Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Watching Videos and IP Geolocation

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matthew.c.tx
      last edited by

      I tried to search for this, but I'm kind of lost on what keywords to use.

      I'm in Austin, TX and have been trying to watch a video on cc.com through pfSense. Websites tells me I can't watch the video because I'm "in the UK".

      Watching the video through our Untangle box (through the same ISP) works perfectly, but I'm trying to replace Untangle with pfSense.

      Going to all those GeoIP sites through pfSense confirms that I'm in Texas, but speedtest.net thinks I'm in Kansas.

      Thanks for reading this. If you have any tips or just any key words I can Google it'd be much appreciated.

      1 Reply Last reply Reply Quote 0
      • M
        matthew.c.tx
        last edited by

        I think I may know the root of the problem.

        Our current LAN uses 192.150.x.x (I realize this is a problem) that feeds through proxies for web filtering into our DMZ LAN 192.168.x.x then through our Untangle box.

        I want to remove Untangle, the web proxies, and the DMZ (since we no longer host our own website) in place of pfSense. Short of changing the whole IP range of the network, is there something I can do in pfSense that disguises the fact that we're (inappropriately) not using a private IP range?

        1 Reply Last reply Reply Quote 0
        • M
          MindfulCoyote
          last edited by

          @matthew.c.tx:

          Short of changing the whole IP range of the network, is there something I can do in pfSense that disguises the fact that we're (inappropriately) not using a private IP range?

          If you have pfSense configured to perform NAT translation (the default configuration) only your public IP address will be visible to the rest of the world. The only time your use of a public IP range should become an issue is when you try to access an IP address belonging to the actual owner of that block.

          You can confirm the "visible" IP address any number of ways: https://www.google.com/#hl=en&q=what+is+my+ip

          Err

          –
          Erreu Gedmon

          Firewalls are hard...
          but the book makes it easier: https://portal.pfsense.org/book/

          1 Reply Last reply Reply Quote 0
          • M
            matthew.c.tx
            last edited by

            @MindfulCoyote:

            If you have pfSense configured to perform NAT translation (the default configuration) only your public IP address will be visible to the rest of the world.

            Thank you, that did help a lot. I had been checking those "what is my IP" sites, but I hadn't considered reverting to a default pfSense config.

            I disabled Squid Proxy (just using it to cache anyway) and now everything works fine. With whatismyip with Squid it was 192.150.x.x; without Squid my public IP 66.x.x.x

            1 Reply Last reply Reply Quote 0
            • M
              MindfulCoyote
              last edited by

              @matthew.c.tx:

              I disabled Squid Proxy (just using it to cache anyway) and now everything works fine. With whatismyip with Squid it was 192.150.x.x; without Squid my public IP 66.x.x.x

              I didn't realize you were using Squid. I think there's an option in the Squid settings to disable exposing your internal IP addresses. This thread talks about changing the "forwarded_for" setting. https://forum.pfsense.org/index.php?topic=72253.0 and http://www.squid-cache.org/Doc/config/forwarded_for/

              I think I would try "forwarded_for delete".

              Err

              –
              Erreu Gedmon

              Firewalls are hard...
              but the book makes it easier: https://portal.pfsense.org/book/

              1 Reply Last reply Reply Quote 0
              • M
                matthew.c.tx
                last edited by

                Yeap, that did it. Reenabled Squid, found and checked the "Disable X-Forward" option, and now it seems I have a cache without sharing my private IP addresses.

                Thank you again.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.