Plex Across VLAN
-
@johnpoz I believe you are correct, and it is outside of pfsense. From my understanding, crowdsec shouldn't interfere with that traffic (the issue also persists when disabling it) but I will investigate and report back.
-
@jamcallis said in Plex Across VLAN:
@MoonKnight The server is fully accessible remotely and functions as expected. Just will not connect across vlans except via proxy.
That's good, may I ask. Are you using Plex Server for Windows? If so, maybe some firewall rules need to be added for different subnets (allows).
-
This post is deleted! -
@MoonKnight Plex is running in docker on a Debian 12 server.
-
@jamcallis
In your DNS Resolver. Do you have your VLAN interface selected under the "Network Interfaces"? -
@MoonKnight the DNS resolver is on all interfaces.
-
@jamcallis said in Plex Across VLAN:
@MoonKnight the DNS resolver is on all interfaces.
Could you try to add your TVLAN subnets into your passthrough rule.
Probably doesn't change anything, but why not try.
All this is very strange, even if you know have have reverted everyting back it was before you start playing around with IPv6. But maybe something settings are left over.
Maybe try to change Plex port from 32400 to something else and see if works then, and then change back? I don't know.Here is mine:
-
@MoonKnight I've tried that too and it didn't change a thing. It's so annoying and it's going to be something so simple and forhead... I am determined to figure it out.
-
@MoonKnight did you validate what you have in your aliases is actually in the table, under diagnostic.
Here is what I can tell you, I run my plex on a vlan that all my other vlans can access, multiple wifi vlans, a different wired network.. And have no issues.. This is simple firewall port rule and ip, there is nothing fancy you need to access plex, the only thing that needs to be open is 32400.. And whatever IP your plex is on.. You sure you don't have something odd with your docker, docker loves to to nat.. So plex's IP wouldn't be the hosts IP, so you could have issues with what is reported by plex as its IP, and the only reason your local clients are working is discovery??
This is a very simple rule in pfsense dest IP, and the port 3400.. I would find it hard to believe its a pfsense issue.. when you show state being created, etc. You have something else going on.
You mention played with IPv6 and plex.. you sure its not reporting its IPv6.. You should really check out the above link so you can see exactly what IPs plex is reporting you can access it on.. Maybe its IPv6 and your actually using say a link-local IPv6 to access it when your on the same network?
notice above it shows my public IP and the different port I use 23040 externally, and my local IP plex is running on. Make sure that is showing your 10.27.27.250 and not maybe your docker IP? And that your docker is setup to access it correctly.. You can access it via local with the url I provided a few posts back.
-
@johnpoz I really appreciate you taking the time to troubleshoot with me.
It is absolutely something related to what you've suggested. I did rebuild my server at the same time as all this started happening...
I am away for a few days but will investigate upon my return and will be sure you update what the issue ended up being.
-
@jamcallis yeah no problem - have a happy holidays.. I am not going anywhere, we can pick this up when its good for you.
-
Hi, I don't have any problem running Plex server on different VLAN, been running like this for years.
Probably the same setup as you have. The Aliases under table is right :)
I was jus giving @jamcallis some ideas :) -
@johnpoz I finally found some time to check over what you suggested.
It shows 12 local connections, but only the first one (http://10.27.27.250:32400) works. That is also the address that the firewall rule is allowing.
Do you know how to reset local connections and/or if this may be the cause of the issue?
-
@jamcallis well with those 172 those scream docker to me.. Where it would of gotten that 192.168?? Where you running plex also have that address? Normally plex would use like any IP the box its running on has.
As to clearing those out - not sure.. But you should be able to set your binding in your network settings of plex.. I believe it just grabs what the machine currently has for network connections. I don't run as docker, just native application on my nas. I do run other dockers on that nas, but plex doesn't see any of those Ips.
Curious what your remote access shows for its IP..
The above Ips shown in mine are my nas, it has 2 interfaces, the 9.10 and .11, and a 3rd interface via 2.5ge usb nic that is a SAN network between the nas and my PC that I use to move data between my nas and pc.. Which would never work for the rest of my network segments for accessing plex since its a network only my pc and nas have access too.
Curious how plex is seeing multiple 172 networks? I would of thought it would only see your current docker IP that is plex.. Does your docker setup currently use all of those different networks? Curious how plex is seeing more than just its IP?
My dockers only have the 1 IP assigned to them.. Wonder if those are all old? Or current for what your plex has for interfaces?
-
@johnpoz I am confident those 172 address are docker. I'm not sure where the 192.168 comes from but I can see it as an ip on some interface. I believe when you configure docker to use network host, it sees all available interfaces. I have quite a few containers that depend on running in host.
Plex did have prefered network interface set to any. I assigned it to the 10.27.27.250 interface and restarted the container. The behavior persists.
The local ip always referred to 10.27.27.250.
It could be some conflict in the docker networks. I am debating rewriting the compose to use set bridge networking.
-
@jamcallis so your running your plex docker over the swarm you setup? I don't even see plex docker running there? Is it running on some other host?
Did switching to the specific binding remove the other connections reported via your xml?
If your reporting up to plex.tv that your server can be reached via all those IPs your going to have a bad day if you can not talk to plex on all of them.
-
@johnpoz no its not in a swarm. It just sees all interfaces when you run it with network host. That's the default plex container setting, and how it was run before. I didn't switch the container to bind yet, but will do so today.
-
@jamcallis I don't see any reason to run that sort of network unless your running multiple hosts for docker
https://docs.docker.com/network/drivers/overlay/
If you only have the one host it doesn't make any sense.
My docker on my nas is dated a bit, but overlay is not even an option..
-
@johnpoz the overlay network is used by portainer, which does connect to other hosts.
-
@johnpoz I did some further testing. I created a firewall rule that allowed access to 10.27.27.250 from the TV Vlan (no ports just wide open) and I could not even ping.
I believe something strange is going on with either my networking set up or pfSense. The settings all look fine to me. I may just throw in the towel lol.
