Watching Videos and IP Geolocation



  • I tried to search for this, but I'm kind of lost on what keywords to use.

    I'm in Austin, TX and have been trying to watch a video on cc.com through pfSense. Websites tells me I can't watch the video because I'm "in the UK".

    Watching the video through our Untangle box (through the same ISP) works perfectly, but I'm trying to replace Untangle with pfSense.

    Going to all those GeoIP sites through pfSense confirms that I'm in Texas, but speedtest.net thinks I'm in Kansas.

    Thanks for reading this. If you have any tips or just any key words I can Google it'd be much appreciated.



  • I think I may know the root of the problem.

    Our current LAN uses 192.150.x.x (I realize this is a problem) that feeds through proxies for web filtering into our DMZ LAN 192.168.x.x then through our Untangle box.

    I want to remove Untangle, the web proxies, and the DMZ (since we no longer host our own website) in place of pfSense. Short of changing the whole IP range of the network, is there something I can do in pfSense that disguises the fact that we're (inappropriately) not using a private IP range?



  • @matthew.c.tx:

    Short of changing the whole IP range of the network, is there something I can do in pfSense that disguises the fact that we're (inappropriately) not using a private IP range?

    If you have pfSense configured to perform NAT translation (the default configuration) only your public IP address will be visible to the rest of the world. The only time your use of a public IP range should become an issue is when you try to access an IP address belonging to the actual owner of that block.

    You can confirm the "visible" IP address any number of ways: https://www.google.com/#hl=en&q=what+is+my+ip



  • @MindfulCoyote:

    If you have pfSense configured to perform NAT translation (the default configuration) only your public IP address will be visible to the rest of the world.

    Thank you, that did help a lot. I had been checking those "what is my IP" sites, but I hadn't considered reverting to a default pfSense config.

    I disabled Squid Proxy (just using it to cache anyway) and now everything works fine. With whatismyip with Squid it was 192.150.x.x; without Squid my public IP 66.x.x.x



  • @matthew.c.tx:

    I disabled Squid Proxy (just using it to cache anyway) and now everything works fine. With whatismyip with Squid it was 192.150.x.x; without Squid my public IP 66.x.x.x

    I didn't realize you were using Squid. I think there's an option in the Squid settings to disable exposing your internal IP addresses. This thread talks about changing the "forwarded_for" setting. https://forum.pfsense.org/index.php?topic=72253.0 and http://www.squid-cache.org/Doc/config/forwarded_for/

    I think I would try "forwarded_for delete".



  • Yeap, that did it. Reenabled Squid, found and checked the "Disable X-Forward" option, and now it seems I have a cache without sharing my private IP addresses.

    Thank you again.


Log in to reply