Plex not working outside the network
-
Hi All,
I have just moved to pfsense running on a watchguard appliance.
I run plex from a synology nas and this is shared to a friend over the web. This was all working fine when i used a edge router x as the internal firewall behind a vodafone home modem router.I have port 32400 set to open on the vodafone and forwards to wan of pf sense. I have a nat rule to forward traffic to the internal ip of the synology. I have also added server: private-domain: "plex.direct" to dns resolver.
When i was using the edge router i could test the port 32400 from the web and it would say open. But now i get closed.
So i'm not sure what else i'm missing and if its saying closed from the web, is that the vodafone sending that back?
Any help would be much appreciated.
-
I have a simple NAT rule in pfSense and it works for me. My ATT gateway has pfSense in the DMZ so all ports are sent to pfSense.
It may take a packet capture to know for sure which system is rejecting the port.Does vodafone have a DMZ option?
-
Did your NAT rule also create a firewall rule? I think there is an option towards the botton of the NAT rule settings where you can see the associated "Filter rule association" (i just checked :) ).
-
Yes, there is a NAT rule and FW rule.
-
I have been running plex behind pfsense for years. And have many many people using it remotely.. And yes for last few years this has been on my synology nas (ds918+) Which works great btw.. Low power nas, with decent enough umph to handle multiple clients on 1080..
If can you see me . org test on 32400 is not working.. Then something wrong.. First test is to validate traffic actually gets to your pfsense wan. I use a different external port than internal - but this doesn't really matter for the sake of discussion. Lets call it security through obscurity ;) This is a way I can see what is just scanning or plex, and who are my true clients.
While running the test from the external - sniff on your wan and validate that traffic gets there.
No offense - but can we see these rules.. Users quite often say they did X, but find out they really did A+B^12x42
Do have any floating rules? What version of pfsense are you on? Do you have multiple wan? There is a known issues with port forwards and multiple wan only working with default gateway, etc. Do you have rule on top of the rule that allows that could block?
Do you get a green check mark in plex?
I currently use different external port, but it sends to plex on 32400..
Are you using say pfblocker auto rules to block countries? Or Ips - notice I use in my rules pfblocker to limit who can talk to plex. I have added to this list the status checking IPs they use to see if your plex is open.
I allow only US Ips, and the IPs from external check I do with status cake to notify me if plex goes down, and the IP that plex uses to check if plex is available remotely - these IPs sometimes change. Here is that url https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt
Is plex actually seeing your correct public IP? If you are routing traffic out a vpn for example - plex might think its X, while your real wan is Y.. Remote clients trying to go to X would never get to your plex.. Notice the IP plex is showing for its external in the remote setting.. Mine starts with 64, but that is my actual pfsense wan IP..
-
@johnpoz said in Plex not working outside the network:
I allow only US Ips, and the IPs from external check I do with status cake to notify me if plex goes down, and the IP that plex uses to check if plex is available remotely - these IPs sometimes change. Here is that url https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt
Hey, those are the best tips ever...
Just copied your setupJust not using the statuscake, to be honest didn't understand what it does..
-
Its a free service that can monitor stuff, ping, tcp ports, etc. And will send you alert if goes down. This way I know if my plex goes offline, and can fix before my friends and family start asking me why plex isn't working ;)
-
Very useful indeed.. I thought that my setup was good before... :)
-
Only thing is - if you limit IPs like US only, etc. Their IPs change now and then - so they could send you a false down alert.. So use their dynamic list they provide to make sure the IPs they might test from are allowed to talk to plex.
-
Only thing is - if you limit IPs like US only, etc. Their IPs change now and then - so they could send you a false down alert.. So use their dynamic list they provide to make sure the IPs they might test from are allowed to talk to plex.
Already set :)
-
You might also want to enable plex own checks to see that plex is available remote. Or plex itself might think its not available remotely - and you get stuck doing relay mode for remote users.
edit: Oh you have that one - if you want to use status cake you would want to add their ips
-
@johnpoz said in Plex not working outside the network:
You might also want to enable plex own checks to see that plex is available remote. Or plex itself might think its not available remotely - and you get stuck doing relay mode for remote users.
Already set :)
edit: Oh you have that one - if you want to use status cake you would want to add their ips
I'll add it, opened their website and it seems that I need an account to proceed, still checking how to proceed
-
Yeah you need an account - but they have a free tier that allows quite a few checks - its just some limitations on how many ips can check you, and from where - and how often you can check etc.
I just use the free service and have multiple things being checked not just plex.
edit: Here are my current tests
-
How I didn't hear about this service earlier? Man, that's very useful indeed..
It doesn't matter how I improve my network, there is always a last mile.. -
You can also setup status pages that your users can access and see if a service is up or down
They use to allow for custom urls on that - but that became a pro only feature - but non custom url still works for your users.
Another one you might look into - also free is uptimerobot
-
Based on your rules showed in a previous topic (no ICMP just plex port), they keep sending TCP SYN to the port configured to confirm if its opened.. Even better because if the WAN remains UP but the service goes down, they will track and keep a history of it..
-
Exactly - I have another test, that home that just pings my IP to see if my internet is up. But the tcp test tells me if plex went down, but my internet is still up.
More often than not its actual internet that goes down - but plex now and then does hang or crash, etc.
Or maybe I dicked with the rules and messed up remote access to plex, etc. Its great to have both tests internet, and then specific service.
-
That is useful to me as well, here where I live the Internet goes down everyday.. I'm not sure if its cabling here inside the building or if it's the ISP itself, I don't hear other users complaining so much as I do..
More often than not its actual internet that goes down - but plex now and then does hang or crash, etc.
A very fast troubleshooting that you could do through your phone
Or maybe I dicked with the rules and messed up remote access to plex, etc. Its great to have both tests internet, and then specific service.
Who never did it? :)
-
@mcury said in Plex not working outside the network:
Who never did it? :)
Exactly ;) hehehe - so its good to know very quickly if plex is no longer available when you might be playing with rules, etc.
And yeah you can see pretty easy right on your phone if total internet is down, or just something wrong with plex.. Great service - and very usable even at the free level.
-
@johnpoz Is it OK to just NAT stuff out? I have had my share of opening ports. Unless you are using another obvious anti scan tool, snort, etc, you'll get traffic from anywhere straight to your NAS for it to handle, how do you secure that?
Instead of doing that I just VPN in.
