Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Plex Blocked for External Access

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 3 Posters 605 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rubber_duck13
      last edited by rubber_duck13

      Hello, I have a Plex server running in my LAN that works great internally and is able to download meta data, etc. However, the remote access is not working to watch plex outside my network. This did work at one time, not sure when it quit or what changed that would have caused the issue. For those familiar with Plex, in the Remote access area, when I test external access, it will show it working right after a test, but after about 5 seconds, it then switches to not available.

      I have port 32400 forwarded to the server and a NAT entry as well.

      In the firewall logs I am seeing blocks from that could be causing this on the LAN interface to external. The rule blocking these is "Default deny rule IPv4 (1000000103)". The weird thing is that the protocol is "TCP:FPA" and "TCP:RA" for these entries in the logs. All "TCP" protocol entries are allowed/not blocked.

      I did some reading and the info I found talks about asymmetric routing. I do have a dual WAN setup, the gateway group is setup for "member down" as the trigger. I did try to set my gateway to WAN1 (take it out of multiwan), but that didn't work.

      I found this article and tried to do the manual fix under it, but that didn't work (its possible I set it up incorrectly...).
      https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html

      Anyone know how I can resolve this issue so Plex can be reachable from outside my network?

      J johnpozJ 2 Replies Last reply Reply Quote 0
      • J
        Jarhead @rubber_duck13
        last edited by

        @rubber_duck13
        The only reasonable reply is do not open any ports and setup a vpn for remote access. Opening ports is never a good idea especially for known ports like plex.

        Someone else will chime in and be able to help you if you really want to keep the port open but it's too easy to use a vpn not to.

        R 2 Replies Last reply Reply Quote 0
        • R
          rubber_duck13 @Jarhead
          last edited by

          @jarhead

          That sounds fine, I have a vpn setup for other reasons, I can see if I can jump off that to get this working.

          I would still like to know the answer either way, just for curiousitys sake.

          1 Reply Last reply Reply Quote 0
          • R
            rubber_duck13 @Jarhead
            last edited by

            @jarhead
            I was able to setup a VPN, things seem to be working after going that route.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @rubber_duck13
              last edited by

              @rubber_duck13 if you have dual wan - then yeah sure you could have an issue where replies maybe go out the wrong wan.

              But if you have vpn that works for you - that works too.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              R 1 Reply Last reply Reply Quote 0
              • R
                rubber_duck13 @johnpoz
                last edited by

                @johnpoz
                I assume that is why I was having issues. My question is, is there a way to force the replied to go out on the same WAN they came in one unless the WAN is down? I thought the way I was setup, that it would only fail to WAN2 if WAN1 was completely down.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @rubber_duck13
                  last edited by

                  @rubber_duck13 have no idea how your setup - but reply to should be set and yeah should return via the connection that came in on..

                  https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#disable-reply-to

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.