What's new

Adding a port forwarding rule for Plex

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TheLyppardMan

Very Senior Member
I have Plex Media Server on my Synology NAS. Would it be safe or risky to allow external access to the PlexMedia Server using a port forwarding rule? It does work and I've changed the default internal port for added security. Incidentally, I did try using port triggering, but it only worked for a short time. Also, I've tried just using VPN, but live streaming is very jittery and it would only really practicable to use by downloading the content to my mobile before playing (I haven't tried downloading a file like that yet, so I don't even know if that would work).
 
When I was running Asus routers, I used a port forwarding rule (non standard Plex port) for my Plex server. I also ran Skynet with all traffic checking enabled to add an extra layer of ”some” security.

Anytime you open an outside port into your network it comes with a certain level of risk.

I no longer use Asus for my routing and my Plex sever is isolated from the rest of my network.
 
Hi @TheLyppardMan & @Smokey613, could you share how you’ve set it up in a way that it works locally?
I have Plex running in a Docker container on my Raspberry Pi and it’s available through 192.168.0.xxx:32400. I restricted web access from the outside, so the web UI is only accessible locally.
I can’t make media streaming work locally though – whenever I open the Plex app on my Apple TV, it wants me to authorize using my Plex account. Whenever I do that, it can’t refresh media from my server as it’s not available (remote sharing is disabled). I tried to add my local network to the allowed list under Network settings (so it wouldn’t require auth) with no luck.
I understand that authentication happens on the Plex server, but why do I need to expose my server to the outside world to stream locally?
 
Because each device and the server auth to app.plex.tv

I block all of the analytics stuff through pihole though and have remote use off as well.
You don't have to open a port to auth to app.plex.tv. Opening ports for Plex is used just for remote streaming

Hi @TheLyppardMan & @Smokey613, could you share how you’ve set it up in a way that it works locally?
I have Plex running in a Docker container on my Raspberry Pi and it’s available through 192.168.0.xxx:32400. I restricted web access from the outside, so the web UI is only accessible locally.
I can’t make media streaming work locally though – whenever I open the Plex app on my Apple TV, it wants me to authorize using my Plex account. Whenever I do that, it can’t refresh media from my server as it’s not available (remote sharing is disabled). I tried to add my local network to the allowed list under Network settings (so it wouldn’t require auth) with no luck.
I understand that authentication happens on the Plex server, but why do I need to expose my server to the outside world to stream locally?

I suspect your issue is related to your Docker Container and getting your PMS to see your traffic as local.
 
Is your Plex server docker connected to the network in "bridge" mode?
I have a Qnap and all my dockers are configured in bridge mode with required ports mapped to the host(qnap) ports.

As stated by Yooshaw, the server only needs an open port to remote stream. But it does require internet access(out) to stay logged in properly.
 
Is your Plex server docker connected to the network in "bridge" mode?
I have a Qnap and all my dockers are configured in bridge mode with required ports mapped to the host(qnap) ports.

As stated by Yooshaw, the server only needs an open port to remote stream. But it does require internet access(out) to stay logged in properly.
I'm running it using Caprover which itself runs on Docker Swarm. So, I think it's not bridge, but overlay network.

Code:
> sudo docker service inspect srv-captain--plex --pretty

...
...
Resources:
Networks: captain-overlay-network
Endpoint Mode:    vip
Ports:
PublishedPort = 32400
  Protocol = tcp
  TargetPort = 32400
  PublishMode = ingress
PublishedPort = 32400
  Protocol = udp
  TargetPort = 32400
  PublishMode = ingress
PublishedPort = 3005
  Protocol = tcp
  TargetPort = 3005
  PublishMode = ingress
PublishedPort = 3005
  Protocol = udp
  TargetPort = 3005
  PublishMode = ingress
PublishedPort = 8324
  Protocol = tcp
  TargetPort = 8324
  PublishMode = ingress
PublishedPort = 8324
  Protocol = udp
  TargetPort = 8324
  PublishMode = ingress
PublishedPort = 32469
  Protocol = tcp
  TargetPort = 32469
  PublishMode = ingress
PublishedPort = 32469
  Protocol = udp
  TargetPort = 32469
  PublishMode = ingress
PublishedPort = 1900
  Protocol = tcp
  TargetPort = 1900
  PublishMode = ingress
PublishedPort = 1900
  Protocol = udp
  TargetPort = 1900
  PublishMode = ingress
PublishedPort = 32410
  Protocol = tcp
  TargetPort = 32410
  PublishMode = ingress
PublishedPort = 32410
  Protocol = udp
  TargetPort = 32410
  PublishMode = ingress
PublishedPort = 32412
  Protocol = tcp
  TargetPort = 32412
  PublishMode = ingress
PublishedPort = 32412
  Protocol = udp
  TargetPort = 32412
  PublishMode = ingress
PublishedPort = 32413
  Protocol = tcp
  TargetPort = 32413
  PublishMode = ingress
PublishedPort = 32413
  Protocol = udp
  TargetPort = 32413
  PublishMode = ingress
PublishedPort = 32414
  Protocol = tcp
  TargetPort = 32414
  PublishMode = ingress
PublishedPort = 32414
  Protocol = udp
  TargetPort = 32414
  PublishMode = ingress

So, as far as I understand I need to map my container to host in order for it to work. I haven't found a way yet though, overriding networking settings in Caprover seem a bit complicated. But you're right, that's the reason my PMS doesn't work locally.

Update
I moved my Plex installation from Caprover to Docker. Now everything works just fine.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top