I turned on my GeoIP Filter which limits all traffic to countries outside the US and it cut all access to all of my users on my server. I had no access to any of my user accounts.
So what, or where does Plex go to that it needs access to another country (Outside the US) to work properly?
I then turned the feature off and my users showed up again. I then turned the service back on and began deleting the countries. As I got half way through, I saved and it worked again so I am not sure which country it was but I thought I would bring it up here to sart.
It may be that this Beta feature is incorrectly filtering a countries IP range. I do not know.
Any thoughts?
Plex’s servers have always been all over the world.
While we each have a “mostly” assigned regional server, if/when it gets overloaded, our activities are dispatched to other regions and processed.
It sounds like this is what caught you.
I would recommend setting a rule to always allow *.plex.tv but , IIRC, Unify does not support FQDN DNS resolution? ( I think everything must be done by IP ).
If I’m wrong, then great! I hope I am.
otherwise, setup a rule to always allow *.plex.tv and plex.hosted-by-discourse.com (forums)
Example of my DNS resolution . I am east cost USA.
> plex.tv
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: plex.tv
Address: 108.128.10.254
Name: plex.tv
Address: 99.81.164.127
Name: plex.tv
Address: 99.81.153.144
> plex.tv
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: plex.tv
Address: 99.81.164.127
Name: plex.tv
Address: 99.81.153.144
Name: plex.tv
Address: 108.128.10.254
> forums.plex.tv
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
forums.plex.tv canonical name = plex.hosted-by-discourse.com.
Name: plex.hosted-by-discourse.com
Address: 216.218.159.24
Name: plex.hosted-by-discourse.com
Address: 2001:470:1:9f1::24
> downloads.plex.tv
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: downloads.plex.tv
Address: 104.18.156.41
Name: downloads.plex.tv
Address: 104.18.157.41
Name: downloads.plex.tv
Address: 2606:4700::6812:9d29
Name: downloads.plex.tv
Address: 2606:4700::6812:9c29
>
Plex uses Cloudflare for hosting of download images and a few other things.
This will be an iterative process if you want it that tight.
Wow. too complex for me ans I still do not know why Plex would go to a computer in a foreign country when all I want to do is watch a movie.
Looks like Plex is not the answer to my home server needs.
There are two answers.
Candidly?
- Most firewalls with GeoIP allow you to enter exceptions by FQDN. Unify does not.
- Plex will stream locally or globally. It does not matter.
Since I was not streaming to another country, this still does not answer my question.
I prefer a product that will not go international when I just want to watch my own personal media.
Seems strange that people think this is acceptable.
Plex is not “US-only”.
If you want to limit your traffic to US friends, that’s fine.
Share only with friends in the US.
If you want full tin-foil blocking of Plex’s servers then you have another matter – as you discovered.
There is such a thing as “too secure”.
Maybe Plex isn’t for you. Maybe you want Kodi where there is no outside connectivity except by pre-arranged VPN .
I have full GeoIP blocking on pfSense. I have defined explicit FQDN rules which allow Plex’s servers, and only those servers, to respond.
I define the rules using FQDN. pfSense monitors those IP addresses and updates the IP block table if/when those IP’s change.
this is what Unify does not support.
If you view the Unify forums, You’ll see this is what many people want.
If you had FQDN object handling in UDM,
- Block everything outside the US.
- Declare (write) override rules for Plex’s servers by FQDN name.
- Problem solved .
The security level isn’t being challenged. It’s how USG doesn’t support what users need.
For unifi the best option is to use NextDNS for a DNS Server
Then you get FQDN object handling through NextDNS
Thank you both for the detailed answers. I do appreciate it.
Ultimately I would like an independent system to work off grid and not be reliant on any other servers to operate correctly. I think before I put any more time into Plex, I should look into Kody and Emby or any other personal media service people may recommend.
If for some reason, any of those can not function independently, I may have to learn this black art.
Thanks again.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
