A little help with static routes for Netflix


  • Hey guys, i am having a little difficulty with static routes.  I am trying to use a smart DNS company that bypasses Netflix geo location blocks.  For the most part most devices work perfectly with no intervention except using their DNS servers.  The problem is one of my Roku's needs static routes.  Basically anything that goes to 8.8.8.8, 8.8.4.4, and a few Netflix servers is supposed to be blocked and forced to use the DNS company servers.  I enter all the routes that they say but I can still ping 8.8.8.8 and 8.8.4.4.. this is the page I am using.. any help would be much appreciated..

    IP: 8.8.8.8
    Subnet: 255.255.255.255 (or /32)

    IP: 8.8.4.4
    Subnet: 255.255.255.255 (or /32)

    IP: 108.175.32.0
    Subnet: 255.255.240.0 (or /20)

    IP: 198.38.96.0
    Subnet: 255.255.224.0 (or /19)

    IP: 198.45.48.0
    Subnet: 255.255.240.0 (or /20)

    IP: 185.2.220.0
    Subnet: 255.255.252.0 (or /22)

    IP: 23.246.0.0
    Subnet: 255.255.192.0 (or /18)

    IP: 37.77.184.0
    Subnet: 255.255.248.0 (or /21)

    IP: 45.57.0.0
    Subnet: 255.255.128.0 (or /17)

    Note: These routes may change over time.

    ![static routes2.png_thumb](/public/imported_attachments/1/static routes2.png_thumb)
    ![static routes2.png](/public/imported_attachments/1/static routes2.png)


  • i don't see the point in using static routes to block access.

    if you just want to block access, you should use firewall rules.

    if you want to redirect all DNS requests to different dns servers:
    @vaibhav1993:

    Thanks @Natchfalke . Now I can force clients with static ip to use OpenDNS no matter what DNS servers that they have in their PCs. This would have been very easy for DCHP clients using DNS forwarded but for static clients do as follows :

    1. Goto Firewall > Aliases
    Add a new alias
    Name  - opendns ( or anythin u wish .. nthin particular abt this )
    Type - Host(s)
    Now in Host(s) add IPs of OpenDNS i.e add two ips 208.67.222.222 and 208.67.220.220
    Save this

    2. GO to Firewall > NAT
    Add a  Port Forward ( the first tab )
    protocol TCP/UDP
    Destination - any  ||  Port 53 ( or select DNS in dropdown )

    Source - any || Port - any

    Redirect Target ip - type opendns ( or the name you gave to the alias )
    Redirect port - DNS (53)
    Save this

    3. Follow these 2-3 small steps http://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers

    And you are good to go ….
    Hope This Helps !!
    Cheers !!


  • I am not entirely sure,  it's their software engineers that wrote the directions. i already have the dns setup network wide and it still doesn't work. apparently the Roku has googles dns hardcoded into it and we have to work around it.


  • @xman111:

    …. apparently the Roku has googles dns hardcoded into it and we have to work around it.

    Do not doubt about that. Check it out to be sure.
    => create a firewall rule that combines their IP and the outgoing IP (8.8.8.8 etc) port 53.
    If the device still resolves, you know it will use other DNS servers …
    If they stop resolving ... well .. what about throwing them away ? Hard-coding (DNS) IP addresses is ... bad, very bad.


  • thanks for the response.  I am not at home to try that now but I did put in the static routes and I can still ping 8.8.8.8 and the rest of the entries so I figure it doesn't work.  It really isn't the end of the world if I cannot get it working.  It is more of a why it isn't working.  I figured it would be an easy thing to do, i did it at my parents house on a cheap Dlink router and it worked fine.  Any other ideas?