Port forward troubleshooting
-
I don't see 192.168.1.65 on your network diagram anywhere. If you are Plex Device and you want to get to a forwarded server, then you need to connect to the WAN that is handling the forward. Try telling your Plex software to talk to the Plex server at 192.168.1.132. Internal pfSense (if you have your forwards setup correctly) should forward that traffic to the Plex server behind it.
-
Hello KOM,
Thank you so much for keeping it up with me.
Honestly this is my very first time setting Port Forwarding. I have read and learn a lot but never put into practice before.
I only set up Wifi router behide external firewall but not internal firewall. Whatever Device use Plex App will get IP address from 192.168.1.55 - 192.168.1.254. That's why I didn't put any particular address in diagram.
I did set Plex Device to put to port 192.168.1.132 which will get redirect to Plex Server which is 192.168.0.61 however it give me error but different kind of Error though
-
What error? I don't have any experience with Plex so I can't give you more specific advice. Please go through this list:
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
Generally when you have a forward that isn't working, you need to verify several things. The list above goes over all of them.
-
Hi Kom,
I totally understand that this is as far as you can go with Pfsense.
The error said A connection to a Server couldn't be established using the details you provided
Error code: 401I need to go through Plex forum and find out if anyone else has the same experience
It was a good sign though because when I try to add the server, usually it will load for some time then give me an Error message but since I change setting you suggested me it was different. The connection did right away and pop up the different error message I wrote above. Seem like the connection take place but something wasn't right.
This question has nothing to do with Pfsense at all but do you know if I have to do anything with Plex Server? I run it on Windows 7.
I already add Plex port 32400 in Firewall rule on Windows 7.Do I have to do anything else?
-
Also is there anyway I could test port forwarding within location network?
I notice port forwarding tools I could use on-line but that was meant to be testing with my Public IP address and firewall.
Surely I can't use that to test my local network port forwarding -
I have zero Plex experience. Did you forward ALL of the ports listed by the Plex wiki? There were quite a few of them. Other than that, use standard troubleshooting. Check your pfSense firewall logs to see if it's blocking any traffic destined for the Plex server. Check the Plex server logs or status to see if there is any network or authentication issues it may have logged. Use the pfSense packet capture to sniff packets on LAN and see if the forwarded traffic is going to the Plex server.
-
Hi Kom,
I added all the port
from this list
https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
Still no good news.
I am going one by one from the list you give me.
Also I did Netstat -a scan port from pc within Internal Firewall. I don't see port 32400 is on the list though.
If I am not mistaken should port 32400 should be listen when I Netstat -a for port scanning?
![NAT Overview.PNG](/public/imported_attachments/1/NAT Overview.PNG)
![NAT Overview.PNG_thumb](/public/imported_attachments/1/NAT Overview.PNG_thumb) -
If I am not mistaken should port 32400 should be listen when I Netstat -a for port scanning?
No idea, I don't know Plex. That port isn't in their list, so where did you get the idea that it's required for Plex? If you can confirm from your firewall logs that nothing is being blocked, and from a packet capture you can see the forwarded traffic leaving the internal pfSense LAN interface, then your problem is with the Plex server and client.
-
That port isn't in their list
Huh.. Its the TOP of the list, and really the ONLY Port that needs to be allowed for remote access to plex.. All of those other ports are not needed for remote access and really related to a software firewall running on the plex box itself.
The most important port to make sure your firewall allows is the main TCP port the Plex Media Server uses for communication..
TCP: 32400 (for access to the Plex Media Server) [required]
If your plex server is not listing on 32400, then you must of changed it - or plex isn't even running.. Under the server setting look at the remote settings.. You should see the port its set to.. The default is 32400, unless you changed it that is the port.
As you can see yes on the machine running plex server doing a netstat should show that port listing. You should be able to access it via web interface on that port with the url I gave before and you can see in my screen shot. Can you access that when your on the local network?? Once your outside the pfsense and you have forwarded that port you need to hit the pfsense WAN IP with that port and you should be forwarded to the plex IP you forwarded.
If works local and not remote. Then go through the port forward troubleshooting..
-
Huh.. Its the TOP of the list
OK, so I'm fully braindead today, not just my usual partial. :-[ My eye skipped over that and went straight to the listy part of the list.
-
Hi Kom,
That's ok It happens sometime. Thank you again for your help. I will keep you update tomorrow. Somehow I totally mess my server up today.
Just got it back on-line by miracle. Tomorrow is another day. -
Hi Johnpoz,
Thank you for your guide. I will have a look again tomorrow.
I didn't do port scan on the Plex server itself but other computer in the same network be hide internal Firewall and I couldn't see the port 32400 in the listing. Will check one more time and let you know.
Thank you so much.
-
If you scanned the machine from another machine on the same network as plex, and didn't see 32400 as open.. Then either plex is not running, you changed the port or there is a firewall running on the plex server.
If you say you disabled or allowed the ports on the windows firewall.. You sure you did it for the correct profile. Windows has its private/work profile and then a public profile. So you need to make sure you all the rules for the network profile the windows machine is using. Or just turn it off all together to be honest.. Your behind a firewall already, so unless you have hostile devices on this network your on.. The software firewall is kind pointless.
Also you sure your not running some other 3rd party firewall, say if you installed some antivirus many of them have firewalls, etc.
If you can get to plex from box on the same network as the plex server, then your not going to be able to get to it from pfsense either..
-
Hi guys,
Sorry for taking so long to write the update. I needed to catch up with some other works.
Johnpoz, was right about the port scan. I did port Netstat scan on the Plex server. I could see port 32400 is listening on the Plex Machine but for some reason other machine within the same network couldn't see the port.
I turn off the firewall and anti-virus. That did not make any different. So I thought it was the machine fault so I installed new Plex in different machine but I got the same result.
Windows machine is using DHCP from the Server (not Pfsense) I don't know if that make any different. I try to put the machine in static in pfsense but I get the same negative result.
-
Where they get dhcp has ZERO to do with anything.. The only thing about the dhcp server, if the dhcp server lists both the client and plex that are suppose to be on the same network getting a IP from the dhcp server - that says they are on the same layer 2 network.
If your machine connected to same switch or wifi and they both have 192.168.1.x address they are on the same network. So unless you have isolation mode on and there is wifi involved? Or your running a private vlan on your switch. There is nothing keeping these devices from talking to each other.
Can you ping the plex box from this other machine on the plex network?
If you can not ping the plex machine, then your not really on the same network or plex is running a firewall. Can you validate that plex mac address. Once you try and ping the plex server from another machine on that network if it does not answer then look in the clients mac table
arp -a
if you do not see the mac of the plex IP, then your prob not on the same network. Even if there was a firewall running on plex that blocked ping you would still be able to arp for it..
If you can not even talk to the plex from teh same netework as the plex, then no amount of port forwarding is going to allow access.
-
Hi Johnpoz,
Thank you for keeping it up with me. Almost give up honestly.
Can you ping the plex box from this other machine on the plex network?
Plex Server behind internal Firewall has got no WiFi involve at all. I could ping Plex machine from another machine in the same network without any problem. I can also access Plex media via web-app and get Nearby connection within same network.
However, when I do Netstat -a from other machine I do not see Port 32400. I only see port 32400 on Plex Machine when I scan.
Please see detail below
This is the port scan from Plex Machine
This is the port scan from second machine behind internal firewall same network as Plex machine
I couldn't see port 32400 in thereI can ping Plex machine without a problem
I just want to double check again with NAT Port Forwarding setting.Is the Port forward setting correct? I mean do I have to do anything else apart from configure in
Firewall > NAT
Do I need to touch anything else like gateway?
It's a good idea to check with my switch though. Never actually have a look at it.
Thank you again Johnpoz
Kind regards
Luke
-
Dude lets go over this yet again!!! if you can not get to plex from a machine also on 192.168.0 there is NO amount of port forwarding that is going to get an outside machine to get to it..
Not sure what you think netstat does, but it sure and the F does not scan a remote machine.. It would show you if machine you ran it on had a connection to machine B..
If plex is listening on 32400, and you from a machine on the same network can not get get to the web interface using that port.. I the url I gave using your IP not mine.. If that does not come up then you have a firewall running on the plex or plex is just not working. Does plex work from the plex server itself?
your port forward is fine, other than normally just use the drop down wan address vs putting in the IP of the wan address.. If your wan address changes that could break your port forward. Also when using single port don't normally put in twice on the dest.. like your doing a range.
If you wanted to scan the plex machine to see if 32400 was open from a machine then you would scan with say nmap
Here is scan of my plex machine for the plex port. From a different machine, 192.168.9.100 in my case.
> nmap -p 32400 192.168.9.8 Starting Nmap 7.40 ( https://nmap.org ) at 2017-01-14 04:53 Central Standard Time Nmap scan report for storage.local.lan (192.168.9.8) Host is up (0.00088s latency). PORT STATE SERVICE 32400/tcp open plex MAC Address: 00:0C:29:48:2D:09 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds
-
Hi Johnpoz,
Here is my Nmap scan from second machine to Plex Server
It seem like I could scan 32400 port from second machine. I am able to connect to plex server from web app as well. Of course this only work within the same network with plex.
Also I check my main switch. Under VLan there are two option which is Port-Based VLAN and IEEE 802.1Q VLAN.
Currently it's tick on Port-Based VLAN. I am not sure if it does make the different here. Could you please let me know of what you think? -
if you can access plex from your local network that plex is on, then follow the port forwarding troubleshooting guide..
How are we on page 3 when this is so freaking simple to troubleshoot. If you give me remote access into your pfsense have it figure out in a few minutes.
Sniff at your wan, do you see the traffic, sniff on your lan (interface that is connected to plex network) do you see the traffic going to plex? Do you see an answer?
-
Hi Johnpoz,
I am sorry for leaving it this long. I hope you are doing well.
I haven't give up yet. I did get some help from a good friend, he was confused by the issue as well.
What we found out was strange that the computer within Internal Firewall able to ping any devices in External Firewall but it wouldn't work in return.WAN for internal firewall is 192.168.1.132
LAN is 192.168.0.254Anything pass 192.168.0.254 via 192.168.1.132 is not a problem at all
If connection pass 192.168.1.132 visa 192.168.0.254 is a problem. Is it possible that I am having issue with DNS here?
It seem like DNS is not solving the subnet. Why I think this because in PDC server DNS forwarders, it sets to look up DNS at 192.168.0.254.
At Forwarders page it showing that 192.168.0.254 is unable to resolve however I still get green tick icon.Could you please let me know of what you think?