Plex vs pfSense problem.

uxm

@johnpoz said in Plex vs pfSense problem.:

And how would that work exactly? Your block you show is to a 172.16.117.106 address.

Dude if you want help - your going to have to give us more info... From the description of your network is makes zero sense at all.. If you disabled nat on your pfsense, then traffic would have to be set to go to that plex server address... Which is it the 192.168.2 address or the 172.16 address you show blocked.

Draw up your network!!!

Hi again, sorry guys, I was at the office, very very busy. I couldnt respond the way I wanted. Here it is!

PS : The VM that Plex is installed is 192.168.2.3 (it is not seen in this drawing)

PS2 : I disabled Firewall Outbound NAT.

Also I have this static route on the ASUS router :

johnpoz

And you have NAT turned off on pfsense?

So you have setup routing on this asus router? And nat so it can nat this downstream network? There are no hosts on this 172.16.117 network? If so and you want device in this network and your 192.168.2 network to talk to each other your going to run int asymmetrical routing problems.. Unless you do host routing on all devices involved.

edit: So where did you setup nat for those downstream network in your asus... And how you going to fix the asymmetrical routing issues... Are no clients on this 172 network going to be talking to anything on the 192.168.2 network, and nothing on 192.168.2 talking to anything in 172. network?

uxm

@johnpoz said in Plex vs pfSense problem.:

And you have NAT turned off on pfsense?

There are no hosts on this 172.16.117 network? .

Yes it is off. And on the ASUS the only host that connects to it, is the pfsense WAN int

johnpoz

So how exactly is something from public going to talk to this downstream network?

So your doing source natting on your port forward in your asus?

If you have nat turned off on pfsense - then nothing in this 192.168.2 network would be able to talk to the internet unless the asus is natting this 192.168.2 network.

uxm

@johnpoz The Asus router does all the routing job. I port forwarded many ports for many jobs from the asus router to the pfsense and from pfsense to the corresponding VMs..

johnpoz

There is more than routing that is required if nat is off on pfsense... It has to nat that downstream network to for public.

If your saying this is working for other things behind pfsense.. Then this forwarding for plex is no different than anything else..

Follow the troubleshooting guide for port forwarding..

https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

If you spend more than 1 minute trying to figure out where your port forward problem is, you shouldn't be doing port forwarding because you clearly do not understand how it works..

Its this simple - does the traffic show up on pfsense wan... Does it send it it on.. This takes 2 seconds to validate with a simple packet capture and click on the can you see me website..

Show us your port forward, show us your firewall rules.. And show the full picture no clipped shot where we have no idea what your showing, what interface or what might before that, etc.

If your not doing nat on pfsense - then there is NO point to port forwarding, and it should just be simple firewall rules. Port forwarding only needed if your natting..

So you should be forwarding at your asus direct to the 192.168.2 address... I don't think your doing what you think your doing to be honest... I have never see a soho router nat downstream networks... How exactly did you turn off nat in pfsense? You just turned off automatic outbound nat and removed all the outbound nat settings?

uxm

@johnpoz said in Plex vs pfSense problem.:

If your not doing nat on pfsense - then there is NO point to port forwarding, and it should just be simple firewall rules. Port forwarding only needed if your natting..

So you should be forwarding at your asus direct to the 192.168.2 address... I don't think your doing what you think your doing to be honest...

The bold lines are the truth. Thank you. I was very confused and I didnt digest the concept of router vs pfsense that coexist. I changed the IP on the router port forwarding port 32400, from IP 172.16.117.106 (the pfsense WAN intrfc) to IP 192.168.2.3 (the Plex Media Server VM) and that worked.

I was so frustrated.. gosh..

Thank you very much @johnpoz and all of you guys.. I feel very ashamed to be honest. What was I thinking??

johnpoz

You do understand if you have devices on this 172. network that your using as transit, your going to have asymmetrical problems..

A downstream router should be connected via a transit network (no hosts on it)... If you have hosts on this 172. network and devices on 192 and 172 are talking to each other (without host routing) your going to run into asymmetrical issues..

uxm

@johnpoz I will re-design my network when I will find time. I have to clear my thoughts.

Thank you again.

akuma1x

@uxm said in Plex vs pfSense problem.:

@johnpoz I will re-design my network when I will find time. I have to clear my thoughts.

Thank you again.

Maybe this is what you meant by "re-design my network", but I'm going to be that guy and say it... sorry.

You should remove the ASUS router from your network and run pfsense at your edge. Much easier, if you haven't guessed it already. Unless, it's absolutely necessary to run the ASUS box for some service(s) from your ISP - cable boxes, VOIP phones, TV services, security alarms, etc.

Jeff

johnpoz

Yeah I would remove it as well... But if going to run pfsense downstream, then whatever is front of it needs to be able to support an actual transit network... Which I find highly unlikely with some soho isp box...

Or its better to just double nat.

uxm

Thank you all for your help guys. I will check if I can run my ASUS as a modem only. I bought it 200 euros, so it is hard (psychologically) to move it away. haha

thank you !