PfSense - Cannot connect to Netflix and Hulu on Andriod devices / Smart TVs
-
firewall > rules > lan
add a static entry for each of the devices.
edit the gateway of EACH statically created device and change it to gateway/ WAN interface.
this works for both PIA and nordvpn
-
firewall > rules > lan
add a static entry for each of the devices.
edit the gateway of EACH statically created device and change it to gateway/ WAN interface.
this works for both PIA and nordvpn
thanks, but it unfortunately didn't make a difference
Network: 192.168.100.20/32 (IP address of a Smart TV)
Gateway: 192.168.2.1 (Gateway of WAN2)
Interface: <interface is="" correct="">I'm using dual-WANs through a gateway group.</interface> -
I'm also not using a VPN.
It's just pfSense 2.4.2 basic configuration w/ a gateway group setup for Dual WANs.
I'm going to erase and install 2.3.5
-
pfSense 2.3.5, out of the box, didn't configure anything but 1 WAN and LAN through the initial install prompts.
Same situation- Netflix, Hulu, Amazon Video all fail to load on the Smart TVs.
Zero issues with Apple and MSFT products.
This is really frustrating
-
IPV6 in play?
-
IPV6 in play?
Got it disabled / set to "None" on the WAN / LAN interfaces
Temporarily setup a Floating Firewall rule to Deny any IPv6 Traffic - source anywhere, destination anywhere– but didn't make a difference.
Poor Amazon Echo won't connect either :/
-
Hi,
Heres what i have done. Please make an alias with all the static assigned IP's of media devices. Create a floating rule for that alias and ope the ports for it. I think i have 80 and 443 and then all the ephemeral ports. You can google the range for ephemeral ports.
Please see the attached screen shot of my floating rule for media devices. Also if you have squid, by pass the rule for those ip's.Please let me know if you are still stuck,
thanks,
molykule
-
Hi,
Heres what i have done. Please make an alias with all the static assigned IP's of media devices. Create a floating rule for that alias and ope the ports for it. I think i have 80 and 443 and then all the ephemeral ports. You can google the range for ephemeral ports.
Please see the attached screen shot of my floating rule for media devices. Also if you have squid, by pass the rule for those ip's.Please let me know if you are still stuck,
thanks,
molykuleI copied your floating firewall rule starting w/ 1 Smart TV IP – added Alias for ports 80, 443, and 49152:65535, however the issue still persists.
Another weird thing I noticed, the "sign in" button on pfchangs.com doesn't trigger the pop-up; happens on all computers. Works when I switch to Wifi off ISP modem.
For what it's worth, I installed and did the basic config of OpenSense-- same issues there too.
Here's my full setup if this helps...
WAN 1 -> Time Warner Coax -> Netgear Modem -> Linksys Velop Router -> PCIe Dual Nic Port 1 (WAN1 in)
WAN 2 -> ATT Uverse Copper -> ATT Modem/Router Combo -> PCIe Dual Nic Port 2 (WAN2 in)
LAN out -> Netgear Gigabit Switch -> Wired Devices / Wifi Controller in Bridged modem (DHCP on wifi controller turned off)Ubuntu 16 Desktop Parent Host
1x Onboard NIC (LAN in)
1x PCIe NIC (LAN out)
1x PCEe Dual Nic ( WAN1 in, WAN2 in)Virtual Box- VM Hosting pFSense 2.4.2
Bridged Adapters for WAN1 in (em0) WAN2 in (em1) LAN1 out (em2) - > Promiscuous Mode - Deny All on all adaptersWAN1 em0: 192.168.2.x (assigned by DHCP of Linksys Router)
WAN2 em1: 192.168.1.x (assigned by DHCP of ATT Modem/Router Combo)
LAN em2: 192.168.100.1 (gateway for local network devices / issuing DHCP)DNS: I disable internal DNS server from pfSense. I have LAN DHCP server set to use a custom DNS IP for devices-- a Raspberry Pi thats running PiHole
-
I ran into lots of issues because of the following
1. Pfsense loves intel Nic’s (not your issue just throwing it out there)
2. Clear the blacklisted ip addresses
3. (do u have snort enabled?) if yes what rules sources Are you using? -
I ran into lots of issues because of the following
1. Pfsense loves intel Nic’s (not your issue just throwing it out there)
2. Clear the blacklisted ip addresses
3. (do u have snort enabled?) if yes what rules sources Are you using?Nothing blacklisted. All NICs are physically Intel except 1, but they're all Intel emulated within Virtualbox.
For now, I have the TVs connected to the Linksys Velop Wifi (different than my regular wifi controller) / bypassing pfSense. On the CODELQ traffic shaper for that WAN, I reduced the speed 12mbits leaving room for the TVs if my main network is saturating the circuits.
Not sure what snort is, unless it's enabled and installed by default, I don't have it.
It's frustrating to the point where I'd pay someone $50 to fix it. Any takers :)?
-
You have to enable IPV6 from lan to wan.
I had the same issue. My guess is that it is part of the anti-VPN measures Netflix et Al have put in place
-
@ccnewb
Hey,
Are you using DNS Resolver? -
@yanik @usedtolosing : why are you replying against a 4 years old thread ?
-
@gertjan because I found a solution, and I had a problem.
Google still returns search results for old threads.
Why are you replying to a 4 year old thread?
-
@usedtolosing said in PfSense - Cannot connect to Netflix and Hulu on Andriod devices / Smart TVs:
Google still returns search results for old threads.
pfSense, dated 4 years ago has close to nothing to do with pfSense today.
Like applying a Windows XP solution on Wiondows 10.
Are you using a pfSense version from 2017 ? -
@usedtolosing
How did you enable IPv6 from LAN to WAN?
This thread may be old, but it's still an Issue with Chromecast 4th gen and Netflix. Although it works when I make a floating rule to pass all for the Chromecast. -
@truetype said in PfSense - Cannot connect to Netflix and Hulu on Andriod devices / Smart TVs:
@usedtolosing
How did you enable IPv6 from LAN to WAN?
This thread may be old, but it's still an Issue with Chromecast 4th gen and Netflix. Although it works when I make a floating rule to pass all for the Chromecast.Yup, I am facing this crazy issue tonight.
Netflix will not let my android login. If I switch off of using pfSense DNS then it works immediately every time.
This is so bizarre. There is nothing in the firewall logs. Nothing. Even pcap is useless, it's like it doesn't show any traffic because the client never gets a DNS response for Netflix. So it never tries to connect.
It is 100% something with DNS. Even if I connect to another vlan it's the same problem. I disabled all firewalling, everything, changed firewall to use Google DNS...last resort would be to try disabling caching I guess.
I'm a senior network admin and this problem is driving me crazy.
Edit: enabling DNS forwarding mode fixes the issue. This is definitely some kind of unbound issue....SO weird.
-
After some further reading this appears to be due to ECS responses - which adds geolocation type data to the DNS query. Unbound seems to be having some problems with that in pfSense.
When googling e.g 'unbound netflix' more information seems to be coming up. Unbound does support ECS but I've no idea how to go about enabling that in pfSense.
Some workarounds are to set forwarding zones for specific hostnames so that it always sends queries for those domains to upstream servers (hence why forwarding mode works immediately). But it gets cumbersome as Netflix has many hostnames.
E.g:
forward-zone: name: "netflix.com" forward-addr: 8.8.8.8From https://www.reddit.com/r/pihole/comments/n5ne6b/pihole_unbound_netflix_issues/
-
If people /networks that use pfSense as a firewall router had issues using 'netflix.com' then this would be a hot, ongoing issue on this forum, the unbound support forum, etc.
Actually, every FreeBSD user, as FreeBSD uses unbound by default, would face the issue.
And more : Netflix itself is one of FreeBSD's biggest FreeBSD users .....So, I say it upfront : sorry for not being able to help, but : what did you do to not making it work ?
It's not hard to create a default pfSrnse installation : after install, connect the WAN.
LAN : same thing - don't use any VLAN stuff... keep the one and only default LAN firewall rule.
Just change the password.
Do not add or change anything related to DNS, as pfSense uses unbound, a solver, so nothing (like zero) is needed to make DNS work.netflix works ....
Now, get your setup back to what it is now .... netflix doesn't work.You've found the issue ;)
-
So this is not an IPv6 specific issue?
I've never seen an issue logging into Neflix with an Android based smart TV behind pfSense here. It could be regional I guess.
