Comodo Firewall Conflict with Plex Media Server?

Running Comodo Firewall 5.12.256249.2599. It has served me well, but ran into a bit of problem with Plex Media Server. (plexapp.com)

Installed Plex Media Server, which works great… inside my LAN. My PC runs ■■■ fine, and I was able to access it with multiple clients on different PCs (mainly through a Netopia 3000 DSL wifi router), and even the Android client works fine… WITHIN the WiFi LAN. However, I can’t “publish the server” to the MyPlex service, which would have allowed me to access the ■■■ via 3G/4G on my phone.

I figured out that I need to do my port forwarding, so I got THAT done. And yes, it’s done correctly. Yes, both TCP and UDP.

But when I use a port tester, no packets are getting through. Connection timed out.

So I turned OFF the Comodo firewall (set firewall status to disabled), and the port tester works. And the server was “published” correctly.

Turn on the firewall… port tester gets “connection timed out” as if the port’s stealthed.

Comodo firewall confirms the “Plex Media Server” is listening on port 32400, which is as it should. But somehow with Comodo firewall on (even in training mode), no packets are getting to it. I’ve already added “Plex Media Server” to trusted app list, and verified that it has “allow all incoming and outgoing requests” set.

There are NO firewall events in the log. Nada. Zilch. Nothing.

I am stumped.

Welcome to the forum.

You’ll need to ensure the server can receive inbound connections through whichever port you’ve designated, the default is 32400. For that to happen correctly, you’ll need an inbound Application rule for Plex Media Server.exe and, depending of your Global rules, a corresponding inbound Global rule for TCP Port 32400.

As stated in first post, Plex Media Server already has custom application rule “Allow all incoming and outgoing requests”

depending of your Global rules, a corresponding inbound Global rule for TCP Port 32400.

So under global rules, I need to add a rule (before the final red “exclusion rule”) that says…

Any incoming address
heading toward (specific static internal IP address ■■■ was installed on)
from any port
to 32400

Right? That seem to have worked… Anything I’m missing?

(And why didn’t the app specific rule override the global rule?)

If it’s working, probably not :slight_smile:

(And why didn't the app specific rule override the global rule?)

The firewall uses two sets of rules, Application and Global. Application rules are generally unique for each application, whereas Global rules generally affect all applications. For the most part, applications such as browsers, email, and most system processes, will work without any special needs in Global rules. However, applications that require explicit inbound connections, for example a server service or p2p application, depending on your configuration, may need to be allowed to reach the application rule by opening the port in Global rules. This process is generally only necessary if you’ve used the stealth ports wizard, to block all inbound connections, you’ve chosen the Internet Security configuration or you’ve manually created a full block rule.

Solved with a global rule:

Allow
TCO or UDP
Any source address address
Any source port (important! lost lot of time specifying 32400)
destination port 32400