Proxy with Dansguardian & HAVP trouble with Netflix on Android
-
I recently used a guilde to setup Squid3, Dansguardian, and HAVP. It's working well, except I am having trouble with it blocking Netflix on Android.
I installed Sarg to help troubleshooting.
I entered the following in the Dansguardian->ACL->SiteList->Exceptions:
netflix.com
nflximg.com
nflxvideo.net
brightedge.com
amazonaws.com
edgesuite.com
netflix.hs.llnwd.net
1e100.netOnce that was done, I was able to stream Netflix from my PC. However I still cannot stream from any of my Androids. The only difference with the Netflix on the android is that I see in Sarg a these different items for the android device:
2014-05-17 21:52 - 192.168.1.134 - GET 108.175.40.113
2014-05-17 21:52 - 192.168.1.134 - GET 108.175.40.110
2014-05-17 21:52 - 192.168.1.134 - POST android.nccp.netflix.com
2014-05-17 21:52 - 192.168.1.134 - GET 108.175.40.109I have identified that all the 108.175.40 addresses are legitimate and have PTR records of nflxvideo.net using mxtoolbox reverse IP lookup, which is why I added it to the above list, but it turns out they don't have A records so that doesn't help much.
However I still cannot access netflix from the Android device. I did some digging and found here: http://db-ip.com/all/108.175.32 and here: http://db-ip.com/all/108.175.47 that there is a large range for Netflix streaming: they have 4096 IPs.
How can I unblock the entire block of 108.175.32.0/20 in Dansguardian without entering in every IP?
Also, I'm not sure that will be the solution to make streaming on the Android work. Anyone have any other ideas while we're at it?
-
No one has any idea?
I really like pfSense, but I need this to work. If the logs just had more detail about what was going on I might be able to figure it out. The GUI logging capabilities leave a LOT to be desired. I have a rant about that I'll refrain from.
I've been toying with moving to Sophos UTM or Zentyal… This might be what pushes me there but I would really prefer to get pfSense filtering working properly (well I have it working; I just need it NOT to block Netflix on Android!)
-
I recently used a guilde to setup Squid3, Dansguardian, and HAVP. It's working well, except I am having trouble with it blocking Netflix on Android.
I ran into an issue with Netflix not working on Android during one of my many, many iterations of trying to get a stable pfsense+squid+dansguardian config. It may be the same issue that you're having. I think it was related to the flawed dansguardian package that was available via the pfsense webconfigurator. I think it was Marcello's build of the dansguardian binary that fixed it (among other problems). I've gone around and around with pfsense+squid+dansguardian, though so my memory could be faulty on the exact cause/solution, however.
At any rate, the setup that seems to give me the best stability so far is:
pfsense (I'm currently at 2.1.2, FWIW)
Squid3-dev (I'm at 3.3.10 pkg 2.2.2)
Dansguardian (I used 2.12.0.3_2 pkg v.0.1.8 and then updated the dansguardian binary with Marcellos' build)These threads have some info:
https://forum.pfsense.org/index.php?topic=58442.0
https://forum.pfsense.org/index.php?topic=43786.0This is my version of the fix, which seems to be somewhat different from some of the others' versions. Note, this is for 64-bit, NOT 32-bit systems:
killall dansguardian
rm -rf /usr/local/etc/dansguardian
ln -s /usr/pbi/dansguardian-amd64/etc/dansguardian /usr/local/etc/dansguardian
cd /usr/pbi/dansguardian-amd64/sbin
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/dansguardian
/usr/local/etc/rc.d/dansguardian.sh startRead the above threads for more context and for the variation that others have been using, though.
Hopefully, this will get you moving again. Unfortunately, I'm unable to give you any more details right now and won't be monitoring the forums for at least several days. I think the fix for you is probably going to be replacing the dansguardian binary with Marcello's version, though.
Good luck!