Wiki

User Tools

Site Tools

Trace:
pfsense:plex

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:plex [2020/12/07 08:59] – [Update **DNS Resolver**] peterpfsense:plex [2020/12/07 09:30] (current) – [Update DNS Resolver] peter
Line 61: Line 61:
 pfSense includes built in methods of [[https://docs.netgate.com/pfsense/en/latest/dns/unbound-dns-resolver.html|protection]] against [[https://en.wikipedia.org/wiki/DNS_rebinding|DNS rebinding attacks]]. pfSense includes built in methods of [[https://docs.netgate.com/pfsense/en/latest/dns/unbound-dns-resolver.html|protection]] against [[https://en.wikipedia.org/wiki/DNS_rebinding|DNS rebinding attacks]].
  
-In pfSense:+This protection can prevent being able to connect to a Plex Media Server securely on the local network.
  
-Navigate to **Services -> DNS Resolver -> General Settings**.+To remediate this:
  
-Add the following to the **Custom Options** box on a new line. +  * In pfSense: 
- +  * Navigate to **Services -> DNS Resolver -> General Settings**. 
-<code>+  * Add the following to the **Custom Options** box on a new line. <code>
 server:private-domain: "plex.direct" server:private-domain: "plex.direct"
 </code> </code>
  
-Ensure that other entries in this box are on separate lines.+  * Ensure that other entries in this box are on separate lines.
  
 {{:pfsense:pfsense_dns_resolver_custom_options.png?800|}} {{:pfsense:pfsense_dns_resolver_custom_options.png?800|}}
  
 +
 +<WRAP todo>
 +**TODO:**  This image is wrong.  There should only be a single **server:** word, right at the top.  Remove the other one.
 +</WRAP>
 +
 +<WRAP info>
 +**NOTE: ** An alternative method is to have the following entries within the Resolver Custom option:
 +
 +<code>
 +server:
 +    local-zone: “plex.direct” redirect
 +    local-data: "plex.direct 3600 IN A "
 +</code>
 +
 +</WRAP>
 +
 +<WRAP info>
 +**NOTE:**  An alternative method to overcome the DNS protection is to navigate to **System -> Advanced -> Firewall and NAT**.
 +
 +In **Network Address Translation**:
 +
 +  * NAT Reflection mode for port forwards:  **NAT + proxy**.
 +
 +While this works for remote connections, it is not everything needed to get local secure connections working, so this is not the recommended approach to take.
 +
 +</WRAP>
 +
 +<WRAP important>
 +**WARNING:** When working around DNS rebinding protection this way, your apps and Plex Media Server will typically treat the connections as being from a **Remote** source.
 +
 +This can affect which streaming qualities are used, as well as trigger Remote-applicable Server Settings - Bandwidth and Transcoding Limits.
 +
 +</WRAP>
 +
 +----
  
 See [[PFSense:pfBlockerNG:Bypass pfBlockerNG for specific clients|Bypass pfBlockerNG for specific clients]] See [[PFSense:pfBlockerNG:Bypass pfBlockerNG for specific clients|Bypass pfBlockerNG for specific clients]]
pfsense/plex.1607331590.txt.gz · Last modified: 2020/12/07 08:59 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki