1

As the title suggest, I want to basically disable the public TCP port and allow plex or other apps to only connect using Tailscale.

Like, I don't want to allow server-public-ip:32400, but instead I wanna do tailscale-server-name:32400.

If I have the port opened in TCP for all sources it works, doesn't work when I remove the ingress rule.

oracle-vcn

The server pings fine (MagicDNS enabled)

Pinging oracle.hidden-name.ts.net [tailscale-ip] with 32 bytes of data:
Reply from tailscale-ip: bytes=32 time=36ms TTL=64
Reply from tailscale-ip: bytes=32 time=36ms TTL=64
Reply from tailscale-ip: bytes=32 time=38ms TTL=64
Reply from tailscale-ip: bytes=32 time=37ms TTL=64

Ping statistics for tailscale-ip:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 38ms, Average = 36ms
Yash Garg
  • 477
  • 5
  • 11

2 Answers2

1

Figured it out. It won't work with only machine name as it won't resolve HTTP/S, will work with Tailscale IP or the ts.net domain.

Yash Garg
  • 477
  • 5
  • 11
0

If I have the port opened in TCP for all sources it works, doesn't work when I remove the ingress rule.

That likely means the apps connecting to plex are still using the LAN IP address, not the Tailscale IP address. Using MagicDNS might help, the Plex app can be told to go to plex.example.com.beta.tailscale.net.

DGentry
  • 16,111
  • 8
  • 50
  • 66
  • I have MagicDNS already turned on, and the server also pings fine using the server name. Updated the post with more details. – Yash Garg Apr 17 '22 at 17:17
  • Okay it works on http://oracle.hidden-name.ts.net:32400, I was trying to do oracle:32400. – Yash Garg Apr 17 '22 at 17:59