Why is Plex still listening to 32400 even thou I've added another port

I’m using Ubuntu server 20, and the latest version of plexmediaserver.

I’ve configured plex to use port 61762…
When I’m checking which ports are being listened to I can see Plex on 32400, 32401, 34053,32600 but not 61762.

when I’m pressing “retry” to test if I got connection, I can see that requests on that port is coming from my own computer and from myplex-outbound01.spop.eu-west-1.plex.bz., so I’m being probed…

and what I can say from the log, it finds me (500ms), but it ends up with a fall anyway.
which I think is obvious, since Plex isn’t listening on that port!

here is a part of the log:

Jan 20, 2022 21:38:02.019 [0x7f9dd479db38] WARN - NAT: PMP, timed out waiting for response.
Jan 20, 2022 21:38:02.019 [0x7f9dd479db38] DEBUG - HTTP requesting GET https://my.external.ip.number.e47ec2e665de42bba350d1ca12d04ebb.plex.direct:61762/identity
Jan 20, 2022 21:38:02.398 [0x7f9dd45acb38] DEBUG - Request: [192.168.0.2:12211 (Subnet)] GET /myplex/account (4 live) TLS GZIP Signed-in Token (ca5bc274@fakemail.not.se)
Jan 20, 2022 21:38:05.036 [0x7f9dd479db38] ERROR - Error issuing curl_easy_perform(handle): 28
Jan 20, 2022 21:38:05.036 [0x7f9dd479db38] DEBUG - HTTP simulating 408 after curl timeout
Jan 20, 2022 21:38:05.037 [0x7f9dd4f9bb38] DEBUG - Completed: [192.168.0.2:12211] 200 GET /myplex/account (4 live) TLS GZIP 2639ms 2587 bytes (pipelined: 2)
Jan 20, 2022 21:38:05.037 [0x7f9dd479db38] DEBUG - MyPlex: mapping state set to 'Mapped - Not Published'.
Jan 20, 2022 21:38:05.037 [0x7f9dd479db38] DEBUG - MyPlex: sendMapping resetting state - previous mapping state: 'Mapped - Not Published'.
Jan 20, 2022 21:38:05.037 [0x7f9dd479db38] DEBUG - MyPlex: mapping state set to 'Unknown'.
Jan 20, 2022 21:38:05.038 [0x7f9dd45acb38] DEBUG - Request: [192.168.0.2:12211 (Subnet)] GET /myplex/account (4 live) TLS GZIP Signed-in Token (ca5bc274@fakemail.not.se)
Jan 20, 2022 21:38:05.038 [0x7f9dd479db38] DEBUG - MyPlex: Sending Server Info to myPlex (user=ca5bc274@fakemail.not.se, ip=, port=61762)
Jan 20, 2022 21:38:05.039 [0x7f9dd479db38] DEBUG - HTTP requesting POST https://plex.tv/servers.xml?auth_token=xxxxxxxxxxxxxxxxxxxx
Jan 20, 2022 21:38:05.039 [0x7f9dd4fbeb38] DEBUG - Completed: [192.168.0.2:12096] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (4 live) TLS GZIP 22936ms 5 bytes (pipelined: 20)
Jan 20, 2022 21:38:05.039 [0x7f9dd4f9bb38] DEBUG - Completed: [192.168.0.2:12211] 200 GET /myplex/account (4 live) TLS GZIP 1ms 2587 bytes (pipelined: 3)
Jan 20, 2022 21:38:05.045 [0x7f9dd4589b38] DEBUG - Request: [192.168.0.2:12096 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (4 live) TLS GZIP Signed-in Token (ca5bc274@fakemail.not.se)
Jan 20, 2022 21:38:05.045 [0x7f9dd4589b38] DEBUG - Content-Length is -1 (of total: -1).
Jan 20, 2022 21:38:05.146 [0x7f9dd479db38] DEBUG - HTTP/2.0 (0.1s) 201 response from POST https://plex.tv/servers.xml?auth_token=xxxxxxxxxxxxxxxxxxxx (reused)
Jan 20, 2022 21:38:05.146 [0x7f9dd479db38] DEBUG - MyPlex: Published Mapping State response was 201
Jan 20, 2022 21:38:05.146 [0x7f9dd479db38] DEBUG - MyPlex: Got response for 879f852444b48eddd7ea37b31f323a2ae7915259 ~ registered my.external.ip.number:61762
Jan 20, 2022 21:38:05.146 [0x7f9dd479db38] DEBUG - MyPlex: updating mapped state - current state: 'Mapped - Not Published'
Jan 20, 2022 21:38:05.146 [0x7f9dd479db38] DEBUG - MyPlex: mapping state set to 'Mapped - Publishing'.
Jan 20, 2022 21:38:05.146 [0x7f9dd479db38] DEBUG - MyPlex: async reachability check - current mapped state: 'Mapped - Publishing'.
Jan 20, 2022 21:38:05.146 [0x7f9dd479db38] DEBUG - MyPlex: Requesting reachability check.
Jan 20, 2022 21:38:05.147 [0x7f9dd479db38] DEBUG - HTTP requesting PUT https://plex.tv/api/servers/879f852444b48eddd7ea37b31f323a2ae7915259/connectivity?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx&asyncIdentifier=919d3aa8-8be6-48eb-8fb3-67aa6a427a86
Jan 20, 2022 21:38:05.211 [0x7f9dd479db38] DEBUG - HTTP/2.0 (0.1s) 200 response from PUT https://plex.tv/api/servers/879f852444b48eddd7ea37b31f323a2ae7915259/connectivity?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx&asyncIdentifier=919d3aa8-8be6-48eb-8fb3-67aa6a427a86 (reused)
Jan 20, 2022 21:38:05.212 [0x7f9dd479db38] DEBUG - MyPlex: Updating device connections (from timer: 0)
Jan 20, 2022 21:38:05.212 [0x7f9dd479db38] DEBUG - HTTP requesting PUT https://plex.tv/devices/879f852444b48eddd7ea37b31f323a2ae7915259?Connection[][uri]=http://192.168.0.137:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=0&natLoopbackSupported=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Jan 20, 2022 21:38:05.317 [0x7f9dd479db38] DEBUG - HTTP/2.0 (0.1s) 200 response from PUT https://plex.tv/devices/879f852444b48eddd7ea37b31f323a2ae7915259?Connection[][uri]=http://192.168.0.137:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=0&natLoopbackSupported=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx (reused)
Jan 20, 2022 21:38:05.397 [0x7f9dd44fab38] DEBUG - Request: [192.168.0.2:12211 (Subnet)] GET /myplex/account (4 live) TLS GZIP Signed-in Token (ca5bc274@fakemail.not.se)
Jan 20, 2022 21:38:05.398 [0x7f9dd4f9bb38] DEBUG - Completed: [192.168.0.2:12211] 200 GET /myplex/account (4 live) TLS GZIP 1ms 2649 bytes (pipelined: 4)
Jan 20, 2022 21:38:05.780 [0x7f9dd4fbeb38] DEBUG - EventSource: Got event [data] '<Message address="my.external.ip.number" port="61762" asyncIdentifier="919d3aa8-8be6-48eb-8fb3-67aa6a427a86" connectivity="0" command="notifyConnectivity"/>'
Jan 20, 2022 21:38:05.780 [0x7f9dd4fbeb38] DEBUG - PubSub: Got notified of reachability for async identifier 919d3aa8-8be6-48eb-8fb3-67aa6a427a86: 0 for my.external.ip.number:61762 (responded in 568 ms)
Jan 20, 2022 21:38:05.780 [0x7f9dd4fbeb38] DEBUG - MyPlex: reachability check - current mapping state: 'Mapped - Publishing'.
Jan 20, 2022 21:38:05.780 [0x7f9dd4fbeb38] DEBUG - MyPlex: mapping state set to 'Mapped - Not Published (Not Reachable)'.

Plex always listens on TCP port 32400 for local connections. The manual port you specify in the remote access settings is the public port which Plex will advertise for remote connections. The port you specify here needs to be forwarded on your router to your Plex Media Server’s host IP address, TCP port 32400.

yeah, about that, no router, it goes straight into the computer, that’s why it should listen on the right port. if you change port in any other program, like sshd, it will listen on the new port, so why is Plex so rigid?

I have no special insight into Plex, Inc.'s motivations, but my suspicion is that just wasn’t intended to sit directly on the open Internet. So, the distinction between local and remote access exists.

There is some iptables trickery you could likely perform to block access to port 32400 on everything but localhost and then forward accesses to 61762 to localhost:32400.

I’m curious… Why the desire to change the default listening port? It offers no real additional security benefits; there is some amount of “security by obscurity” in doing this, but nothing that will deter anyone with even the slightest amount of determination.

Several of the old plugins are hardwired to use port 32400 and so the port number cannot be changed without breaking all of them (including all the legacy metadata agents). These are slowly being replaced but until all of them are the server must stay on port 32400.

ahh. now I at least know the reason, not a good one, but anyway, fixed an solution to the issue: sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 61762 -j REDIRECT --to-port 32400

and apparently it seems to be working (so far)

I might be mistaken, but I think that rule still leaves access via 32400 open as well. If that was your intent, cool.

yeah, it should, so now port 32400 have ports in…

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.