Discussion - Hetzner firewall blocking ICMP and some reverse proxy, notably access by Plex - fix (workaround) | PlexGuide.com

Discussion Hetzner firewall blocking ICMP and some reverse proxy, notably access by Plex - fix (workaround)

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

timekills

VIP
Original poster
Staff
Donor
Sep 12, 2018
369
193
I was having some issues recently with Plex not allowing remote connections through a dedicated Hetzner server. Also was blocking ICMP (ping) requests*.
I thought it might be because when I recently rebuilt I moved from Traefik through Cloudflare (which was working well) to Traefik through GoDaddy just to test.
That was a red herring.

The issue was the firewall settings in Hetzner's server config. I don't recall doing anything with them previously. Actually, I don't recall *seeing* a firewall setting, but the tab is there now.
I tried adding the Plex port, and some additional, into the firewall port allowances, but no dice.

Fix/workaround: Ultimately ended up just disabling. Not thrilled with that for obvious security reasons but I do have the ports locked through the Plexguide setting. Interestingly ICMP is still blocked*, which I assume is due to the locked ports although I haven't tried unlocking them to see. I'd be surprised if that actually blocked ICMP though.

*edit 29 SEP 18: ICMP blocking was ISP related (verified going through VPN, SSH through another site and RDP to a separate location.) Other firewall issues above are still valid and require disabling of Hetzner firewall.
HetzFirewall2.png
 
Last edited:
  • Like
Reactions: 1 user

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,117
that's good to know; we'll add to the wiki. surprised that is happening
 

timekills

VIP
Original poster
Staff
Donor
Sep 12, 2018
369
193
that's good to know; we'll add to the wiki. surprised that is happening
The ICMP block apparently is ISP related. I've never seen a ISP that blocked outgoing ICMP before...but apparently QNet does. I was able to ping the Hetzner site when using VPN and/or SSH through another site.

The firewall issue mentioned above is still accurate however.
 
  • Like
Reactions: 1 user

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,117
copy that!
 

coolhaus

Citizen+
Dec 27, 2018
18
2
Fix/workaround: Ultimately ended up just disabling. Not thrilled with that for obvious security reasons but I do have the ports locked through the Plexguide setting. Interestingly ICMP is still blocked*, which I assume is due to the locked ports although I haven't tried unlocking them to see. I'd be surprised if that actually blocked ICMP though.
Recently moved to Hetzner. Once logged into Hetzner Robot I leave the firewall turned off but I did select to keep
Hetzner Services ticked - If enabled, this rule will allow all Hetzner Services to connect to your server. This still allows ICMP and backup within the Hetzner network.

On the server I'm running Debian and use UFW firewall to secure the base OS. The way I have it setup currently is just SSH and port 443 open, the rest is completely locked down. Will be very similar for an OS like Ubuntu if you prefer that flavour. I highly recommend UFW as it is easy to understand and use.
 

Recommend NewsGroups

      Up To a 58% Discount!

Trending