Two subnets communication issue

GM IT team

Good afternoon JohnPoz,

Thanks again for your replied.

It was a very good advise. I am getting the picture now. To answer your question for the external Firewall does not have any route that have subnet of 192.168.0.X. I thought I could use any of the setting to make it communicate without having to set up the physical port for 192.168.0.X . If I understand you correctly, I would have to add one more port in firewall and add route of 192.168.0.X, am I right? I understood that I could port forward different IP subnet.

The reason I don't put Plex within External Firewall cause all of the teaching material is in file server within Internal Firewall and Server I use for Plex is monitoring for telephone as well. Within Internal Firewall is only use for Business computer which connect by LAN cable.

This Network was set way before. I have got another question. If I add route of 192.168.0.X in External Firewall, would have compromise the security of Internal Firewall? Cause that would mean any device within External Firewall could ping devices in Internal Firewall.

GM IT team

Please have a look at my Port Forward setting,

This Port Forward is set in Internal Firewall

![Port forwarding.JPG](/public/imported_attachments/1/Port forwarding.JPG)
![Port forwarding.JPG_thumb](/public/imported_attachments/1/Port forwarding.JPG_thumb)

johnpoz

Yeah 32400 is the default plex port.. So yeah that is how you would set it up.. Keep in mind that your 192.168.1 devices would have to hit the pfsense WAN IP. And since they are coming from rfc1918 you would have to uncheck the default of blocking rfc1918 on wan. Or no matter how many port forwards you create anything coming from that 192.168.1 network would be blocked.

GM IT team

Hi Johnpoz,

I just want to make sure I configure in the right firewall.
The firewall I should port forward is the Internal Firewall right?

Here is what did so far;

Create NAT Port Forward > Using WAN interface of Internal Firewall
Destination is 192.168.0.61 (IP address of Plex Media Server)
Port range 1234 - 32400 (Default Plex port)
Redirect target IP; 192.168.0.61
Redirect port; 32400

Also I put attachment of my WAN configuration, port forward configuration and NAT overview

Thank ever so much for your help

![NAT Config.PNG](/public/imported_attachments/1/NAT Config.PNG)
![NAT Config.PNG_thumb](/public/imported_attachments/1/NAT Config.PNG_thumb)
![NAT OVERVIEW.PNG](/public/imported_attachments/1/NAT OVERVIEW.PNG)
![NAT OVERVIEW.PNG_thumb](/public/imported_attachments/1/NAT OVERVIEW.PNG_thumb)
![WAN Interface config.PNG](/public/imported_attachments/1/WAN Interface config.PNG)
![WAN Interface config.PNG_thumb](/public/imported_attachments/1/WAN Interface config.PNG_thumb)

johnpoz

Not sure why your trying to do a range.. plex only using the 1 port, and the way your range is setup you would have to hit the 1234 port to get sent to the 32400 port.. I wouldn't do it that way..

Just forward your 32400 port, and then hit your internal pfsense WAN IP either by IP or by some fqdn you resolve to it.

GM IT team

I made changes still no improvement. Plex couldn't get direct connect still.

Please see attachments

![WAN AND LAN IP.JPG](/public/imported_attachments/1/WAN AND LAN IP.JPG)
![WAN AND LAN IP.JPG_thumb](/public/imported_attachments/1/WAN AND LAN IP.JPG_thumb)
![NAT CONFIG TEST TWO.JPG](/public/imported_attachments/1/NAT CONFIG TEST TWO.JPG)
![NAT CONFIG TEST TWO.JPG_thumb](/public/imported_attachments/1/NAT CONFIG TEST TWO.JPG_thumb)

johnpoz

While it shouldn't matter.. why are you not on p1? Looks like you have not updated your pfsense.

So what is plex running on.. is it running a firewall?

So your hitting 192.168.1.132 from your client on 192.168.1.0/24 and your saying you can not hit the plex gui?

http://192.168.1.132:32400/web/index.html

Are you forcing https on your plex??

GM IT team

Hi johnpoz,

Yes I haven't update my Pfsense yet.
My Plex Server is running on Windows 7 Professional. I have allow port 32400 in my Anti-Virus and Firewall rule already.

I update my network map for you. Please have a look in attachment.

I create Port Forward in NAT in Internal Firewall

Selected Interface WAN (192.168.1.132)

Destination; Single Host IP 192.168.0.61 (Plex Server)
Port range is 32400

Redirect target IP is Single Host IP 192.168.0.61
Redirect target Port is 32400

Am I doing it wrong here?

I understand that any incoming device from External Firewall that using port 34200 (Plex Device) Will be direct to Internal Firewall WAN (192.168.0.132) -> 192.168.061 (Plex Server)

However after all these configuration I keep getting indirect connection instead of Nearby

![Update Network map.png](/public/imported_attachments/1/Update Network map.png)
![Update Network map.png_thumb](/public/imported_attachments/1/Update Network map.png_thumb)

Derelict

If you want the plex device on the middle LAN, put it on another interface on the outside router.

If you want the plex device to be on the inside LAN, put it on another interface on the inside firewall.

There should not be hosts on the transit network between two routers unless you want to maintain a complete routing table on that host too.

GM IT team

Hi Derelict,

Thanks for your replied.

I use external Firewall to as Multiwan between External firewall and internal firewall. There is where I set Wifi. Because Internal Firewall are use for Work network. Plex Server are set within Internal Firewall so that it has access to teaching audio file and also Plex server is running on Windows 7 which use for something else as well. That's why I would like Device from External Firewall to access Plex Server in Internal Firewall

Derelict

Your design is broken.

Put "Plex Devices" on another interface so your routers can route properly or maintain all the necessary gateways and routes on them.