pfSense Support Subscription

Author Topic: Hulu traffic  (Read 1282 times)

0 Members and 1 Guest are viewing this topic.

Offline mhertzfeld

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +4/-0
    • View Profile
Hulu traffic
« on: June 07, 2015, 03:30:45 pm »
I currently am setup to have all my outbound NAT traffic going through the OpenVPN client to a VPN service provider.  However I am having trouble using Hulu with the VPN.

I would like to direct pfSense to send all my hulu traffic out my WAN interface and have everything else still going over the VPN.

Any help would be gladly accepted.

Offline manaox2

  • Newbie
  • *
  • Posts: 5
  • Karma: +1/-0
    • View Profile
Re: Hulu traffic
« Reply #1 on: August 18, 2015, 12:58:41 am »
You need to make an alias for the various Hulu domains and make a firewall rule on LAN to filter requests to those hosts through WAN.

1. Here is an overly comprehensive FQDN list gathered using the debugger in my browser. I haven't found the time to figure out which domain(s) actually does the checking or thoroughly checked function yet.

Put each on a separate line in an alias. Call it whatever you want, HuluBypassVPN for example.

www.hulu.com   
secure.hulu.com   
secure.huluim.com
mozart.hulu.com   
static.huluim.com    
tempo.hulu.com   
tempo-fallback.hulu.com   
assets.hulu.com   
assets.huluim.com
play.hulu.com   
s.hulu.com   
t.hulu.com   
p.hulu.com   
pt.hulu.com   
urlcheck.hulu.com   
ib.hulu.com
ib1.huluim.com   
ib2.huluim.com   
ib3.huluim.com   
ib4.huluim.com   
ss-e-darwin.hulu.com   
fa.hulu.com   
t2.hulu.com
a.huluad.com
vortex.hulu.com
ibhuluimcom-a.akamaihd.net
assetshuluimcom-a.akamaihd.net
a248.e.akamai.net



2. Add a rule to the Firewall in LAN.

Leave it set as pass.

Set protocol as any.

Leave source set as any.

Set destination as single host or alias and type in your alias name (in this example, HuluBypassVPN)

Set Gateway to WAN.

Save.

Move the new rule to the top of the list and hit the Apply button. All done.


I have my machines set to static DHCP addresses and have an alias for them which I have set as source in the firewall rule.


The only concern is that these domains sometimes come from different IPs and PFSense only refreshes them every 5 minutes. So, you may hit a snag on reloading the page or switching devices more often. Hulu generally doesn't use more than 2 IP's per domain however, so maybe refreshing the page will fix it. The interval pfSense updates FQDN IPs can be manually set under System > Advanced on the Firewall/NAT tab as well.

UPDATE: Hulu uses Akamai now for picture, beacons, and the ib* content. This makes it harder to use FQDN. Hulu is using every trick they can think to push evercookies based on your useragent, in your flash storage, DOM, etc. While this likely still works for apps on TV and devices, it is not recommended to use Hulu on your daily web browser. My personal recommendation is to get a streaming device like Firestick, Roku, etc and set it to a static IP and then direct the device to bypass the VPN entirely to stream your blocked content from Hulu, Amazon Video, Netflix, etc. It's simple that way.
« Last Edit: August 08, 2017, 06:48:40 pm by manaox2 »