Jump to content

Plex server behind SonicWALL. Plex remote access will not stay connected or allow original quality streaming unless port 32400 is used.

ThisIsCheez
By ThisIsCheez
in Networking
 Share
Posted

So I have a SonicWALL on my home network and a newly setup Plex server. Before I had the Plex Server app running on my QNAP NAS but recently moved it to a dedicated host.

 

 

The first funny thing is my QNAP is also behind my SonicWALL and I had to make no adjustments to my firewall for it to work correctly, just installed the app and it worked flawless.

 

 

The issue I'm having now is remote access constantly cuts in and out on my new Plex server so I setup firewall rules and NAT policies. It works great, but ONLY if I set the Plex remote access connection port to 32400 and do the same for my firewall rules and NAT policies. I tried settings it to 32401, I like avoiding default ports when possible, and every few minutes it will cut in between remote access being available and not available. Also, when it's connected with port 32401 I do not have the option for original quality streaming, unless I swap back to port 32400 then it will stay connected 100% and allow me to choose original quality.

 

 

Has anyone had a similar issue to this and has any suggestions?

 

 

So far I think I have a fix, but want some input on if this fix is the best option, or if there is abetter way.

If I change the public port on my Plex server to 32401 and have my inbound and outbound NAT policy to have the service source as 32401 and translated source as original I get issues, but instead of having the translated source as original if I change it to 32400 it seems to work. This still gives me my original goal of Plex not being accessible over the web by the default port of 32400 but if anyone else has another method they have tried or believe may be more secure please let me know.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
20 minutes ago, ThisIsCheez said:

Has anyone had a similar issue to this and has any suggestions?

Quote

Forward the Port in the Router

In order to forward a port for Plex Media Server, you’ll need three main pieces of information:

  1. WAN/External Port: Port 32400 (TCP) is default, but you can generally use any available port in the 20,000 to 50,000 range.
  2. LAN/Internal Port: This will always be 32400.
  3. IP Address: The local IP Address of the computer running the Plex Media Server. This is what you did above.

So the above info is from the Plex website. From what I have gathered you can use any external Port BUT the internal port used on the LAN side has to be the default port. https://support.plex.tv/articles/200931138-troubleshooting-remote-access/

 

Is this how you are setup? With the internal port set to the default and your just trying to change the External port? 

I just want to sit back and watch the world burn. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
Just now, Donut417 said:

So the above info is from the Plex website. From what I have gathered you can use any external Port BUT the internal port used on the LAN side has to be the default port. https://support.plex.tv/articles/200931138-troubleshooting-remote-access/

 

Is this how you are setup? With the internal port set to the default and your just trying to change the External port? 

Internal port is 32400, I am attempting to change my external port. If I just change the external port and setup my access rules and NAT policies to reflect the port I've changed it to it works intermediately. If I change my NAT policy to the new port but translate it to 32400 it works. I'm trying to find out if there's a way to get it to work without translating the service.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
25 minutes ago, ThisIsCheez said:

So I have a SonicWALL on my home network and a newly setup Plex server. Before I had the Plex Server app running on my QNAP NAS but recently moved it to a dedicated host.

 

 

The first funny thing is my QNAP is also behind my SonicWALL and I had to make no adjustments to my firewall for it to work correctly, just installed the app and it worked flawless.

 

 

The issue I'm having now is remote access constantly cuts in and out on my new Plex server so I setup firewall rules and NAT policies. It works great, but ONLY if I set the Plex remote access connection port to 32400 and do the same for my firewall rules and NAT policies. I tried settings it to 32401, I like avoiding default ports when possible, and every few minutes it will cut in between remote access being available and not available. Also, when it's connected with port 32401 I do not have the option for original quality streaming, unless I swap back to port 32400 then it will stay connected 100% and allow me to choose original quality.

 

 

Has anyone had a similar issue to this and has any suggestions?

 

 

So far I think I have a fix, but want some input on if this fix is the best option, or if there is abetter way.

If I change the public port on my Plex server to 32401 and have my inbound and outbound NAT policy to have the service source as 32401 and translated source as original I get issues, but instead of having the translated source as original if I change it to 32400 it seems to work. This still gives me my original goal of Plex not being accessible over the web by the default port of 32400 but if anyone else has another method they have tried or believe may be more secure please let me know.

I assume your qnap was able to upnp it’s way to victory, although I am not 100% sure of that.

 

I run pfsense and have to open the ports for this to work as well. Remember tho…. Security by obfuscation isn’t security, so I wouldn’t be terribly concerned about the port number. I understand tho, I don’t open up port 22 ever to the internet and use obfuscation for that even though I use RSA keys exclusively. But, still.

 

You could also VPN in when abroad and that would solve your opening up ports to Plex issue. 

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone 14 Pro - 2018 MacBook Air

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 minute ago, LIGISTX said:

I assume your qnap was able to upnp it’s way to victory, although I am not 100% sure of that.

 

I run pfsense and have to open the ports for this to work as well. Remember tho…. Security by obfuscation isn’t security, so I wouldn’t be terribly concerned about the port number. I understand tho, I don’t open up port 22 ever to the internet and use obfuscation for that even though I use RSA keys exclusively. But, still.

 

You could also VPN in when abroad and that would solve your opening up ports to Plex issue. 

 

SonicWall doesn't support UPnP so I'd be highly surprised if that's how the QNAP was working. I do have a SSL VPN with 2FA setup and I have considered using that but that will only be a solution for my laptop and phone. If I was at a friend's place and wanted to use their Xbox or Roku then my SSL VPN wouldn't help me out.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, ThisIsCheez said:

 

SonicWall doesn't support UPnP so I'd be highly surprised if that's how the QNAP was working. I do have a SSL VPN with 2FA setup and I have considered using that but that will only be a solution for my laptop and phone. If I was at a friend's place and wanted to use their Xbox or Roku then my SSL VPN wouldn't help me out.

Ah. I didn’t know it didn’t support upnp, that’s interesting.

 

Yea, the fun of others using Plex is something I am not certain of either. I just open the ports and sorta hope Plex security is good enough…. It’s one of the only holes punched in my non IoT subnets. Could always get extra fancy and vlan it off on its own subnet, I have considered this. My Plex host has to SMB out to to my file server though, and I just don’t know if I care enough to get that working (theoretically just open up whatever port SMB is across the firewall, but, #lazy). 

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone 14 Pro - 2018 MacBook Air

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I had the same problem but I dont use SonicWall Firewall. I have a Cisco ASA. Best option is to use a reverse proxy or load balancer like I am but it is technical..and you need a domain.. The load balancer I am using is called Kemp LoadMaster and it's free. It allows you port any internal ports to one external port. For example I have multiple webservers (including Plex) and I use the load balancer to port all my servers through one port. The cool thing that I allows you bind an SSL certificate to all the servers and it allows to set URL rules so when to type in plex.domain.com it directs to the correct server.

 

So I have HTTPS and HTTP, SMTP

 

Kemp.thumb.png.8afd7b3eff7f96918d573a651f14c8a5.png

 

 

I followed this guide, NetworkChuck even uses this for his plex so he can access his Plex from outside his network.

 

 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 24" Samsung  | OS: Win 10 Pro

 

Audio: Behringer Q802USB Xenyx 8 Input Mixer |  U-PHORIA UMC204HD | Behringer XM8500 Dynamic Cardioid Vocal Microphone | Sound Blaster Audigy Fx PCI-E card.

 

Home Lab:  Lenovo ThinkCenter M82 ESXi 6.7 | Lenovo M93 Tiny Exchange 2019 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5506 firewall  | Cisco Catalyst 3750 Gigabit Switch | Cisco 2960C-LL | HP MicroServer G8 NAS | Custom built SCCM Server.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×