Server Version#: 1.13.9.5456
Player Version#:N/A
I’ve got Plex installed on a QNAP TS-453mini. Local and remote playback was working great. Recently I switched ISPs (fiber! woohoo!) and found myself now behind a Carrier Grade NAT. Plex remote access then broke because of the whole double NAT situation. Since the QNAP has dual NICs the ISP has kindly activated a second ethernet port on their modem in bridged mode specifically to allow the QNAP to access the internet to prevent the double NAT.
I’ve got both QNAP NICs setup: NIC1 has internet access through my local LAN which is behind a router and NIC2 has internet access directly through the ISP modem. In QNAP I have it configured to use NIC2 as the primary internet gateway and NIC1 as the secondary failover gateway.
Now my question is how to configure PMS in this setup. Essentially I want all clients on the local LAN (NIC1) to have access, but then have all remote clients use NIC2 for access.
I’ve been reading through the advanced networking page and am just not sure how to change settings to properly direct local clients to NIC1 and remote clients to NIC2.
Since the QNAP doesn’t come with a Firewall, I would NOT connect it directly to the internet
Instead, use a local machine as a firewall connected to the bridge port, with like PFSense installed, and use that as the default gateway for your QNAP and LAN
@ChuckPa
Understood. Was really hoping it would work. I did just setup NIC2 to be the default gateway on the QNAP and rebooted. (Thinking that PMS would pickup that setting and use it) But when going back into PMS after reboot it still is attempting to use NIC1 for remote access. Does PMS check with the QNAP OS to find the NIC that is set for the default gateway? Or does it just enumerate the NIC list and grab the first one that has a gateway IP configured?
@dane22 I don’t have an extra local machine that I can connect to the bridge port (NIC2) to install PFSense on. I did turn off all service bindings on NIC2 and have Network Access Protection enabled. So it shouldn’t be able to be used to gain access to anything externally. But yeah I hear ya… I’m a bit nervous with the setting and was going to try to get it working and work my way backwards to something more acceptable.
What do you think about me just switching my router (currently on my LAN via modem port 1) over to the modem port 2 (the one they bridged for me)? Would I gain anything there?
Yes, since most routers has a firewall, but when said, you’ll most likely end up with a dual nat, unless the bridge port has a public IP address, and if so, you are fine
Yep, I think it will still end up in a double NAT… right now the WAN IP the QNAP is picking up on NIC2 is still in the 100.7x.x.x range. So that tells me it’s still behind the CGNAT.
Well shoot! I wouldn’t have guessed that there was an advantage to sticking with the old cable ISP vs. the new fiber one!
They did offer to add a static IP to my account for an additional $5/month, but I’d rather not since I’d already spending 20% more for the fiber connection.
Any other ideas to get remote access back up and running?
CGNAT is the fundamental problem. Without a public-facing, real, IP, Plex.tv and remote access won’t work. This is because the ISP already creates that first level of NAT by doing what they’re doing. Anything you add, even 1 level of NAT (the norm for a household) causes the double NAT scenario.
Double and even Triple NAT can be forwarded through IF you have access to both devices however I would never expect an ISP to grant access to their equipment in any form.
