Is there any body able to access Netflix as per: https://www.youtube.com/watch?v=ekRgAATnIsU&list=PLbcrRBt7PuIT30FoJs6uPR1v7NnXmaKvx&index=5
This is what I currently have in place yet netflix still blocks me.
Have already restarted the pfsense box a few times and nada
Thanks,
I could never get the rule to work using the domain names. I use a list of ip address in the alias instead. The list has to be updated if the ip's change but it's been working for the past year without having to update the list.
Are you able to share the list of IP addresses?
Thanks!
Should be able to find what you need here:
I'm trying the same and failing miserably. A traceroute to any of the Domains shows traffic going out via WAN but I still get the block message.
I have them saved in a text file but I don't access to it at the moment. It think someone has put a up list or left instructions on how to lookup the ip's on the pfsense forums. That's were I developed my list from. I believe Netflix uses Amazon Web services so you have to have the ip addresses for the AWS servers.
Thanks guys, tried the redit one and nothing :S
Try changing to protocol from tcp/udp to any. Also make sure you reset the state table after any firewall change to make sure it's not just old states that are the problem.
Also just an opinion on use domain names in aliases. The way it works is that the firewall will periodically lookup the ip for that domain, so it is only at any time storing a single IP (or whatever IPs it was given when it did a lookip) for the domain. So for firewall rules to work when using domain names in aliases the client has to get the same ip as the firewall, so you have to be using the same dns server for starters. What you want to do is use the dns resolver in pfsense (not the dns forwarder) and make sure the cache is enabled. This way whatever ip the firewall got when it did it's lookup should be stored in the cache and when the client does the same look up it will get the same address. You could even go and set the lookup time for the aliases to the same length and the cache time.
will give it a shot and update the thread, thx!!
Did not want to play ball with me, will try a few other things and update the conversation if it works...
Netflix should just open up the gates and let it be, I guess they dont "want my monies" lol
Thx again!
I've pasted a link below to a 7zip file that has list of about 1700 ip addresses that Netflix and their Amazon AWS servers use. If you can get a list of fully qualified domain names to work then that would be preferable though. I've tested this list so I know it works but it may have a lot of extra ip addresses that they may not use any more so use at your own risk. The list is pretty comprehensive and includes AWS servers outside of the US. There is also a list of Hulu domain names as well. I've also pasted a screen shot of what the rule should look like on the pfSense Firewall >>Rules>>LAN tab.
Also, let me know if the link works correctly cause I haven't used Google Drive sharing before. Hopefully, I haven't opened the whole drive up.
Yeah I don't know how well using domain names works because of the number of possible IP addresses netflix could be using and all the caching and CDN stuff going on. What I would do to make sure your domain name list is accurate is to run wireshark or some other packet sniffer on the machine accessing netflix and filter it to look at DNS traffic, then check that all the DNS lookups it's doing for netflix are what you have in your alias. Kind of a pain but you will at least know that the problem isn't your domain list.
If you use a complete list of IP addresses that will work to, but who knows what else uses those same IPs. If netflix used a different port to web traffic then this would be a lot easier but unfortunately there's no easy way around it.
Thanks again gang!
I know, it is an old post. I am running PIA VPN through PFSense, and one of the kids was unable to watch Netflix.
What I did was create an alias in Firewall/Aliases/IP. I added the three Netflix boxes that we have.
Nine months later necro. Thread is locked.
