Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSelf-hostedRemote access configuration for Plex Media Server
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
CYaBro
4565 posts

Uber Geek

ID Verified
Trusted

  #3348382 27-Feb-2025 14:59
Send private message

xpd:

 

Yeah, CGNAT then was the culprit :) 

 

It's something people have got to be aware of when running services from home and swap providers. 

 

 

 

 

Yup but you don't need to pay for a static IP address to make things work remotely anymore. 😁




Opinions are my own and not the views of my employer.



jonathan18
7413 posts

Uber Geek

ID Verified
Trusted

  #3348386 27-Feb-2025 15:31
Send private message

CYaBro:

 

Yup but you don't need to pay for a static IP address to make things work remotely anymore. 😁

 

 

@cYaBro - what's the solution that avoids needing a static IP? I'm currently not paying for mine via 2D, but once they start charging I'll be keen on an alternative solution. Would appreciate your direction on this!

shrub
773 posts

Ultimate Geek

ID Verified

  #3348388 27-Feb-2025 15:41
Send private message

I'm also a bit confused here. Was on static IP with ONENZ but changed to SKY so now I'm on CGNAT and my Plex server didn't even notice.

 

Are you by chance running your server without a PlexPass? technically forcing a connection to look like its local by opening ports?



nztim
3754 posts

Uber Geek

ID Verified
Trusted
TEAMnetwork
Subscriber

  #3348394 27-Feb-2025 16:22
Send private message

I would not port forward Plex to your LAN, I would also not Port Forward plex without a UTM firewall that can do Geoblocking

 

Plex needs a port forward (or using plex relay in which quality is rubbish) to have friends and family access your media content natively from the likes of a Smart Tv/AppleTV/ETC

 

To mitigate security risks (as best as you possibly can)

 

  • have a DMZ where your plex server sits with *NO* access to your LAN whatsoever
  • Use a UTM firewall to restrict access to Just NZ only
  • If you dont have the luxury of a UTM Firewall

     

    • Rather than allow from Anywhere, have your friends / family obtain a static IP on their connection
    • if you are using on the road only allow traffic from the major NZ ISPs (spark/one/etc) 

In summary if you are port forwarding to your main LAN and/or have no form of Source IP restriction you are asking for your network to get hacked.




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 

CYaBro
4565 posts

Uber Geek

ID Verified
Trusted

  #3348448 27-Feb-2025 17:04
Send private message

jonathan18:

 

CYaBro:

 

Yup but you don't need to pay for a static IP address to make things work remotely anymore. 😁

 

 

@cYaBro - what's the solution that avoids needing a static IP? I'm currently not paying for mine via 2D, but once they start charging I'll be keen on an alternative solution. Would appreciate your direction on this!

 

 

I posted this link earlier in this thread:

 

https://mythofechelon.co.uk/blog/2024/1/7/how-to-set-up-free-secure-high-quality-remote-access-for-plex




Opinions are my own and not the views of my employer.

michaelmurfy
meow
13217 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3348466 27-Feb-2025 19:39
Send private message

CYaBro: I posted this link earlier in this thread:

 

https://mythofechelon.co.uk/blog/2024/1/7/how-to-set-up-free-secure-high-quality-remote-access-for-plex

 

1) Is against the Cloudflare AUP.
2) Limited to ~100Mbit or even less based on demand.
3) Should just use an ISP that at-least provides a public IP address for Plex otherwise by official means you're limited to IPv6 + Plex Relay only.

 

Tailscale won't work here - perhaps with Jellyfin, but same problem applies and you're limited to Tailscale's DERP servers.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Handle9
11267 posts

Uber Geek

Trusted
Lifetime subscriber

  #3348561 28-Feb-2025 00:48
Send private message

michaelmurfy:

 

CYaBro: I posted this link earlier in this thread:

 

https://mythofechelon.co.uk/blog/2024/1/7/how-to-set-up-free-secure-high-quality-remote-access-for-plex

 

1) Is against the Cloudflare AUP.
2) Limited to ~100Mbit or even less based on demand.
3) Should just use an ISP that at-least provides a public IP address for Plex otherwise by official means you're limited to IPv6 + Plex Relay only.

 

Tailscale won't work here - perhaps with Jellyfin, but same problem applies and you're limited to Tailscale's DERP servers.

 

 

And Plex Relay is limited to 1/2Mbps - i.e. it looks like crap.

 
 
 
 

Free kids accounts - trade shares and funds (NZ, US) with Sharesies (affiliate link).
CYaBro
4565 posts

Uber Geek

ID Verified
Trusted

  #3348577 28-Feb-2025 06:21
Send private message

michaelmurfy:

 

CYaBro: I posted this link earlier in this thread:

 

https://mythofechelon.co.uk/blog/2024/1/7/how-to-set-up-free-secure-high-quality-remote-access-for-plex

 

1) Is against the Cloudflare AUP.
2) Limited to ~100Mbit or even less based on demand.
3) Should just use an ISP that at-least provides a public IP address for Plex otherwise by official means you're limited to IPv6 + Plex Relay only.

 

Tailscale won't work here - perhaps with Jellyfin, but same problem applies and you're limited to Tailscale's DERP servers.

 

 

if you read the details on that page they talk about the cloudflare AUP and have a different interpretation of them. 
Can you provide a link to show they’re wrong?

 

it seems opinions are split as to whether it is against their terms or not. 
What I haven’t seen though is anyone posting anywhere about being banned from Cloudflare for doing it and I’d think with the number of people who are using CF for Plex remote access CF would have banned at least some of them by now if it was against their terms. 




Opinions are my own and not the views of my employer.

Handle9
11267 posts

Uber Geek

Trusted
Lifetime subscriber

  #3348589 28-Feb-2025 07:26
Send private message

CYaBro:

 

michaelmurfy:

 

1) Is against the Cloudflare AUP.
2) Limited to ~100Mbit or even less based on demand.
3) Should just use an ISP that at-least provides a public IP address for Plex otherwise by official means you're limited to IPv6 + Plex Relay only.

 

Tailscale won't work here - perhaps with Jellyfin, but same problem applies and you're limited to Tailscale's DERP servers.

 

 

if you read the details on that page they talk about the cloudflare AUP and have a different interpretation of them. 
Can you provide a link to show they’re wrong?

 

it seems opinions are split as to whether it is against their terms or not. 
What I haven’t seen though is anyone posting anywhere about being banned from Cloudflare for doing it and I’d think with the number of people who are using CF for Plex remote access CF would have banned at least some of them by now if it was against their terms. 

 

 

The relevant part of the TOS is below. 

 

Content Delivery Network (Free, Pro, or Business)

 

Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid Services to serve video or a disproportionate percentage of pictures, audio files, or other large files. We will use reasonable efforts to provide you with notice of such action.

 

 

 

Cloudflares explanation is below:

 

https://blog.cloudflare.com/updated-tos/

 

The article you linked to references Cloudflare banning people. It happens and it should happen if you abuse their bandwidth in a way they clearly don't want you to.

 

 

CYaBro
4565 posts

Uber Geek

ID Verified
Trusted

  #3348596 28-Feb-2025 07:56
Send private message

Handle9:

 

The relevant part of the TOS is below. 

 

Content Delivery Network (Free, Pro, or Business)

 

Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid Services to serve video or a disproportionate percentage of pictures, audio files, or other large files. We will use reasonable efforts to provide you with notice of such action.

 

 

 

Cloudflares explanation is below:

 

https://blog.cloudflare.com/updated-tos/

 

The article you linked to references Cloudflare banning people. It happens and it should happen if you abuse their bandwidth in a way they clearly don't want you to.

 

 

 

 

I just found that same section.  Better turn it off I suppose! Or wait and see if they give me notice. 




Opinions are my own and not the views of my employer.

jonathan18
7413 posts

Uber Geek

ID Verified
Trusted

  #3348617 28-Feb-2025 08:19
Send private message

Ok, so I'm not going to go down that route! 

 

Does anyone use NordVPN's 'Meshnet' for dealing with this, and if so can they report on how well it works?  

 

I'm currently subscribed (though I've just seen my sub expires this July) and Nord's website claims it's a viable alternative, so keen on hearing from others. TIA.

michaelmurfy
meow
13217 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3348675 28-Feb-2025 11:18
Send private message

CYaBro: I just found that same section.  Better turn it off I suppose! Or wait and see if they give me notice.

 

The thing is, it doesn't just affect that single service but affects your whole account and any domains you've got running through it.

 

I wouldn't risk it. If you're hosting you're best to be with an ISP that offers you a public IP address.

 

jonathan18: Does anyone use NordVPN's 'Meshnet' for dealing with this, and if so can they report on how well it works?

 

Same thing as me explaining why Tailscale won't work - Plex expects you to have a Public IP address and isn't really designed as a private service due to its dependency on Plex's servers. When you're using one of these mesh VPN services where it be Tailscale, Zerotier, Meshnet etc your device will need to do an outbound connection to something out on the internet normally controlled by the service and with bandwidth limitations (in Tailscale's case this is around 10Mbit for their DERP servers) because things can't direct connect back via CG-NAT.

 

So while services like Tailscale, Meshnet etc will work to give you access to stuff running in your home network it won't ever work well and you're better to just be with a provider that offers a public IP address. One NZ, Spark, Skinny, Quic are all providers that by default offer a public IP address free of charge and others like Mercury Energy and NOW I believe will provide one if you ask them but the Vocus brands now are by default behind CG-NAT so will be a limitation for self hosters unless if you're wanting to fork out for a Static IP address.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

cddt
1501 posts

Uber Geek


  #3348724 28-Feb-2025 14:20
Send private message

nztim:

 

I would not port forward Plex to your LAN, I would also not Port Forward plex without a UTM firewall that can do Geoblocking

 

Plex needs a port forward (or using plex relay in which quality is rubbish) to have friends and family access your media content natively from the likes of a Smart Tv/AppleTV/ETC

 

To mitigate security risks (as best as you possibly can)

 

  • have a DMZ where your plex server sits with *NO* access to your LAN whatsoever
  • Use a UTM firewall to restrict access to Just NZ only
  • If you dont have the luxury of a UTM Firewall

     

    • Rather than allow from Anywhere, have your friends / family obtain a static IP on their connection
    • if you are using on the road only allow traffic from the major NZ ISPs (spark/one/etc) 

In summary if you are port forwarding to your main LAN and/or have no form of Source IP restriction you are asking for your network to get hacked.

 

 

Disclaimer: I am not an expert. 

 

I use a reverse proxy when self-hosting. So far, I haven't been hacked. Is there something I'm missing which is making me vulnerable? 




My referral links: BigPipeMercury

1 | 2 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Logitech G522 Gaming Headset Review
Posted 18-Jun-2025 17:00

Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19

LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13

One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00

Suunto Run Review
Posted 10-Jun-2025 10:44

Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50

HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40

Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06

Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57

AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55

Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14

New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08

Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04

Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright