Skip to content

Instantly share code, notes, and snippets.

@willwhui willwhui/Connect to Google Home
Created Jun 1, 2017

Embed
What would you like to do?
Download ZIP
Connect to Google Home
Raw
Connect to Google Home
Connect to Google Home
@willwhui

This comment has been minimized.

Sign in to view
Copy link
Owner Author

willwhui commented Jun 1, 2017
edited

路由器架设了ss,但依然不能正常使用。
查了一圈,据说是自带dns。
参照这里
在/usr/bin/shadowsocks-firewall 中对局域网的跳过段之后增加如下内容,可以解决问题。

# for google home
iptables -t nat -A PREROUTING -s 192.168.1.1/24 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -s 192.168.1.1/24 -p tcp --dport 53 -j DNAT --to 192.168.1.1
iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 1053
iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 1053

1053是pdnsd监听的端口。
大概意思是内网设备想直接去上述8.8.4.4和8.8.8.8去查询的,都滚到192.168.1.1的1053去老实走ss的通道(ss通道参照 这里

补充:

最近ss被封的厉害,于是改在路由器上使用A服务器的vpn做全局翻,同时路由器也启用B服务器的ss全局翻。
按照我的理解,通过这样双重翻,数据进行了两重加密,其特征会更加不明显吧?(当然,也许并非如此)
不过发现这样不能播放youtube的内容到chromecast了。
我:"ok google, play Adele videos on TV"
goolge home:"I looked for adele, but it either isn't available or can't be played right now."
但是可以播放google photos和spotify songs到电视上。
看来是google home找不到youtube了。
莫非google home搜索youtube的方法又是特殊的?

考虑到vpn是全隧道,理论上会接管所有的流量,包括dns解析请求。
于是尝试去掉上面的规则,但是不行,整个google home都不能用了。

经过多次瞎猜尝试,发现其实只要在上面规则的基础上增加两条规则就可以了:

iptables -I PREROUTING -t nat -p tcp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 1053
iptables -I PREROUTING -t nat -p tcp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 1053

其作用在于,如果以tcp模式查询dns 8.8.4.4和8.8.8.8,也请走ss通道去。
看来,google home在vpn模式下会以tcp模式去请求dns,也不知为何?

注:对于网关不是路由器的情况,采用类似如下配置方案

# for google home: redirect dns requets(8.8.x.x:53) to local port 53(v2ray is listening)
iptables -t nat -A PREROUTING -s 10.0.0.1/24 -p udp --dport 53 -j DNAT --to 10.0.0.xxx
iptables -t nat -A PREROUTING -s 10.0.0.1/24 -p tcp --dport 53 -j DNAT --to 10.0.0.xxx
iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 53
iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 53
iptables -I PREROUTING -t nat -p tcp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 53
iptables -I PREROUTING -t nat -p tcp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 53

以上10.0.0.xxx是所属局域网的网关。
port 53是此网关监听的dns解析端口。
@willwhui

This comment has been minimized.

Sign in to view
Copy link
Owner Author

willwhui commented Jun 2, 2017
edited

播放音乐:
spotify等等目前没有对国内用户开放销售。

可以通过电脑上的chrome浏览器来投射网易音乐到google home
步骤:
1、将chrome浏览器和google home连接,方法参见这里
2、避免从墙外访问网易音乐的ip地址,即:将在music.163.com连接的ip排除。
否则会被网易拒绝(应该是版权原因)
我排除了两个:163.com和m10.music.126.net.
后者的域名是网易mp3文件的存放位置,是通过查看浏览器的“开发者工具”-“控制台”发现的,必须不翻墙。
在不翻墙的网络中ping这两个地址,可以得到它们的准确ip
后来我想,也许是因为我删除了之前下载到dnsmasq.d的默认的白名单 accelerated-domains.china.conf,因为dnsmasq是整个翻墙路由的第一个分流点,而这个conf里面包含了上述两个域名。以后试试。
3、在网页中选择投射(参照1)
@walnuthe

This comment has been minimized.

Sign in to view
Copy link

walnuthe commented Jun 11, 2017

怪不得我用vpn就可以直接用,ss怎么都不行,先试一下,谢谢了
@jklin1978

This comment has been minimized.

Sign in to view
Copy link

jklin1978 commented Jun 25, 2017

多谢提醒,我也用ss怎么也上不了。看了你的文章,加入了iptables的设置,现在OK了。
Spotify已经开了,上taobao可以充值
@jackrex

This comment has been minimized.

Sign in to view
Copy link

jackrex commented Nov 3, 2017

太棒了,小米路由器3搭建ss,也是死活Google Home 说有问题,最有加上你的这几句搞定。perferct! 直接路由器命令行执行

iptables -t nat -A PREROUTING -s 192.168.1.1/24 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -s 192.168.1.1/24 -p tcp --dport 53 -j DNAT --to 192.168.1.1
iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j REDIRECT --to-ports 1053
iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j REDIRECT --to-ports 1053
@GOUKI9999

This comment has been minimized.

Sign in to view
Copy link

GOUKI9999 commented Dec 4, 2017

家里的二级路由刷了openwrt,按git主的方法成功用上 google home,不过有个问题是……如果换一个其他环境不用pdnsd的话,应该映射到什么端口呢
@hanqizhong

This comment has been minimized.

Sign in to view
Copy link

hanqizhong commented Dec 18, 2017

谁能帮下忙,我这个home mini 一直不能用,手机电脑都能翻墙,用的ss,留个微信346111616
@actionzheng

This comment has been minimized.

Sign in to view
Copy link

actionzheng commented Dec 18, 2017

Openwrt怎么加规则啊
@rayzi4hu

This comment has been minimized.

Sign in to view
Copy link

rayzi4hu commented Jan 12, 2018

请问老毛子padavan的怎么设置iptables那些啊。我也是其他设备能上。但是Google home经常something wrong
@rogerhanzhao

This comment has been minimized.

Sign in to view
Copy link

rogerhanzhao commented Jan 16, 2018

1053 不是所有SS的项目都用这个端口吧,如何确认是哪个端口?谢谢
@xuqisheng

This comment has been minimized.

Sign in to view
Copy link

xuqisheng commented Jan 31, 2018

我的google home可以了,但是echo dot目前还是经常断网
@chemharuka

This comment has been minimized.

Sign in to view
Copy link

chemharuka commented Oct 16, 2018

补充一下该方法在极路由上依然适用,极路由的文件配置在 /etc/firewall.user
@D0wn10ad

This comment has been minimized.

Sign in to view
Copy link

D0wn10ad commented Dec 16, 2018

大家好,实测 /etc/firewall.user 对斐讯的官改也适用。
@cqjerry

This comment has been minimized.

Sign in to view
Copy link

cqjerry commented Dec 29, 2018

@D0wn10ad 我是K3的官改系统,但是尝试编辑 /etc/firewall.user 时总是报 read-only system。这个要怎么破?
@feijj

This comment has been minimized.

Sign in to view
Copy link

feijj commented Apr 3, 2019

Perfect!!!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.