Neflix IP ban

flynno · August 27, 2018, 7:04pm

Hey guys,

I masquerade my clients out behind one IP and for some reason Netflix has banned that IP now.

error message
Whoops, something went wrong.Streaming error.You seem to be using an unblocker or proxy. Please turn off any of these services and try again.”

Anyone else having the same problem?

flynno · August 27, 2018, 9:17pm

Clients are showing they have two IP addresses instead of one on whatsmyip.net, one real IP and the other IP’s are fake here is three IPs that showed up 66.249.81.232, 66.249.81.228, 66.249.81.234.

They are not using VPN;s or proxies. I changed the IP of the main router for now and added firewall rules to block vpn’s for clients.

/ip firewall filter
add action=drop chain=forward comment=PPTP dst-port=1723 protocol=tcp
add action=drop chain=forward comment=“Default OpenVPN UDP port” dst-port=1194 protocol=udp
add action=drop chain=forward comment=“Default OpenVPN TCP port” dst-port=1194 protocol=tcp
add action=drop chain=forward comment=“Default OpenVPN UDP port” dst-port=443 protocol=udp
add action=drop chain=forward comment=“Default OpenVPN TCP port” disabled=yes dst-port=443 protocol=tcp
add action=drop chain=forward comment=“Default OpenVPN TCP port” dst-port=1290 protocol=tcp
add action=drop chain=forward comment=“IPSec ESP” protocol=ipsec-esp
add action=drop chain=forward comment=“IPSec AH” protocol=ipsec-ah
add action=drop chain=forward comment=L2TP dst-port=1701 protocol=udp
add action=drop chain=forward comment=“IKE Connection” dst-port=500 protocol=udp
add action=drop chain=forward comment=“NAT Traversal” dst-port=4500 protocol=udp
add action=drop chain=forward comment=“Proxy Traffic” protocol=ipencap
add action=drop chain=forward comment=“Tunneling Protocol and Traffic” protocol=gre
/ip firewall filter
add action=drop chain=forward comment="Block VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=1701,1723,47,4500,500 protocol=udp
add action=drop chain=forward comment="Block VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=1701,1723,47,4500,500 protocol=tcp

normis · August 28, 2018, 5:23am

How abot your NAT rules?

flynno · August 28, 2018, 9:28am

Good morning Normis,

I amended the Nat rules on the main router to /ip firewall nat add action=src-nat chain=srcnat out-interface= to-addresses=<Public_IP>
on the clients cpe’s I have chain=srcnat action=masquerade out-interface=pppoe-out1 log=no log-prefix=“” unless they have a static IP address then I use the above rule also

solar77 · August 28, 2018, 4:16pm

your NAT rule looks fine. if you do trace route, do you get the correct IP?
if it is correct and it still get band, you can contact netflix. I’ve done so recently and they have un-band our public IP.
We are not running any proxy nor VPN and only port open was 8291