Did you use pure NAT or NAT and proxy?
Yay fellow pfSense user!!!
I used NAT and Proxy.. it worked, so I didn't try pure NAT. It's been working great ever since.. phew!
Also yay pfSense! :lol:
My routers (yeah, I have a slightly complicated network) have port 32400 forwarding to my PMS, and I can stream from outside networks using PlexWeb, though my upstream speed is painfully slow, so I never do it... but, my XBOX 360 can't connect to my PMS. I'll have to poke around and see if I can find a "NAT Loopback" type setting that's blocking internal IPs from hitting my public IP... sure wish this just worked, like every other client I have tried! (Roku, PlexWeb, iPhone, etc.)
My routers (yeah, I have a slightly complicated network) have port 32400 forwarding to my PMS, and I can stream from outside networks using PlexWeb, though my upstream speed is painfully slow, so I never do it... but, my XBOX 360 can't connect to my PMS. I'll have to poke around and see if I can find a "NAT Loopback" type setting that's blocking internal IPs from hitting my public IP... sure wish this just worked, like every other client I have tried! (Roku, PlexWeb, iPhone, etc.)
Sounds like you might be suffering from double NAT as well here (maybe) and that might be a problem as well.
Can you access your Plex server by typing your public IP:port in to a browser on your LAN? Not going to plex.tv/web but actually your IP?
I have AT&T U-verse, and the provided router is a Motorola NVG510. I was not able to find a way to get it to directly support NAT Loopback, but I came up with a work-around...
First, a simplified version of my home network is (there are reasons for my madness!):
Internet > NVG510 Router > DD-WRT Router > AirPort Extreme Router > LAN (with PMS and Plex clients)
NAT Loopback was supported by both my AirPort, as well as DD-WRT (hitting their WAN IP's got me back to my PMS with no trouble), but my NVG510 doesn't seem to support it, so my work-around was to basically turn it in to a dumb modem by setting:
Go to Firewall > IP Passthrough
Set Allocation Mode to Passthrough
Set Passthrough Mode to DHCPS-dynamic
Click Save
...then setting my DD-WRT router's WAN port to DHCP so that it would get the publicly routed IP address that the NVG510 used to get.
This basically took the filtering that the NVG510 was doing out of the equation, and solved my problem.
I used NAT and Proxy.. it worked, so I didn't try pure NAT. It's been working great ever since.. phew!
Also yay pfSense! :lol:
Running pfSense 2.2, I encountered a series of complications in trying to get the reflection up and running; I'm not even too satisfied with the result right now, as the server "feels" finicky.
I've set the NAT rule to NAT+Proxy; This didn't seem to automatically fix the issue, as while the server would now show that it was connected on the xbox (with the friendly green check mark), it did not actually connect and display libraries. I presumed this was due to how it was attempting to determine the return address, as the rule never seemed to see much traffic passing through them. I checked into the logs and found this each time I tried to connect and view libraries.
Nov 10 01:50:21 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-10-100.hub.plex.tv Nov 10 01:50:19 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-10-100.hub.plex.tv Nov 10 01:50:17 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-10-100.hub.plex.tv Nov 10 01:50:16 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-56-1.hub.plex.tv Nov 10 01:50:14 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-56-1.hub.plex.tv Nov 10 01:50:12 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-56-1.hub.plex.tv Nov 10 01:50:03 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-10-100.hub.plex.tv Nov 10 01:50:01 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-10-100.hub.plex.tv Nov 10 01:49:59 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-10-100.hub.plex.tv Nov 10 01:49:58 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-56-1.hub.plex.tv Nov 10 01:49:56 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-56-1.hub.plex.tv Nov 10 01:49:54 dnsmasq[16253]: possible DNS-rebind attack detected: 192-168-56-1.hub.plex.tv
These all resolved to my server, at the addresses listed. It seems that Plex is trying to bind my LAN IPs to these, and as such was being rejected by the router per the rule set defined here:
https://doc.pfsense.org/index.php/DNS_Rebinding_Protections
So, I disabled the DNS Rebind Check Rule, ensured NAT Reflection was enabled, and tested. No-go.
Looking further, I tied rebinding these URLs to the server's IP (192.168.10.100) in the pfSense DNS Forwarder and was able to not only connect to the server for a brief period of time, but also watch about 5 minutes of Uncle Buck. However, the connection will abruptly drop and the server becomes unavailable again.
Given that my xbox is hooked up in parallel with a much more powerful HTPC that works beautifully with Plex HT, this seems inordinately complicated and illogical to troubleshoot much further. This can all be resolved by having the xbox client correctly locate and resolve local servers in a non-loopback environment.
I have AT&T U-verse, and the provided router is a Motorola NVG510. I was not able to find a way to get it to directly support NAT Loopback, but I came up with a work-around...First, a simplified version of my home network is (there are reasons for my madness!):Internet > NVG510 Router > DD-WRT Router > AirPort Extreme Router > LAN (with PMS and Plex clients)NAT Loopback was supported by both my AirPort, as well as DD-WRT (hitting their WAN IP's got me back to my PMS with no trouble), but my NVG510 doesn't seem to support it, so my work-around was to basically turn it in to a dumb modem by setting:Go to Firewall > IP PassthroughSet Allocation Mode to PassthroughSet Passthrough Mode to DHCPS-dynamicClick Save...then setting my DD-WRT router's WAN port to DHCP so that it would get the publicly routed IP address that the NVG510 used to get.This basically took the filtering that the NVG510 was doing out of the equation, and solved my problem.
I wish that was an option with my setup, as it would have been a whole lot easier. I actually had to get a managed switch that supported VLANs and assign two ports to VLAN '1000' (What my ISP (Sasktel) uses internally) and tag one port. Then I connected their Optical Network Terminal to the tagged port, and the WAN port of my router to the other port in VLAN 1000. Then my router was able to get a public IP from them.
When I was on their DSL service, I could put my router in to what they called "DMZ Plus" mode that passed all traffic to it, and assigned it a public IP automatically. I'm guessing your UVerse service is similar to that. Their new equipment doesn't support this, so I came up with the above after reading a lot about it online from other users that had similar needs to mine.
I don't even *use* their router anymore. I suspect if I subscribed to TV service, I would have to have their equipment running for it to all play nice together, but I refuse to pay for television service these days, it's just too damned expensive for what you get.
Success! This fixed it for me. I'm running a pfSense firewall, and NAT reflection was disabled by default. I enabled it, and boom, Plex works on my 360.
I've been slow to respond, but my solution required both these steps.
1) as chrisavery said above, I had to enable NAT reflection (I used Pure NAT) on my pfSense firewall. I also manually configure NAT for Plex instead of using UPnP.
2) my Linux hosted Plex Media Server had 2 IP addresses... this apparently confuses things with Plex.TV . I had to get rid of my secondary IP to fix it.
More detail about part 2...
I realized that my PMS was reporting multiple IP addresses to Plex.TV by hitting this URL: https://plex.tv/pms/servers
It showed the following:
The key here is that localAddresses="192.168.1.45,192.168.2.45" ... I think there really needs to be a way to specify which IP is the "REAL" IP of the PMS service, whether through a UI component that tells PMS to only report a given IP, or allowing PMS to bind to only a single IP instead of to any/0.0.0.0.
Anyway, with a working configuration, without my second IP, it looked like this: localAddresses="192.168.1.45"
Now I am finally using Plex on Xbox 360! Some people have complaints about it. Overall, I'm really happy! It is a bit different than other UI's (i love using Plex on Apple TV via PlexConnect) but it looks like an Xbox360 app and is easy to use once you find out where everything is.
Just as an update here for all those with SaskTel, not sure if it will help with the Xbox, but it helped with my server. I also have the SaskTel InfiNet service with the ActionTec V100H router and just got it working on the weekend for external access to my library. Settings are here (link). All I was missing was opening both the TCP and UDP port 32400. I only had the TCP port opened initially, and it did not work. After doing some more reading it only makes sense to have the UDP port opened and forwarded to my PMS, which is running Fedora. I am now able to stream my music library from my home linux box to my Android phone while at work. Beautiful service, Thank You Plex!!
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
