Jump to content


Photo

Allowed Networks


  • Please log in to reply
3 replies to this topic

#1 coricidin12@gmail.com

coricidin12@gmail.com

    Member

  • Members
  • PipPip
  • 24 posts

Posted 08 February 2013 - 11:55 PM

I am trying to use the "allowed networks" feature so that certain clients can only see certain servers. I have 2 servers on my network, one for full res files, one for compressed files, and I want the hardwired clients on my network to only see the full res server, and the wireless clients to only see the compressed server.

I am trying to configure the full res server so that only the client on the server machine can see it, and additionally 2 other computers on the network can see it. When I put 127.0.0.1/255.255.255.255 in the allowed networks field, that successfully limits it to just the server machine. If I want to add access for 192.168.1.xx, I add ,192.168.1.xx/255.255.255.0 to the allowed networks field in advanced settings. But then that opens up the server to the whole network again, not just the 192.168.1.xx client.

Am I doing something wrong? Is there a correct way to open a server to only specific IP's beyond the local machine?

#2 rroot

rroot

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 February 2013 - 03:56 AM

I wonder if that is even possible, as on the web page:
http://wiki.plexapp....b_Media_Manager

Part of it says:
The security authentication will be bypassed
if:
You access from within your local network on the same sub-net

I noticed this the very first time I used the wireless plex app to connect to my LAN.
The App discovered the server and everything was available without any security authentication.

That having been said, Myself personally, I would try a few things.
1. Some networking configuration
or
2. Some Router Port forwarding
or
3. Router single port forwarding, no switch, change port in plex mobile app (easiest?)


Assuming you have the following
192.168.1.1 (Router)
192.168.1.10 (PlexServer with Full Res Vids)
192.168.1.11 (PlexServer with Compressed Vids)


1.
Instead of putting 127.0.0.1/24
into the "List of networks that are allowed without auth" field
I would put something like this into the 192.168.1.10 computer: 192.168.1.0/25
Then I would Change the IP address of the computer at 192.168.1.11 to anything above 192.168.1.128, Lets use 192.168.1.129.
Then I would log into the Plexserver on 192.168.1.129 and set the "List of networks that are allowed without auth" field to 192.168.1.128/25

What this is doing is setting up the systems to use 2 sub-nets within 192.168.1.0.
The computer at 192.168.1.10 will no auth, allow anything from 192.168.1.1 to 192.168.1.126.
The computer at 192.168.1.129 will no auth, allow anything from 192.168.1.129 to 192.168.1.255

I do not know if this will work , In theory it seems possible.

Although now you must do a few things to your router.
You must set up the routers LAN DHCP to only assign IP's up to 192.168.1.126.
Then you must set the Wireless DHCP to only assign IP's from within the range of 192.168.1.130 to 192.168.1.254.
That way all your wireless clients are within the range of 192.168.1.128/25 as set on the 192.168.1.129 computer which has the compressed video files.

You are not actually setting up a dual sub-net with 126 hosts each (on your router), but you are telling Plex to require auth on any that comes from out of the particular dual sub-net.

I do not know if this will work as it may confuse Plex, as the actual net is 192.168.1.0 with 254 hosts available.

This may go back to the web page:
http://wiki.plexapp....b_Media_Manager


Worth a try though??


2. Router single port forwarding with switch
If you have a switch installed within your system And all the LAN computers are off the switch
Then you might try some port forwarding tricks.
If you do not have a switch, then this will not work.
Since the switch will automatically connect to the correct computer with the Full Res Videos, we are only concerned about what goes through the Wireless>Router>Switch>Lan.
You can forward the port 32400 to the correct computer with the Compressed Videos.

Open up your router setup and go to the port forward, enable port 32400 to be forwarded to 192.168.1.11 (as the original example)
Now anything which goes through the router for port 32400 will go to the computer with the Compressed Videos.

3. Router single port forwarding, no switch, change port in plex mobile app
Set up the mobile plex app to use port 32401 and within your router, forward port 32401 to IP 192.168.1.11 port 32400 (Note the 32400) on the internal LAN.
Plex only will allow internal port forwards to the port 32400
http://wiki.plexapp....gure_the_Router

I do not have my mobile device with me right now so I do not know if this is even possible to change the port in the mobile plex app.

Just some thoughts on things I would try.

#3 coricidin12@gmail.com

coricidin12@gmail.com

    Member

  • Members
  • PipPip
  • 24 posts

Posted 09 February 2013 - 02:11 PM

Thanks for the response. I started trying the first method, but it doesn't seems that the netmask in "allowed networks" is working properly. I put 192.168.1.0/255.255.255.128 in the allowed networks field, and then manually set the IP of my laptop to 192.168.1.150, but the laptop can still see the server that theoretically should be hidden from IP's over 192.168.1.126. Any thoughts?

#4 rroot

rroot

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 February 2013 - 06:46 PM

Well they will not necessarily be hidden, but not allowed a "no auth"
If you are browsing your LAN with say Windows Explorer, you would be able to see everything. As would most wireless clients allowed on your network.
The concept of using PMS (on the Full Res Computer) to allow (without auth) any computer within net block 192.168.1.0/25, then to force all others to use auth; apparently does not work within a LAN environment.
This goes back to the web page about no auth is required within your LAN
http://wiki.plexapp....b_Media_Manager

Also note #3 says no auth will be done if:
"You're using a browser that has previously authenticated with your Plex Media Server/Media Manager successfully"
So during testing, I would assume to clear this out, you need to delete any related cookies and all the temp files.

Just a quick look at my cookies on my PMS I see 2 cookies related to PMS
127.0.0.1 and 127.0.0.1_32400
I would assume on your testing machine, they would have the ip address of the PMS you are accessing, say 192.168.1.10 and 192.168.1.10_32400

For testing purposes, I would at least delete those 2 cookies along with the temp files.

Seems there could be an easily selected switch in the network setup which could force PMS to do an Auth within the LAN.

Maybe a DEV needs to comment on your question.
I am just throwing out things which may be of no consequence.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users