Hi,
I have a general question about security. I hope it is not against the rules. I am enjoying the benefits of remote access however my mind is a bit troubled by the security risk it inherently introduces (meaning the open port). I was wondering if there is a reliable countermeasure that can mitigage the risks? Such as firewall limitation for select service or url? Is it worth the hassle?
Thank you in advance for any guidance,
Martin Uher
Plex is already secure.
It needs no further enhancements in that regard.
I have a VPN, but Plex goes around it.
In fact, while it is possible to have Plex go through a VPN - do it wrong and remote access simply won’t work.
Do not defeat the security measures already in place:
Network: Preferred, not Required or Disabled.
Clients: Fallback to insecure on Local Network ONLY.
That way you’ll still be secure - but when the internet goes out - the local lights stay on for your devices.
… and one last tip:
When Port Forwarding - use a public port that is NOT 32400 - like most every Plex Server in the known universe. That will, at least, offer more security by misdirection.
Hi,
I did not mean to defeat or diminish the importance of the built-in mechanisms. Rather, I was looking for additional options to bolster the security. Limit incoming communication for open port on router firewall.
Thank you @JuiceWSA for specific settings tips.
Only forward port 32400 from the outside. And only TCP packets, not UDP.
Don’t put your server into the DMZ – bad move.
If you run Plex on a PC or Mac only run it with restricted permissions (i.e. not as an Administrator or root user).
These are the most effective and most important measures to take.
Thank you for additional tips. I have to addmit I am a bit consufed. @JuiceWSA suggested to intentionaly open different public port than 32400. You suggest the opposite? Or I got lost?
https://support.plex.tv/articles/200931138-troubleshooting-remote-access/
Specifically:
In order to forward a port for Plex Media Server, you’ll need three main pieces of information:
I simply forwarded an external port that was NOT 32400 - and at the time it was suggested it should be in the above range.
Then at Server/Settings/Remote Access:
At the internet-facing side of your router, the port number can be almost anything.
But inside your home network, the number is always 32400.
The “transition” between the two numbers is done in the router, with the “port forwarding”.
I see, thank you both veru much for clarification.
Hi,
Sorry to revie an older thread. But please can @JuiceWSA may I ask where exactly is located the Fallback to insecure on Local Network ONLY? I tried looking on Web app, Android and iOS but I could not find it.
This particular preference is only available in some client types. The web app doesn’t support it.
In Android mobile, you can find it in preferences, advanced, right at the bottom.
Found it, thank you once again @OttoKerner
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
