Problems with Netflix freezing at 25%
-
After a day or two, I added the Snort package (connectivity ruleset looking at LAN)
This is almost certainly the problem. There are a lot of rules in default Snort that will screw up Netflix (among many other things).
Disable Snort completely and clear the snort2c table (if you don't know how just reboot the firewall after disabling snort).Any IPS system is not meant to be just turned on and left alone. The idea is that you turn it on as an IDS only, then remove rules that result in false positives until you have it configured the way you like it (this usually takes a while because you need to see how it behaves with different types of traffic on your network on larger networks it can literally take months, small home use networks probably hours to days).
It's also possible that something on pfBNG or DNSBL is causing problems, or the VPN, but I'd put my money on snort.
As far as DNS Resolver goes, if you are using a specific service for DNS, then you are by definition not using Unbound as a Resolver, you are forwarding your requests to a third party. In the default out of the box setup pfSense will ask the Root DNS Servers for your DNS queries and work their way down the system. Regardless of what boxes you checked, if you use OpenDNS you are Forwarding.
-
My Sony smart TV running the Netflix app does the same thing now and then its having quite a bit of trouble today my pfsense is not using any VPN just DNSBL nothing in the logs indicate anything major is being blocked I suspect the CDN's in my area might be having issues as another streaming service ABC iview was also having trouble at the same time.
What packages are you using?
As has been stated, pfSense out of the box will stream Netflix perfectly. Any issue with Netflix or any other streaming service is not inherent to pfSense. It is most likely a configuration problem, beyond that, ISP, streaming service, hardware, etc. but definitely not just because of some unknown issue with pfSense.
-
apcupsd , Cron, openvpn-client-export , pfBlockerNG, snort (not active on any interfaces), squid , squidGuard
My TV hangs at 25% but given time and no changes to the FW things start working again I've yet to find any firewall or system logs that coincide with the issues
-
To benchmark performance, I took out pfSense and inserted my old firewall and rebooted all network hardware (including PoE switch that powers wifi). I've had Netflix running all morning while I've been working around the house and it hasn't hung a single time. I'm going to leave the old firewall installed for a day or two to make sure no glitches occur. This will eliminate the wifi AP, ISP, etc. as being suspects in the investigation.
Edit1: I dug through the Firewall and Snort logs and didn't see the Amazon FireTV IP address being flagged. If I understand correctly, Snort just looks at the packets and nothing is actually intercepted unless the Firewall is told to.
Edit 2: I looked closely at the Amazon FireTV. Netflix isn't hanging. The FireTV, although being connected to the wifi with a valid IP address, was actually losing connectivity. pfSense was actually blocking the device's IP address altogether at the firewall.
In the meantime, I'm building a fresh pfSense box (60GB SSD Atom D525 CPU 4MB memory dual-port Intel NIC). I plan on running the fresh install with as many factory defaults as possible as see how things work. I will report progress.
-
pfSense was actually blocking the device's IP address altogether at the firewall.
If you have snort configured as an IPS, then anything a rule hits on adds the IP to the snort2c table which the firewall uses to block traffic.
Just a configuration problem. And possibly related to snort depending on how you have it setup.
-
Conclusion: Netflix problem associated with Snort.
The fresh installation ran fine, so I swapped SSDs to my previous pfsense installation and un-installed Snort. Netflix working again.
In this thread, there was a off-topic discussion about OpenDNS. I started a new thread "OpenDNS and pfBlockerNG DNSBL" under the DNS forum, particularly how OpenDNS operating in forwarding mode impacts pfBlockerNG.
I will slowly work up towards IDS using Snort or Suricata. Seems that Suricata is the preferable selection. I have been reading the Asterix "Snort master Suppress List" thread and the pfBasic "Taming the beasts… aka suricata blueprint" thread.
"Snort master Suppress List" https://forum.pfsense.org/index.php?topic=56267.0
"Taming the beasts… aka suricata blueprint" https://forum.pfsense.org/index.php?topic=78062.450
"OpenDNS and pfBlockerNG DNSBL" https://forum.pfsense.org/index.php?topic=128721.0 -
Thanks for this info I have exactly same problem!
I was setting up pfSense and slowly adding new Services. Squid and SquidGuard, pfBlockerNG and then Snort and my Netflix broke. Exactly the same stopping at 25% loading. Netflix connectivity checks are fine and report no problem.
I had tried to find the issue in Snort but I couldn't find anything in the logs blocking my Sony TV running the Netflix. In fact I tested on other devices that initially still worked okay but eventually all devices stopped loading at 25%.
This leads me to believe that it has more to do with some sort of "reputation" rules that eventually block Netflix.
I keep on investigating this but if anybody has any hints where to look for the issue much appreciated!
-
Thanks for this info I have exactly same problem!
I was setting up pfSense and slowly adding new Services. Squid and SquidGuard, pfBlockerNG and then Snort and my Netflix broke. Exactly the same stopping at 25% loading. Netflix connectivity checks are fine and report no problem.
I had tried to find the issue in Snort but I couldn't find anything in the logs blocking my Sony TV running the Netflix. In fact I tested on other devices that initially still worked okay but eventually all devices stopped loading at 25%.
This leads me to believe that it has more to do with some sort of "reputation" rules that eventually block Netflix.
I keep on investigating this but if anybody has any hints where to look for the issue much appreciated!
After further investigation the culprit is not Snort but Squid Proxy Server!
I have no idea why but when Squid proxy is enabled Netflix will only stream to 25%. Disable squid and all is good!
What is strange though I could swear that I had this working with squid before. Even today I am pretty sure I was watching Netflix with squid enabled but then suddenly I hit that issue where it only loads to 25% until I disable squid. Very strange!
-
Not regarding Netflix but with squid Transparent proxy I got strange issues also like mobile APPS, sometimes are slow to load stuff and also take a long time to log out, when I disable squid everything is snappy
-
Check System - Advanced - Firewall & NAT.
Look for "IP Random id generation".
If it is checked, uncheck that box.
