How can I change my remote access IP?

Server Version#: 4.72.0

For some reason, when I try to enable remote access, it enters an incorrect IP address. Can I manually change the IP?

I do not have a private IP on the WAN side, I have a static public IP.

I did a search and found a few others with a similar problem, but the details were different and their solutions were not going to work.

Nobody? Not even someone from Plex knows how to manually enter the public IP?

You don’t change your Public IP

Your Public IP is set by your provider

I have exactly the same issue. While im using a docker container, I specify the “advertise ip” and plex.tv still has my wan ip, so it sees everything as “external” I dont know how to retrieve or change the IP that is published on plex.tv (searching for API docs now…)

From the debug logs:
Message
Request came in with unrecognized domain / IP ‘38.29.x.x’ in header Host; treating as non-local

May I ask why you are bringing your WAN IP directly into the host?

Are these hosts remote in a datacenter ?

This is a great question. I would love to know why my wan IP is published on plex.tv even though I have set the advertise URL to my internal ip (not the docker container but the docker host).

I port forwarded :32400-> docker host ip as I always have, but clients are getting the wan IP, rather than the internal IP. When i look at dockerhost:32400/servers/ i see the docker container IP listed there.

It all makes no sense.

When I hit http://10.0.1.3:32400/web/index.html#!/ and watch the console at the same time (in debug mode) that’s when I see
Request came in with unrecognized domain / IP '38.29.xx.xx' in header Host; treating as non-local

Your WAN IP is published (held internally) by Plex.tv

1. Someone you share with wants to look at your library and play something
2. Plex.tv gives their client app (hidden internally) your IP address ; It is a “DNS provider” for all Plex servers.
3. The app connects to your server and makes the “show me” query.
4. You see the results as sent directly by the server to you. Plex.tv does not get involved.
5. You want to play something;
   – The app, now knowing the IP address of the server, sends the request directly to it.
   – The server authenticates the request & checks if allowed
   – If allowed, the server and client establish a https point-to-point encrypted connection.
   – Playback begins and runs through that point-to-point

Clients will always be able to find your WAN IP if they really want to.

An unscrupulous person would only need to go into their modem/router’s firewall and look at all the connections passing through it.

Only WAN IP addresses are routable on the internet. For your server and the client to talk, WAN IP addresses must be used. LAN IP’s ( as per IETF RFC-1918) are not routable and stay within the confines of your LAN.

Your docker server, running on your host, with “host” networking, with have the same IP (LAN IP) address as the host. (whatever the default adapter is)

Maybe it would help if I know what you’re trying to accomplish ?

Settings - Server - Network allows you to tell Plex.tv which “Custom Access URL” to publish to clients.

With that value set, you could tell Plex.tv to route all client requests to that URL.
( What Plex.tv doesn’t know , nor does it care, is what you actually setup behind the scenes for how that server actually exists. Maybe it’s a container, Maybe a VM, Maybe a DMZ (old tech) host. The gain here is you could attach a FQDN to your WAN IP and then publish that FQDN to Plex.

While this makes things clean in one regard, it also means your host can be found by a published FQDN / DNS lookup request.

All of this comes down to:

1. Why do you want to hide your IP ?
2. Do you want tighter security ?
3. Don’t you trust the people you are sharing your server with ?
4. Are you doing something you shouldn’t be ?

Your post, while informative is also condescending. I fully understand networking and that wan ip’s are not private. lol. And I’m not doing anything I shouldn’t be.

I do have my own domain and dynamic subdomain I have routed to plex but I’m not using that as a custom url, right now.

Regarding the matter at hand, when I go to https://plex.tv/api/resources?X-Plex-Token=xxx I see the 172.x (docker container), 10.x (docker host) and wan ip. The entry for Wan IP is flagged as local=0. This makes sense: if you’re accessing it via that IP, you’re not on the local network.

The question I have is, why would local clients, on my 10.x network including the server webui itself, be accessing my server via the WANIP instead of the 10.x local ip? As a result, they’ll have everything transcoded, as I would expect for my (truly) external plex clients.

Just because a player is remote does not necessitate transcoding.

Does your firewall/router allow *.plex.direct private domain?
Plex uses its own internal DNS (which is plex.direct) to determine what is and isn’t local within the scope of your account.

I had to write an exception rule for pfSense to prevent local containers from being considered remote. (DNS rebinding protection is active in pfsense)

As a test: what happens when you go into Settings - Server - Network and

• Treat WAN IP As LAN Bandwidth

Do you still get transcoding ?

I am asking this because treating WAN as LAN will ignore any WAN bandwidth restrictions you might have in place.

If you’re still getting transcoding then the media XML and player settings must be examined. Remember, PMS will always do what is requested by the player and then add any additional system-level liimitations (e.g. Remote streaming bandwidth)

I apologize if I sounded condescending but I never know the skill level of the person I’m addressing. I attempt to shoot for a middle ground based on what’s been posted and what I’ve answered in the past. There are many times I’ve done a detailed write-up only to have it sail 50,000 feet above the recipient’s head which is fine but it is just one of those thngs.

I was in a cranky mood. Sorry.

I too use pfSense for both firewall and reverse proxy. There could have be an issue resulting from config there. I also started hosting this as a docker container on TrueNAS SCALE, when previously it was proxmox-container-Docker-Plex. Far too many changes around here lately.

I had to write an exception rule for pfSense to prevent local containers from being considered remote. (DNS rebinding protection is active in pfsense)

Can you share the details of this? I suspect it will be custom options on the DNS resolver.

And even though the console logs show it identified as (WAN) tautulli is showing direct-play and LAN beside the client IP

But I was getting transcoding on every file played within the LAN before, which is what led me to the console logs and seeing public ip and “treating as external” leading me to believe the transcoding was all as a result of it thinking my clients were outside. Since I have more bandwidth than CPU resources, I will also set the flag you mentioned; “treat WAN IP as LAN Bandwidth” just in case.

So, strangely, this seems resolved. I hate these types of resolutions. I appreciate your insights.

Thanks for your help

What does so-reuseport: no do and is it necessary/needed?
I only have the first 2 lines from what you show, so wondering if there is a benefit to adding that last line or not?

Thanks (and sorry for the hijack).

-Shark2k

Prevents secure DNS failures (primary reason)
(don’t open a port to the DNS server and leave it dangling. Each request is atomic)

Chuck, I don’t think you understand my question. I know my WAN IP, but Plex is selecting a DIFFERENT IP when I go to Remote Access. I want to manually change it to the CORRECT WAN IP.

You can do this by constructing the URL manually, and adding it to the Custom Server URL box in the PMS network settings like this:

https://12-34-56-78.1234567890abcdef.plex.direct:32400

• 12.34.56.77 is the public IPv4 address, replace the decimal points with dashes
• 1234567890abcdef is your server id
• 32400 is the TCP port you’ve forwarded

This URL gets pushed to the clients when they authenticate with plex.tv, and the plex.direct DNS server will resolve this hostname to IPv4 address 12.34.56.78 , so if port 32400 is open, clients can access.

(fyi, this is also the way to access your server over IPv6, using the v6 address with colons replaced by dashes)

Another way to do it is with your own domain name and a reverse proxy, but that’s a bit more work.

Thanks! I will try that now.
I’ll get into reverse proxies and such when Starlink arrives.

Let me make sure I understand this:
So let’s say my server is on 24.21.21.24
And let’s say I call it PlexServer
And it is on 32400

Would this be right?
https://24-21-21-24.PlexServer.plex.direct:32400

If so, there’s still something wrong, it still says it’s not available.

What are the IP addresses? 100.64.x.x → 100.127.x.x (CGNAT) vs a real IPv4 address ?

@ChuckPa It’s going from a 23.x.x.x address to a 192.168.1.x address. The 23.x is a public IP and is static for my WAN. For some reason PMS keeps trying to use a 67.x.x.x address which seems to be the public IP address of my WISP’s provider.

My WISP recently changed my static IP, it worked perfectly for over 4 years before the change. It’s not like I don’t know how this all works, I’ve been a network engineer since the 80s.

On the Plex server what shows up when you visit https://whatismyipaddress.com/

@tornadotj

I avoided the whole thing:

1. CloudFlare Domain & DNS maintainer
2. PfSense updates CloudFlare
3. PMS is told to use the FQDN.

As added security,

1. “AllowedRemotes” alias for those people I allow access to the server
2. Port forwarding rule in pfSense which checks the source address against the alias.

This was a set-and-forget. It’s self maintaining