What's new

Port Forwarding Firewall

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TCoreX

Regular Contributor
Hi there,

I'm struggling with port sharing 32400.
Without a firewall, port sharing works and can access Plex.
However, when I turn on the firewall, sharing is blocked.

How can I expose the port even if the firewall is active?
 
"port sharing" - presumably you mean port forwarding?

What firewall? The one on your router or the one on the device hosting the Plex server?

What is your router model and what firmware version are you using?
 
To come along briefly:

I have an Asus RT-AC86U running Merlin 384.15.alpha1.
I set up a Plex Media Server, using Entware and Debian Stretch. That works perfectly in the local network. However, I also want to access outside and have enabled the port release 32400 of the Plex server. This gives me external access to the server. However, the firewall of the router is switched on, the port is blocked and can no longer be accessed outside. How can I solve the problem?
 
I am currently not at home but can say what I have entered:

Service name: PLEX
Source IP: 80.X.X.X (censored)
Port range: 32400
Local IP: 80.X.X.X (censored)
Local port: 32400
Protocol: TCP

I've tried several variants, but external with the firewall turned on, no chance.

The two IPs are the same, is output by the Plex Server so that the server runs directly via the router, as already described above.
 
I am currently not at home but can say what I have entered:

Service name: PLEX
Source IP: 80.X.X.X (censored)
Port range: 32400
Local IP: 80.X.X.X (censored)
Local port: 32400
Protocol: TCP

I've tried several variants, but external with the firewall turned on, no chance.

The two IPs are the same, is output by the Plex Server so that the server runs directly via the router, as already described above.
You can't port forward to and from your external IP address.

So it sounds like you are running Plex on the router and not a separate server. Assuming your router's internal IP address is 192.168.1.1 try:

Service name: PLEX
Source IP: <blank>
Port range: 32400
Local IP: 192.168.1.1
Local port: 32400
Protocol: TCP
 
Last edited:
You can't port forward to and from your external IP address.

So it sounds like you are running Plex on the router and not a separate server. Assuming your router's internal IP address is 192.168.1.1 try:

Service name: PLEX
Source IP: <blank>
Port range: 32400
Local IP: 192.168.1.1
Local port: 32400
Protocol: TCP
The same is true, the server is running on the router :)
Ok, I will do it later and also report on it.
 
How do i handle it :)
I'm not the right person to help. I have something similar set up for transmission but I used scripts I found in this forum and manipulated them to fit my needs. Someone else with better knowledge will hopefully help
 
I'd also suggest some security by obscurity... I run plex on a nonstandard port externally like 48200, and port forward that to the local machine 32400. If,,, I mean when, there's a vulnerability on plex, I prefer not to get hit by the robots looking at every IP:32400 on the planet.
 
no success even with these settings :(

Screenshot_20200121_151400.jpg Screenshot_20200121_151237_com.android.chrome.jpg
 
In any case it is not good idea to open any service to the Internet. Especially if the service is running on the router itself, which plays the role of your most important guardian against external threats.

The golden security standard is: The only port opened to the external world shall be the port on which your OpenVPN server listens.

So my advice is to run OpenVPN server and then access the Plex from outside using the OpenVPN.
 
I'd also suggest some security by obscurity... I run plex on a nonstandard port externally like 48200, and port forward that to the local machine 32400. If,,, I mean when, there's a vulnerability on plex, I prefer not to get hit by the robots looking at every IP:32400 on the planet.

Security by obscurity is not a valid security measure at all. This is one of the most criticized security concepts. You may wish to read NIST Guide to General Server Security here: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf and pay attention to the following quote:
Open Design — System security should not depend on the secrecy of the implementation or its components.

Moving your service to non-standard port does not provide additional security. It just helps you to avoid spamming of your syslog by scanning bots and gives you a deceptive calm regarding your security.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top