Plex on separate vlan than file server. Pfsense rules help

I have my Truenas file server on (VL20) 192.168.20.x and my Plex Media Server on (VL70) 192.168.70.x. I am still learning pfsense rules and can’t seem to get Plex the proper permission to the share on VL20. If someone has a similar setup and can help with the pfsense rules, I would appreciate it? Thank you…

Probably need a bit more info first. How are you running Plex? Windows/linux/docker? How is the Plex machine trying to connect to TrueNAS? SAMBA/NFS?

While not exactly the same, I have a backup server (small synology) on one VLAN ( connected to a few other servers on a second VLAN ( I put a rule in pfSense on the interface of my servers to allow a single host or alias to connect to the single host or alias IP address of the backup server. Make sure this rule is above any intervlan blocking rule you might have.

The connection type is NFS for me - so on the NFS backup server, I have security set that I have to allow connections from a specific IP address first (I do it for each of my servers - maybe this is inefficient, but I don’t know a better way). Then on my main servers, I connect directly to the IP address of the backup server via the NFS share. Done.

@noja Thanks for the reply. Here’s the requested information:

I am running Plex on Ubuntu Desktop 20.04. Plex machine try to connect via NFS.

Can I ask… why?


Well, it is a hosted service that I may access outside my home. Or say I would like to share a movie or something with a friend that I give access to plex. So plex is on my DMZ vlan Isolated from my other vlans.

that’s not how that works…

Humor Boomer GIF

@faultline I am listening…

You only need to forward the one plex port (default 32400),

@faultline I have forwarded that port. It is not working. I will keep working on it and share afterwards…

You are not port forwarding correctly, then. Can you share with us how you’re doing that?

That’s literally all it takes. As long as it’s forwarded correctly and you’re not behind CG-NAT.

@JDM_WAAAT Thank you. I may not be thinking about this correctly. When you say port forwarding, are you thinking that I am having issue accessing from the outside of my home network? In that case I would need port forwarding rule on my WAN in pfsense. I am having issues having Plex Media Server on (VL70) 192.168.70.x. accessing media files on Truenas file server on (VL20) 192.168.20.x.

I don’t see what purpose that is serving aside from unnecessary complexity.

Why are they on separate VLANs within your internal network?

@JDM_WAAAT The easy way to do this is to throw my my plex server on vl20 and be done. I get it. I have accomplished that. However, what if for security reasons I do not want it on the same vlan. I just want plex to access an NFS share on that vlan.

My issue here is that for a device that is accessible from the outside, from a security standpoint should be isolated from your other vlans.

@faultline Just from a security perspective. I know true security would be to have a dedicated NAS just for Plex on the same network.

However, doing it this way provide some security at least…

You have a fundamental misunderstanding of your network and network security and/or are vastly overestimating the lateral movement of a bad actor.

Also, you don’t need to @ us for individual replies.

Ok, Thank you.

Are you using strong passwords locally? Are you using key-based ssh login (no remote root login)? These are going to be the key to stopping a bad actor. On the NFS side, you can also limit it to a read-only share. Enable firewall at your NAS if you want to get really fun and only allow NFS from the plex server IP.

1 Like

OK cool, I will definitely ensure that I have these in place…