Posted 08 February 2013 - 11:55 PM
I am trying to configure the full res server so that only the client on the server machine can see it, and additionally 2 other computers on the network can see it. When I put 127.0.0.1/255.255.255.255 in the allowed networks field, that successfully limits it to just the server machine. If I want to add access for 192.168.1.xx, I add ,192.168.1.xx/255.255.255.0 to the allowed networks field in advanced settings. But then that opens up the server to the whole network again, not just the 192.168.1.xx client.
Am I doing something wrong? Is there a correct way to open a server to only specific IP's beyond the local machine?
Posted 09 February 2013 - 03:56 AM
Part of it says:
The security authentication will be bypassed
You access from within your local network on the same sub-net
I noticed this the very first time I used the wireless plex app to connect to my LAN.
The App discovered the server and everything was available without any security authentication.
That having been said, Myself personally, I would try a few things.
1. Some networking configuration
2. Some Router Port forwarding
3. Router single port forwarding, no switch, change port in plex mobile app (easiest?)
Assuming you have the following
192.168.1.10 (PlexServer with Full Res Vids)
192.168.1.11 (PlexServer with Compressed Vids)
Instead of putting 127.0.0.1/24
into the "List of networks that are allowed without auth" field
I would put something like this into the 192.168.1.10 computer: 192.168.1.0/25
Then I would Change the IP address of the computer at 192.168.1.11 to anything above 192.168.1.128, Lets use 192.168.1.129.
Then I would log into the Plexserver on 192.168.1.129 and set the "List of networks that are allowed without auth" field to 192.168.1.128/25
What this is doing is setting up the systems to use 2 sub-nets within 192.168.1.0.
The computer at 192.168.1.10 will no auth, allow anything from 192.168.1.1 to 192.168.1.126.
The computer at 192.168.1.129 will no auth, allow anything from 192.168.1.129 to 192.168.1.255
I do not know if this will work , In theory it seems possible.
Although now you must do a few things to your router.
You must set up the routers LAN DHCP to only assign IP's up to 192.168.1.126.
Then you must set the Wireless DHCP to only assign IP's from within the range of 192.168.1.130 to 192.168.1.254.
That way all your wireless clients are within the range of 192.168.1.128/25 as set on the 192.168.1.129 computer which has the compressed video files.
You are not actually setting up a dual sub-net with 126 hosts each (on your router), but you are telling Plex to require auth on any that comes from out of the particular dual sub-net.
I do not know if this will work as it may confuse Plex, as the actual net is 192.168.1.0 with 254 hosts available.
This may go back to the web page:
Worth a try though??
2. Router single port forwarding with switch
If you have a switch installed within your system And all the LAN computers are off the switch
Then you might try some port forwarding tricks.
If you do not have a switch, then this will not work.
Since the switch will automatically connect to the correct computer with the Full Res Videos, we are only concerned about what goes through the Wireless>Router>Switch>Lan.
You can forward the port 32400 to the correct computer with the Compressed Videos.
Open up your router setup and go to the port forward, enable port 32400 to be forwarded to 192.168.1.11 (as the original example)
Now anything which goes through the router for port 32400 will go to the computer with the Compressed Videos.
3. Router single port forwarding, no switch, change port in plex mobile app
Set up the mobile plex app to use port 32401 and within your router, forward port 32401 to IP 192.168.1.11 port 32400 (Note the 32400) on the internal LAN.
Plex only will allow internal port forwards to the port 32400
I do not have my mobile device with me right now so I do not know if this is even possible to change the port in the mobile plex app.
Just some thoughts on things I would try.
Posted 09 February 2013 - 02:11 PM
Posted 09 February 2013 - 06:46 PM
If you are browsing your LAN with say Windows Explorer, you would be able to see everything. As would most wireless clients allowed on your network.
The concept of using PMS (on the Full Res Computer) to allow (without auth) any computer within net block 192.168.1.0/25, then to force all others to use auth; apparently does not work within a LAN environment.
This goes back to the web page about no auth is required within your LAN
Also note #3 says no auth will be done if:
"You're using a browser that has previously authenticated with your Plex Media Server/Media Manager successfully"
So during testing, I would assume to clear this out, you need to delete any related cookies and all the temp files.
Just a quick look at my cookies on my PMS I see 2 cookies related to PMS
127.0.0.1 and 127.0.0.1_32400
I would assume on your testing machine, they would have the ip address of the PMS you are accessing, say 192.168.1.10 and 192.168.1.10_32400
For testing purposes, I would at least delete those 2 cookies along with the temp files.
Seems there could be an easily selected switch in the network setup which could force PMS to do an Auth within the LAN.
Maybe a DEV needs to comment on your question.
I am just throwing out things which may be of no consequence.
Posted 28 April 2014 - 03:22 PM
Mon Apr 28 16:18:02 2014: Failed to get request http://x.x.x.x:32400/status/sessions - The result:Can't connect to x.x.x.x:32400 (timeout),LWP::Protocol::http::Socket: connect: timeout at /usr/local/share/perl/5.14.2/LWP/Protocol/http.pm line 51.
I can also now not connect to plex, is there any fix for this? running Version 0.9.9.10
Posted 29 April 2014 - 06:13 AM
I would avoid the whole whitelist approach.
Try reconfigure your PMS machines to sign into plex.tv with different accounts. Then set the require local authentication. Then have the clients sign in with the appropriate account.
Posted 29 April 2014 - 07:39 AM
Thanks for the response. I started trying the first method, but it doesn't seems that the netmask in "allowed networks" is working properly. I put 192.168.1.0/255.255.255.128 in the allowed networks field, and then manually set the IP of my laptop to 192.168.1.150, but the laptop can still see the server that theoretically should be hidden from IP's over 192.168.1.126. Any thoughts?
The Allowed Networks filed is expecting a properly qualified network block and subnet - aLa : http://jodies.de/ipc....255.128&mask2=
As you can see the first host is 192.168.1.1 and the last host in the block is 192.168.1.126 -- so both your computers are in the allowed network.
"The Vast Majority of problems come from misguided expectations and poor planning. If you're going to do something, do it right and do it right the first time."
Common Resources that I Quote
Help Desk : Media Preparation & Naming Convention || How to Get to the Log Files for all Plex Stuff || Providing a Sample File || Plex Home (aka Parental Controls)
Programs : theRenamer // theRenamer - Alternatives || MediaInfo - Find out stuff about your files || JMkvPropedit - Mass MKV Header Editor
Directions: How to Take a Screenshot || How to Encode Like Yify || Remux To MKV
Useful Plugins & Apps : ( XBMC-NFO Metadata Agent for TV Shows || XBMC-NFO Metadata Agent for Movies => Ember Media Manager - To make NFO files )