Plex server “indirect” connection, TrueNAS & pfSense

tknospdr

The Plex server is running in a TrueNAS container with an internal container IP of 172.16.1.2:32400 and a local IP address of 192.168.4.14:32400. On the Internet it can be found at 45.19.23.43:3290
I don’t know if it makes a difference, but the Plex Remote Access settings page shows the container IP as opposed to the local IP.

When I check the server stats, it shows I have an indirect connection. When I look at the relay it shows my server is fully accessible from the Internet.
My content is fully accessible both on local LAN and the Internet, but that ‘!’ is giving me a bad case of Forrest Whitacre eye so it needs to get fixed.

I’m running pfSense 2.7.2 with an override of:

server:
private-domain: "plex.direct"

in the DNS resolver settings.

I completely turned off DNS rebinding protection, for testing and there was no difference.

Looking for anything else that may be able to resolve this issue.

mvbif

@tknospdr said in Plex server “indirect” connection, TrueNAS & pfSense:

45.19.23.43:3290

Hello,
I can reach your server so port forwarding is working (you may delete your ip and port).
Maybe the problem is about your plex identified public ip, that is not matching the real public ip.
So maybe due this is not able to call the server from public and use relay to serve the connection.

You could have a try disabling remote access, and within the network section add a custom urls, if you search on internet you can find how to generate the custom link using you public ip and the star certificate from "ddns" service offered from plex to get all working properly with verified cert. (https://ip-ip-ip-ip.ServerID.plex.direct:PORT)
And maybe the problem in the lan could be caused by a missing setting in network section again "LAN" or "Threat wan as lan".

Btw, due the port forwarding working doesn't seems a pfsense issue.

Is the custom port 3290 set in plex remote section?

johnpoz

@tknospdr put your container on the actual network vs behind the nat.

That private-domain only allows it to return rfc1918 so you can talk to it.. But if you can not talk to 172.16.1.2 its not going to work and yeah your going to be indirect.

Go here

https://plex.tv/api/resources?X-Plex-Token=yourtoken

And you will get a page like this

If it is reporting your 172.16 address - how would you get to that address?

You can find your token going to some media on your plex, get info, view xml at the bottom - at the end of the url will be your token

edit: I took a look at docs for setting up plex in a docker.. Looks like there is a setting when you set it up what IP to advertise

ADVERTISE_IP="http://<hostIPAddress>:32400/" \

If your going to run it bridged network where you get a 172.16 address.

https://github.com/plexinc/pms-docker

tknospdr

@johnpoz
Yes, it's showing the 172 address. There's an option to use the host network as opposed to the bridge network. I checked that box and it added the LAN address to that XML page and I'm now getting a direct connection to my Plex server.
The tool tip on that box suggests it's better to keep it off, maybe that's just a poorly worded suggestion to not turn it on unless needed, such as in this case.

johnpoz

@tknospdr yeah your going to have a hard time with behind a nat.. Unless you can get your docker to report the host network vs the local 172.16 IP it currently has..

See the link I provided and use off that ADVERTISE_IP variable.

tknospdr

@johnpoz
Well, I checked the box. And then looked at the XML again and it was now advertising the right subnet. So I'm all set. Thanks!

johnpoz

@tknospdr Yeah your fine this way - unless you worried about their warning ;) If so you could uncheck it and look into the other option.