• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Need to create a NAT rule for PLEX streaming

Scheduled Pinned Locked Moved NAT
15 Posts 7 Posters 8.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    TyMac
    last edited by Jan 2, 2015, 8:12 PM

    My roommate has to have PLEX streaming on port 80 so I tried to create a NAT rule. After creating it and surfing to the public IP I could see my pfsense admin page… not good!  :o How can I make sure the admin console is not available on the WAN and forward port 80 to my nat address 192.168.0.100?

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Jan 2, 2015, 8:24 PM

      Well for starters where are you coming from when you try and going to your public IP?  From your 192.168.0 network? That is nat reflection or loopback forwarding..  Did you enable that?

      To send traffic from the public internet to 192.168.0.100 (this is the plex address)

      This is all you have to do - see attached.  Under firewall, nat, port forward tab click the little plus button to add a port forward. It will auto create the firewall rule to allow the traffic.  Then validate it from OUTSIDE your network - you can use something like canyouseeme.org

      edit:  My bad I have a typo in my screenshot where I put 192.168.1.100 vs your 192.168.0.100 - but think you should be able to know that is where you put in the IP address of your plex box.

      portforward80.png
      portforward80.png_thumb

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • T
        TyMac
        last edited by Jan 2, 2015, 8:33 PM

        Looks like the admin page is actually blocked when coming from an extrenal ip - where do I find "nat reflection or loopback forwarding"?

        I've added in the rule but I cannot test it since I don't use PLEX - have to wait for my roommate on that one - the rule is attached - why is the NAT rule grayed out?

        nat1.png
        nat1.png_thumb
        nat2.png
        nat2.png_thumb

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Jan 2, 2015, 8:37 PM

          you don't have it enabled..  Do you have the disable checkbox.. You can see if the port is open by going to canyouseeme.org and putting in port 80

          And you sure don't need UDP…

          Why do you want to enable nat reflection?  Its pointless and to be honest shouldn't even be an option ;)  I would not suggest you do anything with it - if you want to hit his plex server - then go to the 192.168.0.100 address since your on that network already..  Create a dns entry in pfsense for plex.yourwhateverlocal.tld and there you go ;)

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • T
            TyMac
            last edited by Jan 2, 2015, 8:52 PM

            @johnpoz:

            you don't have it enabled..  Do you have the disable checkbox.. You can see if the port is open by going to canyouseeme.org and putting in port 80

            And you sure don't need UDP…

            Why do you want to enable nat reflection?  Its pointless and to be honest shouldn't even be an option ;)  I would not suggest you do anything with it - if you want to hit his plex server - then go to the 192.168.0.100 address since your on that network already..  Create a dns entry in pfsense for plex.yourwhateverlocal.tld and there you go ;)

            Yeap had the rule disabled - forgot I got scared :)

            NAT reflection is what is allowing me to see the admin interface when I type in my pub addr on my lan connected workstation right? I don't like that and I did not enable it. I'd just assume see nothing or what I'm supposed to see form the internet.

            canyouseeme.org does not seem to work due to the double nat I have to have set up right now. 192.168.0.100 is actually another router. If I browse locally I can see the XML for plex. Coming in extrenally I still don't see it… but I'm on my iPad so it could be a iOS thing.

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Jan 4, 2015, 1:09 PM

              "192.168.0.100 is actually another router."

              Why??  For what possible point could you have to double nat in your own network?  But if your going to forward traffic to another router, then that router would have to forward the traffic to where you want it to go..

              Nat reflection is not on by default, you seeing your pfsense admin interface was because your coming from the inside hitting your public IP and you had a forward setup..

              Why do you have a double nat??  For what possible reason would anyone want that?  Did you need some more ports so you bought another router vs a switch?  You don't know how to use a wifi router as just an AP?  What?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • T
                TyMac
                last edited by Jan 4, 2015, 5:37 PM

                Double NAT is due to transition to the new pfsense router. Mt roomates don't want to have to re do their network and they've used dhcp assigned ips. That is a battle for a different day however.

                I still cannot connect externally… Here are the screenshots of the rules I made. Not sure if the webgui listening on port 80 is causing the issue?

                plex1.png_thumb
                plex1.png
                plex2.png
                plex2.png_thumb

                1 Reply Last reply Reply Quote 0
                • T
                  TyMac
                  last edited by Jan 4, 2015, 6:20 PM

                  Forgot to add the old router has port 80 open on it forwarded for the PLEX server behind it.

                  1 Reply Last reply Reply Quote 0
                  • W
                    Wolf666
                    last edited by Jan 5, 2015, 9:00 AM

                    Plex standard/default port is 32400…. each NAT rule should point to Plex_Server_IP:32400.

                    Modem Draytek Vigor 130
                    pfSense 2.4 Supermicro A1SRi-2558 - 8GB ECC RAM - Intel S3500 SSD 80GB - M350 Case
                    Switch Cisco SG350-10
                    AP Netgear R7000 (Stock FW)
                    HTPC Intel NUC5i3RYH
                    NAS Synology DS1515+
                    NAS Synology DS213+

                    1 Reply Last reply Reply Quote 0
                    • J
                      johnpoz LAYER 8 Global Moderator
                      last edited by Jan 5, 2015, 12:52 PM

                      "Mt roomates don't want to have to re do their network and they've used dhcp assigned ips"

                      And who says they would have to redo anything???  Dhcp means they would just get the new IP scheme if you changed..  Or you could just use whatever IP scheme they used if you wanted, etc..

                      You have a block rule saying lan users can not go to NA?  Africa, SouthAmerica - where are they coming from?

                      Here is the thing port forwarding it really drop dead simple - click click, as I showed you..  If you are having problems with it.. Either the traffic is not on the port you think it is, your not even listening on the port where your sending it, your sending it to the wrong place..  Or the traffic is not even getting to you..

                      You clearly have a double nat - for all I know its a triple nat..

                      Here - https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

                      As mentioned on plex - and by wolf the plex port seems to be 32400

                      https://support.plex.tv/hc/en-us/articles/200931138-Troubleshooting-Server-Connections

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • jahonixJ
                        jahonix
                        last edited by Jan 5, 2015, 1:04 PM

                        @TyMac:

                        …and surfing to the public IP I could see my pfsense admin page... not good!

                        Additionally, it could be beneficial to allow access to pfSense on HTTPS only.
                        This can be set at:  System | Advanced | Admin Access
                        Obviously, this doesn't solve your initial problem for which you got great answers already.

                        1 Reply Last reply Reply Quote 0
                        • C
                          Cino
                          last edited by Jan 5, 2015, 2:41 PM

                          That is correct, Plex using port TCP 32400.  In Plex GUI under Connect (Show Advanced) Check the checkbox for 'Manually specify port' Make sure its 32400.

                          pfSense UPNP doesn't auto create the rule correctly so you will need to setup a NAT rule as state before. I have my dest and redirect port set to 32400. Works with no issues…
                          But not sure how this will work being double/tripe NATed...

                          1 Reply Last reply Reply Quote 0
                          • S
                            stanthewizard
                            last edited by Feb 18, 2015, 4:29 PM

                            I got a strange issue
                            Everything seems to be fine since I upgraded to 2.2

                            BUT

                            for plex

                            Server is mapped to 32400
                            I can see the server
                            I can navigate
                            But no streaming of video …
                            With a VPN no issue

                            Any idea ?

                            1 Reply Last reply Reply Quote 0
                            • L
                              lmartinez073
                              last edited by Feb 18, 2015, 5:14 PM

                              Hi all

                              I was trying to do the same. I want to open 80 or 443 and when I check on canyiuseeme.org the port is close. Any advice?

                              I followed the how to and I still not able to open a port.

                              1 Reply Last reply Reply Quote 0
                              • J
                                johnpoz LAYER 8 Global Moderator
                                last edited by Feb 18, 2015, 5:25 PM

                                For starters are you behind a NAT?  Did you tread the port forwarding troubleshooting guide?  Did you go through the steps there?

                                https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

                                Does your ISP even allow inbound traffic to 80 or 443.. Many of them may block this because your not allow to run servers on their service - check with your ISP.  Per the troubleshooting guide.. Sniff on your wan in pfsense packet capture, go to canyouseeme.org and generate traffic - do you see it in your sniff.. If not then your behind a nat that is not forwarding to you, or you isp is blocking, etc.

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.8, 24.11

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                  [[user:consent.lead]]
                                  [[user:consent.not_received]]