Differences

This shows you the differences between two versions of the page.

--- pfsense:plex [2020/04/12 00:04] – [Update **DNS Resolver**] peter
+++ pfsense:plex [2020/12/07 09:30] (current) – [Update DNS Resolver] peter
@@ Line 33: / Line 33: @@
 {{:pfsense:pfsense_firewall_nat_portforward_plex.png?800|}}
-When you receive request for port 32400 on the WAN gateway from any source IP or port, redirect it to 192.168.1.2:32400.
+When you receive request for port 32400 on the WAN gateway from any source IP or port, redirect it to 192.168.1.5:32400.
 <WRAP important>
@@ Line 40: / Line 40: @@
-It may be prudent to verify that this does exists under **Firewall -> Rules -> WAN**, and if not to manually configure such as rule.
+It may be prudent to verify that this does exists under **Firewall -> Rules -> WAN**, and if not to manually configure such a rule.
 How is this different from the NAT rule?  Well the NAT rule was telling the firewall how to map an external port to an internal one, so that our machine is reachable from the internet.
@@ Line 57: / Line 57: @@
 ----
-==== Update **DNS Resolver** ====
+==== Update DNS Resolver ====
 pfSense includes built in methods of [[https://docs.netgate.com/pfsense/en/latest/dns/unbound-dns-resolver.html|protection]] against [[https://en.wikipedia.org/wiki/DNS_rebinding|DNS rebinding attacks]].
-In pfSense:
+This protection can prevent being able to connect to a Plex Media Server securely on the local network.
-Navigate to **Services -> DNS Resolver -> General Settings**.
+To remediate this:
-Add the following to the **Custom Options** box on a new line.
+  * In pfSense:
+  * Navigate to **Services -> DNS Resolver -> General Settings**.
-<code>
+  * Add the following to the **Custom Options** box on a new line. <code>
 server:private-domain: "plex.direct"
 </code>
-Ensure that other entries in this box are on separate lines.
+  * Ensure that other entries in this box are on separate lines.
 {{:pfsense:pfsense_dns_resolver_custom_options.png?800|}}
+<WRAP todo>
+**TODO:**  This image is wrong.  There should only be a single **server:** word, right at the top.  Remove the other one.
+</WRAP>
+<WRAP info>
+**NOTE: ** An alternative method is to have the following entries within the Resolver Custom option:
+<code>
+server:
+    local-zone: “plex.direct” redirect
+    local-data: "plex.direct 3600 IN A "
+</code>
+</WRAP>
+<WRAP info>
+**NOTE:**  An alternative method to overcome the DNS protection is to navigate to **System -> Advanced -> Firewall and NAT**.
+In **Network Address Translation**:
+  * NAT Reflection mode for port forwards:  **NAT + proxy**.
+While this works for remote connections, it is not everything needed to get local secure connections working, so this is not the recommended approach to take.
+</WRAP>
+<WRAP important>
+**WARNING:** When working around DNS rebinding protection this way, your apps and Plex Media Server will typically treat the connections as being from a **Remote** source.
+This can affect which streaming qualities are used, as well as trigger Remote-applicable Server Settings - Bandwidth and Transcoding Limits.
+</WRAP>
+----
 See [[PFSense:pfBlockerNG:Bypass pfBlockerNG for specific clients|Bypass pfBlockerNG for specific clients]]
@@ Line 82: / Line 117: @@
-==== Use **NAT reflection** ====
+==== Use NAT reflection ====
 In pfSense: