Like many, I have struggled with keeping the Remote Access available. Without Port Forwarding to the Private IP address of the Plex Server to port 32400, quite often it simply becomes Not Available and an hour or so later flips back to Fully Available. I see this happen all day and night with my notifications on PlexPy. When it’s red and says Not Available, I’ve found that it is still actually accessible from the outside as it uses the Plex Relay service, although it shows as not a direct connection. The ADVANTAGE of this is that Port 32400 cannot always be seen when running a port scan such as on canyouseeme.org. Now when I active Port Forwarding in my router to forward Port 32400 to my Private Plex IP address, then it is ALWAYS visible at canyouseeme.org.
Does this create a potential security issue for those who may do random port scanning of IP addresses? It shows an open port to someone looking from the outside, and although it may be difficult to get beyond it, it still shows the port is open. Is this a bad thing? Would it not be better NOT to Port Forward and let the Remote Access cycle between on and off randomly where it DOESN’T show the open port and uses Plex Relay to get the job done?
Or am I totally off base here and not understanding this properly?
Sounds like your router doesn’t like uPNP sessions very well.
Does this create a potential security issue for those who may do random port scanning of IP addresses?
Potentially, but, so would uPNP if it stayed open/working for you longer, and upnp may even be less secure (see next answer)
Is this a bad thing?
Honestly, most of the world security powers that be agree, uPNP can/often is actually less secure than opening your own randomly created in your head port outside to point to the 32400 inside.
Reference one such informational 2016 article - https://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/
Basically, with uPNP enabled, ANY baddie on the inside of your network can say ‘hey router, open up a server port for me’.
Would it not be better NOT to Port Forward and let the Remote Access cycle between on and off randomly where it DOESN’T show the open port and uses Plex Relay to get the job done?
Or am I totally off base here and not understanding this properly?
uPNP or manually specifying/port forwarding, you still have a port open.
Perhaps your router is smart enough to detect port scan from one IP and then close all ports, but, not normally.
If you want to be .5% more secure, make up your own number. Heck, use port 53149 externally, point it to 32400 internally.
That would at least take any person digging into such scan logs an extra 5 seconds to go ‘huh, whats this… oh, it’s plex’ where as opening 32400 externally would be a simple app/common port look up in 1 second.
If your router has the capability, and you know you’ll never need remote access during certain hours of the day, set the port forwarding on a schedule (different routers do it different ways - far beyond scope of this post)
