In Plex:

Navigate to Settings → Server Settings → Remote Access.

Get the port number used by Plex for remote access.

This is at the Manually specify public port option. Default is port 32400.

In pfSense:

Navigate to Firewall → NAT → Port Forward.

• Add a new rule and fill it out as follows:
  • Interface is WAN, which if you run no VPN may be your only interface.
  • Protocol is TCP. If Plex starts using UDP then change this to TCP/UDP.
  • Destination is WAN address.
  • Destination Port Range is “Other 32400 Other 32400”.
  • Redirect target IP is our static Plex Server IP, and our redirect port number is again 32400.
  • Description is “Plex”.

When you receive request for port 32400 on the WAN gateway from any source IP or port, redirect it to 192.168.1.2:32400.

This may fix the “Remote Access” showing with a RED icon instead of with a GREEN icon.

pfSense includes built in methods of protection against DNS rebinding attacks.

In pfSense:

Navigate to Services → DNS Resolver → General Settings.

Add the following to the Custom Options box on a new line.

server:private-domain: "plex.direct"

Ensure that other entries in this box are on separate lines.

In pfSense:

Firewall -> NAT -> Port Forward

Against the same rule created above (the rule named “Plex”):

• Change NAT reflection from “Use System Default” to “Enable (NAT + Proxy)”.
• Apply changes and see if this makes a difference.

In Plex:

For Plex to work direct, and not in Indirect mode (limited to the quality you can play back to like a 2mbit stream or something)

System -> Advanced

Disable DNS Rebind Checks. But try without it first to see.

https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/

https://docs.netgate.com/pfsense/en/latest/dns/unbound-dns-resolver.html

https://en.wikipedia.org/wiki/DNS_rebinding

https://support.plex.tv/articles/200931138-troubleshooting-remote-access/