Firewall Rules: Alex Skill

alexa
voice-control

#1

Is there any documentation (either official or from someone who spent time testing) on what IP addresses need to be allowed inbound to Plex in order to use all features of Alexa? I found myself unblocking a few IP addresses last night trying to my parents' Alexa setup to my PMS otherwise I'd get "I'm having trouble accessing your Plex skill right now" from Alexa. I wound up unblocking like 4 IP's but I'm sure there will be more as my parents start to use the skill more often.

Anyone mess around with this?

  • As a note, I don't have Plex open to the world. I allow incoming connection to Plex from a carefully maintained list of IP's and hostnames (both Plex's servers and those DDNS hostnames of my close friends/family).

#2

Wow. I guess either no one is using the Plex skill or no one cares about security?


#3

Hi Spartacus.

Can I ask how you worked out which IP Addresses to unblock?

I'm getting nothing but "I'm having trouble accessing your Plex skill right now" from Alexa. She can see my server and players but as soon as make a request, I get that error.

I'm pretty convinced there's a blockage happening somewhere in the network rather than a programming failure. I've opened port 32400 which is pretty standard as well as other ports that the Alexa developers suggest to be open yet I still get this error.

I've tried a 2nd router thinking maybe the first one was having issues but the problem still remains.

The Echo unit is useless for me unless I can get it talking to PLEX.


#4

What does your inbound firewall/NAT rule look like to Plex? If you have port 32400 open from a source of "Any" then you wouldn't be getting the kinds of blocks I was getting. My firewall/NAT rule only allows inbound connections to my PMS (we'll say 32400 for these purposes) from an alias list of IP's and hostnames I designate. This list includes some Plex IP's, Alexa/Amazon IP's, and IP's/hostnames of my friend's/family's networks.

However, I'm sure the IP's I put in back in April either changed or there are additional IP's just based on how Amazon typically rotates IP's regularly. That was the reason I made this thread but as you can see I've gotten nothing but crickets.