Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    link-local addresses flooding logs - Plex on Synology

    General pfSense Questions
    3
    11
    680
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @vronp
      last edited by johnpoz

      @vronp said in link-local addresses flooding logs - Plex on Synology:

      I guess I can turn off discovery on Plex

      You would think huh - but that options seems to not work.. I tried for a long time to turn it off.. Posted on the plex forums, was crickets.. I ended up just blocking the ssdp at my switch..

      Here, I turned it off so could do a sniff.. Every freaking 10 seconds.. I have found no way to disable this in plex, I have everything disabled for discovery. I even set some hidden server settings that you would think would turn it off.. I know for a fact its plex, because if I stop the plex application in my nas it stops..

      multicast.jpg

      I ended up just blocking it at the switch port that plex is connected to via a ACL so that the noise doesn't get onto the network.. I mean in the big picture its 1 packet ever 10 seconds.. But its pure utter BS, I should be able to turn that off in plex.

      But what you posted is different.. That is GDM discovery, which you might be able to turn off.. But from your posting I wouldn't think that should be able to go out your lan interface.. Why not actually just turn off the interfaces on your nas if your not going to use them.. That should keep plex from seeing the 169.254 IPs.. But plex even if thinks the box it has multiple IPs.. It shouldn't be sending on IP X from interface A out interface B, etc.

      I ran into somewhat odd issue something like this, but didn't notice any broadcasts on the wrong interface.. My nas has 2 interfaces 1 with 192.168.9.10 and the other with .11, plex is set in its networking tab to use .10.. But for whatever reason it was showing in the remote access tab that .11 was the IP it was using.. Which there is no possible way that was true, since I was not forwarding to .11, only .10 so there is no way that .11 was viable for remote access.. To clear it, I just disabled the .11 interface and restarted plex.. Now it shows correctly with the .10 address in the remote tab.

      Do you have some use for GDM? I find this feature pretty pointless to be honest - in what scenario would your plex server need to discover other players and servers on your network? So what if it finds them - what would you do with them from your plex server??

      Depending on your switch, you could block that traffic at the port your nas is connected too so wouldn't go anywhere on your network.

      edit: I dug up the old thread (2019) on the plex forums - one guy chimed in that he was seeing the same nonsense.

      https://forums.plex.tv/t/stop-pms-from-sending-ssdp-dlna-and-gdm-disabled/321779

      So I feel your pain, but the simple solution to the noise might just be turning those interfaces off on the nas if your not using them, so there is no 169.254 address for plex to see. Other "work around" for the noise would be to just create a rule in pfsense not to log that.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      V 1 Reply Last reply Reply Quote 3
      • V
        vronp @johnpoz
        last edited by

        @johnpoz Thank you for the very thorough reply. Disabling the unused interfaces is a great idea so I'll ssh in and give that a try. And yes, my mind is blown about it broadcasting on IP X (as you refer to it) from the other interfaces.

        Thanks again, this was very helpful.

        V johnpozJ 2 Replies Last reply Reply Quote 0
        • V
          vronp @vronp
          last edited by

          @vronp Bringing down the interfaces worked by the way. For those who will stumble upon this thread in the future, you need to ssh to the Synology and use the "sudo ifconfig" command to drop each unused interface.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @vronp
            last edited by

            @vronp let us know how it turns out.. I would think turning off the interface in nas and then restarting plex should keep plex from finding anything other than your 192.168.5.177 address.

            Sometimes I just don't get companies - I believe there was some sort of upnp/ssdp ddos amplification thing that plex was involved in.. But yet to provide users with a way to just turn it off?

            Here you go
            https://forums.plex.tv/t/security-regarding-ssdp-reflection-amplification-ddos/687162/1

            Yeah if you hadn't exposed your plex would of not been an issue.. But security 101, turn off or disable services you do not actively use.. If I have no use for UPnP.. I should just be able to turn it off. Period!! Same goes for any service on anything.. Be it DLNA, File sharing, ftp, ssh, http, if the box has support for protocol xyz.. There should be a way to turn it off for when they are not required..

            And to be honest these services shouldn't be enabled out of the gate unless its like the primary function or you can't even connect to the thing to configure if protocol X isn't on when you install it.. All optional services should be opt in, not opt out.. And stuff like this you can not even opt out of.. I have zero use for SSDP on my nas - ZERO!! The NAS software lets me disable it..

            services.jpg

            But then comes along an application - and no way to turn it off.. And they wonder why there are so many security issues.. Just lack of basic understanding of core principles.. Least privilege, you don't give billy root access when he doesn't need it.. And you shouldn't be running services/protocols that are not actively required for your network..

            Hey if you want to enable XYZ out of the box, because you have a bunch of grandmas that use your thingamabob - ok that would be one option.. Because grandma not going to be able to figure out how to turn it on to get her phone to find the printer via airprint unless its enabled by default on the printer.. But the printer for damn sure should have a way to turn it off, that grandma's 8 year old grandkid most likely could figure out how to disable ;)

            print.jpg

            Not meaning to rant - but this sort of stuff just blows my skirt up.. ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            M V 2 Replies Last reply Reply Quote 1
            • M
              mcury @johnpoz
              last edited by

              Same thing happens here.
              Synology DS218+ 7.2.1-69057 Update 4 | Bonjour and SSDP both disabled in the NAS.
              Plex version: 1.40.1.8173 | GDM and DLNA both disabled.

              Also, uninstalled media server app in the NAS, it helps.

              Problem:
              4847a947-afc4-40f1-a5a6-1846dc6dcb62-image.png

              I created a no log rule for multicast in my LAN interface because it is so annoying indeed.

              dead on arrival, nowhere to be found.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @mcury
                last edited by

                @mcury yeah that is for sure the plex doing it - I spent way more time than should ever be required for such a basic thing, and finally threw in the towel and blocked at my switch..

                If Plex was open source, I would of gone in and ripped out all the ssdp code even if didn't understand the language it was written in compiled my own copy.. Its just utter nonsense that I can not turn that off.. Even if its a super secret hidden setting.. I would be fine with that. This would for sure keep grandma from clicking the wrong thing and then something not working..

                https://support.plex.tv/articles/201105343-advanced-hidden-server-settings/

                I have used a couple of these for other things - why can't there be one to just turn off SSDP? GenerateBIFFrameInterval I have changed to 10 seconds vs the default 2, which saves quite a bit of space for the media thumbnails..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                M 1 Reply Last reply Reply Quote 2
                • M
                  mcury @johnpoz
                  last edited by mcury

                  @johnpoz hmm, I wasn't aware of these hidden settings, nice, I'll take a look at those today.

                  Edit: Oh, it is the Preferences.xml, of course I knew about it, used in the past to change the driver to fix a problem..

                  DlnaEnabled <- It is already disabled.
                  DlnaDeviceDiscoveryInterval <- What if we set this to something like 1200 ?

                  Disregard that, it is not going to work..
                  It defaults to 10s and that settings does nothing.

                  137f0a18-4ee6-4694-ac8d-319907b13c0c-image.png

                  dead on arrival, nowhere to be found.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @mcury
                    last edited by

                    @mcury yeah I spent quite a bit of time on this.. I could not find a way to disable it, or even change the time from 10 second to say 10 minutes.. So you can either block it where it enters your network, like switch port and a multicast acl.

                    Or if you can not do that and its filling up your logs in pfsense, setup a rule not to log it..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      mcury @johnpoz
                      last edited by

                      @johnpoz said in link-local addresses flooding logs - Plex on Synology:

                      setup a rule not to log it..

                      That is what I did.. I have a dummy switch between NAS and pfSense, so that is the only way to go.

                      31f13245-871f-4166-b30d-70cef63a50dd-image.png

                      dead on arrival, nowhere to be found.

                      1 Reply Last reply Reply Quote 0
                      • V
                        vronp @johnpoz
                        last edited by

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.