Accessing my own content... when hosting on my server.

dhenzler

When trying to look at things I host, they are blocked or difficult to access. Most recently I had to rebuild my Plex Media Server and I have had nothing but bad results using the same techniques that worked for years.
I checked that the port I am using is working on the server public IP. But it shows as working for a few seconds then drops back to unavailable.
When trying to access my Plex using an LG TV with updated Plex app it fails to connect. It connected a few days earlier then stopped. Have removed and replaced Plex TV app. Made sure it wasn't trying to access unprotected IP/port... it's frustrating.
Have similar issues with other stuff I host. Sometimes my websites are difficult to access.
Any ideas...
I recall when I first set up my NAT's for port forwarding the sites that a rule must be made to make this issue disappear... Can you point me to the paragraph that covers this setup.

Thanks
Dave

johnpoz

@dhenzler are you trying to access your stuff via nat reflection? Ie you hit your public IP to be redirected back inside your own network?

https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

Method 2 is the better choice there for sure. Also with plex.. You prob want to just setup as private domain.. See the bottom part of this page

https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/

Tells you how to turn off rebind for plex

I have been running plex for years and years behind pfsense with zero issues accessing from multiple devices on my own network.

Another option for access your local resources would be haproxy.. This can be useful, for example when I directly access my cams web guis, the browser complains about it being only http. But their guis become very sluggish when you setup a cert on them, so I just offload the https to haproxy.

darcey

@johnpoz If using method2, can the host overrides interfere when regenerating acme cert?
I'm pointing pfsense DNS to localhost unbound and using acme (pfsense package) cloudflare DNS method.

johnpoz

@darcey no your local dns that points to some rfc1918 on your network has zero to do with where your public dns points, and all acme does is really validate you own the domain via creating a dns entry.. Nothing to do with what IP any record points too.

dhenzler

@johnpoz This is off-topic, but I have a couple Gigabit Cisco Layer 3 Switches to handle my home network, and POE Cameras.
I am to understand that Layer 3 (smart switching) remembers configurations to make faster routing of data. Could this interfere with my data if IP changes... MAC address remain the same.

I have had a flurry of issues of late. Trying to understand why (suddenly) a LG TV with OS 4.4 and current Plex app can't connect to the non-public data. Says that particular data is 'unavailable' Yet on a newer LG OS 6.x it and same app... It works fine.

This stuff is making me nuts as there are no help sites that answer these issues. It's a circular search nightmare!

johnpoz

@dhenzler said in Accessing my own content... when hosting on my server.:

Layer 3 (smart switching) remembers configurations to make faster routing of data.

huh? Are you routing at your layer 3 switch or pfsense.. To be honest in a home network, unless your like doing above 1gig where what your running pfsense can not handle it.. There is little reason to do internal routing.

And in almost every case I have seen around here people that attempt it are doing it such a way that they create asymmetrical routing. If you going to route on a downstream device it should be connected to pfsense with a transit or also called a connector network..

If your not, then yeah your more than likely causing all sorts of issues in your network.

I do routing and switching for a living and I have a layer 3 switch capable of routing, so for me its something I could setup with my eyes closed so to speak.. I don't do it, because it doesn't make any sense in my network and it removes the ability to easy firewall between segments like you can do if your routing with pfsense.

So while its nice that your switch could route, unless you have a specific reason to actual route on it, your prob just causing yourself pain.