 192.168.31.12.63523 > 192.168.10.5.53: UDP, length 32
23:48:02.567233 IP 192.168.31.12.57771 > 192.168.10.5.53: UDP, length 33
23:48:02.567257 IP 192.168.31.12.52233 > 192.168.10.5.53: UDP, length 31
23:48:02.567278 IP 192.168.31.12.55663 > 192.168.10.5.53: UDP, length 31
23:48:02.571051 IP 192.168.10.5.53 > 192.168.31.12.51849: UDP, length 92
23:48:02.574441 IP 192.168.10.5.53 > 192.168.31.12.64819: UDP, length 57
23:48:02.574956 IP 192.168.10.5.53 > 192.168.31.12.54760: UDP, length 67
23:48:02.575174 IP 192.168.10.5.53 > 192.168.31.12.59725: UDP, length 93
23:48:02.575439 IP 192.168.10.5.53 > 192.168.31.12.65396: UDP, length 94
23:48:02.578706 IP 192.168.10.5.53 > 192.168.31.12.56388: UDP, length 57
23:48:02.579021 IP 192.168.10.5.53 > 192.168.31.12.63523: UDP, length 48
23:48:02.579437 IP 192.168.10.5.53 > 192.168.31.12.50602: UDP, length 91
23:48:02.582818 IP 192.168.10.5.53 > 192.168.31.12.57771: UDP, length 65
23:48:02.588707 IP 192.168.31.12.56468 > 192.168.10.4.32400: tcp 0
23:48:02.588792 IP 192.168.31.12.56470 > 192.168.10.4.32400: tcp 0
23:48:02.588818 IP 192.168.31.12.56471 > 192.168.10.4.32400: tcp 0
23:48:02.588841 IP 192.168.31.12.56469 > 192.168.10.4.32400: tcp 0
23:48:02.588865 IP 192.168.31.12.56472 > 192.168.10.4.32400: tcp 0
23:48:02.623393 IP 192.168.31.12.61887 > 192.168.10.5.53: UDP, length 32
23:48:02.623417 IP 192.168.31.12.56244 > 192.168.10.5.53: UDP, length 32
23:48:02.629142 IP 192.168.10.5.53 > 192.168.31.12.55663: UDP, length 181
23:48:02.653782 IP 192.168.10.5.53 > 192.168.31.12.61887: UDP, length 76
23:48:02.655283 IP 192.168.10.5.53 > 192.168.31.12.56244: UDP, length 144
23:48:02.661225 IP 192.168.31.12.56476 > 192.168.10.4.32400: tcp 0
23:48:02.766604 IP 192.168.31.12.53088 > 192.168.10.5.53: UDP, length 77
23:48:02.766628 IP 192.168.31.12.60814 > 192.168.10.5.53: UDP, length 72
23:48:02.766887 IP 192.168.31.12.51860 > 192.168.10.5.53: UDP, length 75
23:48:02.771624 IP 192.168.31.12.52498 > 192.168.10.5.53: UDP, length 74
23:48:02.771670 IP 192.168.31.12.51454 > 192.168.10.5.53: UDP, length 77
23:48:02.771793 IP 192.168.31.12.64847 > 192.168.10.5.53: UDP, length 77
23:48:02.773364 IP 192.168.31.12.51966 > 192.168.10.5.53: UDP, length 76
23:48:02.774454 IP 192.168.31.12.65101 > 192.168.10.5.53: UDP, length 73
23:48:02.774486 IP 192.168.31.12.56485 > 192.168.10.4.32400: tcp 0
23:48:02.776777 IP 192.168.31.12.57775 > 192.168.10.5.53: UDP, length 77
23:48:02.776798 IP 192.168.31.12.62508 > 192.168.10.5.53: UDP, length 77
23:48:02.776849 IP 192.168.31.12.65245 > 192.168.10.5.53: UDP, length 76
23:48:02.776870 IP 192.168.31.12.60208 > 192.168.10.5.53: UDP, length 78
23:48:02.778241 IP 192.168.31.12.56489 > 192.168.10.4.32400: tcp 0
23:48:02.779137 IP 192.168.10.5.53 > 192.168.31.12.52233: UDP, length 226
23:48:02.788960 IP 192.168.10.5.53 > 192.168.31.12.51860: UDP, length 91
23:48:02.789201 IP 192.168.10.5.53 > 192.168.31.12.51966: UDP, length 92
23:48:02.789561 IP 192.168.10.5.53 > 192.168.31.12.60814: UDP, length 88
23:48:02.789936 IP 192.168.10.5.53 > 192.168.31.12.52498: UDP, length 90
23:48:02.790170 IP 192.168.10.5.53 > 192.168.31.12.57775: UDP, length 93
23:48:02.791810 IP 192.168.10.5.53 > 192.168.31.12.60208: UDP, length 94
23:48:02.814372 IP 192.168.31.12.56238 > 192.168.10.5.53: UDP, length 34
23:48:02.814399 IP 192.168.31.12.62431 > 192.168.10.5.53: UDP, length 41
23:48:02.814420 IP 192.168.31.12.62234 > 192.168.10.5.53: UDP, length 41
23:48:02.814443 IP 192.168.31.12.60693 > 192.168.10.5.53: UDP, length 34
23:48:02.815739 IP 192.168.10.5.53 > 192.168.31.12.56238: UDP, length 34
23:48:02.817587 IP 192.168.31.12.58925 > 192.168.10.5.53: UDP, length 40
23:48:02.818191 IP 192.168.31.12.50059 > 192.168.10.5.53: UDP, length 40
23:48:02.818792 IP 192.168.10.5.53 > 192.168.31.12.60693: UDP, length 50
23:48:02.819652 IP 192.168.10.5.53 > 192.168.31.12.58925: UDP, length 40
23:48:02.820437 IP 192.168.10.5.53 > 192.168.31.12.50059: UDP, length 56
23:48:02.826938 IP 192.168.10.5.53 > 192.168.31.12.62431: UDP, length 57
23:48:02.832312 IP 192.168.10.5.53 > 192.168.31.12.62234: UDP, length 134
23:48:02.988699 IP 192.168.10.5.53 > 192.168.31.12.64847: UDP, length 93
23:48:02.990066 IP 192.168.10.5.53 > 192.168.31.12.65101: UDP, length 89
23:48:02.990316 IP 192.168.10.5.53 > 192.168.31.12.65245: UDP, length 92
23:48:02.992064 IP 192.168.10.5.53 > 192.168.31.12.51454: UDP, length 93
23:48:03.063771 IP 192.168.10.5.53 > 192.168.31.12.62508: UDP, length 93
23:48:03.160212 IP 192.168.10.5.53 > 192.168.31.12.53088: UDP, length 93
23:48:03.413996 IP 192.168.31.12.62206 > 192.168.10.5.53: UDP, length 43
23:48:03.414568 IP 192.168.31.12.62924 > 192.168.10.5.53: UDP, length 43
23:48:03.427177 IP 192.168.10.5.53 > 192.168.31.12.62206: UDP, length 107
23:48:03.430445 IP 192.168.10.5.53 > 192.168.31.12.62924: UDP, length 75
23:48:03.599971 IP 192.168.31.12.56468 > 192.168.10.4.32400: tcp 0
23:48:03.599984 IP 192.168.31.12.56472 > 192.168.10.4.32400: tcp 0
23:48:03.599994 IP 192.168.31.12.56471 > 192.168.10.4.32400: tcp 0
23:48:03.600009 IP 192.168.31.12.56470 > 192.168.10.4.32400: tcp 0
23:48:03.600019 IP 192.168.31.12.56469 > 192.168.10.4.32400: tcp 0
23:48:03.665802 IP 192.168.31.12.56476 > 192.168.10.4.32400: tcp 0
23:48:03.774479 IP 192.168.31.12.56485 > 192.168.10.4.32400: tcp 0
23:48:03.777507 IP 192.168.31.12.56489 > 192.168.10.4.32400: tcp 0
23:48:04.594760 IP 192.168.31.12.56468 > 192.168.10.4.32400: tcp 0
23:48:04.594784 IP 192.168.31.12.56472 > 192.168.10.4.32400: tcp 0
23:48:04.594795 IP 192.168.31.12.56471 > 192.168.10.4.32400: tcp 0
23:48:04.594804 IP 192.168.31.12.56469 > 192.168.10.4.32400: tcp 0
23:48:04.594814 IP 192.168.31.12.56470 > 192.168.10.4.32400: tcp 0
23:48:04.667708 IP 192.168.31.12.56476 > 192.168.10.4.32400: tcp 0
23:48:04.775405 IP 192.168.31.12.56485 > 192.168.10.4.32400: tcp 0
23:48:04.778558 IP 192.168.31.12.56489 > 192.168.10.4.32400: tcp 0
23:48:05.598509 IP 192.168.31.12.56469 > 192.168.10.4.32400: tcp 0
23:48:05.598526 IP 192.168.31.12.56470 > 192.168.10.4.32400: tcp 0
23:48:05.598536 IP 192.168.31.12.56472 > 192.168.10.4.32400: tcp 0
23:48:05.598546 IP 192.168.31.12.56468 > 192.168.10.4.32400: tcp 0
23:48:05.598555 IP 192.168.31.12.56471 > 192.168.10.4.32400: tcp 0
23:48:05.671227 IP 192.168.31.12.56476 > 192.168.10.4.32400: tcp 0
23:48:05.777708 IP 192.168.31.12.56485 > 192.168.10.4.32400: tcp 0
23:48:05.780410 IP 192.168.31.12.56489 > 192.168.10.4.32400: tcp 0
                            J 1 Reply Last reply Jun 16, 2023, 2:05 PM Reply Quote 0
                            • J
                              johnpoz LAYER 8 Global Moderator @Nath2125
                              last edited by johnpoz Jun 16, 2023, 2:08 PM Jun 16, 2023, 2:05 PM

                              @Nath2125 and nothing in there is showing any response at all..

                              Doh.. here is a response

                              23:48:00.979978 IP 192.168.31.12.50683 > 192.168.10.5.53: UDP, length 42
23:48:01.006151 IP 192.168.10.5.53 > 192.168.31.12.50683: UDP, length 186

                              But I see no responses to your 32400.. Prob be easier if you say filtered on IP and port..

                              if your sniffing on the pfsense 192.168.10 interface - you can see pfsense is sending on traffic to 10.4 from 31.12 to 32400, but there are no responses.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                              N 1 Reply Last reply Jun 16, 2023, 2:10 PM Reply Quote 0
                              • N
                                Nath2125 @johnpoz
                                last edited by Nath2125 Jun 16, 2023, 2:12 PM Jun 16, 2023, 2:10 PM

                                @johnpoz did the same again from settings above except now with port 32400 filtering. I run this while trying plex from that ip.

                                Yes the 192.168.10 is the interface i have selected (perslan)

                                00:08:56.076986 IP 192.168.31.12.59711 > 192.168.10.4.32400: tcp 0
00:08:56.233080 IP 192.168.31.12.59717 > 192.168.10.4.32400: tcp 0
00:08:56.357681 IP 192.168.31.12.59726 > 192.168.10.4.32400: tcp 0
00:08:56.357751 IP 192.168.31.12.59727 > 192.168.10.4.32400: tcp 0
00:08:57.079493 IP 192.168.31.12.59711 > 192.168.10.4.32400: tcp 0
00:08:57.233644 IP 192.168.31.12.59717 > 192.168.10.4.32400: tcp 0
00:08:57.505633 IP 192.168.31.12.59727 > 192.168.10.4.32400: tcp 0
00:08:57.505658 IP 192.168.31.12.59726 > 192.168.10.4.32400: tcp 0
00:08:58.089088 IP 192.168.31.12.59711 > 192.168.10.4.32400: tcp 0
00:08:58.233331 IP 192.168.31.12.59717 > 192.168.10.4.32400: tcp 0
00:08:58.553271 IP 192.168.31.12.59726 > 192.168.10.4.32400: tcp 0
00:08:58.553333 IP 192.168.31.12.59727 > 192.168.10.4.32400: tcp 0
00:08:59.081329 IP 192.168.31.12.59711 > 192.168.10.4.32400: tcp 0
00:08:59.251403 IP 192.168.31.12.59717 > 192.168.10.4.32400: tcp 0
00:08:59.364912 IP 192.168.31.12.59726 > 192.168.10.4.32400: tcp 0
00:08:59.364926 IP 192.168.31.12.59727 > 192.168.10.4.32400: tcp 0
00:09:00.081124 IP 192.168.31.12.59711 > 192.168.10.4.32400: tcp 0
00:09:00.240943 IP 192.168.31.12.59717 > 192.168.10.4.32400: tcp 0
00:09:00.377797 IP 192.168.31.12.59726 > 192.168.10.4.32400: tcp 0
00:09:00.377813 IP 192.168.31.12.59727 > 192.168.10.4.32400: tcp 0
                                J 1 Reply Last reply Jun 16, 2023, 2:13 PM Reply Quote 0
                                • J
                                  johnpoz LAYER 8 Global Moderator @Nath2125
                                  last edited by Jun 16, 2023, 2:13 PM

                                  @Nath2125 well so either plex is not running? Or you have a firewall on that host? Or that server is sending its response somewhere else..

                                  here fired up a connection from my phone on the 192.168.2 network to my plex 192.168.9.10 doing a sniff on the 192.168.9 interface on pfsense. You can see it sends on the trafic from 2.198 to 9.10:32400 and there is a response sent back that pfsense sees.

                                  login-to-view

                                  If you see pfsense send on the traffic - then you know your firewall rules allow the traffic.. But pfsense has no control if the device is going to answer.

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                  N 1 Reply Last reply Jun 16, 2023, 2:19 PM Reply Quote 0
                                  • N
                                    Nath2125 @johnpoz
                                    last edited by Nath2125 Jun 16, 2023, 2:19 PM Jun 16, 2023, 2:19 PM

                                    @johnpoz I can see what you mean by it sending it back. I can assure you plex is running and no seperate firewall is running. I run simply pfsense with omada gear switch and AP's and everything works fine on the other vlans i have running. Here below is a capture from the IOT vlan i have (192.168.40.x) and it looks to be responding back. So im still quite confused whats causing this.

                                    00:17:08.202668 IP 192.168.40.41.58820 > 192.168.10.4.32400: tcp 1304
00:17:08.203080 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 398
00:17:08.210906 IP 192.168.40.41.58820 > 192.168.10.4.32400: tcp 0
00:17:08.210915 IP 192.168.40.41.58820 > 192.168.10.4.32400: tcp 1354
00:17:08.216339 IP 192.168.10.4.32400 > 192.168.40.41.58237: tcp 380
00:17:08.219285 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 953
00:17:08.219936 IP 192.168.40.41.58237 > 192.168.10.4.32400: tcp 0
00:17:08.223481 IP 192.168.40.41.58820 > 192.168.10.4.32400: tcp 0
00:17:10.146197 IP 192.168.10.4.32400 > 192.168.40.41.58237: tcp 831
00:17:10.388997 IP 192.168.10.4.32400 > 192.168.40.41.58237: tcp 831
00:17:10.636842 IP 192.168.10.4.32400 > 192.168.40.41.58237: tcp 831
00:17:10.868752 IP 192.168.40.41.58237 > 192.168.10.4.32400: tcp 0
00:17:10.868765 IP 192.168.40.41.58237 > 192.168.10.4.32400: tcp 0
00:17:10.950154 IP 192.168.10.4.32400 > 192.168.40.41.58237: tcp 25
00:17:10.969193 IP 192.168.40.41.58237 > 192.168.10.4.32400: tcp 0
00:17:10.970262 IP 192.168.40.41.58237 > 192.168.10.4.32400: tcp 29
00:17:10.970374 IP 192.168.10.4.32400 > 192.168.40.41.58237: tcp 0
00:17:12.060909 IP 192.168.40.41.58829 > 192.168.10.4.32400: tcp 649
00:17:12.061218 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 398
00:17:12.061995 IP 192.168.40.41.58820 > 192.168.10.4.32400: tcp 649
00:17:12.062218 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 398
00:17:12.065629 IP 192.168.40.41.58820 > 192.168.10.4.32400: tcp 0
00:17:12.065639 IP 192.168.40.41.58829 > 192.168.10.4.32400: tcp 0
00:17:12.068114 IP 192.168.40.41.58829 > 192.168.10.4.32400: tcp 691
00:17:12.068124 IP 192.168.40.41.58820 > 192.168.10.4.32400: tcp 691
00:17:12.068606 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 310
00:17:12.068621 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 309
00:17:12.068828 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068841 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068850 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068859 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068869 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.068879 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.068888 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.068898 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.068907 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068915 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068925 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068942 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.068953 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.068963 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.068972 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069002 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069037 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069048 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069057 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069589 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069604 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069615 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069624 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069638 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069649 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069657 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069667 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069680 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069691 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069700 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069760 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069774 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.069948 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.069960 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.069969 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.069979 IP 192.168.10.4.32400 > 192.168.40.41.58829: tcp 1448
00:17:12.070695 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070709 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070722 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070733 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070746 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070756 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070768 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070778 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070790 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.070802 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071570 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071583 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071596 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071607 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071619 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071630 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071642 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071653 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071663 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071676 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071690 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071703 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.071712 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072842 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072855 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072866 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072875 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072884 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072894 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072902 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072912 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072921 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072929 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072939 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072948 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.072959 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
00:17:12.073949 IP 192.168.10.4.32400 > 192.168.40.41.58820: tcp 1448
                                    J 1 Reply Last reply Jun 16, 2023, 2:26 PM Reply Quote 0
                                    • J
                                      johnpoz LAYER 8 Global Moderator @Nath2125
                                      last edited by Jun 16, 2023, 2:26 PM

                                      @Nath2125 well your going to have to look elsewhere pfsense is clearly sending it on.. I would do a sanity check that pfsense has the correct mac address for your plex as a place to start..

                                      [23.05-RELEASE][admin@sg4860.local.lan]/root: arp -a | grep 192.168.9.10
i9-win.local.lan (192.168.9.100) at b0:4f:13:0b:fd:16 on igb0 expires in 725 seconds [ethernet]
nas.local.lan (192.168.9.10) at 00:11:32:7b:29:7d on igb0 expires in 294 seconds [ethernet]
[23.05-RELEASE][admin@sg4860.local.lan]/root:

                                      Then if I look on my nas where plex is running

                                      ovs_eth0  Link encap:Ethernet  HWaddr 00:11:32:7B:29:7D  
          inet addr:192.168.9.10  Bcast:192.168.9.255  Mask:255.255.255.0

                                      Might want to sniff on your plex box and make sure the traffic is getting there.. We know pfsense is sending it - but are we sure its getting there?

                                      So for example here I am sniffing on my nas were my plex is running.

                                      ash-4.4# tcpdump -i eth0 host 192.168.2.198 and port 32400 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:26:01.679073 IP 192.168.9.10.32400 > 192.168.2.198.55744: Flags [P.], seq 821517552:821517576, ack 2065543933, win 270, options [nop,nop,TS val 3062781672 ecr 433390218], length 24
09:26:01.785781 IP 192.168.2.198.55744 > 192.168.9.10.32400: Flags [.], ack 24, win 2047, options [nop,nop,TS val 433410322 ecr 3062781672], length 0
09:26:04.680116 IP 192.168.9.10.32400 > 192.168.2.198.55744: Flags [F.], seq 24, ack 1, win 270, options [nop,nop,TS val 3062784673 ecr 433410322], length 0
09:26:04.755769 IP 192.168.2.198.55744 > 192.168.9.10.32400: Flags [.], ack 25, win 2047, options [nop,nop,TS val 433413291 ecr 3062784673], length 0
09:26:08.248735 IP 192.168.9.10.32400 > 192.168.2.198.52410: Flags [P.], seq 3374823080:3374823130, ack 827981877, win 251, options [nop,nop,TS val 3062788242 ecr 3451710269], length 50

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                      N 1 Reply Last reply Jun 16, 2023, 2:49 PM Reply Quote 0
                                      • N
                                        Nath2125 @johnpoz
                                        last edited by Jun 16, 2023, 2:49 PM

                                        @johnpoz I've looked into mac addressing and looks to be fine and matching. I don't know why its not responding back like the other vlans are. I just unraid with Plex and having changed network settings since they always used to work. But I'm unsure now. IL keep thinking about other possibility of what I can do.

                                        Reading through those packet captures looks to be just my unraid server not responding on that IP address, although responds fine to the other vlans. I really can't see what's making this different from the others.

                                        J 1 Reply Last reply Jun 16, 2023, 3:00 PM Reply Quote 0
                                        • J
                                          johnpoz LAYER 8 Global Moderator @Nath2125
                                          last edited by johnpoz Jun 16, 2023, 3:01 PM Jun 16, 2023, 3:00 PM

                                          @Nath2125 possible mask problem.. I didn't look to what the other networks are.. But one thing that comes to mind where answers to some source IPs work and others don't - other than a firewall blocking access from source, or only allowing specific source would be a mask problem.

                                          Where source IP X comes in and the plex thinks oh that is on my local network, do you have a mask other than /24 ? If the plex box thinks the source IP trying to talk to it is local to its own network it would never send answer back to its gateway (pfsense).

                                          If you sniff on your plex box and see it come in, look to see if it arps for that IP right after, if its arping for it - it thinks its on the same local network. Or just look at the mask on the interface on your plex box.

                                          Are you running plex as a docker, or just native.. Docker likes to do stuff behind a nat, etc.

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                          N 1 Reply Last reply Jun 16, 2023, 3:11 PM Reply Quote 0
                                          11 out of 27
                                          • First post
                                            11/27
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.