Plex keeps changing from nearby to indirect

  • So I just swapped from a Watchguard router to a new pfSense install on a Dell PowerEdge r610 I had sitting around and it seems to all be working fine with the exception of my Plex. I changed to pfSense specifically to resolve the DNS rebinding issue with Plex. I've added the proper rule under the DNS resolver settings and I was so happy to see my Plex on my ATV4, iPhone, etc all change to "nearby." I'm running the latest version of Plex for Plex Pass subscribers and the newest pfSense. The Plex is set for secure and remote access is setup and green so I know the port NAT rule I setup is working as is the auto created corresponding firewall rule. My issue is that after a short period of time, all my devices change back to indirect and the remote access in Plex goes red again. Weird thing is if I reboot the pfSense box, it starts working again but only for a very short time. I am fairly new to pfSense. I used M0n0wall back in the day and played with pfSense very little so any help would be greatly appreciated.

  • Why do you need a DNS resolver rule to run Plex on your local LAN? Works fine for my locally and remotely without any resolver rules.

    You might try adding your LAN IP to the Plex server network setting: List of IP addresses and networks that are allowed without auth

  • I already added the local IP address to Plex and it didn't make any difference. I'm not sure what but something within pfSense is causing this to stop working after roughly 10 minutes after having rebooted pfSense. I also do want the remote working and that stops working at the same time the main issue starts. I've restarted the Plex service and that didn't help. The only thing hat fixes it, albeit only for a few minutes, is rebooting pfSense.

  • I have been playing with this some more and I disabled the WAN link in pfSense and then Plex went back to "near by." I read something that said I could change the NAT reflection settings as well and when I tried that, it went to showing remote, which is better than indirect but still not the expected or desired behavior. I am at a loss at what to do. I am in the process of spinning up a new Plex VM and moving everything over to it just to make sure there isn't something wrong with the correct VM or Plex install. Any other suggestions in the meantime if what I can check in logs or whatever would be appreciated.

  • Finally figured this out. I had to change the NAT reflection option in the NAT rule for Plex to enable (pure NAT). As soon as I did that, everything started working fine. Secure is set to always and clients on the LAN show he Server as nearby and remote clients as remote. I don't understand why this would need to be set this way but I am glad it's finally working.

  • Under DNS resolvers, what setting do you have for "System Domain Local Zone Type?"

    If you have it set to "Transparent" change it to "Type Transparent"

    You'll be able to get rid of the custom resolver rule & your NAT rule and you'll find that Plex web loads a whole lot faster.

  • I'm using DNS forwarder instead of the DNS resolver. I have a domain override for set to Should I swap to DNS resolver instead? Is the correct rule to put in the custom options:
    server: private-domain: ""
    Would this have any effect on the other issue I am having that I posted about for RDP on my local LAN?


  • It sounds like NAT reflection is causing your RDP problem. It's a bit of a messy thing so I think you'd want to get rid of it in which case it sounds like switching to the DNS resolver may be the answer.

    Originally I had the 'private-domain: ""' custom option in the resolver. This did make things work but when first starting a plex app, it would take several seconds for the servers to show up. The source of this problem I think was actually my use of OpenDNS as they block DNS rebinding and it takes a second for Plex to work around it (or something like that). If you use a different DNS provider this setup may work fine for you.

    I found the better solution is to change "System Domain Local Zone Type" from "Transparent" to "Type Transparent" and then add a Domain Override (under DNS Resolver) for the domain "" telling it to use Google DNS ( After this things worked perfectly.

  • First, I wouldn't enable NAT Reflection on a global level. It can be set for each NAT rule individually, and that's how I would do it as not everything needs it. I do have it enabled for my Plex port forward, and have found things to work seamlessly with it this way. It's actually required for Sonos to be able to access Plex because of a limitation in Plex's Sonos implementation.

    Using the custom setting for DNS Rebinding would be a good idea too. I also have this set in my DNS Resolver settings. There is also a setting for DNS Forwarder (dnsmasq). Both can be found here.

    And if you're forwarding DNS to OpenDNS or somewhere else that blocks DNS Rebinding on its own, a domain override for the domain would be good too, though I'd override with Plex's own DNS servers instead of using another DNS provider to remove a variable from the equation.

Log in to reply