1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Port Forwarding Firewall

Discussion in 'Asuswrt-Merlin' started by TCoreX, Jan 20, 2020.

  1. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    Hi there,

    I'm struggling with port sharing 32400.
    Without a firewall, port sharing works and can access Plex.
    However, when I turn on the firewall, sharing is blocked.

    How can I expose the port even if the firewall is active?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,687
    Location:
    UK
    "port sharing" - presumably you mean port forwarding?

    What firewall? The one on your router or the one on the device hosting the Plex server?

    What is your router model and what firmware version are you using?
     
  3. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    To come along briefly:

    I have an Asus RT-AC86U running Merlin 384.15.alpha1.
    I set up a Plex Media Server, using Entware and Debian Stretch. That works perfectly in the local network. However, I also want to access outside and have enabled the port release 32400 of the Plex server. This gives me external access to the server. However, the firewall of the router is switched on, the port is blocked and can no longer be accessed outside. How can I solve the problem?
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,687
    Location:
    UK
    Can you post a screenshot of your port forwarding rule.
     
  5. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    I am currently not at home but can say what I have entered:

    Service name: PLEX
    Source IP: 80.X.X.X (censored)
    Port range: 32400
    Local IP: 80.X.X.X (censored)
    Local port: 32400
    Protocol: TCP

    I've tried several variants, but external with the firewall turned on, no chance.

    The two IPs are the same, is output by the Plex Server so that the server runs directly via the router, as already described above.
     
  6. beady_uk

    beady_uk Occasional Visitor

    Joined:
    Jan 4, 2016
    Messages:
    27
    Clear this box (leave it empty)

    Also you cant port forward to your router from within the router settings. This needs to be done through a script with ipsets
     
    Last edited: Jan 20, 2020
    Vexira and slidermike like this.
  7. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,687
    Location:
    UK
    You can't port forward to and from your external IP address.

    So it sounds like you are running Plex on the router and not a separate server. Assuming your router's internal IP address is 192.168.1.1 try:

    Service name: PLEX
    Source IP: <blank>
    Port range: 32400
    Local IP: 192.168.1.1
    Local port: 32400
    Protocol: TCP
     
    Last edited: Jan 20, 2020
  8. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    How do i handle it :)
     
  9. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    The same is true, the server is running on the router :)
    Ok, I will do it later and also report on it.
     
  10. beady_uk

    beady_uk Occasional Visitor

    Joined:
    Jan 4, 2016
    Messages:
    27
    I'm not the right person to help. I have something similar set up for transmission but I used scripts I found in this forum and manipulated them to fit my needs. Someone else with better knowledge will hopefully help
     
  11. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    OK thanks :)
    Hope this of course and thank you for now :)
     
  12. madfusker

    madfusker Regular Contributor

    Joined:
    Jul 20, 2014
    Messages:
    147
    I'd also suggest some security by obscurity... I run plex on a nonstandard port externally like 48200, and port forward that to the local machine 32400. If,,, I mean when, there's a vulnerability on plex, I prefer not to get hit by the robots looking at every IP:32400 on the planet.
     
    dave14305, Vexira and TCoreX like this.
  13. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    no success even with these settings :(

    Screenshot_20200121_151400.jpg Screenshot_20200121_151237_com.android.chrome.jpg
     
  14. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,687
    Location:
    UK
    Your pictures are too small to read.
     
    Vexira likes this.
  15. netware5

    netware5 Senior Member

    Joined:
    Mar 9, 2013
    Messages:
    441
    Location:
    Bulgaria
    In any case it is not good idea to open any service to the Internet. Especially if the service is running on the router itself, which plays the role of your most important guardian against external threats.

    The golden security standard is: The only port opened to the external world shall be the port on which your OpenVPN server listens.

    So my advice is to run OpenVPN server and then access the Plex from outside using the OpenVPN.
     
    martinr likes this.
  16. netware5

    netware5 Senior Member

    Joined:
    Mar 9, 2013
    Messages:
    441
    Location:
    Bulgaria
    Security by obscurity is not a valid security measure at all. This is one of the most criticized security concepts. You may wish to read NIST Guide to General Server Security here: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf and pay attention to the following quote:
    Moving your service to non-standard port does not provide additional security. It just helps you to avoid spamming of your syslog by scanning bots and gives you a deceptive calm regarding your security.
     
  17. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
    click on picture then it gets bigger :)
     
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,687
    Location:
    UK
    That's what I did. It's still too small to read.
     
  19. TCoreX

    TCoreX Occasional Visitor

    Joined:
    Jan 20, 2020
    Messages:
    23
  20. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,687
    Location:
    UK
    How are you testing this connection?

    EDIT: Check what preferred network interface Plex is using.

    https://support.plex.tv/articles/200430283-network/

    Plex should be using 192.168.1.1, not 80.x.x.x.
     
    Last edited: Jan 21, 2020