Am contemplating switching to a new ISP for Fibre and been reading up as much as I can on their service. By accident I came across a few posts on the ISP info boards that indicate that they use Carrier Grade NAT (CGN) (which I BELIEVE effectively will give you a double NAT for any public facing services. AFAIK remote access won’t work with a double NAT. I see from the their info that you can set up port forwarding via DDNS but I have a feeling this will still give a double NAT and will not work the same as with an ISP that is not using CGN where port forwarding can be set on the router. I’m not sure of this but I think that even using AISs DDNS service the public facing IP address of the router will not match the IP address visible using DDNS.
Plex forums as useful as ever, especially as anything from the developers is concerned. Just lucky I don’t have a Plex Pass where getting no response actually costs you 
There is no way to give you a yes or no answer, there are many variables involved.
Double-NAT can be made to work just fine, it of itself is not a showstopper - Double-NAT with limited functionality routers and ISPs that wont configure some things in ways that others do may be a showstopper.
You’d likely have had more luck if you’d said which ISP you were referring to.
If they use CGNAT and you never have a routable IP address then no, you can’t remotely access any services on your system. However, if they’re providing details about port forwarding and DDNS then that suggests they don’t exclusively use CGNAT.
The ISP is AIS in Thailand. Their instructions on how to set up their DDNS port forwarding are here: http://www.ais.co.th/fibre/pdf/THDDNS_register_manual_en.pdf
The problem is it’s not clear to me whether this uses a public facing IP address at the ISP end or my end. If it’s at the ISP end I can see Plex not being able to see it. Think I’ll try the package / service and give it a go. If it doesn’t work I can upgrade the 100/10 ‘Home’ package to a 50/10 ‘Pro’ package that does give a public facing ipv4 address.
Or just sit and ponder how much I really want Plex remote access. I seem to spend forever accessing it and fixing non availability outside my network despite having manual port-forwarding etc active. The more I think about it the less bothered I am about downgrading my speed to get a public ipv4 just for Plex.
Other users report that they can get their cameras and NAS devices accessible remotely using port forwarding OK with this ISP, I’m just not sure if their apps/devices need to do it the same way as Plex. We’ll see I guess.
Port forwarding is port forwarding, it doesn’t matter what the application is doing 
That others have it working with that package should mean you’ll be fine.
Well, after moving in and getting the new ISP, every other app and service is set up and working fine. Not unexpectedly I’ve spent the best part of two days trying to get Plex remote access to work with the Carrier Grade NAT situation I find myself in, even with Port forwarding via DDNS set up. I’d sure be interested to hear from these ‘others’ that have it working with this precise package. Otherwise I think I’ll just bin Plex altogether. It really is a nightmare to manage in some respects!
Doesn’t help that this whole CGNAT and DDNS port forwarding is new to me but after trying what feels like a million different port combinations both on the router (following setting up port forwarding via DDNS) and in PMS I’m beginning to figure it just won’t work. Of course if Plex worked properly with ipV6 this problem wouldn’t arise but I won’t be holding my breath on that front.
Having set up the DDNS service (which I suspect SHOULD merely allow the constantly changing public ip address to be updated as to where the port is located), reading everything I can on using the service on the net and wading through dozens of posts on Plex (in the absence of there being effective user guides anywhere) I’m drawing a blank. When I had all this set up on the router I merely had a reserved IP address assigned to the Mac Mini Server then had the public and private ports forwarded 32400 > 32400 in both cases (wouldn’t work otherwise). No problem.
The screen below is the virtual server settings screen on the router which you use after setting the DDNS up. The user guide for this says you only need to assign the port that you want forwarded (the first of which in this case is 5880 and is dictated by the DDNS set up) and then allocate the private port and the local IP address of the app / device. No other settings required. Maybe for anything else that’s true. Plex? Nope.
So, the top 2 boxes I leave blank. Then I just fill in the external port boxes, IP address of the server and the internal port 32400. Nothing. I’ve even tried 5880 > 32400 and 32400 > 5880 (the latter of which the router wouldn’t accept) and I’ve also tried to set my DDNS domain name in advanced settings . ABSOLUTELY NOTHING works. It’s only the sense of determination that keeps me trying. My heart tells me to just bin Plex and give up seeing as I rarely use remote access. I might as well just put up with Netflix and Amazon prime when travelling than spend literally days trying to get this to work.
Whatever I do I still get this message on the remote access screen: “Tip: It looks like your server may be connected to the internet through multiple routers or other network devices. Try connecting it directly to your primary device, or visit our support site for more information about troubleshooting this “Double-NAT” scenario. Learn more”
I thought iTunes was the app I hated most in the world but that has been put in the shade by the feelings I have towards Plex. Never before has an app sucked so may hours of my time for so little result. Bin time.
TCP 5880 -> TCP 32400
and in the plex settings ensure you have manually specific port ticked and 5880 entered.
Virtual Server doesn’t always mean Port forwarding BTW.
You may also need to put you DDNS name into the Custom server access URLs in the Plex server settings
Yeah. Thanks. Tried all that. Still a no go. Still not sure if it’s not working or if I’m doing something wrong. I’ve set it up as per (the rather poor) ISP instructions and for the life of me I can’t get it to work. Re the virtual server thing, I’m just following the ISP instructions as to how to configure port forwarding. I’ve tried it with the server and router firewalls both turned off to be sure there is nothing going on there but zilch.
I’ve configured it as per their diagram using the external port 6800 (as assigned by the TH DDNS service - it tells you the ports to use - not you) and on the AIS router (HG180v2) under ‘Advanced / NAT / Virtual Severs’ I’ve got it set up as:
External Port: 5880 > 5880
Internal Port: 32400
IP address of the device: 192.168.1.150
Result? Squat. The fact that ‘Can you see me’ can’t even see the specified port doesn’t bode well. I might need to upgrade to a Power Pro package to get a public facing ipv4 address rather than pi55 around with this for days trying to get it to work.
I tried this as was suggested above but that doesn’t get a result either:
External Port: 5880 > 32400
Internal Port: 32400
IP address of the device: 192.168.1.150
Can’t see that being right though as every instruction I’ve seen on the TH DDNS website shows the External Port being configured with the same port number in both slots with the service (I would think) picking up the correct internal port from the internal port setting? But this dog’s breakfast of a set up is all new to me thanks to AIS and their CG NAT.
The trials and tribulations of Carrier Grade NAT, or rather the developers of services and apps sitting with their fingers up their a55es and not making their products / services work properly with IPv6 despite it being on the horizon that it would be needed for a decade or more already!!
@MacGriogair said:
Port forwarding is port forwarding, it doesn’t matter what the application is doingThat others have it working with that package should mean you’ll be fine.
I’ve not yet seen anyone that HAS got it working with this package. That’s the point.
I tried reading all the details of what you have going so bare with me as I try and restate everything.
For this:
External Port: 5880 > 32400
Definitely do not do that. That opens (or at least tries to) every port between 5880 and 32400 for forwarding.
Is this a typo?
I’ve configured it as per their diagram using the external port 6800 (as assigned by the TH DDNS service - it tells you the ports to use - not you) and on the AIS router (HG180v2) under ‘Advanced / NAT / Virtual Severs’ I’ve got it set up as:
External Port: 5880 > 5880
In the first sentence you say they assigned you external port 6800, but then you have external port 5880 as the port being forwarded.
If they are opening port 6800 for you normally I would expect you to be forwarding that port as well.
Do you have your old router setup still forwarding external 32400 to internal 32400 pointing to the IP address of your Mac Mini? (If not ignore this spoiler section as it won’t apply)
!
! If you do that would be a double NAT situtation and you need to setup port forwarding on both devices. Typically (And When I did this before with my ISP’s modem/router combo and my own) it involved first taking the outer most NAT (Which should be your ISP’s port forwarding) and forwarding the external port to any internal port on the IP address of your Router.
! So in my case I logged into my ISP’s router and setup portforwarding like this:
! External: 6801
! Internal: 6801
! IP Address: 192.168.1.2 (This was the IP address assigned to my router which was plugged into their router)
! I then logged into my router and setup port forwarding like this:
! External: 6801 (Port forwarded to this router)
! Internal:32400 (Plex’s listening port)
! IP Address 192.168.1.100 (This was the static IP address of my server)
! After that I then logged into Plex Server settings and checked the box for manual port forwarding and added 6801 to the box. This is required because without that Plex attemps to use UPNP to automagically make it through the router which does not normally work at all through double NAT.
Hi. Yah it was a typo. Posting a similar thread to another board about CCTV (which is now working) and I forgot to edit out that 6800 which is the CCTV app.
I changed it all back to:
External Port: 5880 > 5880
Internal Port: 32400
IP address of the device: 192.168.1.150
Turns out I might have entered the domain wrongly in Plex under Network / url. It should have been 'http://myname.thddns.net:5880/
Using that url in a browser would bring up the Plex login screen. I wasn’t actually sure if I had to fill in my credentials there or not? Regardless what I tried though I couldn’t get ‘Available outside your network’ to say Yes within PMS. It would flash green then go red. That said, as I type this I recall seeing some setting in Network / Advanced regarding IP addresses not needing to sign on with authorisation? Wonder if I need to put my DDNS url there too? Also regardless what I did, and despite the DDNS / port url taking me to Plex, using ‘Can you see me’ doesn’t show the port as open.
Kinda burned out on this at the moment and need to get on with life as this as sucked about as much time as every other app I have had in my life in just a few days Part of me thinks that regardless what I do it’s all part of this CGNAT thing that’s making it not work.
One of the lead engineers had requested an IPv4 address for me and we’ll see if that gets allocated. That would fix all of this grief. As IPv4 runs out across the globe I can see this being a problem for more and more folks as ISPs switch to IPv6 and CGNs. Time to pull the finger out with Plex and IPv6 I think!!! This problem has only been on the horizon, what, 10 years?
PS: No the old router is out of the loop. Got tired of multiple boxes so am just sticking with ISP supplied HG180v2
If you have time for one more check, when you goto: https://plex.tv/api/resources does it list your server’s IP address?
For example on my resource list for my server it has an entry for my server under Device, then two connection protocol entries 1 for local and one for public.
From what I have read is that because of the way CGNAT works it might be confusing Plex when it tries to detect if the address is local or remote. Which if Plex thinks both addresses are local then of course it will report that it is unreachable (As no remote addresses means no external access) Now you have also said that they are requesting an IPv4 for you, so does that mean you are currently on an IPv6 external address? If so have you tried enabling IPv6 support from the advanced network options on the server?
Again, apologize if you’ve already been through these things. If you want to wait for the results from the IPv4 request I can completely understand that as well.
Hmm. Not tried any of that yet. Will do so later. But I might wait to see if I can get an IPv4 first. This is just sucking too much time for the 2 times a year I need to use remote access. I’d rather just use Infuse 5 and sync enough content to the iPad than mess about with this.
That you URL. Where do I go to that from? Just from a browser? Or from within PMS? Can’t figure as if I go from a browser I just get “This XML file does not appear to have any style information associated with it. The document tree is shown below.” But then I have turned all my port forward attempts off.
I notice in the virtual server settings there is a section for the remote IP address but I’m not sure that’s the same. And I thought that is what their DDNS service was supposed to resolve as that IP will change each time after a restart or drop out.
AFAIK AIS use IPv6 which I am on and for IPv4 you get the double NAT CGN issue. Therefore my public IP as far as PMS is concerned is 49.###.###.## whereas the public IP attached to the router is 100.112.x.x. The DDNS service I believe is supposed to resolve the 49XXXX > 100XXXX issue. Seems that it doesn’t though, at least for Plex.
Well. Got the personal IPv4 and, not unexpectedly, it’s working again. They are giving me the IPv4 free for a month so I can check all is well before I have to pay for a service upgrade to get a permanent allocated IPv4. Not surprising it’s working as it was all working before I changed to an ISP using IPv6 and CGN.
What I have to decide now is if I NEED remote access enough to justify switching from a package in respect of which everything else is working just to fix Plex remote which clearly doesn’t want to work with AISs style of port forwarding. My gut feel is it won’t be worth it as it will be purely a Plex caused cost increase. Think I’ll just stick to using Netflix, iFlix and Amazon Prime when travelling.
You could look at setting up an IPv6 VPN, which would allow you devices to appear to be on your home network when travelling. There are many options there for doing that, from OpenVPN out to using a router with built in capabilities.
Some of you guys are pretty confused, outside access is easy. Got the android app working no problem. My problem which I just posted is using DDNS with the mobile. no place to enter the DDNS domain just IP.’
To trouble shoot remote access here’s how to isolate your problem so that you can fix it. First forget DDNS! DDNS is used to resolve the changing of the dynamic public IP address you ISP gives you. BTW I haven’t got that fixed either but you’ll see what and why in a second. So what you want to do is find out your public IP address. Easy to do just type in Google search “what’s my IP”. It will come back with a public IP address. Then go to a port testing site. Again Google check my ports and there’s a few site that check your ports and automatically populate the IP field with you public IP address. confirm that the populated public IP address is the same one that you Goggled! Test the port and see if it comes back open or close. If open your did the hard part. If close then you need to check that you have manually specify port check on the server and that you can access the server from the lan using the private IP and the specified port. If you can then your router ports aren’t open or the ISP blocks them. As for CGNAT, your SOL, ask before you change ISP if they use it if they do not sure where you are but I’d look else where. You can always use a VPN over IPv6 with a dedicated IPv4 (or forwarded ports) at the endpoint, but that just complicates your life. Hope what I said makes sense, remote access is not really a big deal to set up. Except of course if you have an AT&T router, that puppy is bad news but works if you know the dance. 
Good Luck!
See my post which solved my problem on AT&T Fiber:
