Plex.tv behind PFSense

ryan8382

I have been running Plex for years. Recently moved to PFSense. I have the port forwarding working. It works on the Plex app and Plex web outside the home. But when in the home on the LAN the Plex clients don't find the server. Also when you go to plex.tv the server doesn't show up. I can get to the web if i go to the IP so the server is there.

Plex suggest i add plex.direct to dns rebinding but that didn't help.

I'm not sure what logs would be useful, I have looked at the Firewall logs and it doesn't really show anything.

TDJ211

You're leaving out too much info to say.

For example, what rules do you have set on your LAN network

ryan8382

Sorry

Im running 2.2.4-Release

LAN Rules
IPV4 default Rule anything to anywhere.
IPV6 default Rule anything to anywhere.
IPV4 Test rule Anything to Plex Server with port 32400.

WAN Rules are from NAT
IPV4 any Source from any port to Plex server 32400

It works from outside but not inside.

The setup is Layer 3 routed. PFSense is on 192.168.1.X. Plex is on 172.16.1.X.

I also disabled the DNS Rebinding check. That didn't help.

demslam

I am having the same issue.
My NAT rule is below. I thought by changing destination to "any" that would take care of the issue but that does not.

I can access the plex server through the web portal directly (see screen shot below), but when i use the app (roku, android) it says it is not accessible.

Any insight would be greatly appreciated.

Derelict

Destination of a port forward is usually WAN Address not any.

I am not sure what plex does that gives people so much trouble.

Fmslick

Sorry to dig this back up but did any of you find a fix to this?

I am having this issue and all I can find on Google / HERE / Plex forum is one's who can't get outside of LAN to work. I have no issue with outside of my LAN, Other can see and play movies off of my server but I can't on my LAN :(

johnpoz

His server mapping is broken.. While inside his network he would be doing nat reflection what would cause lots of issues. His plex server should be able to see his private address, and it would then connect to that private address when the client is local.

plexremote.png_thumb

gsiemon

Not sure if you managed to figure this out but this issue may be due to using Unbound and its use of DNS Rebinding Protection.

See here for further details (it even shows you how to enter a couple of lines in Unbound's Advanced Config Box on pfSense) to get the DNS Resolution working properly.

https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections

johnpoz

yeah that can be an issue.. There was another thread here about that as well.

jwalhous

I have 2 Plex servers on my network behind Pfsense, I'm just using UPnP and it works without any problems.
No need to create any firewall/Nat rules.

Cheers
Jamie

johnpoz

Yeah UPnP would open up the ports for you.. you can still run into an issue with unbound rebinding protection when public domain returns rfc1918 address space.

Fmslick

thanks for the input guys i'll try what you have suggested and see if it works as soon as my arm gets better an will post back if anything works, I broke my arm roller skating so typing is a pain in the butt (thank God for talk to text in Google remote desktop lol)

however I did find this interesting .. I have a few other servers running and I use an odd IP range as back-end management network and some times when i restart the Plex service it will pick up my management Network IP that is 64.64.0.x with a subnet mask of 255.255.0.0 an then when i log into the Plex portal or client ( whatever you wanna call it) it will then allow me to see it on my LAN but not WAN some of the time (however my g/f could see that my server was online just cannot stream anything without it being really choppy. i know why not WAN due to no ports open for that ip subnet + the back-end management IP address is not added to PFsense in any way at all and that makes me wonder how could anyone see my server is online at all if the IP address is not added to pfSense. but yet i can log into it via LAN side and it work when the Plex service is using my management IP address?!

just some food for thought

johnpoz

"64.64.0.x"

What??? So your wondering why your having problems when you just think its ok to run public IP space on your own network, that is not owned by you… Running a management network with a /16 as well even if that was rfc1918 is just freaking moronic to say it as polite as possible.

So are you
CIDR: 64.64.0.0/19
NetName: SERVINT
OrgName: ServInt
OrgId: SRVN
Address: 12001 Sunrise Valley Drive
Address: Suite 350
City: Reston
StateProv: VA
PostalCode: 20191
Country: US
RegDate: 1997-04-07
Updated: 2013-10-17

They don't even own that whole 16, so your just using multiple companies networks..

CIDR: 64.64.32.0/19
OrgName: Olympus Corporation of the Americas
OrgId: OLYMP-31
Address: 3500 Corporate Parkway
City: Center Valley
StateProv: PA

CIDR: 64.64.64.0/19
NetName: TEXAS-WESLEYAN-UNIVERSITY

Just to go over the few that fall in that /16 you just thought it would be ok to use as your management network?? WTF.. Sometimes I am just at a complete loss what people are thinking, or in such a case just not thinking at all..

And sounds like you have 2 different dhcp servers running over the same layer 2?? How does a restart of plex pickup a different IP on a different range?

Fmslick

@johnpoz:

"64.64.0.x"

What??? So your wondering why your having problems when you just think its ok to run public IP space on your own network, that is not owned by you… Running a management network with a /16 as well even if that was rfc1918 is just freaking moronic to say it as polite as possible.

So are you
CIDR: 64.64.0.0/19
NetName: SERVINT
OrgName: ServInt
OrgId: SRVN
Address: 12001 Sunrise Valley Drive
Address: Suite 350
City: Reston
StateProv: VA
PostalCode: 20191
Country: US
RegDate: 1997-04-07
Updated: 2013-10-17

They don't even own that whole 16, so your just using multiple companies networks..

CIDR: 64.64.32.0/19
OrgName: Olympus Corporation of the Americas
OrgId: OLYMP-31
Address: 3500 Corporate Parkway
City: Center Valley
StateProv: PA

CIDR: 64.64.64.0/19
NetName: TEXAS-WESLEYAN-UNIVERSITY

Just to go over the few that fall in that /16 you just thought it would be ok to use as your management network?? WTF.. Sometimes I am just at a complete loss what people are thinking, or in such a case just not thinking at all..

And sounds like you have 2 different dhcp servers running over the same layer 2?? How does a restart of plex pickup a different IP on a different range?

Someone is having a bad day and no need to take it out on others!

No i do not think it is just ok to run a public IP space on my own network but for one i didn't know it was and i just made it up however your right i should have looked up the ip but just due to you know the things and others don't does not give you the right to be a asshat about it my good sir.

Anyhow!

no there is only the one DHCP server running pfSense default and default settings and i will be removing the other ip BUT I have had this issue on the LAN with Plex even before using a management Network.

johnpoz

"didn't know it was"

Huh? What did you think it was since it clearly is not in rfc1918 space.. And why would you use a /16… Did you think you might have 65K devices to be managed?

What exactly do you mean it "picks up" another IP?? You mean the name resolves to that? Why are boxes multi homed? Back end management, for why exactly?? What purpose does this serve - especially in a home setup? Why would you just not manage it via its IP be it ipv4 or ipv6?

JasonJoel

I don't think he was being an 'ass hat' at all… What you are doing is so fundamentally wrong that it needed some very clear language. His point is that if you didn't recognize that wasn't an OK IP range to use in the first place, then you are lacking the most fundamental knowledge you need to set this up at all... And that is OK in and of itself, everyone has to start somewhere in learning.

Maybe you should start over completely and just say what you are trying to accomplish (maybe with a picture) and get the design correct up front instead of trying to figure out how to fix your completely broken design. Not trying to be a jerk, but that is how I would approach it.

Fmslick

@johnpoz:

"didn't know it was"

Huh? What did you think it was since it clearly is not in rfc1918 space.. And why would you use a /16… Did you think you might have 65K devices to be managed?

What exactly do you mean it "picks up" another IP?? You mean the name resolves to that? Why are boxes multi homed? Back end management, for why exactly?? What purpose does this serve - especially in a home setup? Why would you just not manage it via its IP be it ipv4 or ipv6?

Why you want to know a lot.xD

Q: What did you think it was since it clearly is not in rfc1918 space.. And why would you use a /16… Did you think you might have 65K devices to be managed?
A: I didn't think nothing of it, still new to networking. nope

Q: What exactly do you mean it "picks up" another IP??
A: Plex is running on my file server or NAS that has windows server 2012 R2 with 2x NIC's set with link aggregation as well with static IP's of 192.168.1.x /24 and the other was the 64.64 one and when I would restart the service for Plex it would auto pick up the 64.64. IP and not the 192.168. IP and from what I have fund is that you can't set what IP Plex will take.

Q: You mean the name resolves to that?
A: NO

Q: Why are boxes multi homed?
A: what do you mean?

Q: Back end management, for why exactly?? What purpose does this serve - especially in a home setup? Why would you just not manage it via its IP be it ipv4 or ipv6?
A: I have a 42u rack with about 5 server's on it for testing and learning purposes and I wanted a way without another physical Network to manage them, I don't know IPv6 yet.

I removed the 64.64.0.x IP so forget all about that thanks.

Q: How can I get plex to work on my LAN side, when I login to Plex on my phone not on home/LAN wifi (Using phone/wifi hotspot with laptop to connection to outside world outside of my home network) I can login and see my Plex server, HOWEVER when I try to login on my desktop or anything on my LAN side all I get is an error saying my server can't be found .

NOTE:
I am starting over completely

FurryFennec

@Fmslick:

Q: What exactly do you mean it "picks up" another IP??
A: Plex is running on my file server or NAS that has windows server 2012 R2 with 2x NIC's set with link aggregation as well with static IP's of 192.168.1.x /24 and the other was the 64.64 one and when I would restart the service for Plex it would auto pick up the 64.64. IP and not the 192.168. IP and from what I have fund is that you can't set what IP Plex will take.

Q: Why are boxes multi homed?
A: what do you mean?

Q: How can I get plex to work on my LAN side, when I login to Plex on my phone not on home/LAN wifi (Using phone/wifi hotspot with laptop to connection to outside world outside of my home network) I can login and see my Plex server, HOWEVER when I try to login on my desktop or anything on my LAN side all I get is an error saying my server can't be found .

Hey Fmslick, looking at the two Q's from johnpoz, it seems to me you answered the 2nd with the 1st. You state that the NICs on your home server/NAS are link aggregated. Does/did your Windows server have one virtual interface representing that link aggregation? Traditionally link aggregation is done with separate interfaces going to separate switches and complicates routing and such. It can be done with VLANs but there is no mention of that in any of your communication. Check out https://en.wikipedia.org/wiki/Multihoming

In any event, getting rid of that management network will make your life, and the setup, easier. Please check out https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections, esp the following section to help out with Plex on the local LAN:

Modem/Router Settings

We can't provide information for all possibilities, but using 'dnsmasq' with DD-WRT or running pfSense are possible situations where you might run into this.
To allow secure connections if you are using 'dnsmasq' with DNS Rebinding Protection enabled, you will need to add the following to your advanced settings box:
rebind-domain-ok=/plex.direct/
Similarly, if you happen to be using pfSense or a similar router OS, you may instead be using 'DNS Resolver (Unbound)'. If this is the case a similar advanced setting will need to be added:
server:
private-domain: "plex.direct"
You may need to consult your router documentation or other information for more details about DNS rebinding.

CyberHellboy

Have a look at this post over in the Plex forums.

https://forums.plex.tv/discussion/69526/pfsense-port-forwarding-issues

This worked in my case.