@Night said:
When ever i change the public port on plex it comes up as Not available outside your network even if fw has been updated to allow tcp4_out.
There should be no difference - unless the router does not allow public and private ports to be different.
If it is 32500, for example as the public port then the port forward in the router would be 32500 public/wan port forwarded to 32400 local/private port of the local tcp ip of the plex media server. Some routers also have a field called source port on the port forward and that would need to be set to Any. The remote access settings page with show advanced for the Plex Media Server would need to have manually specify public port ticked and 32500 entered in the box.
Plex is not behind a router, it is right on the net from a modem in bridge. (there is a unmanged switch, but dhcp is from isp which gives me public ips)
@Night said:
When ever i change the public port on plex it comes up as Not available outside your network even if fw has been updated to allow tcp4_out.
There should be no difference - unless the router does not allow public and private ports to be different.
If it is 32500, for example as the public port then the port forward in the router would be 32500 public/wan port forwarded to 32400 local/private port of the local tcp ip of the plex media server. Some routers also have a field called source port on the port forward and that would need to be set to Any. The remote access settings page with show advanced for the Plex Media Server would need to have manually specify public port ticked and 32500 entered in the box.
Plex is not behind a router, it is right on the net from a modem in bridge. (there is a unmanged switch, but dhcp is from isp which gives me public ips)
Do you actually know that there were successful connections and requests from unknown users that did not get challenged for sign in and did not fail with error 401?
The IPs that you say you do not recognize could have been plex servers in the cloud eg pubsub.plex.tv servers.
Have you tried to access remotely to your public IP and port without sign in ?
I presume you have already checked disableRemoteSecurity setting and it is not present in your Preferences.xml
There is no disableRemoteSecurity in Preferences here,
The iP list was connected for some time, one and a half hour during witch it grabed a little over 100mb, what is posted is all the plex logs from that ip, auth or other logs does not give anymore, it was how ever cought on a .htaccess i have wih a few false passwords, to me it seams like a crwaler looking on port 32400 then trying to connect and fetch data.
@Night said:
When ever i change the public port on plex it comes up as Not available outside your network even if fw has been updated to allow tcp4_out.
There should be no difference - unless the router does not allow public and private ports to be different.
If it is 32500, for example as the public port then the port forward in the router would be 32500 public/wan port forwarded to 32400 local/private port of the local tcp ip of the plex media server. Some routers also have a field called source port on the port forward and that would need to be set to Any. The remote access settings page with show advanced for the Plex Media Server would need to have manually specify public port ticked and 32500 entered in the box.
Plex is not behind a router, it is right on the net from a modem in bridge. (there is a unmanged switch, but dhcp is from isp which gives me public ips)
Do you actually know that there were successful connections and requests from unknown users that did not get challenged for sign in and did not fail with error 401?
The IPs that you say you do not recognize could have been plex servers in the cloud eg pubsub.plex.tv servers.
Have you tried to access remotely to your public IP and port without sign in ?
I presume you have already checked disableRemoteSecurity setting and it is not present in your Preferences.xml
Hi yes just checked the preferences all okay with regards to the remote access I tested direct to wan IP with no login at the time it was happening to check it, but it performs as it should prompting for username and password login.
@Night said:
When ever i change the public port on plex it comes up as Not available outside your network even if fw has been updated to allow tcp4_out.
There should be no difference - unless the router does not allow public and private ports to be different.
If it is 32500, for example as the public port then the port forward in the router would be 32500 public/wan port forwarded to 32400 local/private port of the local tcp ip of the plex media server. Some routers also have a field called source port on the port forward and that would need to be set to Any. The remote access settings page with show advanced for the Plex Media Server would need to have manually specify public port ticked and 32500 entered in the box.
Plex is not behind a router, it is right on the net from a modem in bridge. (there is a unmanged switch, but dhcp is from isp which gives me public ips)
Do you actually know that there were successful connections and requests from unknown users that did not get challenged for sign in and did not fail with error 401?
The IPs that you say you do not recognize could have been plex servers in the cloud eg pubsub.plex.tv servers.
Have you tried to access remotely to your public IP and port without sign in ?
I presume you have already checked disableRemoteSecurity setting and it is not present in your Preferences.xml
Hi yes just checked the preferences all okay with regards to the remote access I tested direct to wan IP with no login at the time it was happening to check it, but it performs as it should prompting for username and password login.
Thanks for the confirmation. When you said
All network addresses including internal forced to require login to connect and access any of Plex
Is this done by having 127.0.0.1/255.255.255.255 in List of Networks Not Requiring Auth
Note that it is very finicky and a spurious space character at the end may stop it working - the Plex Media Server.log with Debug Logging enabled would show if it is working correctly as each request is compared to this
And was this setting added after the unexpected access ?
Intresting if i lock down plex server to much eg block all connection on port 32400 except for those from inside my home country, Chromecast does not work
@Night said:
When ever i change the public port on plex it comes up as Not available outside your network even if fw has been updated to allow tcp4_out.
There should be no difference - unless the router does not allow public and private ports to be different.
If it is 32500, for example as the public port then the port forward in the router would be 32500 public/wan port forwarded to 32400 local/private port of the local tcp ip of the plex media server. Some routers also have a field called source port on the port forward and that would need to be set to Any. The remote access settings page with show advanced for the Plex Media Server would need to have manually specify public port ticked and 32500 entered in the box.
Plex is not behind a router, it is right on the net from a modem in bridge. (there is a unmanged switch, but dhcp is from isp which gives me public ips)
Do you actually know that there were successful connections and requests from unknown users that did not get challenged for sign in and did not fail with error 401?
The IPs that you say you do not recognize could have been plex servers in the cloud eg pubsub.plex.tv servers.
Have you tried to access remotely to your public IP and port without sign in ?
I presume you have already checked disableRemoteSecurity setting and it is not present in your Preferences.xml
Hi yes just checked the preferences all okay with regards to the remote access I tested direct to wan IP with no login at the time it was happening to check it, but it performs as it should prompting for username and password login.
Thanks for the confirmation. When you said
All network addresses including internal forced to require login to connect and access any of Plex
Is this done by having 127.0.0.1/255.255.255.255 in List of Networks Not Requiring Auth
Note that it is very finicky and a spurious space character at the end may stop it working - the Plex Media Server.log with Debug Logging enabled would show if it is working correctly as each request is compared to this
And was this setting added after the unexpected access ?
Apologies 127.0.0.1/255.255.255.255 may be included by default I’m only referring to the section
‘List of networks that are allowed without auth’ which is blank.
@Night said:
Intresting if i lock down plex server to much eg block all connection on port 32400 except for those from inside my home country, Chromecast does not work
I’m going to give my chromecast a test run now to see if I get the same results
@Night said:
Intresting if i lock down plex server to much eg block all connection on port 32400 except for those from inside my home country, Chromecast does not work
I’m going to give my chromecast a test run now to see if I get the same results
Interestingly enough mine works :S lol which version of the chromecast do you have? I have the original version.
@Night said:
Intresting if i lock down plex server to much eg block all connection on port 32400 except for those from inside my home country, Chromecast does not work
This is no wonder. The Chromecast is a dumb device which relies on internet connectivity even for its most basic functions. This includes the Plex client software, which needs to be loaded from plex.tv.
@Night said:
Intresting if i lock down plex server to much eg block all connection on port 32400 except for those from inside my home country, Chromecast does not work
I’m going to give my chromecast a test run now to see if I get the same results
Interestingly enough mine works :S lol which version of the chromecast do you have? I have the original version.
I have cc 2. I reside in Norway. Where abouts are you how do you geoblock OI
@Night said:
When ever i change the public port on plex it comes up as Not available outside your network even if fw has been updated to allow tcp4_out.
There should be no difference - unless the router does not allow public and private ports to be different.
If it is 32500, for example as the public port then the port forward in the router would be 32500 public/wan port forwarded to 32400 local/private port of the local tcp ip of the plex media server. Some routers also have a field called source port on the port forward and that would need to be set to Any. The remote access settings page with show advanced for the Plex Media Server would need to have manually specify public port ticked and 32500 entered in the box.
Plex is not behind a router, it is right on the net from a modem in bridge. (there is a unmanged switch, but dhcp is from isp which gives me public ips)
Do you actually know that there were successful connections and requests from unknown users that did not get challenged for sign in and did not fail with error 401?
The IPs that you say you do not recognize could have been plex servers in the cloud eg pubsub.plex.tv servers.
Have you tried to access remotely to your public IP and port without sign in ?
I presume you have already checked disableRemoteSecurity setting and it is not present in your Preferences.xml
Hi yes just checked the preferences all okay with regards to the remote access I tested direct to wan IP with no login at the time it was happening to check it, but it performs as it should prompting for username and password login.
Thanks for the confirmation. When you said
All network addresses including internal forced to require login to connect and access any of Plex
Is this done by having 127.0.0.1/255.255.255.255 in List of Networks Not Requiring Auth
Note that it is very finicky and a spurious space character at the end may stop it working - the Plex Media Server.log with Debug Logging enabled would show if it is working correctly as each request is compared to this
And was this setting added after the unexpected access ?
Apologies 127.0.0.1/255.255.255.255 may be included by default I’m only referring to the section
‘List of networks that are allowed without auth’ which is blank.
If the List of Networks that are allowed without auth is blank then the whole local network that the server is connected to is trusted and if you have multiple network interfaces active then all the subnets these are on would be trusted and no authentication is needed. So if the requests come in with a source IP Address that the server see as within the Private IP Address ranges and it is within a subnet the server is connected to or localhost, then no challenge is made and the requests are allowed through, Any source IP Address that is outside that should result in need for an authentication token and if not provided - challenged to signed in / rejected with error 401. Authentication would also be instigated if a Plex Home is in a place
@Night said:
When ever i change the public port on plex it comes up as Not available outside your network even if fw has been updated to allow tcp4_out.
There should be no difference - unless the router does not allow public and private ports to be different.
If it is 32500, for example as the public port then the port forward in the router would be 32500 public/wan port forwarded to 32400 local/private port of the local tcp ip of the plex media server. Some routers also have a field called source port on the port forward and that would need to be set to Any. The remote access settings page with show advanced for the Plex Media Server would need to have manually specify public port ticked and 32500 entered in the box.
Plex is not behind a router, it is right on the net from a modem in bridge. (there is a unmanged switch, but dhcp is from isp which gives me public ips)
Do you actually know that there were successful connections and requests from unknown users that did not get challenged for sign in and did not fail with error 401?
The IPs that you say you do not recognize could have been plex servers in the cloud eg pubsub.plex.tv servers.
Have you tried to access remotely to your public IP and port without sign in ?
I presume you have already checked disableRemoteSecurity setting and it is not present in your Preferences.xml
Hi yes just checked the preferences all okay with regards to the remote access I tested direct to wan IP with no login at the time it was happening to check it, but it performs as it should prompting for username and password login.
Thanks for the confirmation. When you said
All network addresses including internal forced to require login to connect and access any of Plex
Is this done by having 127.0.0.1/255.255.255.255 in List of Networks Not Requiring Auth
Note that it is very finicky and a spurious space character at the end may stop it working - the Plex Media Server.log with Debug Logging enabled would show if it is working correctly as each request is compared to this
And was this setting added after the unexpected access ?
Apologies 127.0.0.1/255.255.255.255 may be included by default I’m only referring to the section
‘List of networks that are allowed without auth’ which is blank.
If the List of Networks that are allowed without auth is blank then the whole local network that the server is connected to is trusted and if you have multiple network interfaces active then all the subnets these are on would be trusted and no authenticated is needed. So if the requests come in with a source IP Address that the server see as within the Private IP Address ranges and it is within a subnet the server is connected to or localhost, then no challenge is made and the requests are allowed through, Any source IP Address that is outside that should result in need for an authentication token and if not provided - challenged to signed in / rejected with error 401. Authentication would also be instigated if a Plex Home is in a place
I thought that may be the case but the person accessing it was not within a 192 address range and this was only changed from 127.0.0.1/255.255.255.255 to blank after the incident so they still shouldn’t have been able to access it. There is only one NIC in use, either way the new router with tomato has just arrived so about to get some networking on the go with some very harsh iptables
Hi all, just a quick update I got the Netgear R7000 and flashed TomatoUSB firmware to it and I can say all is stable however if you install the default firmware ‘.CHK’ followed by the AIO file ensure you clear your nvram otherwise the router runs terribly slow over Wifi. Once this was done it runs like a dream.
Now onto the important bits regarding Plex, I currently have configured all of my settings successfully with the iptables thanks to the support of SSH and scripting however the one issue I had was originally I had WoL enabled whereby if port 32400 received traffic the Plex Media Server would wake up, unfortunately due to having to go through my ISP router in modem mode and this new router there are some complications with getting the signal across. However I’m pleased to say I have created some router scripts that can be used to easily and securely enable this functionality, details to follow as I imagine this will be very useful to most of you.
can you send your ISP’s router back and replace it with just a modem? I have an R7000 as well, and it…did not at all like XFinity’s equipment until I got just the cisco hockeypuck instead of a surfboard router combo thing.
No unfortunately my ISP is strict in terms of hardware connected to their network. They pair it by MAC and if your caught spoofing it’s an instaban with a full years charge so can’t risk it, but on the other hand all seems to be working well now 2 days in, just desperately trying to find time to finish the router scripts.
I run plexpy and monitor my plex server. I get alerts to my phone any time someone starts something. I just went in and looked at my logs and my history and do not see anything other then the 3 external users that mainly would watch anything from me. Is the data I receive from plexPY enough to know that I’ve not had any unwanted traffic?
I run plexpy and monitor my plex server. I get alerts to my phone any time someone starts something. I just went in and looked at my logs and my history and do not see anything other then the 3 external users that mainly would watch anything from me. Is the data I receive from plexPY enough to know that I’ve not had any unwanted traffic?
Thanks!
PlexPy will only report what Plex Web also sees in the Now Playing screen. In order for this to happen the client playing the media needs to send timeline requests to the server so it is possible that for PlexPy not to catch everything but unlikely.
I do recall the older PleXBMC plugin didn’t report timeline data (that was a long time ago though), so if the media was being played back on a client like this or being downloaded directly you wouldn’t see this in PlexPy.
This would be very rare though as all the official Plex clients will report this data.
with regards to the remote access I tested direct to wan IP with no login at the time it was happening to check it, but it performs as it should prompting for username and password login.
