Just added a DMZ and can't access my plex server



  • I've been running a FreeNAS Plex server on my local pfSense network (192.160.30.1) without any problems. All my local machines and Roku have worked just fine.

    I just added a DMZ (192.168.31.1) to my pfSense router.  My Plex Server is still on 192.168.30.xx but I've moved the Roku over to 192.168.31.xx.

    Now the Roku can't find my Plex server.  My computers on the 192.168.30.1 work just fine.

    Can anyone give me any suggestions on how to get the Roku on 192.168.31.1 to see the Plex server on 192.168.30.1?

    Thanks,
    -TAC


  • LAYER 8 Global Moderator

    What are you rules on your lan?

    What is the name of your plex.. Mine is storage.local.lan and its IP address is 192.168.9.8, that is how I find it from any of my other segments..  By its name.. Since your plex box is no longer on your L2 network clients can not longer broadcast for some hostname.  So put in your fully qualified name that resolves via your dns running on pfsense or its IP address.

    What is the firewall rules on your lan 192.168.30/24 network?  Also when you say you moved you mean you created a vlan on pfsense?  You connected it to a different nic on pfsense and a different switch?



  • @johnpoz:

    What are you rules on your lan?
    I didn't add any rules.

    What is the name of your plex.. Mine is storage.local.lan and its IP address is 192.168.9.8, that is how I find it from any of my other segments..  By its name.. Since your plex box is no longer on your L2 network clients can not longer broadcast for some hostname.  So put in your fully qualified name that resolves via your dns running on pfsense or its IP address.
    Where can I find the name of my plex, it's IP address is 192.168.30.5.
    What is the firewall rules on your lan 192.168.30/24 network?  Also when you say you moved you mean you created a vlan on pfsense?  You connected it to a different nic on pfsense and a different switch?
    See first question.  ;-)  My DMZ (192.168.31.1) is a new NIC in my pfSense box.  This is connected to a wireless router that has 5 CAT5 jacks one of which has my Roku plug in.


  • LAYER 8 Global Moderator

    Connected to a wireless router?  Doing NAT??  Or you have it running in AP and your roku for example is what IP??

    Ah so your roku is on your dmz..  And your plex is on your lan 192.168.30/??  24 I assume and your 31 is also /24?

    Ok what rules did you put on your dmz interface - new interface in pfsense, ie opt will not have any rules and will block ALL traffic.. So you would have to allow rule to your 192.168.30.5 (plex)

    As to how do you find its name?  So you don't know the name of the devices on your network?  What did you call it when you set it up?  What domain is pfsense setup for, for example I use local.lan  Is your plex box dhcp or static?  Do you run forwarder or resolver on pfsense?  Do you have it set to register dhcp clients?  Create a host override for whatever you want to call your plex..  I call mine storage because plex runs on my storage vm ;)

    You don't have to use name, tell your roku the IP of your plex.  Create a rule on your dmz interface to allow 32400 to your plex that is the default port.. Can you post up the firewall rules you have on your dmz..



  • Hey John, thanks for putting up with me.  ;-)

    I have been reading up on Rules.  I see a post on making a rule to let my DMZ traffic out to the internet and a rule to block any DMZ traffic to my LAN (http://lutung.lib.ums.ac.id/freebsd/pfSense/docs/dmz.html).  If I don't have any rules set up, would my setup basically be operating like it was before I put in the third DMZ NIC?  Currently with no rules my thermostat and SmartThings HUB which are on my 'DMZ' NIC work just fine.  Actually, to get Plex working on my Roku, instead of connecting hardwire to a switch on the DMZ, I just told the Roku box to connect wirelessly to my LAN.  I really want to keep my Roku on the DMZ so that is where I was going with this thread.

    The wireless routers I have are running in AP.  Both LAN and DMZ are /24.

    If I look at my DHCP Leases, my Plex server is at 192.168.30.5 (static) and the Hostname is 'Plex'

    Actually I do have a WAN rule set up in my pfSense box to pass WAN TCP port 32400 to 192.168.30.5.


  • LAYER 8 Global Moderator

    Dude what part of this do you not get??  When you create a new interface there are NO rules.. everything outbound from that segment would be blocked.. Talking to it from your lan would be fine.. But devices on that dmz would not be able to talk to anything, internet, etc..

    Here are my dmz rules for example

    So first 2 rules allow ping to pfsense IP address both ipv4 and ipv6 in the dmz segment, my case 192.168.3.253/24 and 2001:snipped:3::1

    I then allow devices in the dmz segment to ask pfsense for dns.

    I then block any and all other traffic both ipv4 and ipv6 to any other IP address of pfsense, this include wan other lans etc etc.. And I log this traffic I want to see if trying to talk to pfsense on some other port, etc.

    I then have rule that says hey you not going to any of my local networks, that are all in rfc1918 space then go and do whatever..  Ie this allows device on dmz to access the internet.  Last rule is same as the rfc1918 one allows ipv6 traffic out to the internet but not to any of my other local ipv6 segments.

    If you want devices on the internet to be able to create traffic to the internet then your going to need some rules.  For example want your roku to check the internet for updates..  When you connected your roku to your wireless then its no longer on the dmz..

    2nd attachment is my roku segment

    So here you see I allow it to ping pfsense ipv4, I allow it to use pfsense for dns.  I also allow it to talk to my ntp servers..  I also allow it to access my plex server that on different segment at 192.168.9.8/24  I then block any other traffic to any other pfsense IP and log that.  I then let it do what it wants outbound to the internet..





Log in to reply