Plex server with direct connected public IP: clients connecting to private IP

General Discussions
1

Have seen this behavior in the past but because i could not detect any major issues, I just let it go.
Lately, I have been logging my outbound connections from my Samsung Smart TV in an effort to block everything but Plex related IPs.
With this occasion, I saw the same behavior again: my Samsung Smart TV trying to connect to my Plex server private IP, which should not happen.

My setup is simple.
Plex Media Server on Ubuntu linux, running on a dedicated machine with two network cards, hosted in a DC outside my home network.
One network card has a public IP and it is connected directly to internet.
Another network card has a private IP without any gateway, used to connect to my Synology NAS, where I store my media.

PlexWeb shows: Private 10.70.X.XXX : 32400 Public 86.XXX.XXX.XX : 32400 Internet.
Why involve the private IP when the network card has no gateway is beyond me.
I think most Plex Media Servers are indeed behind a NAT device, but considering that ALL of them are setup in this manner is just wrong.

:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         86.XXX.XXX.XX   0.0.0.0         UG    0      0        0 eth0
10.70.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth1
86.XXX.XXX.XX   0.0.0.0         255.255.255.248 U     0      0        0 eth0

Nevertheless, as stated in the beginning, my Samsung Smart TV tries to connect to the private IP, as well as the public IP on port 32400 TCP.
Everything works, but I suspect that it can work even faster if the client would not try to connect to an IP that can never be reached.

Anyone else observed this on their setups? If yes, is there any fix?

Thank you.

2

The behavior is unfortunately commonplace.

PMS does not allow selecting a specific adapter / address to use in a system with multiple adapters.
It is a very long standing request to which there has been no progress

3

why do you have a /16 network allocated to a single NAS? If you only need two IPs, use a 255.255.255.252 netmask. You could also use the firewall to prevent plex from binding to 32400 on the the private ip, couldn’t you?

4

@DudleyNYC said:
why do you have a /16 network allocated to a single NAS? If you only need two IPs, use a 255.255.255.252 netmask. You could also use the firewall to prevent plex from binding to 32400 on the the private ip, couldn’t you?

I never said I use only two IPs. I use /16 because I need to.
If you find a way to prevent binding plex to 32400 via firewall, by all mean share it @ https://forums.plex.tv/discussion/45480/bind-to-specific-interface-only/p1

5

When running Plex inside a Docke Container., port mapping from host to the container can be restricted to a single ip on a multi interface host.

6

@“razvan.constantin” said:

I never said I use only two IPs. I use /16 because I need to.
If you find a way to prevent binding plex to 32400 via firewall, by all mean share it @ https://forums.plex.tv/discussion/45480/bind-to-specific-interface-only/p1

It’s puzzling that the Samsung TV even knows about the server’s private address. Is your home network connected to the server over the public internet or do you have a VPN or some other sort of tunnel?

A random thought — given that Plex is basically built on the assumption that it will listen on 32400 on a private IP NAT’d to the public internet, why not simulate that? Tell Plex that it’s public port is something other than 32400 and use socat (https://linux.die.net/man/1/socat) to relay that to 32400 on the private IP.