Plex Across VLAN
-
@johnpoz the overlay network is used by portainer, which does connect to other hosts.
-
@johnpoz I did some further testing. I created a firewall rule that allowed access to 10.27.27.250 from the TV Vlan (no ports just wide open) and I could not even ping.
I believe something strange is going on with either my networking set up or pfSense. The settings all look fine to me. I may just throw in the towel lol.
-
@jamcallis said in Plex Across VLAN:
I created a firewall rule that allowed access to 10.27.27.250 from the TV Vlan (no ports just wide open) and I could not even ping.
And you put that rule on the tv vlan..
So did you sniff on the destination interface and see if pfsense sent the ping on to 10.27.27.250? If pfsense sends on the traffic but you get no answer its not a pfsense problem.
Here are common issues see all the time with users troubleshooting basic connectivity..
So you have this right.
While sending your constant ping from box say 192.168.3.100 to 10.27.27.250 sniff (packet capture) on pfsense interface B.. Do you see it sending pings to that IP.. If you do then the problem is not pfsense, or its rules..
Either 27.250 not using pfsense as its gw.. or its running firewall that prevent the traffic, or other common problem that might come up 27.250 is multihomed and thinks it can answer via another path..
You had listed that your plex box this 27.250 also thought it had a 192.168.0.1 address
if the mask on that interface was say /16 vs a /24 then this box thinks oh 192.168.3.100 is talking to me -- I will just send his answer out the interface I have a network on.
To prove to yourself its not a pfsense problem I suggest you sniff on interface B in my drawing.. your 10.27.27 interface on pfsense do you see it send traffic, ie your ping test??
Can you ping pfsense IP on this 10.27.27 network from your where your client is?
-
@johnpoz Thanks again for your help. I think I made some progress.
I managed to sniff through the pfsense interfaces and could see the pings. I could even see the pings received by the interface of the 10.27.27.250 machine.
Interfaces:
Packets received @ 10.27.27.250:
For some reason the reply is not being returned. I will have to do some more digging later, but this is all progress. Can rule out pfSense and the switch.
-
@jamcallis 192.168.0.1/20 would include your 192.168.3 network
that would all ips between 192.168.0.0 - 192.168.15.255
So this docker/plex box of yours think it directly attached to that large /20 network which would include your 192.168.3.13 IP - so no it wouldn't send traffic back to pfsense to get to that.
-
@johnpoz Well this has been a bit of a facepalm journey, but a lesson nonetheless. One of my containers pulled a subnet from the 192.168 range, even though docker is explicitly set to not do that. I have read online that other people have also experienced this while using docker compose. I simply restarted the container and it grabbed one from the correct range, and all is working as expected. I appreciate you taking the time to guide me through this.
-
@jamcallis your more than welcome - glad you got it sorted. So your plex is working now and wife is happy. There is very trueism
Happy Wife = Happy Life ;)
-
@johnpoz Amen!
-
@jamcallis so is your plex still reporting all of those Ips as local?
-
@johnpoz All of those interfaces are reported as local, but that's because it is using network host, and from my understanding, is the expected behavior.
Plex is reporting all my subnets are on the lan and no longer through proxy.
-
@jamcallis well your not going to be able to get to them are you, so guess it could cause some delay in connecting as it tries all the ones that wont work..
