New pfSense and Plex Media Server



  • Hi, I'd like to start by saying that I realize this has been posted a few times before and that I've gone through each thread I've found. None of them are applicable/their solution didn't work for me.

    I've just set up pfSense for the first time, the only change I've made is adding Snort but I've had that disabled since I hit my current problem. To keep things simple while I'm figuring this out I've been trying to forward port 32400 straight to my server, I've attached pictures of my current configuration. When I enable UPnP it works, I have also attached a picture of the UPnP status when enabled. I have seen in other threads (atleast a year old though) people both saying that their configuration just works with a simple port forward, am I doing something wrong ?

    ![firewall nat.JPG](/public/imported_attachments/1/firewall nat.JPG)
    ![firewall nat.JPG_thumb](/public/imported_attachments/1/firewall nat.JPG_thumb)
    ![firewall rules.JPG](/public/imported_attachments/1/firewall rules.JPG)
    ![firewall rules.JPG_thumb](/public/imported_attachments/1/firewall rules.JPG_thumb)
    ![upnp enabled.PNG](/public/imported_attachments/1/upnp enabled.PNG)
    ![upnp enabled.PNG_thumb](/public/imported_attachments/1/upnp enabled.PNG_thumb)


  • LAYER 8 Global Moderator

    What exactly is not working?  You can not access it from outside, or you trying to hit it from another machine on your same lan?

    All you should have to do is simple port forward.  When have opened this I have just used a port forward.  But I have no reason to open it other than testing, I just vpn into my network when I want to access my plex while on the road.

    What is your use case for wanting your plex open to the internet?  Are you wanting friends to be able to access it, while you are away?

    How exactly are you testing it when you do the port forward, same method when using the UPnP method?

    When you do the port forward method, are you setting up plex as manual?

    So you can see here simple port forward, my plex shows its available from outside.  Make sure you public IP listed is your actual public IP see arrow on my pic.  Also make sure your seeing traffic on your firewall rule.. If you show that plex is not available in the server remote section of plex and you hit retry on it.  You might have to close the page and then reenter it since your browser might be caching, etc.




  • Thanks for your reply John.

    I just logged in to verify my information before I answered you, and now it works. I really don't understand this, the last changes I made were approx. 18 hours ago and it still wasn't working when I logged 45 minutes ago just to take those screenshots.

    Well, I'm happy that it is though, just wish I knew what's going on  :D


  • LAYER 8 Global Moderator

    So you did it via upnp first, and then you tried to do manual?  Did you clear the upnp sessions and make sure there were no hanging states open using that 32400 port?



  • The first time 'round, I tried port forwarding. When that didn't work I tried UPnP. In the process of getting this to work I must've went back and forth between UPnP and NAT a few times. UPnP assigned at least three different external ports (and each one worked) when I activated after fiddling with the NAT rule. Every time I changed between NAT and UPnP I went to Plex and set the manual port setting accordingly. I did not make sure there were no hanging states however, I'm not sure how to do that.


  • LAYER 8 Global Moderator

    diagnostics, states.



  • Ah, of course. I'll keep that in mind if it acts up. Thanks for your help!



  • I've found that in some cases, having NAT Reflection enabled can help with Plex apps on LAN devices connecting to the Plex server as well. In some cases, the app would either not connect, or not establish a secure connection with the server.

    You'll need to manually set up the NAT forward to get this setting, rather than using UPnP… but it may help with occasional or intermittent issues connecting to the server.

    I've especially found this to be necessary when trying to access the Plex server via Sonos, as Plex's cloud servers are telling Sonos to connect via the WAN IP address rather than the LAN one (since a Sonos system could be connecting to servers that are on or off-network).


  • LAYER 8 Global Moderator

    That sort of issue would be better fixed with a local host override or just turning off rebind protection for the plex.direct domain.  If your having issues you prob have issue with rebind protection.  Because the url you could use to access would be something like

    https://192-168-9-8.11b1ea3fe<snipped>92c7b8.plex.direct:32400

    Where that would be some random token.  You can find that in your xml.. go to
    https://plex.tv/pms/resources.xml?includeHttps=1

    You can set plex.direct to not use rebind protection so when you query for that name you get back your private IP.  Out of the box pfsense would block getting back rfc1918 for a query and you get back nothing.  So you see when I do a query for that fqdn get back no answers.

    I then add in the unbound advanced custom box to turn off rebind protection for plex.direct and then I get an answer back of my local IP.
    https://doc.pfsense.org/index.php/DNS_Rebinding_Protections

    private-domain: "plex.direct"

    See the rebinding section on the plex support site for https as well
    https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections


    </snipped>


Log in to reply