Plex Across VLAN
-
I had this all working until just yesterday when I started tinkering with enabling ipv6 throughout my network, realized I had no idea what I was doing, and promptly reverted all my changes. Now, for some odd reason, Plex will not work on local subnets except via proxy. As far as I can tell, everything should be working as it was before.
I did a full restore on my settings to before I started tinkering and it still will not work.
Any suggestions? My wife is furious that plex was not working and I've moved everything back to the main LAN for now. I am about to throw in the towel, but the fact it will not work is driving me insane. I've spent more hours than I care to admit trying to fix whatever happened.
TV VLAN firewall rules (192.168.3.0/24 network):
Admin LAN rules (where the server lives - 10.27.27.0/24 network):
Plex LAN Network settings:
DNS Resolver:
Packets blocked:
-
@jamcallis you sure that is the IP plex is using now, maybe when you were messing around it got a different IP?
Can you just open the plex directly?
https://10.27.27.250:32400/web/index.html#!/
-
@johnpoz thanks for the reply.
Yes the server has a static ip, which is that exact address. I can access it while connected to the admin net but I cannot from any other vlan.
-
@jamcallis You sure the host isn't running a firewall then.. Because you can clearly see from your state was opened and pfsense sent the traffic on.. Just didn't get an answer..
Or is plex using the correct gateway? if its not pointing to pfsense IP on the 10.27.27.x then no it wouldn't work.
-
ip route | grep default default via 10.27.27.1 dev eno2 proto dhcp src 10.27.27.250 metric 100Shows 10.27.27.1 which is the ip pfsense. I am not sure what proto dhcp src means though. That is the ip of pihole.
Sorry I am new to this.
-
@jamcallis you sure its not running some firewall? What I would do is sniff on the interface when you send traffic to your plex.. So you see the syn go out.. But you don't get the syn,ack ?
example - here is box talking to my plex server.. The client wanting to talk to plex is on my 192.168.2/24 network, and plex is on 192.168.9/24
See 2.12 send the syn, and the 9.10 answers back with syn,ack
If you see syn but no syn,ack - then the problem is not related to pfsense..
So your plex that 27.250 address is also running dns? Your 2nd rule there shows allowing dns from this tv vlan to 27.250 for dns.. If the box queries for plex.direct to your piehole running on 27.250??
Also the states there are 0/0 for the rule to get to plex on 32400 at that 27.250 address.. That means the rule has never triggered.. Ie no traffic ever hit pfsense wanting to go there.
-
@johnpoz The 27.250 is also running crowdsec, but it is only bouncing my web server. I have disabled it to test just in case, but the same issue persists. I had pihole serving dns for that interface in the past, but stopped as it was blocking some content service from functioning. I removed pihole from providing dns for all interfaces, but still the issue persists. I will do some sniff tests later and report back.
I appreciate you taking the time to assist.
-
@jamcallis said in Plex Across VLAN:
The 27.250 is also running crowdsec,
There is is most likely your problem - bet a pretty penny doesn't like the traffic from something other than its local network and is blocking it.
The sniff is just a way to prove it to yourself that is not a pfsense issue.. if pfsense sends on the syn, which it did because you can see the state created.. Then clearly its not a pfsense problem and you have something after pfsense - either the traffic the never gets to 27.250 or its not answering, or its sending its answer elsewhere..
Running a firewall security anything software on the 27.250 is where I would look to where the problem is.
Did your rule show triggered, ie something other than 0/0? After you created it and actually sent some traffic - because that is another clue that its not pfsense problem, ie showing that it sent on the traffic, ie allowed it.
-
Hi,
You have Remote Access enable or disable in your Plex Server settings? -
@MoonKnight The server is fully accessible remotely and functions as expected. Just will not connect across vlans except via proxy.
-
@johnpoz I believe you are correct, and it is outside of pfsense. From my understanding, crowdsec shouldn't interfere with that traffic (the issue also persists when disabling it) but I will investigate and report back.
-
@jamcallis said in Plex Across VLAN:
@MoonKnight The server is fully accessible remotely and functions as expected. Just will not connect across vlans except via proxy.
That's good, may I ask. Are you using Plex Server for Windows? If so, maybe some firewall rules need to be added for different subnets (allows).
-
This post is deleted! -
@MoonKnight Plex is running in docker on a Debian 12 server.
-
@jamcallis
In your DNS Resolver. Do you have your VLAN interface selected under the "Network Interfaces"? -
@MoonKnight the DNS resolver is on all interfaces.
-
@jamcallis said in Plex Across VLAN:
@MoonKnight the DNS resolver is on all interfaces.
Could you try to add your TVLAN subnets into your passthrough rule.
Probably doesn't change anything, but why not try.
All this is very strange, even if you know have have reverted everyting back it was before you start playing around with IPv6. But maybe something settings are left over.
Maybe try to change Plex port from 32400 to something else and see if works then, and then change back? I don't know.Here is mine:
-
@MoonKnight I've tried that too and it didn't change a thing. It's so annoying and it's going to be something so simple and forhead... I am determined to figure it out.
-
@MoonKnight did you validate what you have in your aliases is actually in the table, under diagnostic.
Here is what I can tell you, I run my plex on a vlan that all my other vlans can access, multiple wifi vlans, a different wired network.. And have no issues.. This is simple firewall port rule and ip, there is nothing fancy you need to access plex, the only thing that needs to be open is 32400.. And whatever IP your plex is on.. You sure you don't have something odd with your docker, docker loves to to nat.. So plex's IP wouldn't be the hosts IP, so you could have issues with what is reported by plex as its IP, and the only reason your local clients are working is discovery??
This is a very simple rule in pfsense dest IP, and the port 3400.. I would find it hard to believe its a pfsense issue.. when you show state being created, etc. You have something else going on.
You mention played with IPv6 and plex.. you sure its not reporting its IPv6.. You should really check out the above link so you can see exactly what IPs plex is reporting you can access it on.. Maybe its IPv6 and your actually using say a link-local IPv6 to access it when your on the same network?
notice above it shows my public IP and the different port I use 23040 externally, and my local IP plex is running on. Make sure that is showing your 10.27.27.250 and not maybe your docker IP? And that your docker is setup to access it correctly.. You can access it via local with the url I provided a few posts back.
-
@johnpoz I really appreciate you taking the time to troubleshoot with me.
It is absolutely something related to what you've suggested. I did rebuild my server at the same time as all this started happening...
I am away for a few days but will investigate upon my return and will be sure you update what the issue ended up being.
