Plex Server Setup in 2024 - Fully accessible outside your network

[spidysense]

TO get your Plex server Fully accessible outside your network

Firewall -> Nat -> Port Forward
From this page click + (add)
No RDR: unchecked
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Source: Any
Source Port Range: any/any
Destination: WAN Address
Destination port range: (other) 32400/32400
Redirect target IP: Plex server internal IP
Redirect target port: (other) 32400
Pool Options: Default
Description: Plex Media Server
NAT Reflection: Enable
Filter Rule Association: Pass

Services-> Unbound DNS-> Advanced-> Private Domains-> plex.direct

Firewall-> Settings -> Advanced
Reflection for port forwards: checked
Reflection for 1:1: checked
Automatic outbound NAT for Reflection: checked
Firewall Optimization: normal

[meyergru]

I have Nat Reflection enabled and Filter Rule Association "Pass", but otherwise, it should work.

Remember to configure remote access in your plex instance on port 32400.

[ropy29]

Is there an updated version of this? I have not been able to get remote access working since moving to OPNSense. I did notice that if I disable and re-enable remote access, It will be fully accessible for 4 seconds then it goes back to "Not available outside your network".

[meyergru]

I think, it will only work if you are able to access the remote port via IPv4, e.g. you are not behind CG-NAT or any type of double NAT, for that matter.

Also, my firewall optimization is set to "normal", see attached pictures. Obviously, you will need a plex account and have outbound access for your Plex server as well such that the plex network can make your external IPv4 be found. This server may not use a VPN connection, and obviously, you need a static or reserved internal IPv4.

There are instructions on how to test this (see sections "manual port forwarding" and "common problems"). For example, Zenarmor or AdGuardHome could also interfere.

[Mark_the_Red]

Just wanted to say thanks and rep+, high five, thank @spidysense for this post.

Was having a lot of trouble with this based on the garbage information on reddit, plex forums, etc to solve this.

I can 100% confirm that this solution works 100% with Opnsense 27.7.111_2-amd64 on PlexMediaServer(PlexPassVersion) Version 1.41.3.9314 running on Truenas Dragonfish.

If you are using Adguard Home like me, the line  / step is not required:

Services-> Unbound DNS-> Advanced-> Private Domains-> plex.direct

Thanks again for being a guiding light of truth in the darkness of Plex support!

[mrbeef]

This was great, the NAT Reflection tick was what I forgot.

I would like to add that enabling "Reflection for port forwards" caused opnsense hosted Adguard-Home to lose connection. Disabling did not seem to affect my ability to remotely connect though.

[Mando895]

I tried this method, but my Plex server still appears offline. Any help would be greatly appreciated!

[Mando895]

Additional images

[meyergru]

You did not set your internet speed. Also, you may be on CG-NAT. Please show your public IP (or at least the first three octets).

[Mando895]

IPv4: 50.113.87.x

Source: https://whatismyipaddress.com/



Also I just set my upload speed, and it still didn't seem to work. (I figured since I put no limit, it would just go to the maximum possible value.)

[meyergru]

In case of CG-NAT, that is NOT your public IP address, but the address of your ISP connecting outside. That can obviously only be a routeable IP, because your ISP does NAT from a non-routeable (WAN) to a routeable IP - it is even in the name: CG-NAT.

More specifically: Look at the WAN IP address in your dashboard to find your (potentially non-routeable) IP.

But you have indirectly answered the question anyway: The IP block 50.113.0.0/16 is AS20001, belonging to Charter Communications Inc.
They provide internet through a service called Spectrum, which is known to use CG-NAT. So, because you are behind NAT that is outside of your control, you cannot forward ports with IPv4. And because Plex does not support IPv6 (or at least, not that I know of), that means: no dice, sorry.

[Mando895]

It says that my WAN_DHCP (IPv4) is: 50.113.80.x. I do use Spectrum, but only their cable internet and modem (not their router). Is there any way to bypass this or check for it in future with other service providers? Thanks!

[meyergru]

O.K., if you are not behind NAT, can you check or do you know if you can expose ports via IPv4 at all? Like, temporarily open TCP port 443 on the WAN interface and try to access https://50.113.80.x from outside, like, with a phone connected via mobile and not your WLAN?

Also, can you access your plex via https://app.plex.tv/desktop from outside your network?

These instructions normally work. If they don't, then something must be different with your setup. In case you did not know: This is not a commercial support forum and most people, like me are volunteers. There are hundreds of service providers out there, I do not know them all - and you did not tell. With the scarcity of IPv4 addresses, many providers resort to CG-NAT.

[meyergru]

Oh, one more thing: You said you configured the Truenas server IP as target for the port-forwarding rule. I am unsure if that is right: In the instructions, they say that you configure the network in Plex. However, if that is a VM, it will most likely get an IP different from your Truenas server.

You can try if https://truenas ip:32400 gives you access to your Plex instance. If not, find out the correct Plex VM IP.

[Mando895]

I opened port 443, and upon using my public IP from https://whatismyipaddress.com/ on my phone using cellular data (50.113.87.x:443), I was greeted with an Error 400 message from nginx.

I am using Spectrum internet over a coax cable to their modem, and I am using the AdGuard as my DNS server.

I can also reach my Plex server (internally) using my TrueNAS IP on port 32400.

When using the mobile Plex app on cellular data, I do not see my server.

I appreciate all the help so far!