How to use plex on local network with remote access disabled

Plex Media Server
1

Server Version#: 1.42.2.10156-f737b826c
Player Version#: 1.112.0.359-0d79a49f

Summary: Local network only install. Linux server, plex app on mobile, apple tv, desktop client. Update, and now I MUST have “enabled remote access” in order to have local access. Why? How do I go back to local only?

Narrative:
I was watching a show tonight and couldn’t get PIP working on plex app on mac. Weird. Updated plex app - and now can’t connect to my server “there are no secure connections” What’s that about? Was working fine a minute ago. Update plex server. Server updated; still not working Check account. Login fine; still not working. Login to plex server UI. 45 minutes and 60 browser tabs later, I enabled remote access, and everything works. I’ve never had (like many many years) remote access enabled. I only watch on my local network. Why did this change? Is Plex now requiring hairpinning out and back in through my firewall? How do I get back to all local streaming again?

2

See Client says it won't play from "remote server", although the server is local

3

Key point: was working one minute, update software, now it won’t work. Software changed - not my network.

TL;DR = DNS rebinding protection needed to be added to PFsense

The rest of the diagnosis is below for future plexians to reference.

  1. when using virtualization/containers for the server, use “Host networking”. If you use “Bridge” instead, a layer of NAT will be inserted, which moves your server into a different network than your local clients are. The server being in a different network is considered “remote access”.
    1. No virtualization
  2. Verify that you are not affected by "DNS rebinding protection". Because if you are, clients are not able to use secure connections in your local network. https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections#toc-4
    1. PFsense firewall. Added Services >> DNS Resolver >> Display Custom Options
      server:
      private-domain: "plex.direct"
  3. Check for other network components which could cause a split of your network. More than one "router"-type device, wireless bridges, a separate Mesh router, coax network bridges etc. could all be configured to perform NAT. NAT should only be performed in your main internet router, and nowhere else in your home network.
    1. Flat network
  4. Ensure that your home network address is in one of the ranges, which are explicitly designated for private use: Private network - Wikipedia
    1. RFC 1918 IPv4
  5. When using the web app, check browser features or plugins which could obscure/hide a device's IP address (e.g. iOS WLAN settings, MacOS: System Settings > Privacy & Security > Local Network > Chrome/Safari)
    1. Not using web app; do not want any remote access
  6. if you use the local web app, load it into your browser using the private IP address of your server. Do not use a domain name.
    1. Not using the web app
  7. if the difficulties occur in the Plex web app specifically, look at this as well: Important note about the Plex Web app - Local Network Access
    1. Not using the web app at all
  8. On MacOS, both the web browser, the "Plex for Mac" desktop app (if used), and Plex Media Server need the privilege to access the local network: System Settings > Privacy & Security > Local Network
    1. Checked - was already enabled
  9. do always check if the difficulty is caused by the use of VPN software of any type. (Tailscale, Wireguard etc.pp.)
Disable this completely and re-test all components after restarting/rebooting them.
    1. No VPN
  10. if you use a custom/manual port forwarding rule in your router for internet/remote access, DON'T use the port number 32400 for the external/WAN port.
Instead, pick a random number from 20000–50000. Then put this number into your port forwarding as the "external/WAN" port number (the "internal/LAN" port number must always remain at 32400!).
Then put the exact same external port number into the Plex configuration at Settings - \[server name\] - Remote Access - 'Show Advanced' - "Manually specify public port"
    1. Yes, when I enabled NAT, it works. But I don’t want that.
  11. When using Windows as your server platform, check the properties of its network connection. It must be classified as "private", not as "public". Otherwise you won't be able to connect with your client directly.
    1. We don’t use windows in this house
4

It is near impossible to get the server running without using the web app at least initially.
The only other app which allows you to create libraries and manage all the server settings is the Plex for Desktop app. But sometimes it may not work, so you will have to fall back to the web app.
(Btw. don’t let the name “web” fool you into thinking that it is always using the Internet. It will use a direct connection in the local network, just utilizing Internet technologies.)