Menu
What's new
By:
Filters Better Search

Selective Routing for Netflix

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Xentrk said:
Let's try an older version of the fwmark method. Change the 0x7000/0x7000 fwmark references to the number 8. e.g.
Code: 
ip rule add from 0/0 fwmark 8 table main prio 9990
Click to expand...

looks good

Code: 
+ ip rule del prio 9990
+ ip rule add from 0/0 fwmark 8 table main prio 9990
+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --set NETFLIX dst,dst -j MARK --set-mark 8
+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --set NETFLIX dst,dst -j MARK --set-mark 8
+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --set AMAZONAWS dst,dst -j MARK --set-mark 8
+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --set AMAZONAWS dst,dst -j MARK --set-mark 8
+ basename IPSET_Netflix.sh
+ logger -t (IPSET_Netflix.sh) 1047 Ending IPSET_Netflix.sh... IPSET_Netflix.sh.
 
But... I get the Netflix streaming error :(

Think this issue is here

netsv4 is empty

Code: 
+ curl https://ipinfo.io/AS2906
+ grep -E a href.*2906\/
+ grep -v :
+ sed s/^.*\">//; s/<.*//; /^\s*$/d
+ netsv4=
 
I ran the curl command on the command line and nothing returned.
Code: 
curl https://ipinfo.io/AS2906 2>/dev/null | grep -E "a href.*2906\/" | grep -v ":" |sed 's/^.*\">//; s/<.*//; /^\s*$/d'
So I suspect something changed in their website. I'll look at the source code of their website to find out what changed.
 
Some recent posts noted the sed had to be changed and I had not yet incorporated the update. I'll start making some of the updates and get a new version posted soon.

Code: 
netsv4=`curl http://ipinfo.io/AS2906 2>/dev/null | grep -E "a href.*2906\/" | grep -v ":" | sed 's/^.*<a href="\/AS2906\///; s/" >//'`
 
Last edited:
hmmm Netflix still isn't working but the script seems to execute ok with no errors now and i have it in nat-start but ipset -L NETFLIX returns not set

edit - typo in nat-start im an idiot
 
Last edited:
The current production version of the script is now posted on github. The OP has been updated with instructions for installation and system requirements. I have some updates planned for future versions, including ipset v4.5 compatibility and ipset enhancements.
 
@OGroteKoning, @Michael Knowles and @Adamm

I decided to stay with ipinfo.io for now rather than using the http://asn.blawk.net/2906 ipv4 file. According to the main page, the last update occurred 12/24/2016. I did a diff on the two lists and there are many differences.

diff blawk ipinfo
--- blawk
+++ ipinfo
@@ -1,16 +1,48 @@
-23.246.2.0/24
-23.246.3.0/24
-23.246.6.0/24
-23.246.7.0/24
+108.175.32.0/20
+185.2.220.0/22
+185.9.188.0/22
+192.173.64.0/18
+192.173.70.0/24
+192.173.71.0/24
+192.173.72.0/24
+198.38.100.0/24
+198.38.101.0/24
+198.38.108.0/24
+198.38.109.0/24
+198.38.110.0/24
+198.38.111.0/24
+198.38.112.0/24
+198.38.113.0/24
+198.38.114.0/24
+198.38.115.0/24
+198.38.118.0/24
+198.38.119.0/24
+198.38.120.0/24
+198.38.121.0/24
+198.38.122.0/24
+198.38.124.0/24
+198.38.125.0/24
+198.38.96.0/19
+198.38.96.0/24
+198.38.97.0/24
+198.38.98.0/24
+198.38.99.0/24
+198.45.48.0/20
+198.45.48.0/24
+198.45.49.0/24
+198.45.56.0/24
+23.246.0.0/18
23.246.14.0/24
23.246.15.0/24
23.246.16.0/24
23.246.17.0/24
+23.246.2.0/24
23.246.22.0/24
23.246.23.0/24
23.246.26.0/24
23.246.27.0/24
23.246.30.0/24
+23.246.3.0/24
23.246.31.0/24
23.246.36.0/24
23.246.46.0/24
@@ -25,79 +57,49 @@
23.246.56.0/24
23.246.57.0/24
23.246.58.0/24
-23.246.0.0/18
+23.246.6.0/24
+23.246.7.0/24
+37.77.184.0/21
37.77.186.0/24
37.77.187.0/24
37.77.188.0/24
37.77.189.0/24
-37.77.184.0/21
-45.57.2.0/24
-45.57.3.0/24
-45.57.4.0/24
-45.57.5.0/24
-45.57.6.0/24
-45.57.7.0/24
+45.57.0.0/17
+45.57.1.0/24
45.57.11.0/24
45.57.12.0/24
-45.57.13.0/24
45.57.14.0/24
45.57.16.0/24
45.57.17.0/24
45.57.18.0/24
45.57.19.0/24
45.57.20.0/24
+45.57.2.0/24
45.57.21.0/24
45.57.22.0/24
45.57.23.0/24
+45.57.3.0/24
45.57.36.0/24
45.57.37.0/24
+45.57.4.0/24
45.57.44.0/24
45.57.45.0/24
+45.57.48.0/24
+45.57.49.0/24
+45.57.5.0/24
45.57.56.0/24
45.57.58.0/24
45.57.59.0/24
45.57.60.0/24
+45.57.6.0/24
45.57.62.0/24
45.57.63.0/24
-45.57.64.0/24
-45.57.65.0/24
45.57.70.0/24
+45.57.7.0/24
45.57.71.0/24
45.57.74.0/24
45.57.75.0/24
-45.57.0.0/17
64.120.128.0/17
66.197.128.0/17
-69.53.225.0/24
69.53.224.0/19
-108.175.32.0/20
-185.2.220.0/22
-185.9.188.0/22
-192.173.70.0/24
-192.173.71.0/24
-192.173.72.0/24
-192.173.64.0/18
-198.38.96.0/24
-198.38.97.0/24
-198.38.98.0/24
-198.38.99.0/24
-198.38.100.0/24
-198.38.100.0/23
-198.38.101.0/24
-198.38.108.0/24
-198.38.109.0/24
-198.38.110.0/24
-198.38.111.0/24
-198.38.112.0/24
-198.38.113.0/24
-198.38.114.0/24
-198.38.115.0/24
-198.38.118.0/24
-198.38.119.0/24
-198.38.120.0/24
-198.38.121.0/24
-198.38.124.0/24
-198.38.125.0/24
-198.38.96.0/19
-198.45.56.0/24
-198.45.48.0/20
+69.53.225.0/24

This is the updated code for pulling IPv4 list from ipinfo:
Code: 
curl https://ipinfo.io/AS2906 2>/dev/null | grep -E "a href.*2906\/" | grep -v ":" | sed 's/^.*<a href="\/AS2906\///; s/" >//'
 
Last edited:
Version 3.5 of the script has been posted on github.com. This version contains ipset efficiencies resulting in faster loading times. See instructions on the OP for downloading.
 
Don't know what I'm doing wrong, but I still get the streaming error.

IPSET_Netflix.sh ver.3.5
I'm on vpn1
ipset -L NETFLIX gives me:
Name: NETFLIX

Type: hash:net

Revision: 6

Header: family inet hashsize 1024 maxelem 65536

Size in memory: 5972

References: 1

Number of entries: 106

Members:

45.57.58.0/24

23.246.0.0/18

45.57.18.0/24

198.38.121.0/24

198.38.110.0/24

198.38.125.0/24

45.57.20.0/24

23.246.3.0/24

23.246.50.0/24

45.57.4.0/24

37.77.187.0/24

192.173.74.0/24

23.246.49.0/24

198.38.100.0/24

23.246.17.0/24

45.57.0.0/17

45.57.62.0/24

23.246.46.0/24

23.246.55.0/24

23.246.14.0/24

192.173.72.0/24

23.246.47.0/24

198.45.48.0/20

45.57.44.0/24

64.120.128.0/17

37.77.184.0/21

45.57.75.0/24

198.38.109.0/24

37.77.189.0/24

45.57.71.0/24

198.45.56.0/24

23.246.15.0/24

69.53.225.0/24

23.246.16.0/24

23.246.57.0/24

198.45.49.0/24

23.246.30.0/24

198.38.124.0/24

45.57.19.0/24

198.38.113.0/24

45.57.22.0/24

23.246.31.0/24

45.57.60.0/24

185.2.220.0/22

23.246.2.0/24

23.246.48.0/24

198.38.96.0/19

23.246.6.0/24

23.246.36.0/24

45.57.59.0/24

198.38.115.0/24

45.57.2.0/24

192.173.73.0/24

23.246.23.0/24

45.57.3.0/24

23.246.26.0/24

45.57.49.0/24

198.38.111.0/24

23.246.7.0/24

45.57.5.0/24

45.57.36.0/24

45.57.74.0/24

198.38.114.0/24

45.57.70.0/24

198.38.99.0/24

198.38.118.0/24

198.38.101.0/24

23.246.22.0/24

45.57.17.0/24

192.173.75.0/24

192.173.71.0/24

45.57.16.0/24

45.57.45.0/24

198.45.48.0/24

198.38.108.0/24

45.57.48.0/24

23.246.56.0/24

198.38.112.0/24

23.246.58.0/24

45.57.23.0/24

192.173.64.0/18

198.38.98.0/24

23.246.51.0/24

185.9.188.0/22

198.38.119.0/24

45.57.21.0/24

198.38.122.0/24

198.38.120.0/24

23.246.27.0/24

69.53.224.0/19

198.38.97.0/24

23.246.52.0/24

45.57.11.0/24

198.38.96.0/24

108.175.32.0/20

45.57.56.0/24

45.57.63.0/24

45.57.14.0/24

45.57.37.0/24

37.77.188.0/24

45.57.1.0/24

37.77.186.0/24

66.197.128.0/17

23.246.54.0/24

192.173.70.0/24

45.57.12.0/24

kr.,
Patrick
 
Last edited:
Patje said:
Don't know what I'm doing wrong, but I still get the streaming error.

IPSET_Netflix.sh ver.3.5
I'm on vpn1
ipset -L NETFLIX gives me:
Name: NETFLIX

Type: hash:net

Revision: 6

Header: family inet hashsize 1024 maxelem 65536

Size in memory: 5972

References: 1

Number of entries: 106

Members:

45.57.58.0/24

23.246.0.0/18

45.57.18.0/24

198.38.121.0/24

198.38.110.0/24

198.38.125.0/24

45.57.20.0/24

23.246.3.0/24

23.246.50.0/24

45.57.4.0/24

37.77.187.0/24

192.173.74.0/24

23.246.49.0/24

198.38.100.0/24

23.246.17.0/24

45.57.0.0/17

45.57.62.0/24

23.246.46.0/24

23.246.55.0/24

23.246.14.0/24

192.173.72.0/24

23.246.47.0/24

198.45.48.0/20

45.57.44.0/24

64.120.128.0/17

37.77.184.0/21

45.57.75.0/24

198.38.109.0/24

37.77.189.0/24

45.57.71.0/24

198.45.56.0/24

23.246.15.0/24

69.53.225.0/24

23.246.16.0/24

23.246.57.0/24

198.45.49.0/24

23.246.30.0/24

198.38.124.0/24

45.57.19.0/24

198.38.113.0/24

45.57.22.0/24

23.246.31.0/24

45.57.60.0/24

185.2.220.0/22

23.246.2.0/24

23.246.48.0/24

198.38.96.0/19

23.246.6.0/24

23.246.36.0/24

45.57.59.0/24

198.38.115.0/24

45.57.2.0/24

192.173.73.0/24

23.246.23.0/24

45.57.3.0/24

23.246.26.0/24

45.57.49.0/24

198.38.111.0/24

23.246.7.0/24

45.57.5.0/24

45.57.36.0/24

45.57.74.0/24

198.38.114.0/24

45.57.70.0/24

198.38.99.0/24

198.38.118.0/24

198.38.101.0/24

23.246.22.0/24

45.57.17.0/24

192.173.75.0/24

192.173.71.0/24

45.57.16.0/24

45.57.45.0/24

198.45.48.0/24

198.38.108.0/24

45.57.48.0/24

23.246.56.0/24

198.38.112.0/24

23.246.58.0/24

45.57.23.0/24

192.173.64.0/18

198.38.98.0/24

23.246.51.0/24

185.9.188.0/22

198.38.119.0/24

45.57.21.0/24

198.38.122.0/24

198.38.120.0/24

23.246.27.0/24

69.53.224.0/19

198.38.97.0/24

23.246.52.0/24

45.57.11.0/24

198.38.96.0/24

108.175.32.0/20

45.57.56.0/24

45.57.63.0/24

45.57.14.0/24

45.57.37.0/24

37.77.188.0/24

45.57.1.0/24

37.77.186.0/24

66.197.128.0/17

23.246.54.0/24

192.173.70.0/24

45.57.12.0/24

kr.,
Patrick
Click to expand...
Do you have Selective Routing enabled according to the Policy based routing wiki?

To help understand if packets are traversing the chain using the fwmarks, type this command:

iptables -nvL PREROUTING -t mangle --line

To list priority rules for clients and interfaces, type:

ip rule
 
Last edited:
Xentrk said:
Do you have Selective Routing enabled according to the Policy based routing wiki?

To help understand if packets are traversing the chain using the fwmarks, type this command:

iptables -nvL PREROUTING -t mangle --line

To list priority rules for clients and interfaces, type:

ip rule
Click to expand...

Hello Xentrk,

thanks for your reply,

Selective routing is enabled:
upload_2018-7-31_6-41-47.png


iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 1735K packets, 1536M bytes)

num pkts bytes target prot opt in out source destination

1 3859 3551K MARK all -- tun12 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7

2 400K 469M MARK all -- tun11 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7

3 0 0 MARK all -- tun21 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7

4 422K 508M BWDPI_FILTER udp -- eth0 * 0.0.0.0/0 0.0.0.0/0

5 17137 1053K MARK tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst,dst MARK or 0x7000

6 0 0 MARK tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZONAWS dst,dst MARK or 0x7000

ip rule
0: from all lookup local

9990: from all fwmark 0x7000/0x7000 lookup main

10101: from 10.54.1.98 lookup ovpnc1

10102: from 10.54.1.210 lookup ovpnc1

10301: from 10.54.1.99 lookup ovpnc2

10302: from 10.54.1.209 lookup ovpnc2

10303: from 10.54.1.201 lookup ovpnc2

10304: from 10.54.1.200 lookup ovpnc2

32766: from all lookup main

32767: from all lookup default

kr.,
Patrick

btw, you did a good job on selective routing
 
Patje said:
Hello Xentrk,

thanks for your reply,

Selective routing is enabled:
View attachment 13881

iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 1735K packets, 1536M bytes)

num pkts bytes target prot opt in out source destination

1 3859 3551K MARK all -- tun12 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7

2 400K 469M MARK all -- tun11 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7

3 0 0 MARK all -- tun21 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7

4 422K 508M BWDPI_FILTER udp -- eth0 * 0.0.0.0/0 0.0.0.0/0

5 17137 1053K MARK tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst,dst MARK or 0x7000

6 0 0 MARK tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZONAWS dst,dst MARK or 0x7000

ip rule
0: from all lookup local

9990: from all fwmark 0x7000/0x7000 lookup main

10101: from 10.54.1.98 lookup ovpnc1

10102: from 10.54.1.210 lookup ovpnc1

10301: from 10.54.1.99 lookup ovpnc2

10302: from 10.54.1.209 lookup ovpnc2

10303: from 10.54.1.201 lookup ovpnc2

10304: from 10.54.1.200 lookup ovpnc2

32766: from all lookup main

32767: from all lookup default

kr.,
Patrick

btw, you did a good job on selective routing
Click to expand...
Thanks for trying out the script. No data is traversing the AMAZONAWS ipset list. Do you have the jq entware package installed?

Please confirm the version:
Code: 
$ jq --version
Mine is jq-1.5

Confirm AMAZONAWS ipset list is populated:
Code: 
ipset -L AMAZONAWS | grep entries:

Turn on debugging by removing the # from the set -x line:
Code: 
# Uncomment the line below for debugging
#set -x
Then, run the script from the command line to see if any errors.
 
Xentrk said:
Thanks for trying out the script. No data is traversing the AMAZONAWS ipset list. Do you have the jq entware package installed?

Please confirm the version:
Code: 
$ jq --version
Mine is jq-1.5

Confirm AMAZONAWS ipset list is populated:
Code: 
ipset -L AMAZONAWS | grep entries:

Turn on debugging by removing the # from the set -x line:
Code: 
# Uncomment the line below for debugging
#set -x
Then, run the script from the command line to see if any errors.
Click to expand...

Hello Xentrk,

The command: jq --version doesn't work for me, but when I try to install jq (
opkg install jq), I've got the message: Package jq (1.5-2b) installed in root is up to date!

ipset -L AMAZONAWS | grep entries:
Number of entries: 0

Debugging:
+ basename IPSET_Netflix.sh

+ PROGNAME=IPSET_Netflix.sh

+ LOCKFILE_DIR=/tmp

+ LOCK_FD=200

+ main

+ lock IPSET_Netflix.sh

+ local prefix=IPSET_Netflix.sh

+ local fd=200

+ local lock_file=/tmp/IPSET_Netflix.sh.lock

+ eval exec 200>/tmp/IPSET_Netflix.sh.lock

+ exec

+ flock -n 200

+ return 0

+ [ ! -s /jffs/shared-SelectiveRouting-whitelist ]

+ ipset list -n NETFLIX

+ [ NETFLIX != NETFLIX ]

+ ipset -L NETFLIX

+ awk { if (FNR == 7) print $0 }

+ awk {print $4 }

+ [ 106 -eq 0 ]

+ Chk_Entware jq

+ local READY=1

+ local ENTWARE=opkg

+ ENTWARE_UTILITY=

+ local MAX_TRIES=30

+ [ ! -z ]

+ [ ! -z jq ]

+ echo jq

+ grep -E ^[0-9]+$

+ [ -z ]

+ ENTWARE_UTILITY=jq

+ local TRIES=0

+ [ 0 -lt 30 ]

+ which opkg

+ [ ! -z /opt/bin/opkg ]

+ opkg -v

+ grep -o version

+ [ version == version ]

+ [ ! -z jq ]

+ opkg list-installed jq

+ [ ! -z jq - 1.5-2b ]

+ READY=0

+ break

+ return 0

+ ipset list -n AMAZONAWS

+ [ AMAZONAWS != AMAZONAWS ]

+ ipset -L AMAZONAWS

+ awk { if (FNR == 7) print $0 }

+ awk {print $4 }

+ [ 0 -eq 0 ]

+ [ ! -s /opt/tmp/AmazonAWS ]

+ download_AmazonAWS

+ wget https://ip-ranges.amazonaws.com/ip-ranges.json -O /opt/tmp/ip-ranges.json

--2018-07-31 17:22:11-- https://ip-ranges.amazonaws.com/ip-ranges.json

Resolving ip-ranges.amazonaws.com... 13.35.78.51, 13.35.78.128, 13.35.78.100, ...

Connecting to ip-ranges.amazonaws.com|13.35.78.51|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 174812 (171K) [application/json]

Saving to: '/opt/tmp/ip-ranges.json'


/opt/tmp/ip-ranges.json 100%[==============================================================================================>] 170.71K 491KB/s in 0.3s


2018-07-31 17:22:12 (491 KB/s) - '/opt/tmp/ip-ranges.json' saved [174812/174812]


+ jq -r .prefixes | .[].ip_prefix

+ rm -rf /opt/tmp/ip-ranges.json

+ find /opt/tmp/ -name AmazonAWS -mtime +1 -print

+ [ = /opt/tmp/AmazonAWS ]

+ awk {print "add AMAZONAWS " $1} /opt/tmp/AmazonAWS

+ ipset restore -!

+ ip rule del prio 9990

+ ip rule add from 0/0 fwmark 0x7000/0x7000 table main prio 9990

+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set NETFLIX dst,dst -j MARK --set-mark 0x7000/0x7000

+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set NETFLIX dst,dst -j MARK --set-mark 0x7000/0x7000

+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set AMAZONAWS dst,dst -j MARK --set-mark 0x7000/0x7000

+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set AMAZONAWS dst,dst -j MARK --set-mark 0x7000/0x7000

+ basename IPSET_Netflix.sh

+ logger -t (IPSET_Netflix.sh) 5973 Completed Script Execution


kr.,
Patrick
 
Patje said:
Hello Xentrk,

The command: jq --version doesn't work for me, but when I try to install jq (
opkg install jq), I've got the message: Package jq (1.5-2b) installed in root is up to date!

ipset -L AMAZONAWS | grep entries:
Number of entries: 0

Debugging:
+ basename IPSET_Netflix.sh

+ PROGNAME=IPSET_Netflix.sh

+ LOCKFILE_DIR=/tmp

+ LOCK_FD=200

+ main

+ lock IPSET_Netflix.sh

+ local prefix=IPSET_Netflix.sh

+ local fd=200

+ local lock_file=/tmp/IPSET_Netflix.sh.lock

+ eval exec 200>/tmp/IPSET_Netflix.sh.lock

+ exec

+ flock -n 200

+ return 0

+ [ ! -s /jffs/shared-SelectiveRouting-whitelist ]

+ ipset list -n NETFLIX

+ [ NETFLIX != NETFLIX ]

+ ipset -L NETFLIX

+ awk { if (FNR == 7) print $0 }

+ awk {print $4 }

+ [ 106 -eq 0 ]

+ Chk_Entware jq

+ local READY=1

+ local ENTWARE=opkg

+ ENTWARE_UTILITY=

+ local MAX_TRIES=30

+ [ ! -z ]

+ [ ! -z jq ]

+ echo jq

+ grep -E ^[0-9]+$

+ [ -z ]

+ ENTWARE_UTILITY=jq

+ local TRIES=0

+ [ 0 -lt 30 ]

+ which opkg

+ [ ! -z /opt/bin/opkg ]

+ opkg -v

+ grep -o version

+ [ version == version ]

+ [ ! -z jq ]

+ opkg list-installed jq

+ [ ! -z jq - 1.5-2b ]

+ READY=0

+ break

+ return 0

+ ipset list -n AMAZONAWS

+ [ AMAZONAWS != AMAZONAWS ]

+ ipset -L AMAZONAWS

+ awk { if (FNR == 7) print $0 }

+ awk {print $4 }

+ [ 0 -eq 0 ]

+ [ ! -s /opt/tmp/AmazonAWS ]

+ download_AmazonAWS

+ wget https://ip-ranges.amazonaws.com/ip-ranges.json -O /opt/tmp/ip-ranges.json

--2018-07-31 17:22:11-- https://ip-ranges.amazonaws.com/ip-ranges.json

Resolving ip-ranges.amazonaws.com... 13.35.78.51, 13.35.78.128, 13.35.78.100, ...

Connecting to ip-ranges.amazonaws.com|13.35.78.51|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 174812 (171K) [application/json]

Saving to: '/opt/tmp/ip-ranges.json'


/opt/tmp/ip-ranges.json 100%[==============================================================================================>] 170.71K 491KB/s in 0.3s


2018-07-31 17:22:12 (491 KB/s) - '/opt/tmp/ip-ranges.json' saved [174812/174812]


+ jq -r .prefixes | .[].ip_prefix

+ rm -rf /opt/tmp/ip-ranges.json

+ find /opt/tmp/ -name AmazonAWS -mtime +1 -print

+ [ = /opt/tmp/AmazonAWS ]

+ awk {print "add AMAZONAWS " $1} /opt/tmp/AmazonAWS

+ ipset restore -!

+ ip rule del prio 9990

+ ip rule add from 0/0 fwmark 0x7000/0x7000 table main prio 9990

+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set NETFLIX dst,dst -j MARK --set-mark 0x7000/0x7000

+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set NETFLIX dst,dst -j MARK --set-mark 0x7000/0x7000

+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set AMAZONAWS dst,dst -j MARK --set-mark 0x7000/0x7000

+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set AMAZONAWS dst,dst -j MARK --set-mark 0x7000/0x7000

+ basename IPSET_Netflix.sh

+ logger -t (IPSET_Netflix.sh) 5973 Completed Script Execution


kr.,
Patrick
Click to expand...
I am working on new versions of selective routing scripts and had a strange issue with the scripts not running on boot up. I saw errors in the log about an entware package I use that appeared to prevent the script from running correctly. I fixed it by updating entware using the opkg update command. Please issue the command to update your entware installation just to be safe.

The script appears to run without errors though.

Does the AMAZONAWS ipset list contain values? ipset -L AMAZONAWS | grep entries
 
Xentrk said:
I am working on new versions of selective routing scripts and had a strange issue with the scripts not running on boot up. I saw errors in the log about an entware package I use that appeared to prevent the script from running correctly. I fixed it by updating entware using the opkg update command. Please issue the command to update your entware installation just to be safe.

The script appears to run without errors though.

Does the AMAZONAWS ipset list contain values? ipset -L AMAZONAWS | grep entries
Click to expand...


Hello Xentrk,

I ran the opkg update command and rebooted the router.
ipset -L AMAZONAWS | grep entries gives me now 782 entries.

Netflix is working and the streaming error is gone.


Thanks for your help :)
Patrick

p.s.
Is it also possible to make such a script for Plex Media Server, so that remote access is possible?
 
Patje said:
Hello Xentrk,

I ran the opkg update command and rebooted the router.
ipset -L AMAZONAWS | grep entries gives me now 782 entries.

Netflix is working and the streaming error is gone.


Thanks for your help :)
Patrick

p.s.
Is it also possible to make such a script for Plex Media Server, so that remote access is possible?
Click to expand...
Great that it is working now. I added the opkg update command to the /jffs/scripts/post-mount file so it will check for entware updates at boot time.

I can look into the Plex Media Server. I have it installed on a Raspberry Pi 3. Are you attempting to access the Plex Media Server remotely using an OpenVPN connection to the router?
 
Xentrk said:
Great that it is working now. I added the opkg update command to the /jffs/scripts/post-mount file so it will check for entware updates at boot time.

I can look into the Plex Media Server. I have it installed on a Raspberry Pi 3. Are you attempting to access the Plex Media Server remotely using an OpenVPN connection to the router?
Click to expand...

Hello Xentrk,

My Plex server is running on a device which has an internet connection over a vpn tunnel.
But over vpn, Plex remote access isn't possible.


kr.,
Patrick
 
Patje said:
Hello Xentrk,

My Plex server is running on a device which has an internet connection over a vpn tunnel.
But over vpn, Plex remote access isn't possible.


kr.,
Patrick
Click to expand...
I think this may be an issue @eibgrad can help with. Similar to these issues.
https://www.snbforums.com/threads/push-additional-route-to-openvpn-clients.48110/
https://www.snbforums.com/threads/vpn-and-remote-access.47917/

You may want to ask in a new thread. I won't have time to test this myself until next week.
 
Xentrk said:
Great that it is working now. I added the opkg update command to the /jffs/scripts/post-mount file so it will check for entware updates at boot time.

I can look into the Plex Media Server. I have it installed on a Raspberry Pi 3. Are you attempting to access the Plex Media Server remotely using an OpenVPN connection to the router?
Click to expand...

Hello Xentrk,

When I run the bypass script, my device shows my vpn IP and Netflix streams without any problem. Unfortunately Kodi is bypassing the VPN too [emoji45] and Plex Media Server also.

Kr.,
Patrick


Verzonden vanaf mijn iPhone met Tapatalk
 
Last edited:
You must log in or register to reply here.

Similar threads

themaidenmaniac
x3mrouting selective routing help for a noobie
Replies
2
Views
565
lomax
L
R
Domain VPN Routing
2
Replies
24
Views
2K
Ranger802004
R
S
Wireguard VPN change routes ip
Replies
0
Views
214
S75
S
mattmcspirit
Wireguard Selective Routing - Cannot isolate to a single client
Replies
2
Views
656
mattmcspirit
mattmcspirit
dougm
[solved] PFSense+OpenVPN: Problems Routing Specific VLAN traffic out VPN
Replies
1
Views
2K
dougm
dougm
Similar threads
Thread starter Title Forum Replies Date
H Routing wireguard VPN 0
dougm [solved] PFSense+OpenVPN: Problems Routing Specific VLAN traffic out VPN VPN 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 966 (members: 38, guests: 928)
Top