Configure Policy Routing correctly to make Plex-Server communicate over the desired WAN-interface.

So I already asked this question in the Public forums and got some very interesting insights but no conclusive answer yet. In the meantime the LTE-router mentioned in my other forum-post has arrived in the mail and I should be able to get things going soon.

What I really need is an insight by someone who actually knows the inner workings of the Plex-servers and their communication to Plex-HQ (or however we want to call that infrastructure that keeps track of IP-addresses harboring people’s Plex-servers). I want to know if there is any way for me to make sure that whenever my Plex-server makes its IP-address known that that request will go over WAN2 (the new LTE connection with faster uplink speeds). Like I said in the other forum-post my router can identify traffic by the ports involved, IP-Addresses (or ranges of such) on either end of the connection, and/or the Protocol used.

So for example if you can tell me that my Plex-server will connect over TCP to a port 80/443 (or any other port) on your end to tell you my current IP then that would be conclusive because I am planning to make all HTTP(S) traffic go over WAN2 anyways, but if for example it cannot be identified by the port then maybe there’s a specific IP-address or a range of IP-addresses that can be narrowed down to identify traffic that my server will broadcast its Plex-IP over. (Another possibility would be the “Custom server access URLs” setting but I couldn’t find any conclusive documentation on how this actually works and whether I can guarantee that my “*.plex.tv” subdomain will point to the correct IP by putting something in there.)

Of course since I have not actually implemented anything in practice yet it could very much be possible that things will just work themselves out and by closing down port 32400 on WAN1 I could make sure that whenever my server is accessible from the outside then traffic is going through WAN2 like I want it to and I would just do trial and error from there until it is consistent. Still I just thought that having a Plex Pass and all it can’t be too much to ask for some correspondence with Plex Staff regarding technical questions.

Your PLEX server connects to plex.tv via a HTTPS connection (Port 443) on startup and in regular intervals. So your firewall rule to make sure your PLEX always uses the WAN2 connection is to route everything that goes to plex.tv (or the 6 IP addresses this host points to) over your WAN2 gateway.

Just closing 32400 on WAN1 will definitely not work. Been there, done that…

abix2pua94az.png1904×130 13.4 KB

9frj0td1zbtt.png1904×86 10.7 KB

Here are my pfSense firewall rule and alias. Works like a charm so far.

Thanks for your reply. Did you gain this knowledge by analyzing traffic going through your router or are you involved with the development-side of Plex somehow?

My “Policy Routing” rule(s) regarding web-traffic look(s) like this (highlighted in grey):

10mzzy080pav.png835×138 8.18 KB

So it has already been working like a charm from day 1 except I did not know any of what you told me for certain. I can just leave Source and Destination IP-Addresses blank on my router, all it requires is the protocol used and a port or range of ports. Now whenever someone wants to access my Plex-server they are being sent through WAN2 where i have 40+ MBit uplink compared to WAN1’s 4 Mbit. Of course knowing the target IP-addresses you mentioned is helpful as well if anyone reading this in the future wants to narrow things down further.

I am not involved with the development-side of Plex. What you are doing now is routing any HTTP and HTTPS Traffic over your WAN2 interface. For HTTP and HTTPS you no longer have any load balancing or fail-safe. That what the IP addresses are for. Making sure just PLEX traffic is force routed through WAN2 and for anything else your router will take care of.

Yes I am aware of this. Since my connection speeds (WAN1 30/4 Mbit; WAN2 150/50 Mbit) are asymmetrical by nature, I am not looking for load balancing on all traffic rather than leveraging the connection speeds of WAN2 for when latency is unimportant (since WAN2 is an LTE connection) and using WAN1 for stuff like UDP connections as they are often used in multiplayer-games where latency is important.