How To Stop RasPlex Connecting To A Particular PMS

I have two PMS: QNAP & DietPi
QNAP is the actual PMS
DietPi is only for personal media which I dont want to be seen usually.

I need to stop RasPlex connecting to DietPi.

DietPi contains personal photographs & videos which I dont want to access while normal usage. To add to the injury RasPlex was displaying the personal photographs as background images while normal usage. However I dont see an option for RasPlex not to connect to this PMS.

Currently I am trying to see if a workaround works.
I have deleted all the data in ~/.plexht/userdata/Thumbnails & am reconfiguring the precaching to only work for QNAP. I am assuming that the thumbnails are generated from the cache & not from the server. So DietPi data shouldnt be at least shown in the UI background.

However this doesnt stop RasPlex to stop accessing DietPi & a user can still access it from the menu. How do I disallow this?

System Settings > Connections takes me to the interface page where I can see the wired & wireless connections. It doesnt show a server at all.

To add the the issue now after deleting the ~/.plexht/userdata/Thumbnails RasPlex has stopped showing any thumbnails or background images at all. So thats messed up as well.

Both my QNAP & DietPi are accessible the same network interface. I have only one network.

This page shows network interfaces not individual servers.

The only place I see an individual listing of servers is in the Pre Caching Control section.

All data resides on QNAP TS-251 NAS.

One PMS named AshWarNAS resides on QNAP TS-251 NAS & serves the directory X from it.
Another PMS named AshWarDietPi resides on Odroid XU4 SBC & serves directory Y from QNAP TS-251 NAS.

RasPlex is the client for AshWarNAS & is used to watch the media from it.

X contains movies & tv shows which are usually used & viewed in RasPlex
Y contains personal videos & images which arent supposed to be available to RasPlex

I want to disallow RasPlex to access AshWarDietPi.

Still it will be accessed & cached by RasPlex while its on. So that is not a complete solution. And now cache is messed up because I deleted all the thumbnails. Also there is no way of deleting them through the UI.

Such situations & others before it make me really question Plex’s design. In pursuit of seamless integration & user experience it completely forgoes having user controls such as this.

I may have to create a firewall rule to disallow this connection.

I will have to have a hard look at Kodi.

Okay since my last request there have been cosmetic changes in the network with regard to the system names & addition of one more box.
Now it looks like
Plex Servers:
192.168.0.2
192.168.0.3

Plex Clients:
192.168.0.4
192.168.0.5

I only want
192.168.0.4 to connect to 192.168.0.2
192.168.0.5 to connect to 192.168.0.3

Cross communication should be disallowed.

For this I added
On 192.168.0.4
iptables --append OUTPUT --protocol tcp --source 192.168.0.4 --destination 192.168.0.3 --jump DROP
iptables --append INPUT --protocol tcp --source 192.168.0.3 --destination 192.168.0.4 --jump DROP
iptables --append OUTPUT --protocol udp --source 192.168.0.4 --destination 192.168.0.3 --jump DROP
iptables --append INPUT --protocol udp --source 192.168.0.3 --destination 192.168.0.4 --jump DROP

On 192.168.0.5
iptables --append OUTPUT --protocol tcp --source 192.168.0.5 --destination 192.168.0.2 --jump DROP
iptables --append INPUT --protocol tcp --source 192.168.0.2 --destination 192.168.0.5 --jump DROP
iptables --append OUTPUT --protocol udp --source 192.168.0.5 --destination 192.168.0.2 --jump DROP
iptables --append INPUT --protocol udp --source 192.168.0.2 --destination 192.168.0.5 --jump DROP

QUESTION:
Is this the correct way?
I tried https://wiki.debian.org/iptables since both plex clients are based on Debian through LIBREElec. However though mentioned in the link, “/etc/network/if-pre-up.d/iptables” doesnt exist. Also I cant install the iptables-persistent package.
So to persist these rules I am using “https://forum.libreelec.tv/thread/2517-vpn-include-default-iptables-rule-for-tun0-or-at-least-optional/?postID=20550#post20550” for reference. I am able to see the rules persist after restart. However I am yet to check if the two clients start showing the other servers.

Unfortunately my router doesnt have a firewall so I have resort to this.

Should I manually configure the one server in the client or let it be?

Please advise.

Great idea. Unfortunately mine is a basic Dlink 600m home router. It doesn’t even have firewall capability to block communication between two hosts that’s why I had to go the iptables way.

As for subnets I am not sure hiw to create them if they are supported at all. I use DHCP static configuration to allocate the addresses. So I assume that there will need to be a feature in it to support this.

Well then this is the best I can do.
I am very surprised that Plex doesn’t have connection controls in itself.

Because it’s a pretty normal usecase for personal for sensitive media to be kept separately for whatever reason. I disagree with the idea that Plex client should by default discover & connect with all the servers it finds. This is done for user convenience not for better design because otherwise an option to disable connection to a particular server would have been provided.

from what I figure you can do it 2 ways.

either create a whole second plex account and sign into that 2nd account on server 2

then sign into that plex account on client 2

then client 1 will only see server 1
and client 2 will only see server 2

If you still want access to server 1 or 2, from either client 1 or client 2, then add the other as a friend or home user.

a home user require plex pass so that may not be what you want

if you don’t want to create a second plex account, then you will have to put server 2 in standalone (not logged in) mode, and you will will have to put client 2 in manual connection mode.

go to https://app.plex.tv/desktop

web client > Allow Fallback to Insecure Connections > on same network or always

on server 2, settings > network > show advanced > List of IP addresses and networks that are allowed without auth

• add your local lan network (ie 192.168.1.0/24 or whatever)
• set secure connections to preferred or disabled

on client 2, log out your plex account, go into settings and set up a manual connection to the server 2 ip.

I did not test either, but either should work.

Yes I am using both of the unconnected to Plex just the way I like. I don’t want to have a big brother like connection to everything.

The easiest way might be to get PlexPass and limit by user what they can see, or you could edit the hosts file in rasplex so it cant see the ip of dietpi by looping it back to localhost

Sorry but I am not going to pay for a basic simplistic feature which is inexistent due to design choices contrary to my thought. I would definitely pay for the Geo tagging of photos & videos. That’s adds value basic stuff doesn’t.

then use the host file or create a firewall rule so your dietpi cant see rasplex

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.