Server Version#: 1.40.0.7998 under podman on Ubuntu 2204, w/all updates.
Player Version#: 10.9.1.5708 (7227f95)
Here is the setup:
A multi-home host, where 10.0.10.10/24 is a primary, and 10.0.20.11/24 is the plex-specific interface. There are some other interfaces.
Plex MS runs in a podman container with --network=host - direct access to ports. It does have an "ADVERTISE_IP=http://10.0.20.11:32400/" set.
All Plex traffic should be constrained to the 10.0.20.0/24 network - there are two clients on that network.
I do not want Remote Access and want all traffic to be local (“Direct”) as much as possible.
Firewalld zone for the 10.0.20.0/24 interface has plex template enabled, opening these (are all those really needed?):
32400/tcp
324679/tcp
3005/tcp
8324/tcp
32400/udp
32410/udp
32412/udp
32413/udp
32414/udp
Plex MS Network settings have:
Remote Access: Disabled
Enable server support for IPv6: false
Preferred network inteface: enp35s0 (10.0.20.11)
Enable local network discovery (GDM): true
LAN Networks: 10.0.20.0/255.255.255.0
Enable Relay: false
I expect the clients on the 10.0.20.0/24 network to connect to the PMS directly. They, however, fail unless I enable the relay. If I bring the client over to the 10.0.10.0/24 network (the default one on the PMS host), it instantly connects without the relay enabled, and all works as expected. What gives?
I suspect that PMS does not fully use the preferred network interface. Even though I do not need Remote Access, if I enable it, I can clearly see it is ignoring the desired interface. May PMS be actually configured to operate only on a non-primary interface?
Can you directly connect to Plex (http://10.0.20.11:32400/web) from a host on that network? I wonder if there’s a routing or firewall issue.
Not really.
The ADVERTISE_IP and Preferred network interface settings don’t do that.
Multihomed hosts almost never work the way people expect. Without using additional fancy OS-level stuff, there’s no form of source-based or policy-based routing to say “when I talk to X, use this address, but when I talk to Y, use this other address”.
Since you’re already using podman containers, you could configure the container for Plex to be singlehomed and only use the network you want - whether it’s a physical/bridge interface on that network, or a namespace with the subnet/address you want.
Does the 10.0.20/24 network have a gateway? Plex does need Internet access for authentication and metadata.
Indeed, why didn’t the simple step occurred to me, thank you!
The issue was caused by the “Client Device Isolation” setting turned on on the WiFi portion of the 10.0.20.0/24 network. Connecting from a wired client on that network was immediately successful.
Yeah, that I respectfully disagree with. Tons or products allow to bind to a specific interface as a part of configuration and the rest is in the hands of the a person to decide to go down a rabbit hole.
I tried that. Since the problem was elsewhere it did not solve the access issue. It also requires root-level container, which is not what I want. At least on my current version of the server, as pasta is not yet shipped with the LTS distro.
Gateway and access to Plex on the internet was fine.
Most server software lets you control the interfaces or addresses where it listens, but almost never the outbound routing.
If you look at the Plex logs, or at firewall logs, I assume Plex is making outbound connections to the Plex Cloud from the default interface and via the default route - not the 10.0.20/24 network. That’s probably fine if you aren’t strictly worried about strict isolation.
