I was wondering if someone can take a look at my Firewall Filter and NAT rules and can help me out with getting complete access for Plex outside my firewall? I currently have users who are receiving the “indirect connection” notification and because of this they are unable to connect to the server using certain apps. I have it set to external port 61111->internal 32400 for Plex, but my settings keep telling me that its not discoverable outside my network (even though it basically is).
Additionally, it seems that my other port forwards are working properly as I can access my nextcloud instance through both http and https. I’ve read through several threads on this on this board, but in trying all of their solutions one at a time, none are working for me.
Thank you for your help.
/ip firewall address-list
add address=DUCKDNS INSTANCE list=“WAN IP”
/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=accept chain=forward comment=“Allow Port Forwarding - DSTNAT”
connection-nat-state=dstnat
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“Hairpin Loopback Rule”
dst-address=192.168.1.0/24 src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 in-interface=
ether1 protocol=tcp src-port=61111 to-addresses=192.168.1.183
add action=dst-nat chain=dstnat comment=“Plex udp” dst-port=32400
in-interface=ether1 protocol=udp src-port=61111 to-addresses=
192.168.1.183
add action=dst-nat chain=dstnat comment=OpenVPN dst-address-list=“WAN IP”
dst-port=1194 protocol=udp to-addresses=192.168.1.183 to-ports=1194
add action=dst-nat chain=dstnat comment=“HTTP TCP” dst-address-list=“WAN IP”
dst-port=80 protocol=tcp to-addresses=192.168.1.183 to-ports=180
add action=dst-nat chain=dstnat comment=“HTTP UDP” dst-address-list=“WAN IP”
dst-port=80 protocol=udp to-addresses=192.168.1.183 to-ports=180
add action=dst-nat chain=dstnat comment=“HTTPS UDP” dst-address-list=“WAN IP”
dst-port=443 protocol=udp to-addresses=192.168.1.183 to-ports=1443
add action=dst-nat chain=dstnat comment=“HTTPS TCP” dst-address-list=“WAN IP”
dst-port=443 protocol=tcp to-addresses=192.168.1.183 to-ports=1443
add action=dst-nat chain=dstnat comment=Factorio dst-address-list=“WAN IP”
protocol=udp src-port=34197 to-addresses=192.168.1.115 to-ports=34197