Last active
June 14, 2022 19:14
-
-
Save Freeaqingme/6309733 to your computer and use it in GitHub Desktop.
Netflix VPN routing. I got this setup: client -> (tun) eu vpn (tun1) --> us vpn This is the firewall config relevant to forwarding all netflix traffic from client to US vpn. This does not work. See also my blogpost on http://freeaqingme.tweakblogs.net
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| /sbin/iptables -A FORWARD -s 172.16.0.0/12 -j ACCEPT | |
| /sbin/iptables -t nat -s 172.16.0.0/12 -o eth0 -A POSTROUTING -j SNAT --to 91.214.168.110 | |
| # | |
| # Netflix | |
| # | |
| for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do | |
| echo 2 > $i | |
| done | |
| dst_netflix_com=`resolveip -s www.netflix.com` | |
| dst_signup_netflix_com=`resolveip -s signup.netflix.com` | |
| dst_movies_netflix_com=`resolveip -s movies.netflix.com` | |
| dst_cdn1_nflxext_com=`resolveip -s cdn1.nflxext.com` | |
| dst_account_netflix_com=`resolveip -s account.netflix.com` | |
| dst_cdn0_nflximg_com=`resolveip -s cdn-0.nflximg.com` | |
| dst_movies1_netflix_com=`resolveip -s movies1.netflix.com` | |
| dst_movies2_netflix_com=`resolveip -s movies2.netflix.com` | |
| dst_cbpus_nccp_netflix_com=`resolveip -s cbp-us.nccp.netflix.com` | |
| dst_presentationtracking_netflix_com=`resolveip -s presentationtracking.netflix.com` | |
| dst_ads_netflix_com=`resolveip -s ads.netflix.com` | |
| dst_dvd_netflix_com=`resolveip -s dvd.netflix.com` | |
| dst_ir_netflix_com=`resolveip -s ir.netflix.com` | |
| dst_developer_netflix_com=`resolveip -s developer.netflix.com` | |
| dst_support_netflix_com=`resolveip -s support.netflix.com` | |
| dst_apiglobal_netflix_com=`resolveip -s api-global.netflix.com` | |
| echo "101 tun1.out" >> /etc/iproute2/rt_tables | |
| ip rule add fwmark 101 table tun1.out | |
| ip rule add fwmark 102 table tun1.out | |
| ip rule add fwmark 103 table tun1.out | |
| ip rule add fwmark 104 table tun1.out | |
| ip rule add fwmark 105 table tun1.out | |
| ip rule add fwmark 106 table tun1.out | |
| ip rule add fwmark 107 table tun1.out | |
| ip rule add fwmark 108 table tun1.out | |
| ip rule add fwmark 109 table tun1.out | |
| ip rule add fwmark 110 table tun1.out | |
| ip rule add fwmark 111 table tun1.out | |
| ip rule add fwmark 112 table tun1.out | |
| ip rule add fwmark 113 table tun1.out | |
| ip rule add fwmark 114 table tun1.out | |
| ip rule add fwmark 115 table tun1.out | |
| ip rule add fwmark 116 table tun1.out | |
| ip route add "$dst_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_signup_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_movies_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_cdn1_nflxext_com" dev tun1 table tun1.out | |
| ip route add "$dst_account_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_cdn0_nflximg_com" dev tun1 table tun1.out | |
| ip route add "$dst_movies2_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_movies1_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_cbpus_nccp_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_presentationtracking_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_ads_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_dvd_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_ir_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_developer_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_support_netflix_com" dev tun1 table tun1.out | |
| ip route add "$dst_apiglobal_netflix_com" dev tun1 table tun1.out | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.129 -j MARK --set-mark 101 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.130 -j MARK --set-mark 102 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.131 -j MARK --set-mark 103 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.132 -j MARK --set-mark 104 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.133 -j MARK --set-mark 105 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.134 -j MARK --set-mark 106 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.135 -j MARK --set-mark 107 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.136 -j MARK --set-mark 108 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.137 -j MARK --set-mark 109 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.138 -j MARK --set-mark 110 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.139 -j MARK --set-mark 111 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.140 -j MARK --set-mark 112 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.141 -j MARK --set-mark 113 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.142 -j MARK --set-mark 114 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.143 -j MARK --set-mark 115 | |
| /sbin/iptables -t mangle -A PREROUTING --dest 172.31.254.145 -j MARK --set-mark 116 | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 101 -j DNAT --to-destination "$dst_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 102 -j DNAT --to-destination "$dst_signup_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 103 -j DNAT --to-destination "$dst_movies_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 104 -j DNAT --to-destination "$dst_cdn1_nflxext_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 105 -j DNAT --to-destination "$dst_account_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 106 -j DNAT --to-destination "$dst_cdn0_nflximg_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 107 -j DNAT --to-destination "$dst_movies1_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 108 -j DNAT --to-destination "$dst_movies2_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 109 -j DNAT --to-destination "$dst_cbpus_nccp_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 110 -j DNAT --to-destination "$dst_presentationtracking_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 111 -j DNAT --to-destination "$dst_ads_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 112 -j DNAT --to-destination "$dst_dvd_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 113 -j DNAT --to-destination "$dst_ir_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 114 -j DNAT --to-destination "$dst_developer_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 115 -j DNAT --to-destination "$dst_support_netflix_com" | |
| /sbin/iptables -t nat -A PREROUTING --match mark --mark 116 -j DNAT --to-destination "$dst_apiglobal_netflix_com" | |
| /sbin/iptables -t nat -o tun1 -A POSTROUTING -j MASQUERADE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment