Plex not communicating through pfSense

[GateToTheFuture]

HI!

So I am having some rules issues with my pfSense and allowing Plex from my primary LAN to my IoT LAN while blocking all traffic to all private networks.

Logs and Rules Below

 

 

I have tried rules in different positions, I have Plex set to notice different VLAN subnets as local, but I keep getting a connection refused  What gives? Thanks in advance!

[Alex Atkin UK]

13 hours ago, GateToTheFuture said:

HI!

So I am having some rules issues with my pfSense and allowing Plex from my primary LAN to my IoT LAN while blocking all traffic to all private networks.

Logs and Rules Below

 

 

I have tried rules in different positions, I have Plex set to notice different VLAN subnets as local, but I keep getting a connection refused  What gives? Thanks in advance!

Its really not recommended to NAT across subnets, it will put the router under a LOT of strain as it needs to handle the bandwidth of Plex streaming + your Internet.

It also makes it more complicated as Plex broadcasts itself to the LAN and you can't afaik forward that.

However if you insist, what you might be missing here are NAT, Outbound rules to allow the LAN to NAT to the IoT client.  Its easy to forget them as from LAN to WAN the rules are created automatically (unless you chose otherwise), but if you're trying to NAT from LAN to LAN you'll need manual or hybrid rules.

[Misinthe]

22 hours ago, GateToTheFuture said:

HI!

So I am having some rules issues with my pfSense and allowing Plex from my primary LAN to my IoT LAN while blocking all traffic to all private networks.

Logs and Rules Below

 

 

I have tried rules in different positions, I have Plex set to notice different VLAN subnets as local, but I keep getting a connection refused  What gives? Thanks in advance!

I had to do something like it but for allowing external connections to my Emby server, you just have to create a rule like this, but instead of WAN, select IoT LAN net, and the port for plex is TCP 32400.

[GateToTheFuture]

On 12/16/2021 at 11:57 PM, Alex Atkin UK said:

Its really not recommended to NAT across subnets, it will put the router under a LOT of strain as it needs to handle the bandwidth of Plex streaming + your Internet.

It also makes it more complicated as Plex broadcasts itself to the LAN and you can't afaik forward that.

However if you insist, what you might be missing here are NAT, Outbound rules to allow the LAN to NAT to the IoT client.  Its easy to forget them as from LAN to WAN the rules are created automatically (unless you chose otherwise), but if you're trying to NAT from LAN to LAN you'll need manual or hybrid rules.

It was a subnetting issue.  I'm not worried about the extra strain on this firewall.  I push gigabit with IPS and traffic filtering and the CPU doesn't even hit 5%.  In addition to this, I also have layer 3 switching happening ahead of this so really not my full concern.  Thanks for the tip though.

[Alex Atkin UK]

12 hours ago, GateToTheFuture said:

It was a subnetting issue.  I'm not worried about the extra strain on this firewall.  I push gigabit with IPS and traffic filtering and the CPU doesn't even hit 5%.  In addition to this, I also have layer 3 switching happening ahead of this so really not my full concern.  Thanks for the tip though.

Can you be more specific?  Its good to have details in case someone in the future runs into the same issue.

[GateToTheFuture]

On 12/18/2021 at 11:05 AM, Alex Atkin UK said:

Can you be more specific?  Its good to have details in case someone in the future runs into the same issue.

The local lan subnet was set with the wrong CIDR. It’s has since been rectified. 

[Alex Atkin UK]

13 hours ago, GateToTheFuture said:

The local lan subnet was set with the wrong CIDR. It’s has since been rectified. 

Oh I've so done that, really easy mistake to make on pfSense as its sanity checking is a bit hit and miss.

Currently banging my head against a brick wall trying to setup a Wireguard server, probably turn out to be something like that.

Thanks for updating the thread.