NAT issues to PLEX server
-
I have pfSense set up on a fairly new machine (Celeron 1037U with 8Gb - not virtual). In addition to LAN/WAN I have two OpenVPN interfaces configured (one for US and one for P2P - I'm in Canada).
In the pfSense home page all are showing as up and connected. Both VPNs appear to be working as my P2P can download and US can watch American Channels when local.
I've set up aliases for my Plex Server (IP, Ports, and Whitelist) and have set up a NAT Forward so I can watch Plex from an IP on the Whitelist. My configuration is:
NAT : Plex_pfSense_01.jpg
Rules : Plex_pfSense_02.jpgWhen I apply the Nat setup all works fine - but after a short amount of time I lose connection. When this occurs I simple click 'Save' and 'Apply' again and shortly after it starts working again.
Any ideas as to why this issue?
Edit:
Added Plex_pfSense_03.jpg (my LAN firewall rules)
Added Plex_pfSense_04.jpg (from firewall log - the source IP is definitely in the whitelist)
-
No ideas?
Reloading the rules seems to be a temporary fix - it will pass traffic but over a fairly short amount of time (15 minutes? +/-) the firewall blocks the traffic.
I think it may be tied to the alias settings. If I make a change to the whitelist alias and then commit the change the firewall will permit the traffic through the firewall. This seems to last longer but a reboot seems to start the problems again…
I say seems as I am only assuming - I don't think I'm doing anything other than the above...
-
If you think that the problem may be tied to the alias setting then I would suggest to try changing for a single host as a test. For more log detail, check Log packets that are handled by this rule for the associated filter rule.
Also run Diagnostics, States, Reset after the change before testing. Reset does not refresh the page so do it manually.
Are you using a mix of hostname and ip in the alias?
-
I will try your suggestions.
You asked if I was mixing domain names and IPs… Yes. Is this an issue? I removed the names and it seems to be up.
Hopefully this was the problem - but why?
If the simple answer is 'Don't do that' I'm fin with that... :D
-
The rule on LAN for the whitelist has nothing to do with port forwards on WAN to the plex server. The rule that matters is on WAN. The rule on LAN will only apply to connections initiated by the plex server to hosts on the whitelist.
-
You asked if I was mixing domain names and IPs… Yes. Is this an issue? I removed the names and it seems to be up.
Seems to be an issue when using a mix of names and IPs in an alias so be consistent to get it working.
-
@Derelict: Thanks for the info.
@gjaltemba: Keeping the alias separate is an easy fix - good to know it's the issue.
-
Just to note that there are some issues with mixing FQDN and static IPs in multiple aliases… in this bug report:
https://redmine.pfsense.org/issues/4296So for now what you did with the aliases is a good workaround.
One day it should all "just work" without a workaround.