Server Version#: Version 1.18.0.1944
Player Version#: Version 4.10.1
I have PMS installed on Debian Linux. I’m able to reach it when using <local_IP>:32400/web. I’m also able to see the server when I log into plex.tv. However, I’m having issues getting remote access to work.
I’m using a Cisco ASA as the FW and my internet is Verizon FIOS. I’ve set up port-forwarding on the ASA to allow the traffic to be routed to the back-end plex server. However, it seems that no matter what port I try to forward, it doesn’t work. I try to use canyouseeme.org and that never seems to show my port as open. I honestly don’t know if that is a valid test or not at this point.
The hardest part about troubleshooting this is that I don’t see any traffic hitting my FW from the outside network destined to my PMS. I did a tcpdump on my PMS and the only traffic it sees going to it on port 32400 seems to be from my local desktop. The packets increase substantially when I hit retry on the remote access tab on plex.tv. However, as I stated, the only traffic my server seems to see in the tcpdump is from my local desktop. There seems to be a correlation but I don’t know why. I may not fully understand how the connections are initiated or flow completely for Plex but I would expect the remote access to be initiated from the outside network (Internet) in to my local LAN. I’m not seeing that.
I also checked and I don’t see firewalld or UFW running on the Debian box. I assume these are not enabled by default?
The one thing I do see on my FW logs is the log message below.
6 Oct 15 2019 06:49:09 110002 192.168.69.166 57002 Failed to locate egress interface for TCP from INSIDE:192.168.69.166/57002 to 108.44.XX.XX/22001
I’m not certain why this log is popping up and a part of me does wonder if it is a huge reason if not “the” reason that this isn’t work.
TCPDUMP INFO
11:17:20.872299 IP 192.168.69.166.32400 > 192.168.69.20.58054: Flags [P.], seq 214032:215473, ack 123629, win 1452, length 1441
11:17:21.076387 IP 192.168.69.20.58054 > 192.168.69.166.32400: Flags [.], ack 215473, win 16064, length 0
11:17:25.394315 IP 192.168.69.166.32400 > 192.168.69.20.57725: Flags [P.], seq 3141:3173, ack 505, win 249, length 32
11:17:25.397770 IP 192.168.69.20.57725 > 192.168.69.166.32400: Flags [P.], seq 505:541, ack 3173, win 16401, length 36
11:17:25.397819 IP 192.168.69.166.32400 > 192.168.69.20.57725: Flags [.], ack 541, win 249, length 0
11:17:26.510765 IP 192.168.69.166.32400 > 192.168.69.20.57725: Flags [P.], seq 3173:3327, ack 541, win 249, length 154
11:17:26.520610 IP 192.168.69.20.58054 > 192.168.69.166.32400: Flags [P.], seq 123629:124463, ack 215473, win 16064, length 834
11:17:26.520654 IP 192.168.69.166.32400 > 192.168.69.20.58054: Flags [.], ack 124463, win 1452, length 0
11:17:26.522860 IP 192.168.69.166.32400 > 192.168.69.20.58054: Flags [P.], seq 215473:215776, ack 124463, win 1452, length 303
11:17:26.717046 IP 192.168.69.20.57725 > 192.168.69.166.32400: Flags [.], ack 3327, win 16362, length 0
11:17:26.726550 IP 192.168.69.20.58054 > 192.168.69.166.32400: Flags [.], ack 215776, win 16425, length 0
11:17:27.117215 IP 192.168.69.166.32400 > 192.168.69.20.57725: Flags [P.], seq 3327:3589, ack 541, win 249, length 262
11:17:27.317167 IP 192.168.69.20.57725 > 192.168.69.166.32400: Flags [.], ack 3589, win 16297, length 0
ASA INFO
object network Plex_Server
host 192.168.69.169
object network Plex_Server
nat (INSIDE,OUTSIDE) static interface net-to-net service tcp 32400 21298
object network Plex_Server2
host 192.168.69.166
object network Plex_Server2
nat (INSIDE,OUTSIDE) static interface net-to-net service tcp 32400 22001
access-group OUTSIDE_access_in in interface OUTSIDE
access-list OUTSIDE_access_in extended permit tcp any object Plex_Server2 eq 22001
access-list OUTSIDE_access_in extended permit tcp any object Plex_Server eq 21298
interface GigabitEthernet1/1
nameif OUTSIDE
ip address 108.44.X.X/24 (DHCP)
interface GigabitEthernet1/2
nameif INSIDE
security-level 100
ip address 192.168.69.1 255.255.255.0
