Hey guys,
I masquerade my clients out behind one IP and for some reason Netflix has banned that IP now.
error message
Whoops, something went wrong.Streaming error.You seem to be using an unblocker or proxy. Please turn off any of these services and try again.”
Anyone else having the same problem?
Re: Neflix IP ban
Clients are showing they have two IP addresses instead of one on whatsmyip.net, one real IP and the other IP's are fake here is three IPs that showed up 66.249.81.232, 66.249.81.228, 66.249.81.234.
They are not using VPN;s or proxies. I changed the IP of the main router for now and added firewall rules to block vpn's for clients.
/ip firewall filter
add action=drop chain=forward comment=PPTP dst-port=1723 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=1194 protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=1194 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=443 protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" disabled=yes dst-port=443 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=1290 protocol=tcp
add action=drop chain=forward comment="IPSec ESP" protocol=ipsec-esp
add action=drop chain=forward comment="IPSec AH" protocol=ipsec-ah
add action=drop chain=forward comment=L2TP dst-port=1701 protocol=udp
add action=drop chain=forward comment="IKE Connection" dst-port=500 protocol=udp
add action=drop chain=forward comment="NAT Traversal" dst-port=4500 protocol=udp
add action=drop chain=forward comment="Proxy Traffic" protocol=ipencap
add action=drop chain=forward comment="Tunneling Protocol and Traffic" protocol=gre
/ip firewall filter
add action=drop chain=forward comment="Block VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=1701,1723,47,4500,500 protocol=udp
add action=drop chain=forward comment="Block VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=1701,1723,47,4500,500 protocol=tcp
They are not using VPN;s or proxies. I changed the IP of the main router for now and added firewall rules to block vpn's for clients.
/ip firewall filter
add action=drop chain=forward comment=PPTP dst-port=1723 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=1194 protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=1194 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=443 protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" disabled=yes dst-port=443 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=1290 protocol=tcp
add action=drop chain=forward comment="IPSec ESP" protocol=ipsec-esp
add action=drop chain=forward comment="IPSec AH" protocol=ipsec-ah
add action=drop chain=forward comment=L2TP dst-port=1701 protocol=udp
add action=drop chain=forward comment="IKE Connection" dst-port=500 protocol=udp
add action=drop chain=forward comment="NAT Traversal" dst-port=4500 protocol=udp
add action=drop chain=forward comment="Proxy Traffic" protocol=ipencap
add action=drop chain=forward comment="Tunneling Protocol and Traffic" protocol=gre
/ip firewall filter
add action=drop chain=forward comment="Block VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=1701,1723,47,4500,500 protocol=udp
add action=drop chain=forward comment="Block VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=1701,1723,47,4500,500 protocol=tcp
Re: Neflix IP ban
How abot your NAT rules?
Re: Neflix IP ban
Good morning Normis,
I amended the Nat rules on the main router to /ip firewall nat add action=src-nat chain=srcnat out-interface=<Public> to-addresses=<Public_IP>
on the clients cpe's I have chain=srcnat action=masquerade out-interface=pppoe-out1 log=no log-prefix="" unless they have a static IP address then I use the above rule also
I amended the Nat rules on the main router to /ip firewall nat add action=src-nat chain=srcnat out-interface=<Public> to-addresses=<Public_IP>
on the clients cpe's I have chain=srcnat action=masquerade out-interface=pppoe-out1 log=no log-prefix="" unless they have a static IP address then I use the above rule also
Re: Neflix IP ban
your NAT rule looks fine. if you do trace route, do you get the correct IP?
if it is correct and it still get band, you can contact netflix. I've done so recently and they have un-band our public IP.
We are not running any proxy nor VPN and only port open was 8291
if it is correct and it still get band, you can contact netflix. I've done so recently and they have un-band our public IP.
We are not running any proxy nor VPN and only port open was 8291
Who is online
Users browsing this forum: godel0914, Google [Bot] and 89 guests