I have an interesting situation where I am looking to deploy a Plex server into a small network environment. For a few different reasons I will have to deploy the server into one network (say 10.1.1.0/24) and the clients (Web based or Plex Player) will be in another network (192.168.1.0/24) and a firewall will be between then.
I have been looking though all the support documentation and none of it covers what the network requirement are. What I am really looking to find out is
What connectivity is required for the player to stream from the server? Does it have to be in the same L2 domain, or does it work over L3 and multicast?
Whatâs required for the phone app to discover a Player for it to be remote controlled?
Both server and clients need internet connectivity, so they can communicate with plex.tv.
Both networks need reliable DNS resolution of the domain plex.direct
(Some ISP-supplied DNS servers mess this up. You might wanna consider using alternative DNS servers like 8.8.8.8 or 1.1.1.1 )
You need to establish a direct network route from the âclientâ network to the private IP address of the server. This needs to be a fully usable, direct TCP connection.
Otherwise, traffic will go through the default gateway.
In order for the server to not apply bandwidth restrictions for âremoteâ networks, you might have to add the client network range to the âLAN Networksâ input field.
(this input field is only available for Plex Pass holders https://support.plex.tv/articles/200430283-network/ )
The requirements for clients to use âcompanion playâ can differ, depending on the type of client. In general, both the âcontrollerâ and the âreceiverâ app need to be on the same network segment.
Not all Plex client types can server both roles.
For some client types, the âreceiverâ role needs to be unlocked in the settings of this app. This applies to the mobile apps too (Settings - Sharing - âoffer as playback deviceâ).
Thanks, but you havenât really helped answer the question here.
What do you mean by this? Surly there has to be specific TCP/UDP ports that are used for the client(Windows PC with plex player installed) â server connections? Discovery has to be achieved by some mechanism, broadcast on the local lan segment? multicast? at a stretch API call out to a Plex web service?
Maybe, I needed to be a bit clearer in my original questions. When I said with a firewall between the networks I wasnât referring to a home grade setup you get from your ISP when you sign up for a internet connection, iâm well down the path of an enterprise grade firewall(PaloAlto 820). The requirement where clients will be in a different network, is that I am planning to host my plex server on some hardware the exists in my home office network and access it from home network.
Also, âa direct network routeâ? would like to know what you mean by this too?
In regard to the bandwidth restrictions, I would hope that they were smart enough to include all RFC 1918 addressing as Lan Networks.
Iâm a network/security engineer, letâs get down in the weeds with details! It would be really awesome if this information was readily available and we donât have to go and figure it out on the fly ourselfs. I canât be the only one looking for this detail?
Hi there, fellow network/telecoms engineer here, so hopefully I can help out with what Iâve found using Plex on some networks that are not your average home broadband userâs. This going to be a bit of brain-dump, so feel free to ask any specific questions:
tcp:32400 is the most important one as this is what the web server listens on
PMS uses itâs own custom multicast protocol called GDM to discover local servers and clients. NB. local in this respect means on the subnet
PMS also uses SSDP to find gateways on your network and query their capabilities and network address to both help set up remote access and also ensure itâs working properly if you configure your port forwarding manually by testing for double NAT, amongst other things. SSDP is also used to discover network DVRs
this use of multicast will obviously break on your network unless youâve got multicast helpers set up on your router to forward to your other local subnets
regarding RFC1918 addressing, PMS lets you add multiple networks you consider to be âlocalâ for the sake of managing bandwidth, but this is buggy in my experience and does not respect IPv6 networks
speaking of which, IPv6 âsupportâ in Plex is a mess. You can turn it on in the advanced network settings but the above mentioned local networks thing doesnât work (IPv6 clients will always show up as remote and, as a consequence, may be bandwidth throttled). Youâll also need to open up tcp6:32400 on your firewall for remote clients to connect. Although the Plex internet hosts have AAAA addresses in DNS, and if your clients can resolve them theyâll try to use them, theyâre shaky in my experience. Most requests for support involving IPv6 on the forums tend to be answered with âwe donât support IPv6, turn it off, itâs no use anywayâ
FWIW I run a server at work thatâs behind a Palo with native IPv6. Donât use the built-in traffic type of âPlexâ to allow access to your server as it doesnât correctly classify everything. Manually poke a hole for tcp:32400 and/or tcp6:32400 in for your server and youâll be sorted for external access.
At home I run a PMS instance behind an Openwrt router/firewall with a Hurrican Electric IPv6 tunnel. My home LAN is fully dual-stacked, as is the LAN at work (including clients spread across multiple IPv4 networks with routing and internal firewalling).
There is only one port required for remote connections: 32400
There is broadcast used in the local network segment, but this doesnât apply, since your server will be in a different segment from the clients.
Therefore all server discovery will go through plex.tv.
The server will report its private and public IP to plex.tv
the clients will query plex.tv to get the serverâs IPs and will try all to get a connection to the server. The âlocalâ/âprivateâ IPs will be tried first, ofc.
I was under the impression that you have server and client networks in the same location and have the separation between the two network purely for security reasons.
But now I understand you are hosting your server in your workplace and like to use âremote accessâ.
Therefore: there is only one port required for remote server access. Number 32400 is hard coded. You can use a different port number at the WAN side of your business router by adapting the portforwarding. Only TCP is needed for the portforwarding.
