Activity Stream
93,727 MEMBERS
44 ONLINE
Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV
Results 1 to 1 of 1
  1.    Tweet this post   Share This Post On Facebook Share This Post On Google+
    #1
    Special Member
    Senior Poster
    Mobile_Guru's Avatar
    Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV

    Idea Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV

    You will need some sort of Linux server at home to do this. Iím using a Raspberry Pi Linux mini computer which is up 24/7 on my LAN. And of course you will need a remote Linux server with an IP address registered in the U.S. You can get a low-end virtual private server for as low as $5/year. Unfortunately, itís almost impossible to come up with a step-by-step tutorial because every LAN setup is different, hence you have to have some Linux and networking skills in order to get this baby up and running.

    And hereís how this approach works: A DNS forwarder like Dnsmasq on your local Linux server will intercept domain names relevant for DNS unblocking. All other queries will be forwarded to the DNS resolver/forwarder of your choice (usually, this will be your router). The intercepted domain names will be resolved to IP addresses which are routed to your Linux server within your LAN. Depending on the resolved IP addresses and ports, iptables DNAT rules will forward the request to a HAProxy proxy on your remote server. Each domain name can have its own internal IP adress and thus its own listening port on your remote serverís HAProxy. And since every domain name can have itís own HAProxy TCP proxy on your remote server, thereís no need for SNI!
    For example: a DNS query to [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]
    will not be resolved to its actual IP address 1.2.3.4, it will be resolved to 192.168.178.201 thanks to the internal DNS forwarder. The device asking for [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]
    IP address will try to establish a HTTPS connection to 192.168.178.201:443 which is routed to a Linux server within your LAN. A DNAT rule will transparently forward all packets sent to 192.168.178.201:443 to 123.123.123:27201 which is the remote server running HAProxy. The HAProxy proxy listening on port 123.123.123.123:27201 will then forward all layer 4 traffic to [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]
    .

    Just enter your local Linux serverís IP address as the DNS address in every device you want to DNS-unblock. You could also set the DNS server address in your router to your local Linux serverís address but make sure not to create an infinite DNS query loop.

    Such a DNAT/DNS configuration would be rather complex and prone to errors. Thatís why I hacked together a generator which takes a config.json input file and writes three output files:

    haproxy.conf:
    A complete configuration file for HAProxy. Use it on your remote serverís HAProxy.
    dnsmasq-haproxy.conf:
    All required DNS mappings for your specified range of internal IP addresses. Put this file in /etc/dnssmasq.d (Debian/Ubuntu) on your local Linux server.
    iptables-haproxy.conf:
    The DNAT iptables rules. Make sure to load these rules whenever your local Linux server starts.

    A few words about the config.json input file for the generator:

    haproxy_bind_ip:
    IP address of your remote HAProxy server
    dnat_base_ip:
    Starting IP address for the DNAT rules. Make sure to use static IP addresses in sequential order and route them to your local Linux server using virtual interfaces. Make sure the static IP range doesnít interfere with your routerís DHCP settings or weird things will happen.
    dnat_base_port:
    Starting port for the HAProxy proxies.
    name:
    HAProxy proxy name
    catchall:
    true/false, set it to true if you want to use a catchall/sni HAProxy for this destination address. I primarily added this feature in order to save IP addresses within the LAN and to reduce the amount of iptables rules and HAProxy configuration entries. Has to be set to false it your device needs canít handle SNI. When in doubt, set to false.

    The generator will provide rules to open the inbound firewall on the remote HAProxy server. Additional rules may be required if youíre firewalling the FORWARD and OUTBOUND chains as well. If something doesnít work as expected, tcpdump is your friend.
    php genconf.php
    Make sure the following IP addresses are available as virtual interfaces on your Ddnsmasq-server:

    [Login or Register to remove this advertisement]

    Code: 
    192.168.178.51
    192.168.178.52
    192.168.178.53
    192.168.178.54
    192.168.178.55
    192.168.178.56
    192.168.178.57
    192.168.178.58
    192.168.178.59
    192.168.178.60
    192.168.178.61
    192.168.178.62
    192.168.178.63
    192.168.178.64
    192.168.178.65
    192.168.178.66
    192.168.178.67
    192.168.178.68
    192.168.178.69
    192.168.178.70
    192.168.178.71
    192.168.178.72
    192.168.178.73
    192.168.178.74
    192.168.178.75
    192.168.178.76
    192.168.178.77
    192.168.178.78
    192.168.178.79
    192.168.178.80
    192.168.178.81
    192.168.178.82
    192.168.178.83
    192.168.178.84
    192.168.178.85
    192.168.178.86
    If you are using an inbound firewall on 23.227.162.125:
    /sbin/iptables -A INPUT -p tcp -m state --state NEW 23.227.162.125 --dport 27199 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -m state --state NEW -m multiport -d 23.227.162.125 --dports 27200:27270 -j ACCEPT

    File generated: haproxy.conf
    File generated: dnsmasq-haproxy.conf
    File generated: iptables-haproxy.conf

    Donít forget to enable packet forwarding on the local Linux server using

    net.ipv4.ip_forward = 1

    in /etc/sysctl.conf.
    Mobile_Guru Reviewed by Mobile_Guru on . Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV You will need some sort of Linux server at home to do this. Iím using a Raspberry Pi Linux mini computer which is up 24/7 on my LAN. And of course you will need a remote Linux server with an IP address registered in the U.S. You can get a low-end virtual private server for as low as $5/year. Unfortunately, itís almost impossible to come up with a step-by-step tutorial because every LAN setup is different, hence you have to have some Linux and networking skills in order to get this baby up and Rating: 5

  2. The Following 1 Users Say Thank You to Mobile_Guru For This Useful Post:
    [ Click to Expand ]

    djbos (26th April 2014)

  3.   Advertisements

Thread Information

Users Browsing this Thread

There Are Currently 1 Users Browsing This Thread. (0 Members and 1 Guests)

Similar Threads

  1. Netflix v1.8.0
    By mega_bot in forum Android OS Applications
    Replies: 0
    Last Post: 22nd May 2012, 12:04 PM
  2. Netflix v1.7.1
    By mega_bot in forum Android OS Applications
    Replies: 0
    Last Post: 12th April 2012, 12:13 AM
  3. Netflix v1.5.2
    By sirius in forum Android OS Applications
    Replies: 0
    Last Post: 9th November 2011, 12:52 PM
  4. Netflix v1.5.1
    By sirius in forum Android OS Applications
    Replies: 0
    Last Post: 22nd October 2011, 10:40 AM
  5. Netflix v1.5.0
    By sirius in forum Android OS Applications
    Replies: 0
    Last Post: 20th October 2011, 12:02 PM

Tags for this Thread

BE SOCIAL
Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV