Issue with Firewall on 386.1_2 RT-AC 5300 - PLEX

[coaltrans]

Hi,

I have an issue with my ASUS RT-AC5300 fitted with Asus Merlin 386.1_2
I would like to activate the FIREWALL on the routeur but when i do so, PLEX is no longer accessible from outside
I tried to create an "Inbound Firewall Rules" but it doesn't work.
How can i get firewall activated and have an exclusions for specific port ?
Thanks and best regards

 

[jackc88]

There could be some mismatch between what your Plex server is advertising and how the firewall is configured.
[WAN] How to set up Virtual Server/ Port Forwarding on ASUS Router? | Official Support | ASUS Global
Usually, the first Plex server listens on 32400 (local port). However, the public port is randomly selected by default, unless you configure a "Manually specified public port" on your server.

Below is an example for the different fields.
Service Name: Plex or whatever you like
External Port: Copy the value you assigned as manually specified or the one dynamically configured by Plex for your sever
Internal Port: 32400
Internal IP Address: IP Address of your Plex Server
Protocol: TCP
Source IP: (Leave Blank)

If you are comfortable, you may want to consider enabling UPnP instead of statically assigning a rule. With either route you decide on, just double check what ports are opened on router's "System Log - Port Forwarding" page against your Plex server's "Remote Access" page. Let me know if you want me to compare the info for you.

 

[coaltrans]

Hello Jackc88
Many thanks for your help.
So i have already configured the port forwarding and manually specified the public port.
I have also activated UPNP
Plex is accessible from outside then get disconnected randomly.
The only way to get it work is to do as above AND desactivate the FIREWALL in the routeur option.
I'm a bit lost by this behaviour

 

[jackc88]

Greetings,
To make troubleshooting easier, I would stick with one method. You can go with the static rule or UPnP. I would then compare the "System Log - Port Forwarding" page for the rule when it is working and again when it stops working. When it stops working, does that imply no new clients can connect from different IPs? Did you by chance have aggressive timeouts defined on the router under Tools / Other Settings or on the server's IP stack? From experience, Plex is pretty resilient with just the default bufferring. I can usually upgrade the server in the middle of streaming. FYI, I only have UPnP enabled once I went to more than one server. I have since moved everything over to UPnP in order to keep HW acceleration on the Asus enabled. If you can easily reproduce the issue, see if you can get a pcap from tcpdump. I can help take a look at it if all else fails.

 

[coaltrans]

Many thanks for taking time to help.

So i checked "System Log - Port Forwarding" page and the informations available are the same when it works and when it doesn’t work
ref the timeouts defined on the router under Tools / Other Settings everything is basis "default settings"
Should it be modified?

In the meantime, i just realized it's not really the firewall the issue but the option : "Enable DoS protection"
When it's not activated server is perfectly reachable from outside (https://canyouseeme.org/ and PLEX works perfectly in such case)

 

[jackc88]

I do modify the timeouts on my end slightly just to make things more efficient, but there really shouldn't be a need. Decades ago, we would change the religiously on servers with lots of connections and tighter resource constraints.
Good news that you got it working. BTW, I have DoS protection on both my Plex servers are visible.
Happy streaming!