Firewalla / FireTV Issues

Comments

13 comments

  • Avatar
    Andrew Mueller

    FYI - I really hated to do this, but I deleted the "default bundle" and it works now.  No idea why since there was nowhere in the interface where anything showed up as being blocked.  I'm not a huge fan of things being blocked that I am unaware of.  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The problem is highly unlikely to be the default bundle, that bundle usually contains pretty bad sites.

    When you turn off ad blocker etc ... did you wait long enough for the DNS cache to expire on your fire tv? Is your ad blocker on after turning off default bundle?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    (I typed too fast in the previous comment, just edit/corrected my mistake)

    0
    Comment actions Permalink
  • Avatar
    Andrew Mueller

    Re-worded everything:

    • "Default Bundle" was enabled by default, I have done nothing else in the configuration.  I eventually deleted this.
    • When I looked at Ad-Block it was off.  Unsure if I looked at this right away, but I have never disabled anything.  Did deleting the default bundle disable Ad-Block?  If not - it was never on.
    • Nothing shows blocked on any FireTV device in the FWG interface.  Amazon URLS show up, but none show being blocked.

    So... while it is unlikely "default bundle" was the culprit, unless removing that piece did something else behind the scenes, that is the only possibility (since it is the only configuration change I have made at all).

    hope that helps, going to be on the road for the next 2.5 hours, will try to respond when I can.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Do you have another DNS server? what do you use for DNS?

    0
    Comment actions Permalink
  • Avatar
    Andrew Mueller

    I have a Windows 2019 DNS Server.  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Do you have filtering on that windows 2019 DNS server? if you just use the same ISP or popular (1.1.1.1 or 8.8.8.8 ....) do you still have the same problem?

    Usually, if you don't see firewalla side blocking in the flows, the problem can be a third party DNS server. We've seen strange things from them

    0
    Comment actions Permalink
  • Avatar
    Andrew Mueller

    There is no filtering.  But if it were a DNS issue, then removing the Firewalla (or the default bundle as I eventually did) wouldn't have solved the problem, correct?  I tested 5 times and each time I put Firewalla inline, those things didn't work.  Then I removed it and they did (meaning Prime Video & MLB.TV).  And before removing the default bundle they didn't work (tested it), then removed it and they worked immediately).

    I understand it may not seem logical, but I don't see how it could be the DNS if that part remains constant in this scenario.

    I can certainly use cloudflare or google DNS settings, but those settings are not changing with or without firewalla inline.

     

    0
    Comment actions Permalink
  • Avatar
    Andrew Mueller

    nothing yet?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Did you try a raw 1.1.1.1 or 8.8.8.8? 

    0
    Comment actions Permalink
  • Avatar
    Andrew Mueller

    I haven't, but wouldn't this pretty much be the same:

     

    And the question still is this.... why would it work every time without FWG, but then not work with FWG in place.  Everything else is a common denominator.

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    Do the services work if you turn off the DNS Booster on the Firewalla?

    My understanding is that when this is on, the FWG will intercept all DNS requests, resolve them itself (if not already cached), and then send the result to the client. Maybe the FWG is having problems resolving those DNS names for some reason?

    Be aware that turning off the DNS Booster will disable the blocking functionality, including ad blocking, so this probably isn't a good long-term solution. But if things work with the DNS Booster off, you could start looking at the DNS requests/responses from the Firewalla itself (SSH in and use tcpdump); that might help.

    0
    Comment actions Permalink
  • Avatar
    Andrew Mueller

    Sorry for the delay, I decided to do the following for now to see if it makes a difference:

    • Create a 'Streaming' VLAN (Unifi) with Google/Cloudfare DNS only, not going through my DNS server
    • Put the TV on this VLAN

    I will see how that works for a while.  Of course it has worked fine since I got rid of the default bundle.  How can I put that back in place (since I deleted it) to see if it still blocks Amazon Prime Video?

    0
    Comment actions Permalink

Please sign in to leave a comment.