I’ve got exception routing working perfectly but still unable to get remote access functioning. I’ve setup routes for every IP I could find anywhere in the scripts others have posted but no go. Because I have exception routing working (I’m even able to reach the plex server’s webpage at my remote ip:32400 via https) for other services, my first guess is I’m missing an IP that Plex is trying to use to make the connection.
I’ve confirmed that the port is forwarded correctly, that Plex is showing the correct external IP and not the external IP of my VPN … see comment above, I can physically reach https://externalip:32400. (I have a specific exception routes to my office and AWS to enable SSH and Plex access).
Which leads me to believe I’m just not routing to the correct IP that Plex wants to use. It seems to be using the correct IP to discover the external IP and port but not to make the connection.
I can’t find any log for Plex to help me track down what IP might be trying to make that connection.
I too am interested in this list. I was able to find a few IP addresses in use via my firewall, but when I add them to my port forwarding entry, I still cannot connect to the outside. Please assist.
just to bump this, I would love to restrict the source ip’s allowed to connect to plex-server.
I am not sure however if the clients proxy through a plex server or once they are configured they go direct to server from the client app…
really hoping there is information on that to avoid wasting time doing packet captures…
There is no such list.
There are several data centers around the globe (often Amazon AWS) which host part of the infrastructure which makes plex.tv “tick”.
It lies in the nature of cloud computing with dynamically added and removed ‘nodes’ for load-balancing, that there are no fixed IP addresses.
And yes, clients communicate (preferably) directly with the server. So mobile clients usually have a different IP each time.
Normally, plex.tv only serves as a wayfinder for clients to the server. (kinda like DynDNS, with added TLS certificates)
Only if the clients cannot reach the server directly, they try to use a Relay connection which again uses AWS data centers.
Whilst the Plex.tv servers ip addresses can be ascertained from the amazon AWS cloud list of ip addresses available from amazon, other systems such as the pubsub servers are not part of amazon and these do change and there is no published list
I have been playing around with routing for Plex for the past two days. I just found out that having just these three IPs has seem to have done the trick for my remote access:
52.49.216.0
54.76.102.0
54.229.133.0
As I’m sure you are aware, I have routed these using my server’s IP as the gateway. These, and a few others, IPs are the only ones I found to be related to my.plexapp.com using ‘dig my.plexapp.com +short @1.1.1.1’.
Coincidentally, once I deleted 34.248.104.0 the remote access seemed to work. Not quite sure why. Good luck!
No guarantee that there would be no impact to blocking all other IPs that may get used.
I would not want anyone else replicating this setup as blocking IPs that Plex may use is not recommended and would for sure lead to problems.
You are lucky that it is working today
I have come across many examples of IP addresses in the 3x.xx.xx.xx range used for the connectivity tests. There are also the events from the pubsub servers
I am indeed still having connectivity issues. It is spotty, at best. So no, this has not worked for me completely, and will be re-adding previous routes. Looking at netstat -at traffic for further connections to my server that I have missed.
There is also the pubsub servers which PMS gets a list of from https://plex.tv/services/pubsub/servers and the rows returned in the response are a subset of what could be returned - so called at different times may return different IP addresses
The ports on the support article are ones to allow in the firewall
I am not a linux person so i cannot make any comment about iptables. In any case, i do not support what you are trying to do - it is high risk and things may stop working
Just trying to keep my traffic secure at all times, but also be able to use Plex when I want. Seems to be a pretty common objective. Thanks for the pubsub list!
Why can’t you (Plex) just create a setting to disable route checking. I know my infrastructure works, I don’t need you checking for me. I want to only allow inbound connections from the United States… I think it is a little silly I need to play the eggshell game based on what AWS servers you decide to migrate your servers to…
Add me to the list of people that would like this functionality disabled. I know ahead of time the /24 I would like to allow through my firewall to access my server. Expecting us to open up the Internet to tcp/32400 is down right irresponsible.
Hey @sa2000 - thanks for that info.
You post “the current list” and the note in the article states:
Note : As mentioned, the list of IPs can potentially change at any time, as we grow or shrink the cluster.
If those IPs change (as I am sure they will) will those changes be noted, preferably in advance, so that people can prepare?
A blog post or forum post on the day of or day after could easily make us lose connectivity for a while.
The "Troubleshooting remote access"support page has been updated and includes now a link to a text file with the list of IP addresses.
This will be kept up-to-date automatically.
You can use this to configure your firewalls.
