Plex Across VLAN
-
@jamcallis yeah no problem - have a happy holidays.. I am not going anywhere, we can pick this up when its good for you.
-
Hi, I don't have any problem running Plex server on different VLAN, been running like this for years.
Probably the same setup as you have. The Aliases under table is right :)
I was jus giving @jamcallis some ideas :) -
@johnpoz I finally found some time to check over what you suggested.
It shows 12 local connections, but only the first one (http://10.27.27.250:32400) works. That is also the address that the firewall rule is allowing.
Do you know how to reset local connections and/or if this may be the cause of the issue?
-
@jamcallis well with those 172 those scream docker to me.. Where it would of gotten that 192.168?? Where you running plex also have that address? Normally plex would use like any IP the box its running on has.
As to clearing those out - not sure.. But you should be able to set your binding in your network settings of plex.. I believe it just grabs what the machine currently has for network connections. I don't run as docker, just native application on my nas. I do run other dockers on that nas, but plex doesn't see any of those Ips.
Curious what your remote access shows for its IP..
The above Ips shown in mine are my nas, it has 2 interfaces, the 9.10 and .11, and a 3rd interface via 2.5ge usb nic that is a SAN network between the nas and my PC that I use to move data between my nas and pc.. Which would never work for the rest of my network segments for accessing plex since its a network only my pc and nas have access too.
Curious how plex is seeing multiple 172 networks? I would of thought it would only see your current docker IP that is plex.. Does your docker setup currently use all of those different networks? Curious how plex is seeing more than just its IP?
My dockers only have the 1 IP assigned to them.. Wonder if those are all old? Or current for what your plex has for interfaces?
-
@johnpoz I am confident those 172 address are docker. I'm not sure where the 192.168 comes from but I can see it as an ip on some interface. I believe when you configure docker to use network host, it sees all available interfaces. I have quite a few containers that depend on running in host.
Plex did have prefered network interface set to any. I assigned it to the 10.27.27.250 interface and restarted the container. The behavior persists.
The local ip always referred to 10.27.27.250.
It could be some conflict in the docker networks. I am debating rewriting the compose to use set bridge networking.
-
@jamcallis so your running your plex docker over the swarm you setup? I don't even see plex docker running there? Is it running on some other host?
Did switching to the specific binding remove the other connections reported via your xml?
If your reporting up to plex.tv that your server can be reached via all those IPs your going to have a bad day if you can not talk to plex on all of them.
-
@johnpoz no its not in a swarm. It just sees all interfaces when you run it with network host. That's the default plex container setting, and how it was run before. I didn't switch the container to bind yet, but will do so today.
-
@jamcallis I don't see any reason to run that sort of network unless your running multiple hosts for docker
https://docs.docker.com/network/drivers/overlay/
If you only have the one host it doesn't make any sense.
My docker on my nas is dated a bit, but overlay is not even an option..
-
@johnpoz the overlay network is used by portainer, which does connect to other hosts.
-
@johnpoz I did some further testing. I created a firewall rule that allowed access to 10.27.27.250 from the TV Vlan (no ports just wide open) and I could not even ping.
I believe something strange is going on with either my networking set up or pfSense. The settings all look fine to me. I may just throw in the towel lol.
-
@jamcallis said in Plex Across VLAN:
I created a firewall rule that allowed access to 10.27.27.250 from the TV Vlan (no ports just wide open) and I could not even ping.
And you put that rule on the tv vlan..
So did you sniff on the destination interface and see if pfsense sent the ping on to 10.27.27.250? If pfsense sends on the traffic but you get no answer its not a pfsense problem.
Here are common issues see all the time with users troubleshooting basic connectivity..
So you have this right.
While sending your constant ping from box say 192.168.3.100 to 10.27.27.250 sniff (packet capture) on pfsense interface B.. Do you see it sending pings to that IP.. If you do then the problem is not pfsense, or its rules..
Either 27.250 not using pfsense as its gw.. or its running firewall that prevent the traffic, or other common problem that might come up 27.250 is multihomed and thinks it can answer via another path..
You had listed that your plex box this 27.250 also thought it had a 192.168.0.1 address
if the mask on that interface was say /16 vs a /24 then this box thinks oh 192.168.3.100 is talking to me -- I will just send his answer out the interface I have a network on.
To prove to yourself its not a pfsense problem I suggest you sniff on interface B in my drawing.. your 10.27.27 interface on pfsense do you see it send traffic, ie your ping test??
Can you ping pfsense IP on this 10.27.27 network from your where your client is?
-
@johnpoz Thanks again for your help. I think I made some progress.
I managed to sniff through the pfsense interfaces and could see the pings. I could even see the pings received by the interface of the 10.27.27.250 machine.
Interfaces:
Packets received @ 10.27.27.250:
For some reason the reply is not being returned. I will have to do some more digging later, but this is all progress. Can rule out pfSense and the switch.
-
@jamcallis 192.168.0.1/20 would include your 192.168.3 network
that would all ips between 192.168.0.0 - 192.168.15.255
So this docker/plex box of yours think it directly attached to that large /20 network which would include your 192.168.3.13 IP - so no it wouldn't send traffic back to pfsense to get to that.
-
@johnpoz Well this has been a bit of a facepalm journey, but a lesson nonetheless. One of my containers pulled a subnet from the 192.168 range, even though docker is explicitly set to not do that. I have read online that other people have also experienced this while using docker compose. I simply restarted the container and it grabbed one from the correct range, and all is working as expected. I appreciate you taking the time to guide me through this.
-
@jamcallis your more than welcome - glad you got it sorted. So your plex is working now and wife is happy. There is very trueism
Happy Wife = Happy Life ;)
-
@johnpoz Amen!
-
@jamcallis so is your plex still reporting all of those Ips as local?
-
@johnpoz All of those interfaces are reported as local, but that's because it is using network host, and from my understanding, is the expected behavior.
Plex is reporting all my subnets are on the lan and no longer through proxy.
-
@jamcallis well your not going to be able to get to them are you, so guess it could cause some delay in connecting as it tries all the ones that wont work..
