Updated FAQs (markdown)

FAQs.md

@@ -16,6 +16,7 @@ This has been written to address some frequently asked questions among users of
 * [Can the Quick Installer accept the default options without prompting me?](#unattended)
 * [Can I configure an alternate port for RaspAP's web service?](#webport)
 * [OpenVPN fails to start and/or I have no internet. Help!](#openvpn)
+* [How do I exclude iptables NAT rules from requests to localhost?](#iptables)
 
 ### <a name="settings"></a>What do all these settings in the UI do? Changing them seems to have no effect.
 RaspAP manipulates several daemons, services and helper programs behind the scenes for you. In the footer of each management panel is a helpful "Information provided by..." label. These indicate which Linux daemon and/or program is being modified by the UI. Learning what these services are and how they work will go a long way toward demystifying things.
@@ -122,7 +123,7 @@ Give the nodogsplash service a kick:
 
 `sudo systemctl restart nodogsplash`
 
-...and verify that the service is running:
+and verify that the service is running:
 
 `sudo systemctl status nodogsplash`
 
@@ -191,9 +192,7 @@ and finally restart hostapd:
 sudo systemctl restart hostapd.service
 ```
 
-**Important:** Take note that it's possible to overwrite your manual changes to `dhcpcd.conf` with RaspAP's [default configuration](https://github.com/billz/raspap-webgui/tree/master/config), depending on which functions you use in the UI.
-
-Also, be aware that external WiFi adapters (ie, USB "dongles") vary greatly in terms of hardware capabilities and driver support. Many do not work out of the box on the RPi, require a powered USB hub, manual driver and/or firmware installation or are otherwise [not well suited for the RPi](https://elinux.org/RPi_USB_Wi-Fi_Adapters). For these reasons, issues related to wlan0 and wlan1 configurations with external adapters will not be considered.
+**Important:** Be aware that external WiFi adapters (ie, USB "dongles") vary greatly in terms of hardware capabilities and driver support. Many do not work out of the box on the RPi, require a powered USB hub, manual driver and/or firmware installation or are otherwise [not well suited for the RPi](https://elinux.org/RPi_USB_Wi-Fi_Adapters). For these reasons, issues related to wlan0 and wlan1 configurations with external adapters will not be considered.
 
 ### <a name="monitor"></a>Can I use RaspAP as a monitor only, without changing my configuration?
 Yes, RaspAP has support for a so-called "monitor mode". In `config.php` change the setting `RASPI_MONITOR_ENABLED` to `true`. This disables the ability to modify settings, start/stop daemons, shutdown or reboot the RPi. RaspAP will continue to report interface statistics, service settings and data usage as normal. 
@@ -211,7 +210,7 @@ Failed to connect to non-global ctrl_ifname: wlan0  error: No such file or direc
 sudo wpa_supplicant -B -Dnl80211,wext -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0
 ```
 
-...substituting `wlan0` with your wireless interface, if necessary. You should then be able to perform scans as expected.
+substituting `wlan0` with your wireless interface, if necessary. You should then be able to perform scans as expected.
 
 ### <a name="unattended"></a> Can the Quick Installer accept the default options without prompting me?
 Yes, the [Quick Installer](https://github.com/billz/raspap-webgui/wiki/Quick-Installer-usage) has a non-interactive mode that lets you perform unattended setups. This mode assumes "yes" as an answer to all prompts. You can do an unattended install of RaspAP by appending the `--yes` command-line option, like so:
@@ -246,5 +245,32 @@ RaspAP supports OpenVPN clients by uploading a valid .ovpn file to `/etc/openvpn
 
 It is your responsibility to provide a valid .ovpn file; RaspAP does not attempt to validate the settings or RSA keys contained in this file. If OpenVPN fails to start, check for errors with `sudo systemctl status openvpn-client@client` and `journalctl --identifier openvpn`.
 
+### <a name="iptables"></a> How do I exclude iptables NAT rules from requests to localhost?
+RaspAP's [Quick Installer](https://github.com/billz/raspap-webgui/wiki/Quick-Installer-usage) configures network-address-translation (NAT) with iptables rules, so that the RPi can act as an internet gateway to multiple hosts on a local network with a single public IP address. This is done by rewriting the addresses of IP packets as they pass through the NAT system. Many access points, including RaspAP, use a combination of IP forwarding and masquerading to achieve this.
 
+In some cases, NAT rules applied to `localhost` can interfere with other services running on an RPi. An example is the Plex Media Server, which has an API that listens on localhost. As of this writing, the Plex API has been built to not authenticate communication between service processes of the server. This can cause a failure to communicate with the Plex API or similar add-on services on your RPi.
 
+The solution is to add a NAT rule ahead of the rule RaspAP installs to not apply NAT to connections destined to 127.0.0.0/8:
+
+```
+$ sudo iptables -t nat -I POSTROUTING -d 127.0.0.0/8 -j ACCEPT
+```
+The resulting iptables chain should look something like this:
+
+```
+$ sudo iptables -t nat -L -n -v
+Chain PREROUTING (policy ACCEPT 31 packets, 4810 bytes)
+ pkts bytes target prot opt in out source destination
+
+Chain INPUT (policy ACCEPT 31 packets, 4810 bytes)
+ pkts bytes target prot opt in out source destination
+
+Chain OUTPUT (policy ACCEPT 23 packets, 1338 bytes)
+ pkts bytes target prot opt in out source destination
+
+Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
+ pkts bytes target prot opt in out source destination
+   17 999 ACCEPT all -- * * 0.0.0.0/0 127.0.0.0/8
+   2422 158K MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
+```
+Refer to [this issue](https://github.com/billz/raspap-webgui/issues/333#issue-454352554).