Unite Innovations

By

This post will show you how to configure pfSense and what you need to allow hosts on your LAN to connect to Netflix and Amazon Prime Video. Without being blocked by their proxy detection and use your ISP’s gateway for those connections instead.

How It works

We’ll use a pfSense package called pfBlockerNG to compile, update, and maintain lists of network ranges and save them as firewall aliases. We’ll use the alias to create firewall rules for those ranges that will bypass our VPN gateway, and use the ISP’s instead.

Getting Started

First you need to install pfBlockerNG on pfSense, if you don’t have it installed already.

  1. Go to the System drop-down menu then Package Manager in pfsense
  2. Click the Available Packages tab
  3. Search for pfBlockerNG and click the Install button
  4. Wait for the installation to complete

pfBlockerNG Configuration

  1. Go to Firewall drop-down menu, then pfBlockerNG
  2. Check the Enable checkbox in the General tab

Create The Alias

  1. Click the IP tab in the pfBlockerNG main page, then IPv4, then select Add
  2. Name the alias “Netflix_VPN_Bypass” or whatever name you wish. If the name has spaces use under score instead.
  3. Under IPv4 Source Definitions click Add and create the lists as follows:
    1. Netflix
      • Format: Whois
      • State: On
      • Source: AS2906
      • Header/Label: Netflix
    2. Centurylink
      • Format: Whois
      • State: On
      • Source: AS209
      • Header/Label: Centurylink
    3. AWS
      • Format: Regex
      • State: On
      • Source: https://ip-ranges.amazonaws.com/ip-ranges.json
      • Header/Label: AWS
  4. Under Settings change Action to Alias Match
  5. Change Update Frequency to whatever rate you’d like
  6. Go back to the top of pfBlocker page and click Update
  7. Select Reload radio button
  8. then click Run button
  9. Wait for reload to complete
Example of Alias settings

Note: If you do not reload the pfBlocker, you may not see the alias apear as an option in the following steps.

Create firewall rule

  1. Go to Firewall drop-down at the top of the page click Rules
  2. Click the LAN tab and click the Add button with the upward-facing arrow towards the bottom of the page
  3. Change Protocol to Any
  4. Set Source in whichever way you’d prefer. For example: set to Single host/alias and the IP of your smart TV or device. I recommend only adding as needed to not defeat the purpose of the VPN.
  5. Change Destination to Single host/alias and select the pfB_Netflix_VPN_Bypass alias we created
  6. Under Extra Options for Description enter Netflix_VPN_Bypass
  7. Press Save
  8. You’ll be redirected to the Firewall LAN main page again.
  9. Click Apply Changes at the top for changes to take affect.

Example of firewall rule settings

Lets Test And Make Sure It Works

You should be able to connect to Netflix and Amazon Prime Video with no annoying Proxy Detected or VPN errors.