I’m in a double NAT situation and I’ve setup forwarding on my FIOS router and Watchguard firewall and it appears traffic is passing correctly. I’d like to lock down the source of external connections to just the IP addresses coming from Plex.tv. That of course assumes that there is a list of public IPs associated with Plex.tv. Does such a list exist and if so where might I find it?
Thanks
Feanor48
This would not do any good. External clients would not be able to use your plex server.
The traffic is not routed exclusively through plex.tv. Plex.tv is only involved with user authentication and relaying the current IP adress of your server to the external clients.
All of the following connections are made directly from the clients to your server.
Check you firewall logs or analyse the traffic coming to your plex server on port 32400.
And as OttoKerner said, you also need to allow access from your source address, and all other sources you plan on using.
This is only of use in a perfect world, where everyone gets a fixed IP adress exclusively and keeps it for months or years.
The reality looks quite different. Even domestic internet routers get only dynamic IP adresses that can vary within days. Even worse is the situation for travellers who change networks quickly with their tablets from 4G to public WiFi APs to hotel or workplace LANs.
You cannot possibly account for all this beforehand with a whitelist.
This “could” work for people you share with if they only use devices in their house. You could setup your firewall with subnet ranges where your friends originate from.
This of course would basically block you from using any phone apps, etc…
This could be a viable way however to block some external uses of shares. I did something similar but instead of setting up “allowed” I instead “blocked” IP subnets.
I gave a friend shared access to my system. He setup his brother and parents (I don’t know either of them) with his credentials who apparently have multiple Rokus because I was looking at who was using my system and there was 6 ACTIVE streams from his account. It’s only my friend and his wife in their house. So I blocked the IP ranges not associated with his house. If they would have all “direct played” I wouldn’t have cared as much but 5 of the streams needed transcoding as he setup the Rokus for 720/3mb.
Carlo
Check you firewall logs or analyse the traffic coming to your plex server on port 32400.
And as OttoKerner said, you also need to allow access from your source address, and all other sources you plan on using.
I agree with gby, everyone else seems to have gone off topic a bit.
I've heard Plex runs AWS instances so fairly unlikely you can block to a small enough range to be usable. However if you did like gby said and logged traffic to your plex port (32400?) you could be able to find something usable.
I run this config today.
However I almost always source from the same address.
If I need to view from somewhere else I just temporarily allow that address as well.
It would be great if we could have the IP ranges to lock down in our firewalls. I use a pfSense box and would create a NAT rule allowing the Plex whitelisted IPs (AWS subnet, plex.tv, whatever) into my Plex box. For the rest of the users connecting into my Plex box I would use a Dynamic DNS service and use that FQDN into the box. The problem that I am having is the FQDN associated with Plex on the AWS servers doesn't refresh fast enough to keep up with the round robin IPs that I see. Is there anyway that Plex could provide the subnets that are used by Plex? It would also be 100x better if we could expect a request from just several IPs instead of a large AWS subnet but I'll take what I can get. So anyone have a list of IPs? Also can anyone verify what FQDNs that Plex might come in on? Maybe I missed one and that's my problem. I checked my firewall logs but reverse DNS lookups blow and aren't usually accurate. We need a way to keep this secure and stream safely.
Btw on a side note you can do Dynamic DNS on your phone's 4g connection. Check out the Android store.
Hi there not sure if you have resolved your firewall rules yet but this is how I fixed mine… I have my pelx hosted on amazon ec2 ubuntu server and I did this as a firewall rule to get it working:
Open TCP port: 32400 (you can allow by IP if you wish for more security)
Open UDP ports: 32400 - 32415 - to Plex subnet: 52.49.38.0/24 (note subnet may change I just pinged app.plex.tv to find it. For now it works until they change their cloud hosted IP addresses.
full Remote access to my plex server – Enjoy! I hope this helps.
edit: 21:11 2016-09-23
the block of IPs I posted are no good just unfirewall thoughs UDP ports
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
