Cannot Open Ports
-
Ok I had posted somethin g about no ports open for plex but i tried opening ports to other apps to no avail, I cannot open any ports for some reason, i tried Jellyfin and nothing is working. Can anyone please help i follow every instructions to the T. I even reinstalled pfSense barebone and still nothing can someone please help
-
@kilasin well first thing to check if your port forwards are not working is that traffic is actually getting to pfsense wan to be forwarded. Pfsense can not forward what it never sees.
Are you maybe behind a cgnat? Does pfsense wan IP start with 100.64-127.x.x - if so then no port forwards never going to work. Are you behind just another nat router? Does pfsense wan IP start with 10.x.x.x, 192.168.x.x, 172.16-31.x.x?
If you are behind a nat router, you would have to set that to forward traffic to what pfsense wan IP is, then you could forward on pfsense to what is behind pfsense, ie plex.
Are you using vpn in pfsense?
-
So My WAN does start with 100 see picture below
this is how i have my interfaces setupI am with Starlink as my WAN and WAN2 is my 5g
I have set my lan1 as 10.10*** and lan2 20.20
This is what it looks like when i did the port forwarding
they starlink router and 5g router both are on bridge mode so the only router that does any blocking is pfsense
i was using wireguard and pfblocker but i stripped everything barebone to make this work
-
Ya starlink is the problem .. So my next question is how can i go about this or am i SOL?
-
Since we know is Starlink i got another questiong then..
Do you think if i make a dynamic host or something or open ipv6 to get a static ip and then open port that way. Would that work?
-
@kilasin you would have to use something https://ngrok.com/ or cloudflare tunnel, or setup a vps somewhere and setup a vpn tunnel. Or other some other vpn service that allows port forwards. Or if they provide for unsolicited inbound on IPv6 with starlink.. I there was talk of that but not sure if available yet.
I think tailscale does something like the cloudflare tunnels called funnels or something.
But with cgnat - yeah your pretty much sol trying to do your typical port forward, because the traffic is never going to hit pfsense wan IP to be forwarded.
All of the work arounds for cgnat is creating an outbound connection to somewhere, that will allow you to send traffic down that specific connection. Cloudflare tunnels prob be the easiest.. Google for plex behind cgnat and you should get multiple ways.
Or get another isp connection that allows for inbound, doesn't have to be a static IP address. It just needs to allow for inbound traffic from the internet to your public IP address.. cgnat addresses don't route over the public internet.
-
TY so much for info i had no idea about the Starlink and port forwarding problem and cgnat thing im not a networking wizzy just a guy trying to be safe but i live in the woods pretty much so no other choice with Starlink
-
What IP address does Starlink provide?
With Starlink, you're stuck behind CGNAT on IPv4, so there's nothing you can do. However, they provide a /56 on IPv6, so you can do whatever you want with that.
-
@kilasin As mentioned IPv6 might be an option for sure. I believe IPv6 for starlink is available in almost all of their regions. You will have to lookup to get plex to work with it, I do believe there is a bit more to it than click use IPv6, etc. ( it might only be available via browser - you would have to do some research). I have seen walking through setting it up with a custom domain, etc. And complaints that their ipv6 support is lacking.. I haven't actually done it - because I just don't have any need for it at this time. I have a IPv4 that all my clients can access, adding Ipv6 to my setup would only complex it up for zero benefit. Even if @JKnott thinks I am single-handedly holding up global IPv6 rollout because I don't use it ;)
Also while you would hope all of your friends you want to share with have IPv6, they might not be able to access your IPv6 plex. But they could always go with a HE tunnel for ipv6 if their isp has not yet rolled out IPv6.. Mine hasn't for example.
If you are just wanting to access while your out and about, all phones really only have IPv6 so you should be good if doing that.. If your on some hotel wifi - yeah again they might not have IPv6.
A solution that would make sure you can access from anywhere would be like the couldflare tunnel.
-
@johnpoz said in Cannot Open Ports:
Even if @JKnott thinks I am single-handedly holding up global IPv6 rollout because I don't use it ;)
I'm sure there are a couple of others helping you.
However this is an example of why we should move entirely to IPv6. There are several threads here of people stuck behind CGNAT. As long as there are places where IPv6 is not available, there will be a big wall between them and their networks. While cell phones are certainly a way around this, you want to have plenty of data on your phone plan, if you do much of this.
Those who have IPv6 available, but don't enable it, are part of the problem.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
-
@JKnott said in Cannot Open Ports:
but don't enable it, are part of the problem.
No - they are not part of the problem, they are making their lives easier not using something that they have zero use for.
Stilling waiting you to name 1 actual resource that would require me to use IPv6.. Been years since been asking you for just one. ;)
My isp doesn't even provide IPv6.. Should dump them and get 1/4 the connection speed for the same price so I can have IPv6 - that provides me nothing currently? Will that shave off a nanosecond of global adoption, in the 20 plus years its already moving at snails pace?
The problem is until one of the big players make the call and says hey look we dropped our IPv4 support, you have to use IPv6 to get to us. And they can show that is saved them money - its going to continue to move along at its snails pace..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@JKnott Could you help me setup ipv6 on pfsense to work. I know am following guides but not understanding half the stuff to be honest and i figured that in plex i can use the ipv6 function to work so that seems like it can work flawlessly.
Regarding the plex its not for my friends but for me and my wife to be honest noone else has access to it and i travel a bit for work so i like having my plex setup.
I am using this guide
A big thank you for this. For anyone reading and has pfsense.
##############################################I am using: 21.02.2-RELEASE (arm64)
Step 1: Go to Interfaces > Your Starlink WAN Interface
** Note your interface id in brackets and remember it. Mine was (mvneta0.4090)
General Configuration:
You can keep IPV4 DHCP
Set IPV6 Configuration Type: DHCP6DHCP6 Client Configuration
With everything unchecked:
CHECK: Use IPv4 connectivity as parent interface
CHECK: Request only an IPv6 prefix
Set to 56: DHCPv6 Prefix Delegation size
CHECK: Send IPv6 prefix hint
CHECK: Do not wait for a RA
Save
Apply ChangesStep 2: Go to Interfaces > Your LAN Interface
Track IPv6 Section
IPv6 Interface: Starlink WAN
IPv6 Prefix ID: 0
Save
Apply ChangesStep 3. Go to System > Advanced then the Networking Tab.
CHECK: Allow IPv6Save
Step 4. System > Routing
Select your Starlink IPv6 gateway
Set Monitor IP: 2001:4860:4860::8888Step 5. Setup a Cron
Method 1: Cron Package
Go to System > Package Manager and open Available Packages Tab
Install Cron
Go to Services > CronAdd Cron and use the below settings: (Change my mvneta0.490 to your Starlink WAN id)
*/2
*
*
*
*
root
/sbin/rtsol mvneta0.4090
Save -
@kilasin said in Cannot Open Ports:
I am using: 21.02.2-RELEASE (arm64)
dude!! that is ancient version.. 24.11 is current - your first step would be to upgrade to a current and supported version of pfsense
-
@johnpoz ok i am using pfsense the current version 2.7.2 amd 64 but ya i cant find anything regarding guide that is current. i might be blind sorry mate like i said not networking guru here just a normal guy learning this stuff for my own safety and knowledge
-
@johnpoz said in Cannot Open Ports:
Stilling waiting you to name 1 actual resource that would require me to use IPv6.. Been years since been asking you for just one. ;)
As I mentioned before and you also mentioned in this thread, look at your cell phone. It's IPv6 only. Watch TV? If you get it from your ISP, as I do, there's a good chance it's over IPv6.
Yes, people like you are part of the problem, if it's available, in that they're discouraging the move to IPv6. Your ISP is also the problem. I'm in Canada, where my ISP/cable TV/cell network are all the same company and they've provided IPv6 for years. They've had native IPv6 on cable for around 9 years and used 6rd and 6to4 tunnels before that. Other companies provide IPv6, but one, Bell Canada, does not provide it to consumers, even though 3rd party ISPs that use Bell to reach their customers do. Even Bell's cell network doesn't do IPv6 properly. This makes Bell, like your ISP, part of the problem. The inadequacy of IPv4 has been known for decades, and there's simply no excuse for a) ISPs not providing it and b) customers who have it available but don't configure their routers to use what's already available to them.
As I mentioned a while ago, I took some networking classes, including TCP/IP, at a local college almost 30 years ago. Even back then, sitting in that class, I knew 32 bits was not enough. IPv6 was already in development back then and I first read about it in the April 1995 issue of Byte magazine. I have been an advocate of it since then, as it is simply what should be used, instead of all these hacks and hacks on top of hacks, just to get around the IPv4 address shortage.
As for the big carriers dropping IPv4, that means dropping something they already have, even when they provide IPv6. They'll continue to do so, as long as people insist on hanging on to IPv4, even if that means forcing them on CGNAT.
Maybe I'm of this opinion because most of my career, going back to 1972, has been in telecommunications, mostly data communications.
Incidentally, when I first started with IPv6, in May 2010, I used a 6in4 tunnel, though not with he.net. While I had a /56 prefix on my home network, I had my notebook computer configured to get a single address, with a 6in4 tunnel, when I was away from home. These days, I just fire up my VPN to my home network, if I need to.
Maybe you should be asking your ISP when they're going to get IPv6.
-
@kilasin said in Cannot Open Ports:
@JKnott Could you help me setup ipv6 on pfsense to work.
I can try, though I have no experience with Starlink. Here's my info on connecting to my ISP, though it also applies to others. What I find curious is your instructions say to request only a prefix, when the link I provided says they provide a /64 prefix for your WAN, which implies you'd get an address on your WAN port. However, that's not important as you don't actually need one and some other ISPs also don't provide one. One thing you could try is capture your DHCPv6-PD sequence, so that we can see what's actually happening. When you do that, post the capture file here, not what Packet Capture displays, as it doesn't show everything.
-
So i got the IPv6 running and got my lan also dchping addresses in IPv6 now to make this work with Plex lol
Also @johnpoz Thanks so much mate for helping and providing both options the tunneling and possibly ipv6
Both of you guys thank you.. I see you guys have differences however, having knowledge on both is extremely helpfull for not only me but everyone.
Sigh now next part of my problem pass through plex with ipv6 wish me luck
-
@kilasin said in Cannot Open Ports:
also dchping addresses in IPv6
You might want to consider using SLAAC, instead of DHCPv6, if you have any Android devices. Thanks to some genius at Google, Android doesn't support DHCPv6.
-
@JKnott
So I got my dchp6 working great.. I even have my unraid server having both ipv4 and ipv6 addresses which i can see in pfsense. I can log in plex anywhere woot woot ... Holy mollly this is amazing lol lol but wow phones and tvs already got ipv6 addresses and i can have access to use ddns on it,, I never knew this junk dude its good to know things
