[Cerowrt-devel] [Bloat] OT: Netflix vs 6in4 from HE.net

Dave Taht dave.taht at gmail.com
Sat Mar 21 18:41:19 EDT 2020 

Per the url I posted earlier you can stick something like this into
/etc/firewall.user

    ip -6 route add blackhole 2406:da00:ff00::/96 # AWS
    ip -6 route add blackhole 2607:FB10::/32
    ip -6 route add blackhole 2620:0:ef0::/48
    ip -6 route add blackhole 2a00:86c0::/32

I actually used "unreach" and put it in /etc/config/networks

config 'route6' 'killnetflix61'
        option 'interface' 'lan'
        option 'target' '2406:da00:ff00::/96'
        option 'type' 'unreachable'
        option 'proto' '50'

... etc...

I then used the proto 50 bit (requires ip-full), to make  babel pick it up with
a redistribute proto 50
line. (I use this also to propigate /22s around for ipv4)

Neither approach is something "joe user" will be able to do.

But it turned out to be essentially just as much work to just
propigate my native /60s
to the entire campus network statically and try to work out what new security
holes I'd introduced. I have 22 APs to renumber if I get renumbered,
and a few dns entries.


On Sat, Mar 21, 2020 at 3:14 PM Sebastian Moeller <moeller0 at gmx.de> wrote:
>
> Hi Rich,
>
> since it seems to be IPv6 related, why not use firefox for netflix and disable IPv6 in firefox (see https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can#w_ipv6) maybe that works well enough?
>
> Best Regards
>         Sebastian
>
>
>
>
> > On Mar 21, 2020, at 21:20, Rich Brown <richb.hanover at gmail.com> wrote:
> >
> > to Bloat & CeroWrt folks: This is a little OT for either of these lists, but I figured there are plenty of experts here, and I would be delighted to get your thoughts.
> >
> > I just tried to view a Netflix movie and got a F7111-5059 error message. This prevented the video from playing. (As recently as a month or two ago, it worked fine.)
> >
> > Googling the error message gets to this page https://help.netflix.com/en/node/54085 that singles out use of an IPv6 Proxy Tunnel.
> >
> > Sure enough, I'm have a 6in4 tunnel through Hurricane Electric on WAN6. Stopping that WAN6 interface caused Netflix to work.
> >
> > What advice could you offer? (I could, of course, turn off WAN6 to watch movies. But that's a drag, and other family members couldn't do this.) Many thanks.
> >
> > Rich
> > _______________________________________________
> > Bloat mailing list
> > Bloat at lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/bloat
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Make Music, Not War

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-435-0729

More information about the Cerowrt-devel mailing list