Issue with plex server after reboot



  • Hello all pf pro's,

    Im running a plex server on one of my machines. Everything runs nice and smooth, except when i reboot the plex server.

    Im running pf with multiple interfaces:
    LAN
    WAN
    VPN-DYN (VPN with dynamic public ip)
    VPN-STAT (VPN with static public IP)

    The plex server is given the static public ip from VPN. I have opened a port at the VPN-providers side that redirects to the plex server port. This is how it looks when its working.

    I have also set up a NAT rule for this.

    All this works fine, just untill a do a reboot on the plex server. For some reason its not possible to access the port 64603 from the outside after a reboot. I have tried everything i can think of, but to make it work i have to reboot the entire pfsense box.

    I tried to restart the service that holds the vpn-connection, restarted upnp service, reseted states, disabled and re-enabled nat rule but nothing works. Like i said, i must do a full reboot.

    Does anyone have any idea why this happens or have a solution thats better than rebooting the entire pfsense box?

    Thanks!




  • Banned

    The pics don't work. You can use attachments.



  • @doktornotor:

    The pics don't work. You can use attachments.

    Thanks for info, fixed!



  • He means you can directly upload your images here without having to link to an external site.  When you post, click the Attachments and other options, Attach, Choose file and select your image.



  • @KOM:

    He means you can directly upload your images here without having to link to an external site.  When you post, click the Attachments and other options, Attach, Choose file and select your image.

    So now that we got that out of the way, is there anyone that can help me with the actual issue?


  • LAYER 8 Global Moderator

    How exactly are you trying to access it, via plex.tv or via the actual ports you have setup and forwarded and the IP or name for that IP that resolves correctly.

    Plex likes to do a lot of stuff automatic for the typical user of plex that doesn't understand any of this ;)  If you hit your IP and port that you have forwarded directly.. Then it would be forwarded..  Does not matter if the client behind the forward reboots or not or is even on.  Pfsense sees traffic to its IP on port XYZ that says forward to port ABC IPX then that is what it does..



  • @johnpoz:

    How exactly are you trying to access it, via plex.tv or via the actual ports you have setup and forwarded and the IP or name for that IP that resolves correctly.

    Plex likes to do a lot of stuff automatic for the typical user of plex that doesn't understand any of this ;)  If you hit your IP and port that you have forwarded directly.. Then it would be forwarded..  Does not matter if the client behind the forward reboots or not or is even on.  Pfsense sees traffic to its IP on port XYZ that says forward to port ABC IPX then that is what it does..

    Thanks for the reply johnpoz,

    I see directly in the plex server GUI if its accessible or not from the outside. But i also tried to scan the port myself to see if its open or not. And after the plex server reboot, the port is not accessible from the outside. But after i reboot the pfsense box, its back to normal and accessible from the outside.

    If i do a port scan right now when everything works as normal it looks like this
    _Nmap scan report for 46---.pool.ovpn.se (46...)
    Host is up (0.047s latency).

    PORT        STATE    SERVICE
    64603/tcp  open    unknown_

    But if a do a reboot on the plex server then this port will not be accessible from the outside. And if its not pfsense that is the issue here, why does it work after i reboot pfsense?


  • LAYER 8 Global Moderator

    Your hitting some vpn IP.. Which prob changes on a reboot of pfsense which has to create a new connection.  For what possible reason is there to host plex off an endpoint of a vpn?  Other than extra overhead.. Does your ISP forbid running servers?



  • @johnpoz:

    Your hitting some vpn IP.. Which prob changes on a reboot of pfsense which has to create a new connection.  For what possible reason is there to host plex off an endpoint of a vpn?  Other than extra overhead.. Does your ISP forbid running servers?

    Im using VPN for that machine. Its with a static public IP, so no change on the IP. My pf is configed so that 2 machines on the network get the static IP from the VPN provider and the other machines that go through the DHCP gets a dynamic IP from the VPN provider. My ISP does not forbid running servers, but i want to run the server of from a VPN for several reasons.


  • LAYER 8 Global Moderator

    Well how is plex reporting its public IP.. See on the page it shows its public IP.  Is that IP correct?  If you lost your vpn connection and brought it up is that vpn IP.

    "The plex server is given the static public ip from VPN. "

    How is that??  Your running vpn on the plex server directly?  Or you policy routing it via client connection to vpn server.. If your running vpn on the plex server pfsense has zero to do with this, etc…

    Your going to have to give some more details of how you have this setup...



  • @johnpoz:

    Well how is plex reporting its public IP.. See on the page it shows its public IP.  Is that IP correct?  If you lost your vpn connection and brought it up is that vpn IP.

    "The plex server is given the static public ip from VPN. "

    How is that??  Your running vpn on the plex server directly?  Or you policy routing it via client connection to vpn server.. If your running vpn on the plex server pfsense has zero to do with this, etc…

    Your going to have to give some more details of how you have this setup...

    Ofcourse im not running a VPN-client directly on the server, then i would looked elsewhere for the issue.

    Here is some info about my setup and how the clients get the public ip's from the vpn-provider.

    I have 5 interfaces.

    I got 2 connections for the vpn clients. One to get a static public IP. And one for the dynamic public IP.

    The gateways for each interface

    The gateway groups

    The NAT Outbound rules

    The LAN firewall rules. As you can see the setup goes like this:
    All local IP's from 192.168.1.2 to 192.168.1.62 Get the static public IP from the VPN provider. (OVPN-STAT)
    All local IP's from 192.168.1.128 to 192.168.1.254 Get the dynamic public IP from the VPN provider (this is also the dhcp pool) (OVPN-DYN)
    All local IP's from 192.168.1.64 to 192.168.1.127 Get the public IP from my regular ISP (WAN)

    LAN DHCP

    DHCP Static routes

    Here is the portforward. 64603 > 32400

    I hope this will give you some more insight how the network is built.

    Thanks!











    ![firewall lan.png](/public/imported_attachments/1/firewall lan.png)
    ![firewall lan.png_thumb](/public/imported_attachments/1/firewall lan.png_thumb)






  • LAYER 8 Global Moderator

    " clients get the public ip's from the vpn-provider."

    The client is doing no such thing!!!  pfsense gets an IP from your vpn..

    So your vpn interface on pfsense if its sees traffic to 64603 it forwards it to your pflex server 192.168.1.8..

    Here is the thing how does does rebooting your plex server have anything to do with that??  Nothing!! It has NOTHING to do with that.. You could reboot every device on your network and does not matter.  You set pfsense to forward traffic it sees on this interfaces IP on this port to this 192.168.1.8.. Doesn't matter if plex server is running or not.. As long as pfsense can arp for the mac of 192.168.1.8 it would send the traffic there.

    So what I would suggest is you figure out why when plex restarts your having whatever problem it is you think your having.. Again.. How are you trying to access plex server - from where??  Why don't you go to can you seeme.org and generate traffic to your IP that you have on your vpn interface.. To the port 64603.. Do you see this traffic at pfsense?  Sniff - does pfsense send it on to 192.168.1.8??

    You got failovers on your multiple wan options, you have an overlap in your manual outbound nat.. So which one is getting used the /24 or the /26 etc. etc.. Since that would be an overlap for your 1.8 address..


Log in to reply