If you have not already, we suggest setting your Plex username to something else rather than email which is displayed on your posts in forum. You can change the username at https://app.plex.tv/desktop#!/account
Welcome to our forums! Please take a few moments to read through our Community Guidelines (also conveniently linked in the header at the top of each page). There, you'll find guidelines on conduct, tips on getting the help you may be searching for, and more!

iptables and OpenPHT

pf_Morpheuspf_Morpheus Posts: 25Members, Plex Pass Plex Pass

Hey guys,
thank you for taking a look at this.

I have recently been forced to change how my home server's connects to the internet, as I ended up behind a nat where I don't have access to port forwarding. Now the server has its own public facing IP and all the traffic goes through a tunnel (that I have edited out below).
As I don't want to host a server with all its ports exposed I have set up strict iptables rules.
The result of which was, that my instance of OpenPHT, running on the same machine has trouble connecting to the server.
As everything is on the same machine allowing for loopback connection should have done the trick.
But as that didn't work I have been trying to open up more and more ports and have still had no luck.

This should be the ports that might have something to do with Plex. Maybe you can let me know if I have forgotten anything.

Btw
If I disable the Firewall everything works fine.
And all other Plex apps don't experience any problems reaching and playing from the server.

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP


-A INPUT -s  <local_IP_Address>/24 -i bond0 -j ACCEPT
-A INPUT -i bond0 -j ACCEPT

-A INPUT -i bond0 -p tcp -m tcp --dport 427 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 548 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 523 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 5353 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 548 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 5353 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 427 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 201 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 202 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 204 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 206 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 1900 -j ACCEPT

-A INPUT -i bond0 -p udp -m udp --dport 427 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 548 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 523 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 548 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 427 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 201 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 202 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 204 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 206 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 1900 -j ACCEPT

-A INPUT -d 224.0.0.251/32 -i bond0 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 548 -j ACCEPT

-A INPUT -i bond0 -p tcp -m multiport --dports 201 -j ACCEPT
-A INPUT -i bond0 -p tcp -m multiport --dports 202 -j ACCEPT
-A INPUT -i bond0 -p tcp -m multiport --dports 204 -j ACCEPT
-A INPUT -i bond0 -p tcp -m multiport --dports 206 -j ACCEPT

-A INPUT -i bond0 -p tcp -m tcp --dport 1900 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 3005 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 5353 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 8324 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 32400 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 32410 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 32412 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 32413 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 32414 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 32469 -j ACCEPT

-A INPUT -i bond0 -p udp -m udp --dport 1900 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 3005 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 8324 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 32400 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 32410 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 32412 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 32413 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 32414 -j ACCEPT
-A INPUT -i bond0 -p udp -m udp --dport 32469 -j ACCEPT

-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -d 127.0.0.0/8 -j ACCEPT

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -j NFLOG --nflog-group 1
-A INPUT -j DROP



-A OUTPUT -o bond0 -j ACCEPT

-A OUTPUT -o bond0 -p tcp -m tcp --dport 427 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 548 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 523 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 5353 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 548 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 5353 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 427 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 201 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 202 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 204 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 206 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 1900 -j ACCEPT

-A OUTPUT -o bond0 -p udp -m udp --dport 427 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 548 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 523 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 5353 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 548 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 5353 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 427 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 201 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 202 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 204 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 206 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 1900 -j ACCEPT

-A OUTPUT -d 224.0.0.251/32 -o bond0 -p udp -m udp --dport 5353 -j ACCEPT

-A OUTPUT -o bond0 -p tcp -m multiport --dports 201 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m multiport --dports 202 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m multiport --dports 204 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m multiport --dports 206 -j ACCEPT

-A OUTPUT -o bond0 -p tcp -m tcp --dport 1900 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 3005 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 5353 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 8324 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 32400 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 32410 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 32412 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 32413 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 32414 -j ACCEPT
-A OUTPUT -o bond0 -p tcp -m tcp --dport 32469 -j ACCEPT

-A OUTPUT -o bond0 -p udp -m udp --dport 1900 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 3005 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 5353 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 8324 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 32400 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 32410 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 32412 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 32413 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 32414 -j ACCEPT
-A OUTPUT -o bond0 -p udp -m udp --dport 32469 -j ACCEPT

-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.0/8 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A OUTPUT -j NFLOG --nflog-group 1
-A OUTPUT -j DROP
Tagged:

Best Answer

  • pf_Morpheuspf_Morpheus Posts: 25Members, Plex Pass Plex Pass
    Accepted Answer

    I figured it out. It had something to do with IPv6 traffic being completely blocked including localhost.

Answers

  • pf_Morpheuspf_Morpheus Posts: 25Members, Plex Pass Plex Pass
    Accepted Answer

    I figured it out. It had something to do with IPv6 traffic being completely blocked including localhost.

Sign In or Register to comment.