Firewall Rule - Plex Media Server - Accessing HD Homerun on Different Subnet

Started by Mark_the_Red, February 20, 2025, 09:08:17 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
March 02, 2025, 04:04:02 AM #15
He explained how pure discovery failing is expected (the help mentioned is a broadcast relay).
Once you enter the IP, he seems at a loss to explain why (it worked in his test).

The live view screenshot shows out traffic only (all destined to Plex), possibly from streaming clients.

As you press that connect button on Plex, you should see in traffic on that interface (source being Plex).
Per Plex thread, standard HTTP.
Share your rules on that interface. Maybe you don't have logging enabled.
March 03, 2025, 11:04:19 PM #16 Last Edit: March 03, 2025, 11:40:31 PM by Mark_the_Red
THanks guys.  I was away this weekend at my sons hockey tournament.  My original post has the metwork mapped out so these are PHYSICAL interfaces controlling the subnets.  Logging is set to whatver the Vanilla OPNsense factory settings are.

Interface 1:  Server (Plex Media SErver is IP address 192.168.1.48:32400)
Interface 2:  IoT (HDHomerun is ip address 192.168.3.77)

Pic related is my IoT rules.  Don't bully me if I cannot keep NSA glowies out of my system like you guys can with special elaborate rules; I followed this guys firewall rules system to a letter https://www.youtube.com/watch?v=TjXkWSjYqlM&t=1s   Seemed logical and correct.

March 05, 2025, 11:41:02 PM #17
Here's how I read these:
Rule #1: Allow IOT Net to access the DNS server at IOT address (OPN hosted, Unbound or AGH or whatever). Very typical.
Rule #2: That's an IN (from the perspective of the FW) rule on the IOT interface and your TRUSTED RIG is probably not on that network so it won't be a source. This rule likely never fires.
Rule #3: Same? I'm not sure why your "work" devices would be on the IOT network. These devices are not depicted in your OP.
Rule #4: Allow access to the internet from the IOT interface (the source might as well be IOT_net. exceptions exists but unlikely in your case).
It's not blocking anything BTW.

The last rule is not enabled so I ignore it.

None of these rules are logging anything... the i is grey. If you want to see artifacts in the logs or live view, you need to enable logging.
March 05, 2025, 11:48:58 PM #18
When Plex tries to communicate with the HDHR device, you should see traffic hitting the SERVER interface first (IN) and if that's allowed, you should see OUT traffic on the IOT interface. The general consensus is the control traffic on the interface where the source resides (IN rule on the SERVER interface for you).
IN and OUT are from the perspective of OPN.
Print
Go Up Pages 1 2
User actions