Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with NAT

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      samfisher06
      last edited by

      Hello All,

      The Problem I am encountering regarding my NAT settings. I have 4 NAT conditions that do not seem to work.
      d196feae-a3ba-46d3-bae5-a46279e0382c-image.png

      For the sake of brevity the 4 rules are basically the same with the exception of different ports. Id like to focus on the first rule for remote access to my plex server, settings below:
      3b4299c2-a5a3-4290-ac65-653f3aef9042-image.png

      I have tested the ports using the pfsense built in Test tool within the diagnostics menu to see if the port was open, it shows that it is.
      54c0ce8d-262d-4f7b-bdca-a19be03783f1-image.png

      Although, when I go to a website for further testing (canyouseeme.org), it fails with connection timed out. I am not sharing the snip because I do not want to redact my IP - if needed I will.

      The machine the plex media server is running on has the following firewall rule directly associated with 32400 (UFW), see below:
      5194ddb2-115a-4ab1-9e02-cf5d15286fd6-image.png

      General network configuration.
      SB6190 (Comcast - FML) modem, to(ethernet) Pfsense router, to(fiber) core 10Gig switch, to(fiber) 10Gig Switch, to(fiber) Server.
      I am able to access the server within my LAN (ports: 32400, 8096, and 8920) which leads me to conclude that my server UFW is configured correctly.

      FWIW the NAT rules for ports 8096, 8920, and 51001 all exhibit the same problems. However, the program that uses 51001 does appear to act correctly even though the remote test fails (canyouseeme.org) while the pfsense and app report correct functionality. I am not sure if this a irrelevant to my problem but I am trying to give as clear a picture as possible.

      Moreover, the two NAT rules for Emby fail and I am not able to access the Emby server remotely - ironic that this problem led me down this rabbit hole.

      I am sure I did something stupid and would appreciate any and all help.

      If you need active snippets of my log, please provide parameters/directions and I will reply.

      Cheers and happy New Year.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @samfisher06
        last edited by

        @samfisher06
        Ensure that the destination machine on 192.168.1.70 does not block the access. Usually computer firewalls block access from outside of the own local subnet.

        1 Reply Last reply Reply Quote 1
        • MikeV7896M
          MikeV7896
          last edited by

          I agree... I'd check that firewall rule on the server... the source is not likely 192.168.1.0/24 if the traffic is coming from the internet.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 1
          • S
            samfisher06
            last edited by

            Thank you both. I knew I had missed something, Cheers.

            To anyone else reading this.
            on an ubuntu server hosting a service such as plex or emby the UFW entry I made was as follows:

            sudo ufw allow in on <your interface used> to any port 32400 proto <what the service protocol required> comment '< in this case its for plex, "plex Externa connection">'

            Thank you very much again, please mark this as closed.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.