Plex server in jail always shows up as "remote"

Server Version#: 1.16.4.1469

Server setup: host is 10.0.0.43, freebsd-12, plex is 10.0.0.49 (not in my DHCP range) on lo2 in an iocage jail:

% ifconfig
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 70:85:xx:xx:xx:xx
	inet 10.0.0.43 netmask 0xffffff00 broadcast 10.0.0.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
.....
lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 10.0.0.48 netmask 0xffffff00
	inet 10.0.0.49 netmask 0xffffffff
	groups: lo
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

% sudo iocage console plex

# ifconfig
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 70:85:xx:xx:xx:xx
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	groups: lo

lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	groups: lo

lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 10.0.0.49 netmask 0xffffffff
	groups: lo

I’ve been trying to figure out why my server always shows up as remote when accessed via plex.tv, even on my LAN, and I think I’ve narrowed it down to a specific possible cause. I’ve taken care of DNS rebinding, and normal remote access works fine, and accessing directly via 10.0.0.43:32400 works fine.

When I check https://plex.tv/api/resources?X-Plex-Token=xxxxxxxxxxxx, there’s no plex.direct uris at all:

<MediaContainer size="1">
<Device name="xxxxxxx" product="Plex Media Server" productVersion="1.16.4.1469-6d5612c2f" platform="FreeBSD" platformVersion="12.0-RELEASE-p10" device="PC" clientIdentifier="xxxxxxxxxxxxxxxx" createdAt="1566528654" lastSeenAt="1566528657" provides="server" owned="1" accessToken="xxxxxxxxxxxxx" publicAddress="67.xxx.xxx.xxx" httpsRequired="0" synced="0" relay="1" dnsRebindingProtection="0" natLoopbackSupported="1" publicAddressMatches="1" presence="1">
<Connection protocol="http" address="67.xxx.xxx.xxx" port="32400" uri="http://67.xxx.xxx.xxx:32400" local="0"/>
</Device>
</MediaContainer>

The plex remote access page shows Private 0.0.0.0 : 32400 Public 67.xxx.xxx.xxx : 32400, and I assume this is the culprit (no known local IP -> can’t set up DNS rebinding) but I can’t figure out how to get it to pick up its ip in the jail. I tried renaming lo2 to eth0 because I know plex can be picky about interface names, but no dice there either.

Somehow it only just occurred to me to just put it on an alias of the NIC rather than a loopback. It works fine now Though strangely it still don’t seem to publish plex.direct URIs, which I would like to fix since this breaks secure remote play.

ETA: one other data point, for some reason remote access fails if I set “require secure connections,” even when I use a valid custom cert (letsencrypt generated). Streaming also fails even if I access directly via https://my.plex.domain, though I can at least access the server.

The plot thickens(?). Even after switching off “require secure connections,” plex.tv in firefox can no longer access the server. It works fine in chrome and safari (both of which share the same DNS settings as firefox), the iOS app works fine, etc. I nuked every bit of plex data, cache, cookies, hsts settings, etc for every plex domain I could find in FF history, but that hasn’t fixed it.

One last update, it does seem to be publishing plex.direct links, FF is still broken though

Correct functionality of PMS on a jail requires vnet enabled and preferably using dhcp.

I’m a huge idiot It wasn’t working in Firefox because privacybadger was overeager and nuked all the plex.direct connections and the my.domain connection. Thanks for taking a look

There’s still other features that might not working properly like server discovery and system agents (like getting metadata).

If you’re using FreeBSD 12 then support for vnet (aka VIMAGE) is built in, with iocage you just need to set vnet=on bpf=yes dhcp=on

This topic was automatically closed after 90 days. New replies are no longer allowed.