What's new

Selective Routing for Netflix

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Xentrk, Good information as always. re post #307 Was wondering what app you referred to on your Fire TV while traveling, is it a portable client for TG? I left left the portable stick alone, with amazon's system intact since we don't travel much. If the app would work for either the stick or the FIre HD10 tablet, this would help tomake the next trip more enjoyable:) Many thanks.
Correct, I use the TorGuard Client VPN app on the Fire TV when traveling. Definitely makes the trip more enjoyable having access to content. TG has apps for most OS. Just go to the app store and search on TorGuard or VPN to locate it. A year ago, I had to side load it. But it's available in the app store now.
 
Last edited:
@Xentrk and @Martineau - I am continuing the conversation on adding dvd.netflix.com IP from this thread:
https://www.snbforums.com/threads/whitelist-specific-websites-and-online-games-with-openvpn.55504/

@Xentrk, I tried to modify the ipset line in the IPSET_Neflix_Domains_sh script by doing:
Code:
nano /jffs/scripts/IPSET_Netflix_Domains.sh

and then updated these sections of the script to:

Code:
# check if /jffs/configs/dnsmasq.conf.add contains entry for Netflix domains
check_dnsmasq () {
    if [ -s /jffs/configs/dnsmasq.conf.add ]; then  # dnsmasq.conf.add file exists
        if [ "$(grep -c "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouti$
"/jffs/configs/dnsmasq.conf.add")" -eq "0" ]; then  # see if line exists for x3mRouting_NETFLIX_DNSMASQ
            printf "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netlix.com/x3mRouting_NET$
/jffs/configs/dnsmasq.conf.add # add NETFLIX entry to dnsmasq.conf.add
            service restart_dnsmasq > /dev/null 2>&1
        fi
    else
        printf "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLI$
/jffs/configs/dnsmasq.conf.add # dnsmasq.conf.add does not exist, create dnsmasq.conf.add
        service restart_dnsmasq > /dev/null 2>&1
    fi

then I did a:

Code:
service restart_dnsmasq

and also rebooted the router.

This time when I log into my Netlfix account, the information on the dvd.netflix.com website (under the DVD section of the homepage), loads 80-90% but it still gives me an error and I am unable to search any titles (see attached pic)

upload_2019-3-11_19-57-45.png
 
@Xentrk and @Martineau - I am continuing the conversation on adding dvd.netflix.com IP from this thread:
https://www.snbforums.com/threads/whitelist-specific-websites-and-online-games-with-openvpn.55504/

@Xentrk, I tried to modify the ipset line in the IPSET_Neflix_Domains_sh script by doing:
Code:
nano /jffs/scripts/IPSET_Netflix_Domains.sh

and then updated these sections of the script to:

Code:
# check if /jffs/configs/dnsmasq.conf.add contains entry for Netflix domains
check_dnsmasq () {
    if [ -s /jffs/configs/dnsmasq.conf.add ]; then  # dnsmasq.conf.add file exists
        if [ "$(grep -c "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouti$
"/jffs/configs/dnsmasq.conf.add")" -eq "0" ]; then  # see if line exists for x3mRouting_NETFLIX_DNSMASQ
            printf "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netlix.com/x3mRouting_NET$
/jffs/configs/dnsmasq.conf.add # add NETFLIX entry to dnsmasq.conf.add
            service restart_dnsmasq > /dev/null 2>&1
        fi
    else
        printf "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLI$
/jffs/configs/dnsmasq.conf.add # dnsmasq.conf.add does not exist, create dnsmasq.conf.add
        service restart_dnsmasq > /dev/null 2>&1
    fi

then I did a:

Code:
service restart_dnsmasq

and also rebooted the router.

This time when I log into my Netlfix account, the information on the dvd.netflix.com website (under the DVD section of the homepage), loads 80-90% but it still gives me an error and I am unable to search any titles (see attached pic)

View attachment 16530
Look at the line inside of /jffs/configs/dnsmasq.conf.add to make sure the entry for Netflix looks okay. There may be other domains. I sometimes right click on the web page and view the source code. Then, do a search on http, .com and .net to see if there are other domains the site is using.
 
You mean looking into /jffs/configs/dnsmasq.conf.add of the IPSET_Netflix_Domains.sh script?
 
This is what I see:

Code:
  logger -st "($(basename $0))" $$ "Entware" $ENTWARE_UTILITY "not available - wait time" $((MAX_TRIES - TRIES-1))" secs left"
      local TRIES=$((TRIES + 1))
   done

   return $READY
}

# check if /jffs/configs/dnsmasq.conf.add contains entry for Netflix domains
check_dnsmasq () {
    if [ -s /jffs/configs/dnsmasq.conf.add ]; then  # dnsmasq.conf.add file exists
        if [ "$(grep -c "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ"
"/jffs/configs/dnsmasq.conf.add")" -eq "0" ]; then  # see if line exists for x3mRouting_NETFLIX_DNSMASQ
            printf "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netlix.com/x3mRouting_NETFLIX_DNSMASQ\n" >>
/jffs/configs/dnsmasq.conf.add # add NETFLIX entry to dnsmasq.conf.add
            service restart_dnsmasq > /dev/null 2>&1
        fi
    else
        printf "ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ\n" >
/jffs/configs/dnsmasq.conf.add # dnsmasq.conf.add does not exist, create dnsmasq.conf.add
        service restart_dnsmasq > /dev/null 2>&1
    fi
}

check_ipset_list () {
    if [ "$(ipset list -n x3mRouting_NETFLIX_DNSMASQ 2>/dev/null)" != "x3mRouting_NETFLIX_DNSMASQ" ]; then #does NETFLIX ipset list exist?
        if [ -s /opt/tmp/x3mRouting_NETFLIX_DNSMASQ ]; then # does x3mRouting_NETFLIX_DNSMASQ ipset restore file exist?
            ipset restore -! < /opt/tmp/x3mRouting_NETFLIX_DNSMASQ   # Restore ipset list if restore file exists at /opt/tmp/x3mRouting_NETFLIX_DNSMASQ
        else
            ipset create x3mRouting_NETFLIX_DNSMASQ hash:net family inet hashsize 1024 maxelem 65536  # No restore file, so create x3mRouting_NETFLIX_DNSMASQ ipset list from scratch
        fi
    fi
}
 
You mean looking into /jffs/configs/dnsmasq.conf.add of the IPSET_Netflix_Domains.sh script?
First thing is to try to add the domain dvd.netflix.com to the IPSET in dnsmasq.conf.add. Restart dnsmasq after any updates. Once you get it working, we can modify the script to include the additional domains.

Code:
ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ

I also noticed the site resolved to assests.nflxext.com. But the entry nflxext.com should cover that domain.
 
Last edited:
First thing is to try to add the domain dvd.netflix.com to the IPSET in dnsmasq.conf.add. Restart dnsmasq after any updates. Once you get it working, we can modify the script to include the additional domains.

Code:
ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ

I also noticed the site resolved to assests.nflxext.com. But the entry nflxext.com should cover that domain.

Was able to figure out a fix for this.

Under Policy Rules of VPN Client tab, I added (with WAN iFace):

207.45.72.0/22

and was able to access dvd.netflix.com

Whew!!




Sent from my iPhone using Tapatalk[/CODE]
 
Was able to figure out a fix for this.

Under Policy Rules of VPN Client tab, I added (with WAN iFace):

207.45.72.0/22

and was able to access dvd.netflix.com

Whew!!

Sent from my iPhone using Tapatalk[/CODE]
Did you try adding dvd.netflix.com to the ipset directive in dnsmasq
Code:
ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ
followed by a restart of dnsmasq? e.g. service restart_dnsmasq

That should have accomplished the same. I will see if I can carve out some time to try it on my end later day.
 
Hi @Xentrk,

I did as shown above in the script but it did not work. Maybe I am not looking in the right place (or using the right commands) to do this.

So far, adding 207.45.72.0/22 in the Destination IP of the Policy Rules works well but it would be nice to somehow have this domain included in the script.

In case you wonder how I came up with this...

I went to: https://ipinfo.io

and plugged in the IP for dvd.netflix.com which gave me the following info:

upload_2019-3-13_4-15-37.png


I then thought of using the highlighted IP range to add to Policy Rules (instead of 207.45.72.201):

upload_2019-3-13_4-16-25.png


Rebooted router and everything worked fine.

Thank you for all your help on this!
 

Attachments

  • upload_2019-3-13_4-10-41.png
    upload_2019-3-13_4-10-41.png
    202.1 KB · Views: 261
  • upload_2019-3-13_4-12-26.png
    upload_2019-3-13_4-12-26.png
    119.5 KB · Views: 260
Hi @Xentrk,

I did as shown above in the script but it did not work. Maybe I am not looking in the right place (or using the right commands) to do this.

So far, adding 207.45.72.0/22 in the Destination IP of the Policy Rules works well but it would be nice to somehow have this domain included in the script.

In case you wonder how I came up with this...

I went to: https://ipinfo.io

and plugged in the IP for dvd.netflix.com which gave me the following info:

View attachment 16551

I then thought of using the highlighted IP range to add to Policy Rules (instead of 207.45.72.201):

View attachment 16553

Rebooted router and everything worked fine.

Thank you for all your help on this!
I should have been more specific. Rather than edit the script, I wanted you to edit /jffs/configs/dnsmasq.conf.add and add dvd.netflix.com to the ipset directive for the ipset directive x3mRouting_NETFLIX_DNSMASQ like in the example below.

Code:
ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ

Then, restart dnsmasq using the command service restart_dnsmasq. Does the current line in your /jffs/configs/dnsmasq.conf.add look like the one above?

If that works, then I can add the domain name to the script.

Hard for me to test as I can browse the site, play trailers and navigate when using a known VPN server. What triggers the error for you? Or, is it just not loading properly?
 
Last edited:
It doesn't look like I have that ipset directive in my /jffs/configs/dnsmasq.conf.add

When I try:

Code:
nano /jffs/configs/dnsmasq.conf.add

I get:

Code:
server=127.0.0.1#5453
server=0::1#5453
server=/pool.ntp.org/1.1.1.1
proxy-dnssec

but this pertains to Stubby.

Which tells me that the IPSET_Netflix_Domains.sh script somehow is not adding the ipset directive in /jffs/configs/dnsmasq.conf.add

Code:
...The x3mRouting_NETFLIX_DNSMASQ entry is the name of the IPSET list. The script will place the line in /jffs/configs/dnsmasq.conf.add if it does not exist....

I did reinstall the script but still ipset is not showing there.

Should I simply add this there myself?

Code:
ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ
and then:

Code:
service restart_dnsmasq
 
@Marin, I was coding on another selective routing project all day today and was able to meet my objective for the day. Tomorrow morning, I will get my environment set up to use the bypass script and try and duplicate the issue. I realize now the way I tested was not adequate. There is a bug in the script where it can create duplicate cron job entries and I need to fix that anyway.
 
It doesn't look like I have that ipset directive in my /jffs/configs/dnsmasq.conf.add

When I try:

Code:
nano /jffs/configs/dnsmasq.conf.add

I get:

Code:
server=127.0.0.1#5453
server=0::1#5453
server=/pool.ntp.org/1.1.1.1
proxy-dnssec

but this pertains to Stubby.

Which tells me that the IPSET_Netflix_Domains.sh script somehow is not adding the ipset directive in /jffs/configs/dnsmasq.conf.add

Code:
...The x3mRouting_NETFLIX_DNSMASQ entry is the name of the IPSET list. The script will place the line in /jffs/configs/dnsmasq.conf.add if it does not exist....

I did reinstall the script but still ipset is not showing there.

Should I simply add this there myself?

Code:
ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ
and then:

Code:
service restart_dnsmasq
I wonder if something got dorked up with the edits you made to the script. Rerun the installer:

Code:
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/netflix-vpn-bypass/master/IPSET_Netflix_Domains.sh" -o /jffs/scripts/IPSET_Netflix_Domains.sh && chmod 755 /jffs/scripts/IPSET_Netflix_Domains.sh

Then, run the script and see if the ipset entry was added to /jffs/configs/dnsmasq.conf.add. If so, then add dvd.netflix.com to the ipset directive line followed by a restart of dnsmasq.conf.add.

Then, see of the site works.
 
Yep, just tried again but no luck. Not sure why this is not added. Can I just add it myself? Would this screw up anything? Then I can restart dnsmasq.

I will let you be as I realize you are very busy and the day has just started :)...I will play around more with this and follow up with you later.

Thanks so much for your help!
 
Yes, manually adding this line in the /jffs/configs/dnsmasq.conf.add, did the trick. The interesting part now is that I can access this site from any computer but not from the DVD Netflix app from my iPhone (https://dvd.netflix.com/App).

When I apply the Policy Rules (as shown above), I am able to access the site from all devices and my iPhone.
 
@Marin
I made the update to add dvd.netflix.com to the ipset list. Download the new version and run the script.

Code:
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/netflix-vpn-bypass/master/IPSET_Netflix_Domains.sh" -o /jffs/scripts/IPSET_Netflix_Domains.sh && chmod 755 /jffs/scripts/IPSET_Netflix_Domains.sh

It will check for the old ipset entry that did not have the dvd.netflix.com domain and remove the line from /jffs/configs/dnsmasq.conf.add

To load dvd.netflix.com in the ipset list, I had to either change to another browser or do an nslookup dvd.netflix.com. If I was in an existing browser session, the domain/ip was already cached and the IP address failed to load in the ipset list. After doing that, you can confirm it got added to the ipset list using the command.

Code:
ipset -L x3mRouting_NETFLIX_DNSMASQ | grep 207.45.72.201
 
I now get the following message when trying to access dvd.netflix.com from my geo location:

The Netflix DVDs website is temporarily unavailable.

When I change back to VPN, the site works okay. Probably because they don't ship DVD to the Land of Smiles :cool:
 
I now get the following message when trying to access dvd.netflix.com from my geo location:

The Netflix DVDs website is temporarily unavailable.

When I change back to VPN, the site works okay. Probably because they don't ship DVD to the Land of Smiles :cool:

Ha!![emoji23][emoji23][emoji23] Very funny!! Thank you so much, sir!!

I will try it as soon as I get home and will let you know!

Have a great day!


Sent from my iPhone using Tapatalk
 
Noticed our NF was acting sluggish this morning, got fed up with it and went to Prime. Perhaps evil actors trying to get their binge fix, we'll never know. As of 1:30 North American central time, both are working well again. Keep up the good work gents:)
 
I should have been more specific. Rather than edit the script, I wanted you to edit /jffs/configs/dnsmasq.conf.add and add dvd.netflix.com to the ipset directive for the ipset directive x3mRouting_NETFLIX_DNSMASQ like in the example below.

Code:
ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/x3mRouting_NETFLIX_DNSMASQ

Then, restart dnsmasq using the command service restart_dnsmasq. Does the current line in your /jffs/configs/dnsmasq.conf.add look like the one above?

If that works, then I can add the domain name to the script.

Hard for me to test as I can browse the site, play trailers and navigate when using a known VPN server. What triggers the error for you? Or, is it just not loading properly?

@Xentrk,

I wanted to report that the dvd.netflix .com site now loads properly from Safari, Chrome and Firefox and the updated ipset directive is also loaded automatically loaded in/jffs/configs/dnsmasq.conf.add.

As I mentioned earlier, the only issue that remains is that my DVD Netflix still cannot access this site - not sure why that is. But when I add 207.45.72.0/22 to the Policy Rules, the app works well.

Thanks again for your hard work and the prompt update of the script!
 
Similar threads
Thread starter Title Forum Replies Date
H Routing wireguard VPN 0
dougm [solved] PFSense+OpenVPN: Problems Routing Specific VLAN traffic out VPN VPN 1

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top