Plex picking wrong interface (one with no default route) to bind to

Hello,

Running the latest PMS preview, it seem to pick the wrong interface every time. My server has two NICs, one for a private subnet with LAN-only access (10.0.10.x) and another that leads to my router and out through my ISP. You can see the routing table below, where the private subnet has no default route:

default via 10.0.1.1 dev eno2.10 proto static metric 99 
10.0.1.0/24 dev eno2.10 proto kernel scope link src 10.0.1.210 metric 99 
10.0.10.0/24 dev eno2 proto kernel scope link src 10.0.10.210 metric 100 

Yet 10.0.10.x is the IP that Plex picks for remote access every time. This has made me unable to use Plex remotely, and is very frustrating seeing as developers stated in 2012 that they planned to add configuration for interface binding (which should be very simple).

Plex will use whichever NIC it discovers first, that has a valid gateway address assigned to it that has port 32400 open. If you have multiple NICs that fit this criteria each time you start Plex it could pick a different NIC. Just depends on which responds first.

There are reasons to use multiple NICs but to have multiple “inside” subnets with only one having a route to the internet is “iffy” unless you have a huge internet pipe. Are you planning on using one for large file transfers or similar?

Technically both of your subnets are “internal” since any device can talk to it that’s on the same subnet. The default route just tells the computer where to send packets that aren’t on the subnet. Of course the metric will determine the preferred route.

Kind of curious, but why two different subnets? If your goal is to get more overall bandwidth you might be better off “combining” your NICs.

There are several things you could do such as:

1. Combine your two NICS to “bond” or “combine” them into a single link that has internet access.
2. Bind Plex to a single interface (works for some people).
3. Block port 32400 on the link you don’t want Plex to use.
4. Start only the link attached to the Internet at startup, fire up Plex and then with a delay start the other NIC after Plex has loaded.

You’ll have to think outside the box a bit to get it working. But before going down this rabbit hole, why two NICs configured this way?

Thanks for the quick reply!

Plex will use whichever NIC it discovers first, that has a valid gateway address assigned to it that has port 32400 open. If you have multiple NICs that fit this criteria each time you start Plex it could pick a different NIC. Just depends on which responds first.
Why doesn’t it check that the NIC actually has connectivity out to the world (at least, for the remote access part)?

There are reasons to use multiple NICs but to have multiple “inside” subnets with only one having a route to the internet is “iffy” unless you have a huge internet pipe. Are you planning on using one for large file transfers or similar?
In this case, I have VLANs (each with distinct subnets) for different groups of devices that shouldn’t be talking to each other, hence multiple virtual NICs.

There are many other valid use cases for multiple NICs, including a virtual machine hypervisor, VPNs, etc.

Technically both of your subnets are “internal” since any device can talk to it that’s on the same subnet. The default route just tells the computer where to send packets that aren’t on the subnet. Of course the metric will determine the preferred route.
Per above the (only) route for IPs off the subnet should be via 10.0.1.210, but plex seems pick 10.0.10.210 instead. ip route get 54.229.174.245 confirms that connections destined for plex.tv should be going out via 10.0.1.210 not 10.0.10.210. Any attempts to reach outside of 10.0.10.0/24 via that interface result in ‘host unreachable’.

Kind of curious, but why two different subnets? If your goal is to get more overall bandwidth you might be better off “combining” your NICs.

There are several things you could do such as:

1. Combine your two NICS to “bond” or “combine” them into a single link that has internet access.
2. Bind Plex to a single interface (works for some people).
3. Block port 32400 on the link you don’t want Plex to use.
4. Start only the link attached to the Internet at startup, fire up Plex and then with a delay start the other NIC after Plex has loaded.
   (1) won’t work for my scenario - the intention is to keep the subnets distinct.

(2) would make sense but needs to be supported by Plex - as far as I know, this was the last official update in 2012.

(3) might be viable, I’ll try and let you know. But ultimately, this also implies that to have remote access working properly, Plex users are expected to block connectivity on any LANs that don’t have Internet connectivity.

(4) sounds very prone to breaking and would not allow you to restart PMS after boot without fiddling with the state of the other network interfaces.

OK so lets start over. Do you have multiple NICs or just a NIC with multiple VLANs setup on it? What you originally described as 2 NICS with only one having external access is a bit strange since if a device is in the same IP pool it could be reached by any subnet that they both share. Metric won’t come into play since you’re not “routing” anything.

Do you not want all your devices to be able to talk to your Plex server? If so and you want multiple VLANs then you have to rethink your setup. Plex is a server and should be setup on a machine with ONE VLAN only (with internet access). It can be it’s own VLAN. Then in your router you will need to setup routes for any other VLAN that needs to talk to the Plex server. Essentially you could think of it as a server DMZ that is accessible from the outside and inside VLANs but only on port 32400 (setup via router/firewall).

BTW, Plex should work fine if you setup your subnets with a default gateway only on ONE subnet. If you have default gateways on multiple subnets then it will just use the first it discovers.

I’m assuming you do not have routes setup between your different VLANs otherwise there is little point in using the VLANs since the IPs can still talk (although slower with congestion). If that’s the case you probably shouldn’t have multiple gateways. Your gateway is usually the router who knows how to communicate with the outside world.

Carlo

@cayars said:
OK so lets start over. Do you have multiple NICs or just a NIC with multiple VLANs setup on it? What you originally described as 2 NICS with only one having external access is a bit strange since if a device is in the same IP pool it could be reached by any subnet that they both share. Metric won’t come into play since you’re not “routing” anything.
Sorry it was unclear - it’s one physical NIC but divided up into two interfaces, and for all intents and purposes NetworkManager and Linux seem them as separate. The two do not share an IP pool: the VLAN with access to Internet [eno2.10] is 10.0.1.0/24 and the private VLAN [eno2] is 10.0.10.0/24.

Do you not want all your devices to be able to talk to your Plex server?
Devices on both VLANs should be able to talk to Plex locally, which is why I have assigned the host an IP on each VLAN interface/subnet. Autodiscovery/mDNS works is distinct per VLAN, so hosts on each discover and reach out to the Plex server’s IP that belongs in their subnet (10.0.x.210).

If so and you want multiple VLANs then you have to rethink your setup. Plex is a server and should be setup on a machine with ONE VLAN only (with internet access). It can be it’s own VLAN. Then in your router you will need to setup routes for any other VLAN that needs to talk to the Plex server. Essentially you could think of it as a server DMZ that is accessible from the outside and inside VLANs but only on port 32400 (setup via router/firewall).
Are you saying in general, or specifically due to the way Plex works? I have the setup described above working with a bunch of other daemons (incl. some with remote access). mDNS works and remote access too, so long as I port forward to the 10.0.1.x IP, since packet replies will come from that address which I can confirm with ip route get 8.8.8.8.

Despite the routing table indicating that any non-LAN hosts should be routed out via src=10.0.1.210 and dev=eno2.10, Plex tries to reach out to plex.tv using 10.0.10.210 over using the interface used for the private LAN (eno2).

BTW, Plex should work fine if you setup your subnets with a default gateway only on ONE subnet. If you have default gateways on multiple subnets then it will just use the first it discovers. I’m assuming you do not have routes setup between your different VLANs otherwise there is little point in using the VLANs since the IPs can still talk (although slower with congestion).
Correct, the separation is intentional.

If that’s the case you probably shouldn’t have multiple gateways. Your gateway is usually the router who knows how to communicate with the outside world.
Isn’t this an incorrect assumption? It should be fine to have multiple gateways or routers, but multiple default/outgoing routes to them is what’s bad (although AFAIK both Windows and Linux are both OK with it, and pick the route with the lowest metric).

If Plex isn’t going to honour routing tables then IMO it should be possible to ask Plex to listen on a specific interface for remote access, like most other daemons which would solve this easily without having to resorting to blocking ports, staggering the order I bring interfaces online or deleting gateways.

Understood that listening on an interface != routing, the reason I keep circling back to it is that it’s plex.tv, for remote access, reporting 10.0.10.210 – and that’s incorrect. According to the routing table, no packets should be going out to the Internet from 10.0.10.0/24.

The problem is that you’re assuming Plex is multi-homed and it isn’t. It will not use all interfaces nor can you choose the interface it binds to. Not only that but you can’t change the internal port is listens on either. It always listens on 32400.

Plex does something of a simple test to figure out it’s IP to use. It looks for a NIC that has a default gateway and takes the first one that comes back from the operating system with port 32400 available. It doesn’t check to make sure it’s valid nor does it check to see if the gateway really gets it to the Internet. That may be an over simplification but it good enough to express what it does so you know how to work around Plex’s limitations.

To make life easier on yourself only run 1 VLAN on the Plex Server and/or take out the default gateway on the NIC/VLAN you don’t want it to use.

I think you probably have enough info at this time to figure something has to change in your network due to the way Plex works (that you can’t change or override).

BTW, why do you have a gateway assigned to the “private” VLAN? What use is this gateway?

@cayars said:
The problem is that you’re assuming Plex is multi-homed and it isn’t. It will not use all interfaces nor can you choose the interface it binds to. Not only that but you can’t change the internal port is listens on either. It always listens on 32400.

Plex does something of a simple test to figure out it’s IP to use. It looks for a NIC that has a default gateway and takes the first one that comes back from the operating system with port 32400 available. It doesn’t check to make sure it’s valid nor does it check to see if the gateway really gets it to the Internet. That may be an over simplification but it good enough to express what it does so you know how to work around Plex’s limitations.
Thanks for outlining the current limitations - I wish it were more configurable, but I’ll work with what we have.

To make life easier on yourself only run 1 VLAN on the Plex Server and/or take out the default gateway on the NIC/VLAN you don’t want it to use.
I setup a systemd-nspawn container for Plex and using bridged networking to make it appear its own host on my network. Nice and lightweight and I can keep the home server on multiple VLANs. If others are curious, here’s a quickstart (Fedora 25): Installing Plex in a systemd-nspawn container · GitHub

BTW, why do you have a gateway assigned to the “private” VLAN? What use is this gateway?
I prefer to keep DHCP on everything (which sets a gateway) and manage static IP leases that way.

Christmas has come early ! The feature of allowing the user to select a specific network interface is now available as from Plex Media Server version 1.13.5.5291 which was released to Plex Pass beta yesterday

See Release Note Plex Media Server

• Allow picking a specific network address to bind to (#8492)

Details of the new Advanced Network server setting can be found on this support article https://support.plex.tv/articles/200430283-network/

Please pay attention to the associated notes