Plex Media Server connecting to remote IP

server-mac

#1

Hello! When booting up, Plex attempts to connect to serval different IP addresses.. Little snitch reports some as plex.tv, which I don't mind letting through. Others, however, are to just IP addresses that I can't find any information on who they are. For example, 45.79.10.123 or 45.79.198.112 on port 443.

Does anyone know who or what these connections are? Are there a list of what addresses I need to allow through? Thanks!


#2

Yeah, totally agree -- would prefer to understand what these connections are and why they're necessary.

On my Plex Media Server, on startup, I saw:
- 54.194.240.140 (apparently a Microsoft IP?)
- 157.55.138.32 (an Amazon IP?)
- 184.105.148.84 (Hurricane Electric? Huh?)
- 139.162.7.93
- 139.162.202.171
- 104.214.136.124
- 139.162.144.200
- 50.116.59.4
- 45.79.198.112
- 45.79.10.123
- 45.33.73.209
- 82.94.168.56

Plus some named sites. Those I'm mostly fine with. But what are all of the above ones, and why by ip# instead of by ip name, which would give some context? It's way more than most of the other apps and services I start up.


#3

I couldn't agree more. As much as I enjoy Plex, I will continue to block all of these accesses until there's an explanation given (and is an 8-month wait for an answer someone's idea of Support? The answer ought not be difficult.)


#4

Nothing seems to get upset by the blocking?


#5

Almost severe enough to file as a defect; this isn't even like Plex is "phoning home", it's more like it's establishing a party line.


#6

There are geographically aligned servers that are used for checking remote access connectivity and establishing if internet is available and for companion / control of players - they are referred as pubsub servers

You can get a list of the pubsub servers through https://plex.tv/services/pubsub/servers
They are part of the Plex infrastructure

Plex Media Server also connects to external services for matching metadata and to register security certificates and there are systems for testing connectivity to your server when remote access is enabled

There are also the Plex Relay servers which are used when Remote Access is enabled and the direct route to the server is not working


#7

Ah, that's helpful, thanks! Would be nice if they had DNS names -- "pubsub1.plex.tv" for people who care about network connections, but at least I know what it's for now.


#8

@diathesis said:
Ah, that's helpful, thanks! Would be nice if they had DNS names -- "pubsub1.plex.tv" for people who care about network connections, but at least I know what it's for now.

I will ask. It may be because they get changed frequently


#9

Look like the https://plex.tv/services/pubsub/servers does not contain all the server, I discovered:
139.162.144.200 (li1411-200.members.linode.com)


#10

That url gives the current set of servers. Plex Media Server sticks to using the one it used before until there is a connection issue or faster connections found, in which case it would switch to the fastest response time server from the list from that url request.

So it is possible that this other server was on that list before


#11

Plex should give you the option to not connect to these servers. It seems they would be clearly unnecessary if you have remote connection disabled, and from what I can see they don't appear to be necessary with it enabled. Blocking them doesn't seem to have affected connect ability.


#12

While I appreciate the answer given earlier, those of us who value privacy and desire to know who/what/when/how our systems work... want a lot more.

The suggestion of putting those pubsub ip's behind a legit domain name is a move in the right direction. And the DNS hit isn't good enough of a reason to forego transparency). Even now, personally, I see my Plex install unendlingly sending data to three IPs not on that pubsub list. Surely, the Plex wizards can understand how its not cool that my system is contacting what appears to be a shared server at linode... and plex can't even tell me that is legit or not.

diathesis stated earlier that he had less concern with the 'named sites'. I don't share that level of comfort... and others need to understand that you have no ability to understand what data is being sent from your system (the one with your home movs, photos, pr0n, everything) to addresses at amazon's rent-a-server (aws) or x.members.linode.com (plans as low as $5/month).

We need transparency.

  • A plex pass lifetime member

#13

And let's be clear -- this level of network activity on startup for an app or server is ... unusual. If you run network monitors like this, you'll find lots of apps make an occasional connection, but launching an app doesn't usually send off a volley of connection requests that you'll spend five minutes approving or blocking.

It's not just that Plex is making connections to outside machines, it's that it's making a very large number of connections to outside machines that aren't clearly labeled as being part of the Plex infrastructure (e.g. via DNS entries), with essentially no opt-in or user control, let alone clear transparency in terms of what is being sent and when. It hasn't made me want to drop Plex, but it definitely affects my opinion of Plex.


#14

Have been waiting for a reply or comment from PLEX addressing this issue - Why not empower the user to enable/disable the connections on start-up. This would be an easy implementation providing maximum transparency and flexibility to the user. Alternatively, tell us why, you will not do it, why the connections are necessary and thus allow the client having been fully informed to choose an alternative. Thank You.


#15

[crickets]


#16

Observed that there is a constant traffic to the linode.com servers from my plex. After trying to trace, what’s in Plex causing it then found that all we have to do is ‘Uncheck’ Send Crash Reports option on server configuration as below:

Linx Hacks


#17

@linuxhacks said:
Observed that there is a constant traffic to the linode.com servers from my plex. After trying to trace, what’s in Plex causing it then found that all we have to do is ‘Uncheck’ Send Crash Reports option on server configuration as below:

Linx Hacks

That is not the only use of the pubsub servers (which appear as linode servers when you do nslookup)