Community discussions

MikroTik App
 
User avatar
ssantos
just joined
Topic Author
Posts: 23
Joined: Fri May 22, 2020 11:25 am

Plex Server Firewall Rules

Sun Oct 04, 2020 6:02 pm

I have a little problem on accesing my plex server from outside my network no matter what methods i've tried. Searched a lot but no solution found, so i'm posting my FW configuration with the hope that someone helps me out! Server has a static IP (192.168.10.101) and plex shows the message "Not available outside your network".
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!def_LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-nat-state="" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=32400 in-interface=1wan protocol=tcp \
to-addresses=192.168.10.101 to-ports=32400
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set pptp disabled=yes
set sctp disabled=yes
 
Sob
Forum Guru
Forum Guru
Posts: 6456
Joined: Mon Apr 20, 2009 9:11 pm

Re: Plex Server Firewall Rules

Sun Oct 04, 2020 7:46 pm

At first sight it look like default config with one added simple dstnat rule, nothing clearly wrong. Does your router have public address? Not 192.168.x.x, 10.x.x.x, 172.16-31.x.x, 100.64-127.x.x, and with incoming connections not blocked by ISP?
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
User avatar
ssantos
just joined
Topic Author
Posts: 23
Joined: Fri May 22, 2020 11:25 am

Re: Plex Server Firewall Rules

Sun Oct 04, 2020 7:57 pm

Yes it has a dynamic public IP. Truth is i had it working 2 months before in another setup which unfortunately can´t access right now. I don´t remember the rules i had back there though. I remember clearly that i had the already active rule (the one you referred to also) but can´t remember anything else.
With the rules i have now is it normal that it doesn´t work? Or it should have worked in the first place?
 
Sob
Forum Guru
Forum Guru
Posts: 6456
Joined: Mon Apr 20, 2009 9:11 pm

Re: Plex Server Firewall Rules

Sun Oct 04, 2020 8:45 pm

If your WAN interface (connection to internet) is named "1wan", then it should work. Does the rule have any hits (look at its packet counter)?
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
User avatar
ssantos
just joined
Topic Author
Posts: 23
Joined: Fri May 22, 2020 11:25 am

Re: Plex Server Firewall Rules

Sun Oct 04, 2020 9:04 pm

Already checked it but nope, nothing. That's why i know for sure that it's not a server problem (windows FW etc.)
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 6456
Joined: Mon Apr 20, 2009 9:11 pm

Re: Plex Server Firewall Rules

Sun Oct 04, 2020 10:02 pm

It means that no packet from internet (to this port) reached your router.

That public address, is it directly on your router or somewhere else, e.g. some modem from which you're forwarding ports to router? If the latter, is that configured correctly?

Is "1wan" really your WAN interface? Can't there be a mixup between between e.g. ethernet and PPPoE? What if you replace in-interface=1wan with in-interface-list=WAN, does that help?

You can also check if any new connections come from internet with:
/ip firewall nat
add chain=dstnat in-interface=1wan action=dst-nat
Then try any online port scanner with any port and see if it logs anything.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5924
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Plex Server Firewall Rules

Sun Oct 04, 2020 11:02 pm

Note the following SOB is talking about the rest of the config.
Why are people so arrogant that they think they know what we need to see to solve the problem??
Please post the entire config
/export hide-sensitive file=anynameyouwish

My guess is that if you are using pppoe which basically has two wan type rules, than you need to ensure both ether1 and ppoe are part of the WAN interface, but alas without seeing the config its only a guess. I do note that your interface on the outgoing is the the WAN interface LIST, but 1wan on the incoming side of the NAT rules.....
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
ssantos
just joined
Topic Author
Posts: 23
Joined: Fri May 22, 2020 11:25 am

Re: Plex Server Firewall Rules

Sun Oct 04, 2020 11:16 pm

As always, the forum solved my problem. You are both right, the rule should concern both 1wan and pppoe-out interfaces since i have a modem connected to ether1 of my router. So if i set the in-interface-list to WAN in my already existing rule or keep the rule as is and create another with in-interface the pppoe-out then it works perfectly. Thank you both, i didn't posted my entire config 'cause i had already enclosed the problem to the firewall rules!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5924
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Plex Server Firewall Rules

Mon Oct 05, 2020 4:12 am

As always, the forum solved my problem. You are both right, the rule should concern both 1wan and pppoe-out interfaces since i have a modem connected to ether1 of my router. So if i set the in-interface-list to WAN in my already existing rule or keep the rule as is and create another with in-interface the pppoe-out then it works perfectly. Thank you both, i didn't posted my entire config 'cause i had already enclosed the problem to the firewall rules!
The problem was your lack of understanding of Interfaces and how to use them. Which is outside the firewall rules, but keep deluding yourself....... ;-)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
ssantos
just joined
Topic Author
Posts: 23
Joined: Fri May 22, 2020 11:25 am

Re: Plex Server Firewall Rules

Mon Oct 05, 2020 11:24 am

oh i see, thanks again, next time you need an advice i hope there's someone kinder to answer you!
 
Sob
Forum Guru
Forum Guru
Posts: 6456
Joined: Mon Apr 20, 2009 9:11 pm

Re: Plex Server Firewall Rules

Mon Oct 05, 2020 12:03 pm

Take anav's "flaming ass" avatar as hint/warning. :)
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5924
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Plex Server Firewall Rules

Wed Oct 14, 2020 9:40 pm

No ssantos, you came here looking for help but were so arrogant to think you know which information is required for us to assist with your problem.
Dont worry you are not the first, nor the last to suffer from this affliction.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: No registered users and 31 guests