Server Version#: 1.24.3.5033
Player Version#: 4.63.0

So - I’m not a networking person at all. So apologies in advance.

I have a Plex server running on Ubuntu 16.04 LTS. It’s on an Intel NUC. I originally set it up four years back and remote access used to run fine. But while away from home recently I noticed that my videos were ‘blocky’. On checking, I see that my videos are running “indirectly” when accessing them remotely.

I’m not sure when this stopped working as I’ve not been away from home much due to lockdowns, etc.

When I look in Settings, Remote Access, I see “Not available outside your network”.

• Private is set to 192.168.1.xxx.xx : 32400
• Public is set to 185.241.xxx.xxx : 32400

If I go to canyouseeme.org it sees my public IP, but when I type 32400 for the Port to check, it says "Error: I could not see your service on 185.241.xxx.xxx on port (32400).

I tried opening that port using:

sudo ufw allow from 185.241.xxx.xxx to any port 32400 proto tcp.

When I look at the firewall status (ufw status) it shows:

To: 32400/tcp action: ALLOW From: 185.241.xxx.xxx

I’ve tried many different things from manually specifying the public port in the Plex settings, to enabling UPnP in the router, and setting up port forwarding. But nothing seems to work.

When I go to the Remote Access page, it initially shows green for 5 seconds, then goes back to red - Not available outside your network.

Is my problem to do with the error shown on the canyouseeme.org website? How can I change it so that the 32400 port doesn’t produce an error on that site?

Grateful for any guidance. I’m so glad I’m bald; If I wasn’t I’m sure I’d have pulled my hair out by now!

Before tinkering on the Linux firewall you might want to review your router configuration. Have you setup the remote access using a manual port forward or were you relying on the router’s UPnP (automatic forwarding)?

You can try to use a different public port for the forward (to be configured both on the router and Plex’ remote access configuration). This way you can check if e.g. your ISP is blocking that specific port.

Generally speaking, the public IP/port not being accessible from outside your home network implies there’s an issue between your ISP and the router configuration.

Thanks for the quick response, tom80H! So the fact that the public IP/port isn’t accessible might be a contributing factor.

I’ll try using a different port for the forward as you suggest and will see what happens. I’ve spent hours today trying allsorts so fingers crossed this will help narrow things down. It’s a super-frustrating issue!

As tom as suggested I’d certainly start with your router and port forwarding. If you are sure that is setup correctly then you can setup the firewall rules.

I generally setup a /etc/firewalld/services/plexmediaserver.xml and add the following content to it…

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>plexmediaserver</short>
  <description>Ports required by plexmediaserver</description>
  <port protocol="tcp" port="32400"></port>
  <port protocol="udp" port="1900"></port>
  <port protocol="udp" port="5353"></port>
  <port protocol="tcp" port="8324"></port>
  <port protocol="udp" port="32410"></port>
  <port protocol="udp" port="32412"></port>
  <port protocol="udp" port="32413"></port>
  <port protocol="udp" port="32414"></port>
  <port protocol="tcp" port="32469"></port>
</service>

Then run these commands to configure it …

sudo firewall-cmd --add-service=plexmediaserver --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --list-all

That should configure your firewall correctly. At least it what I have been doing for years. Below are two useful links which I used when I was setting up my server…

One final comment, Ubuntu 16.04 LTS. You really want to run that old version ? Seems risky especially when you are opening ports and having it access the public internet.

Thanks alll for the great feedback here - it’s really appreciated.

To be honest I just set up the Intel NUC specifically to run the Plex server back in 2017 or so. That’s all it does. And after setting it up I did the usual Ubuntu patches and things that come through but never thought to update to a newer Ubuntu version. It just sits there running Plex.

It’s a good plan though, so this will be something I tackle this weekend.

Hopefully I’ll have remote working going by then with help from your suggestions!

I tried a couple of different external ports as suggested, but I had the same problem. So I checked with a port forwarding tester site (yougetsignal.com). This shows that all of these ports are closed (See image below).

As mentioned, networking is not my thing, so I’m not sure if this is normal, or a bit weird. Do I need to contact my ISP to request they unblock port 32400? Or am I barking up the wrong tree, here?

Just trying to get this part of it as it should be, before I look at the firewall rules, etc. on Ubuntu.

yougetsignal1822×608 88.7 KB

If you have you configured the port forward on your router and it’s still not visible/accessible, you might need to contact your ISP to confirm they’re not blocking the communication.

It is normal for those ports to show as closed. The only port you need to worry about is the one you specify for Plex remote access.

For the testing sites to show the port as open, you must have:

1. Port forwarding correctly configured in your router
2. Remote access correctly configured in your Plex Media Server
3. Plex Media Server running with remote access enabled.

The testing sites cannot tell if you have port forwarding configured in your router/firewall/etc.

They don’t query the router asking if a certain port is open or closed.

They are looking for a response from your Plex server. If they do not receive it, they assume the port is closed.

Port Forwarding statement in my Asus router.
Internal port is always 32400. External port must match Plex Remote Access configuration.
Source IP must be blank/any/all (varies by router), as you do not know the source IP of your remote clients (ex: IP address of a mobile phone will change with location).

Screenshot (844)756×110 7.31 KB

Plex Remote Access Configuration
Since I am using manual port forwarding, the box for Manually specify public port must be checked (otherwise Plex will try and use UPnP). Also, the port number must match the external port number in your router’s port forwarding statement.

Result from canyouseeme.org.

Result from canyouseeme.org with Plex Media Server stopped, but Port Forward in router still in place.

Thanks again! So I’m pretty certain that:

• Port forwarding is correctly configured on my router (see image)
• Remote access is correctly configured on my Plex Media Server (see image)
• The Plex Media Server is running with remote access enabled.

Here’s the Port Mapping Configuration in the Forwarding Rules section of the router settings:

router1776×430 115 KB

I’ve tried with the External Source IP address field blanked out, and with the External source port number field populated with 32400. Makes no difference.

The DMZ Configuration option on that page is disabled.

The Port Trigger Configuration on that page is also currently disabled (as default). Although yesterday, I did configure it like this while trying different things:

portTrigger1709×316 12.6 KB

Again, this made no difference, so I disabled that option again.

Here’s the Remote Access settings in the Plex web app:

plex1769×396 362 KB

This should be all I need to do, right? Can you see any obvious mistakes, here?

Some comments …

1. I assume 192.168.100.99 is a static IP of your ubuntu server running plex, right ?
2. I would go ahead and configure the firewall on ubuntu as I pointed out above. The OS itself might be blocking plex at this point.
3. If after all that I would suggest a quick chat with your ISP to ensure they are not blocking external access on your public facing IP.

Correct - 192.168.100.99 is the static IP of the Intel NUC running Ubuntu. The Plex server is running on that, and Plex is the only thing running on there.

OK - I’ll try the firewall config as you’ve suggested.

Thanks again!

External Source IP Address: Must be blank.

Protocol: Only TCP is needed. TCP/UDP is OK.

Do not enable a Port Trigger.

Plex remote access settings are correct.

Check your Ubuntu firewall as the others have recommended. Note that if TCP/32400 were blocked on your Plex server, it would block local clients as well.

OK - so here’s an update

I set up a plexmediaserver.xml as suggested, added the content, and ran the commands to set up the Ubuntu firewall. No dice. Still had the same problem.

I then pinged the Tech Support for my ISP and asked them if they were blocking these ports, including 32400.

While waiting for their reply and, frustrated, I decided to update Ubuntu. Went from 16.04 to 18.04, and then from 18.04 to 20.04 LTS. Again, no dice. Still had the same problem. Urrrrgh!
At least, at the end of this, I have an up-to-date Ubuntu installation now lol.

This evening, Tech Support got back to me. This is what they said:

"We use CGNAT security on our network and this is applied to all customer connections. Unfortunately the CGNAT security will prevent access to Plex remotely and we are unable to remove it on individual connections.

I have asked if there any work around to this issue and have been informed there is a service called “ngrok” which you can use which will potentially solve the problem. We don’t support ngrok but I have been told its a potential solution if a customer is able to set up".

So - I have no idea what ngrok is, but I’m about to do some Googling to find out! I’ll let you all know if it resolves the issue for me…

Thanks again for your assists with this - I’m glad I wasn’t doing anything stupid

Oh CGNAT Pretty sure this has come up before. Try searching the forum but from memory don’t think remote access is possible.

Maybe just to put their feedback in context…
CGNAT isn’t primarily about security (even if they spin it this way). The long story short is that ISPs are running out of IPv4 addresses to assign to their customers (and the few remaining ones getting more expensive). Therefore many ISPs have started to treat their network like a private network… giving each user a “private” IP address instead of a public one. This isn’t usually impacting your everyday surfing experience – but it prevents you from sharing your own content or accessing it while outside your own home.

Some ISPs offer options to get a static public IP address for your router – at a monthly fee (usually ranging from 5-20 $/€ per month – though I’m sure there’s providers asking for even more).

TL;DR → as dokuro stated: I’m not aware of a solution to get remote access working in a CGNAT environment (except for going with the static public IP option which usually comes at a cost).
I think I’ve seen some posts mentioning ngrok – not sure to what success this worked for the users testing it.

…
I still think it’s funny how they’re now spinning CGNAT as a security feature when it’s basically simply saving a few more bucks.

Great info - thanks again! This is going to be my weekend project. I’ve wasted countless hours over the last few days on this. So I’ll look at ngrok, and other VPN solutions over the weekend.

My initial thought was that using a solution like ngrok might not give me anything better than the 2mbps limit I see when using Plex Relay (indirect play) to view remote content. But I’ll tinker and see. If I can get more that 2mbps then it might be worth it.

I’ve also asked the Tech Support agent if there is an option to purchase a static/public IP address. Waiting to see what they say, there…

Well - after spending another couple of hours with ngrok, I’ve thrown my hands up in the air and decided to give up lol. The guides I’ve seen (like this one) seem straightforward, but I couldn’t get it working.

ANYHOW - good news. I asked tech support about static IP addresses, etc. and they replied:

The static IP functionality is something we will be offering shortly. There has been a slight delay in rolling this out but we can keep you posted when they are available. There will be a charge for a static IP for customers subscribing to the lower packages but the higher packages I believe will have a free option when its rolled out.

So, for now, I’ll make do with the 2mbps when viewing remotely. And the few friends who connect to my Plex will have to do the same!

Hopefully it won’t be too long before I can get my own static public IP address and I’ll then be back in business.

Thanks again for all of your replies - I’ve learned a fair bit from you guys, and this rabbit hole I found myself in!

You don’t really need a STATIC ipv4 which might cost more. Dynamic one can do a job as well. Don’t forget to spam everyone to implement full ipv6 support asap (hello Plex)…