TO get your Plex server Fully accessible outside your network
Firewall -> Nat -> Port Forward
From this page click + (add)
No RDR: unchecked
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Source: Any
Source Port Range: any/any
Destination: WAN Address
Destination port range: (other) 32400/32400
Redirect target IP: Plex server internal IP
Redirect target port: (other) 32400
Pool Options: Default
Description: Plex Media Server
NAT Reflection: Enable
Filter Rule Association: Pass
Services-> Unbound DNS-> Advanced-> Private Domains-> plex.direct
Firewall-> Settings -> Advanced
Reflection for port forwards: checked
Reflection for 1:1: checked
Automatic outbound NAT for Reflection: checked
Firewall Optimization: normal
I have Nat Reflection enabled and Filter Rule Association "Pass", but otherwise, it should work.
Remember to configure remote access in your plex instance on port 32400.
Is there an updated version of this? I have not been able to get remote access working since moving to OPNSense. I did notice that if I disable and re-enable remote access, It will be fully accessible for 4 seconds then it goes back to "Not available outside your network".
I think, it will only work if you are able to access the remote port via IPv4, e.g. you are not behind CG-NAT or any type of double NAT, for that matter.
Also, my firewall optimization is set to "normal", see attached pictures. Obviously, you will need a plex account and have outbound access for your Plex server as well such that the plex network can make your external IPv4 be found. This server may not use a VPN connection, and obviously, you need a static or reserved internal IPv4.
There are instructions on how to test this (https://support.plex.tv/articles/200931138-troubleshooting-remote-access/) (see sections "manual port forwarding" and "common problems"). For example, Zenarmor or AdGuardHome could also interfere.
Just wanted to say thanks and rep+, high five, thank @spidysense for this post.
Was having a lot of trouble with this based on the garbage information on reddit, plex forums, etc to solve this.
I can 100% confirm that this solution works 100% with Opnsense 27.7.111_2-amd64 on PlexMediaServer(PlexPassVersion) Version 1.41.3.9314 running on Truenas Dragonfish.
If you are using Adguard Home like me, the line / step is not required:
QuoteServices-> Unbound DNS-> Advanced-> Private Domains-> plex.direct
Thanks again for being a guiding light of truth in the darkness of Plex support!
This was great, the NAT Reflection tick was what I forgot.
I would like to add that enabling "Reflection for port forwards" caused opnsense hosted Adguard-Home to lose connection. Disabling did not seem to affect my ability to remotely connect though.
I tried this method, but my Plex server still appears offline. Any help would be greatly appreciated!
Additional images
You did not set your internet speed. Also, you may be on CG-NAT. Please show your public IP (or at least the first three octets).
IPv4: 50.113.87.x
Source: https://whatismyipaddress.com/
Also I just set my upload speed, and it still didn't seem to work. (I figured since I put no limit, it would just go to the maximum possible value.)
In case of CG-NAT, that is NOT your public IP address, but the address of your ISP connecting outside. That can obviously only be a routeable IP, because your ISP does NAT from a non-routeable (WAN) to a routeable IP - it is even in the name: CG-NAT (https://de.wikipedia.org/wiki/Carrier-grade_NAT).
More specifically: Look at the WAN IP address in your dashboard to find your (potentially non-routeable) IP.
But you have indirectly answered the question anyway: The IP block 50.113.0.0/16 is AS20001, belonging to Charter Communications Inc.
They provide internet through a service called Spectrum, which is known to use CG-NAT (https://www.reddit.com/r/Spectrum/comments/wichzr/does_spectrum_use_cgnat_ports_forwarded_in_router/). So, because you are behind NAT that is outside of your control, you cannot forward ports with IPv4. And because Plex does not support IPv6 (or at least, not that I know of), that means: no dice, sorry.
It says that my WAN_DHCP (IPv4) is: 50.113.80.x. I do use Spectrum, but only their cable internet and modem (not their router). Is there any way to bypass this or check for it in future with other service providers? Thanks!
O.K., if you are not behind NAT, can you check or do you know if you can expose ports via IPv4 at all? Like, temporarily open TCP port 443 on the WAN interface and try to access https://50.113.80.x from outside, like, with a phone connected via mobile and not your WLAN?
Also, can you access your plex via https://app.plex.tv/desktop from outside your network?
These instructions normally work. If they don't, then something must be different with your setup. In case you did not know: This is not a commercial support forum and most people, like me are volunteers. There are hundreds of service providers out there, I do not know them all - and you did not tell. With the scarcity of IPv4 addresses, many providers resort to CG-NAT.
Oh, one more thing: You said you configured the Truenas server IP as target for the port-forwarding rule. I am unsure if that is right: In the instructions, they say that you configure the network in Plex (https://www.truenas.com/docs/truenasapps/stableapps/plexapp/#setting-up-local-network). However, if that is a VM, it will most likely get an IP different from your Truenas server.
You can try if https://truenas ip:32400 gives you access to your Plex instance. If not, find out the correct Plex VM IP.
I opened port 443, and upon using my public IP from https://whatismyipaddress.com/ on my phone using cellular data (50.113.87.x:443), I was greeted with an Error 400 message from nginx.
I am using Spectrum internet over a coax cable to their modem, and I am using the AdGuard as my DNS server.
I can also reach my Plex server (internally) using my TrueNAS IP on port 32400.
When using the mobile Plex app on cellular data, I do not see my server.
I appreciate all the help so far!
The only thing I can imagine now is a routing problem or a firewall on your Truenas server. Matter-of-fact, when you enable port-forwarding, it is the outside IP that is reaching your endpoint. If there is no proper default route or if requests from outside of your LAN are blocked, you will not get a connection.
You would not notice that when you connect from your LAN.
Thank you so much for all of your help. I think I figured out what the issue was. For some reason, TrueNas was overriding the path to my OPNsense system and preventing itself from reaching the greater internet. I noticed that it was having issues reaching GitHub links as well as updating which helped me find this solution. My server appears to work fine now (although my upload speed is still terrible).
Also for whatever it's worth, you do not necessarily need to specify an upload speed to get your Plex server to function. I believe if no explicit limit is set, the server will use whatever bandwidth is available to it.
Thank you again for all of your help and for posting the original guide. This thread is by far the best Plex + OPNsense port forwarding tutorial I've seen.
Also for anyone unsure if their port forwarding works, try checking on https://canyouseeme.org/
This worked great. I moved last night from pfSense and had to rebuild all my settings manually from the XML backup. I still can't wrap my head around the source/destination/NAT layers in "simple" port-forwarding with the xxSense tools. I love the power, just need to learn the terminology better. Like why does NAT Reflection affect if it works.
BUT. This worked great. --thanks.