Port forward troubleshooting
-
Where they get dhcp has ZERO to do with anything.. The only thing about the dhcp server, if the dhcp server lists both the client and plex that are suppose to be on the same network getting a IP from the dhcp server - that says they are on the same layer 2 network.
If your machine connected to same switch or wifi and they both have 192.168.1.x address they are on the same network. So unless you have isolation mode on and there is wifi involved? Or your running a private vlan on your switch. There is nothing keeping these devices from talking to each other.
Can you ping the plex box from this other machine on the plex network?
If you can not ping the plex machine, then your not really on the same network or plex is running a firewall. Can you validate that plex mac address. Once you try and ping the plex server from another machine on that network if it does not answer then look in the clients mac table
arp -a
if you do not see the mac of the plex IP, then your prob not on the same network. Even if there was a firewall running on plex that blocked ping you would still be able to arp for it..
If you can not even talk to the plex from teh same netework as the plex, then no amount of port forwarding is going to allow access.
-
Hi Johnpoz,
Thank you for keeping it up with me. Almost give up honestly.
Can you ping the plex box from this other machine on the plex network?
Plex Server behind internal Firewall has got no WiFi involve at all. I could ping Plex machine from another machine in the same network without any problem. I can also access Plex media via web-app and get Nearby connection within same network.
However, when I do Netstat -a from other machine I do not see Port 32400. I only see port 32400 on Plex Machine when I scan.
Please see detail below
This is the port scan from Plex Machine
This is the port scan from second machine behind internal firewall same network as Plex machine
I couldn't see port 32400 in thereI can ping Plex machine without a problem
I just want to double check again with NAT Port Forwarding setting.Is the Port forward setting correct? I mean do I have to do anything else apart from configure in
Firewall > NAT
Do I need to touch anything else like gateway?
It's a good idea to check with my switch though. Never actually have a look at it.
Thank you again Johnpoz
Kind regards
Luke
-
Dude lets go over this yet again!!! if you can not get to plex from a machine also on 192.168.0 there is NO amount of port forwarding that is going to get an outside machine to get to it..
Not sure what you think netstat does, but it sure and the F does not scan a remote machine.. It would show you if machine you ran it on had a connection to machine B..
If plex is listening on 32400, and you from a machine on the same network can not get get to the web interface using that port.. I the url I gave using your IP not mine.. If that does not come up then you have a firewall running on the plex or plex is just not working. Does plex work from the plex server itself?
your port forward is fine, other than normally just use the drop down wan address vs putting in the IP of the wan address.. If your wan address changes that could break your port forward. Also when using single port don't normally put in twice on the dest.. like your doing a range.
If you wanted to scan the plex machine to see if 32400 was open from a machine then you would scan with say nmap
Here is scan of my plex machine for the plex port. From a different machine, 192.168.9.100 in my case.
> nmap -p 32400 192.168.9.8 Starting Nmap 7.40 ( https://nmap.org ) at 2017-01-14 04:53 Central Standard Time Nmap scan report for storage.local.lan (192.168.9.8) Host is up (0.00088s latency). PORT STATE SERVICE 32400/tcp open plex MAC Address: 00:0C:29:48:2D:09 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds
-
Hi Johnpoz,
Here is my Nmap scan from second machine to Plex Server
It seem like I could scan 32400 port from second machine. I am able to connect to plex server from web app as well. Of course this only work within the same network with plex.
Also I check my main switch. Under VLan there are two option which is Port-Based VLAN and IEEE 802.1Q VLAN.
Currently it's tick on Port-Based VLAN. I am not sure if it does make the different here. Could you please let me know of what you think? -
if you can access plex from your local network that plex is on, then follow the port forwarding troubleshooting guide..
How are we on page 3 when this is so freaking simple to troubleshoot. If you give me remote access into your pfsense have it figure out in a few minutes.
Sniff at your wan, do you see the traffic, sniff on your lan (interface that is connected to plex network) do you see the traffic going to plex? Do you see an answer?
-
Hi Johnpoz,
I am sorry for leaving it this long. I hope you are doing well.
I haven't give up yet. I did get some help from a good friend, he was confused by the issue as well.
What we found out was strange that the computer within Internal Firewall able to ping any devices in External Firewall but it wouldn't work in return.WAN for internal firewall is 192.168.1.132
LAN is 192.168.0.254Anything pass 192.168.0.254 via 192.168.1.132 is not a problem at all
If connection pass 192.168.1.132 visa 192.168.0.254 is a problem. Is it possible that I am having issue with DNS here?
It seem like DNS is not solving the subnet. Why I think this because in PDC server DNS forwarders, it sets to look up DNS at 192.168.0.254.
At Forwarders page it showing that 192.168.0.254 is unable to resolve however I still get green tick icon.Could you please let me know of what you think?
-
"WAN for internal firewall is 192.168.1.132
LAN is 192.168.0.254 "So you have another NAT firewall in front of pfsense?? Did you forward 32400 to pfsense wan.
Pfsense can not forward something it does not see.. This is why you sniff on pfsense wan to see if the traffic even gets to pfsense to forward..
-
Hi Johnpoz,
I see what you mean. I used laptop from outside Internal Firewall to ping 192.168.1.132 (Internal Firewall WAN port)
The result was timed out.
Somehow even device within same Subnet can't see 192.168.1.132. My laptop IP is 192.168.1.174.I mean what should I do from here? I am so blank at this point.
-
Do you have access to this external firewall? What is it exactly? Out of the box pfsense does not allow ping either.
Your steps from here would be to forward the traffic you want to pfsense wan IP on this firewall in front, or remove it.. Why can pfsense not be your edge firewall/router..
Why don't you draw your network for starters.. So external of this firewall is 182.168.1/??? There has to be something that has pubic IP on it.. How many nats deep are you before you get to your plex??
Normally it would look like this.. Traffic from internet hits your public IP in this example 24.1.2.3 on some port.. You forward that port to something inside, plex for example in this example 192.168.0.100.. You have at min a double nat going on…
-
Yes, I have access to External Firewall.
We set up External firewall to merge four broadband together. External Firewall is 192.168.1.XXX
Please see picture below.First I thought it was Plex port that I have had issue with so I create VPN from Internal firewall. Let say the IP address for VPN is 192.168.0.104
I set port forward in Internal Firewall as
Interface WAN
Destination WAN Address
Destination Port range From port '' PPTP to port PPTPRedirect target IP 192.168.0.104
Redirect target port PPTPExternal Firewall port forwarding;
Interface LAN
Destination LAN address
Destination Port range from port ''PPTP'' to port ''PPTPRedirect target IP 192.168.1.132
Redirect target port PPTPStill it didn't work though.
I am trying to get machine between External Firewall and Internal Firewall to communicate with machine within internal Firewall.
I only have two NAT rules in Internal Firewall which are port forwarding
![Update Network map.png](/public/imported_attachments/1/Update Network map.png)
![Update Network map.png_thumb](/public/imported_attachments/1/Update Network map.png_thumb) -
what does external firewall have to do with hitting your plex server from this device on what amounts to a transit network? For starters there should be nothing on a transit network. Why do you not have all your devices behind pfsense with transit to your external firewall?
Also why can pfsense just not manage all your isp connections?
Anyhoo. For you to access your plex server from your client.. Just hit pfsense IP at 192.168.1.132 port 32400, which you then forward to 192.168.0.61
If your trying to hit some external IP to get forwarded back in your also now doing a nat reflection, with an asymmetrical routing concern since your client is in the transit network. You will also need to make sure your not blocking rfc1918 on pfsense wan..
But if you just point your client too pfsense wan IP on the port you want and the forward is setup correctly you will have no issues.
-
As I mentioned earlier, this network wasn't set by me. It was already in this set up since I pick up the job.
Internal firewall is mainly for business machine and External firewall is for customer Wifi. I think the guy who set it up just want to make sure that Business machine is safe in case someone using Wifi trying to access to business machine.I totally understand the picture of port forwarding now but I don't think my port forward setting is an issue.
Internal Firewall WAN (192.168.1.132) is in External firewall DHCP list.
I can use any machine within External Firewall to ping the other machine but once it comes to
Internal Firewall WAN (192.168.1.132) port it timed out. Something is blocking 192.168.1.132 and I don't know what is it.
I looked in Interfaces WAN setting and both options in Reserved Networks were ticked off.
-
post up your firewall rules on your pfsense (internal firewall)
So your on this client in 192.168.1.x (plex device in your drawing) your trying to hit http://192.168.1.132:32400 which you have forwarded and what happens? This device does not have a proxy set?? Do you sniff on pfsense wan and see this traffic, and then sniff on pfsense lan and see it going to your 192.168.0.61 (plex server)
This is all like 1 minute of troubleshooting per the port forwarding troubleshooting doc..