What's new

x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

always OFF


i turned off the vpn server i had running on my router off for testing purposes


with aws server off, and either vpn client on or off that ip rule you mention is still showing. and 10.0.0.6 is definitely the pixel serve server.


Code:
andresmorago@RT-AC3100-0548:/tmp/home/root# ifconfig

br0       Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:8625282 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22670501 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7018765046 (6.5 GiB)  TX bytes:25052338515 (23.3 GiB)

br0:pixelserv-t Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet addr:10.0.0.6  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet addr:181.xxx.xxx.xxxBcast:181.xxx.xxx.xxxMask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:50276364 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32906211 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:858913774 (819.1 MiB)  TX bytes:2405561012 (2.2 GiB)
          Interrupt:181 Base address:0x6000

eth1      Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:588796 errors:0 dropped:2 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:425039621 (405.3 MiB)

eth2      Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:4C
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19121703 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:3969762686 (3.6 GiB)

fwd0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:578675 errors:0 dropped:0 overruns:0 frame:0
          TX packets:148295 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:23386422 (22.3 MiB)
          Interrupt:179 Base address:0x4000

fwd1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:19110580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7476183 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:1833769805 (1.7 GiB)
          Interrupt:180 Base address:0x5000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:576067 errors:0 dropped:0 overruns:0 frame:0
          TX packets:576067 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128965806 (122.9 MiB)  TX bytes:128965806 (122.9 MiB)

lo:0      Link encap:Local Loopback
          inet addr:127.0.1.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1

vlan1     Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:10155732 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22742641 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7123461208 (6.6 GiB)  TX bytes:25148947888 (23.4 GiB)

vlan2     Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Code:
andresmorago@RT-AC3100-0548:/tmp/home/root# ip route
181.xxx.xxx.xxx dev eth0  proto kernel  scope link
181.xxx.xxx.xxx/24 dev eth0  proto kernel  scope link  src 181.xxx.xxx.xxx
10.0.0.0/24 dev br0  proto kernel  scope link  src 10.0.0.1
10.0.0.0/8 dev br0  proto kernel  scope link  src 10.0.0.6
127.0.0.0/8 dev lo  scope link
default via 181.xxx.xxx.xxx dev eth0


i have a completely separate network on a different place with a similar router and that ip route shows as well, so i dont think that should be related with my issue

Code:
ASUSWRT-Merlin RT-AC68U 384.18_0 Sun Jun 28 17:57:07 UTC 2020

admin@RT-AC68U-F680:/tmp/home/root# ip route
73.xxx.xxx.xxx dev eth0  proto kernel  scope link
10.8.0.0/24 dev tun21  proto kernel  scope link  src 10.8.0.1
10.10.10.0/24 dev br0  proto kernel  scope link  src 10.10.10.1
73.xxx.xxx.xxx/23 dev eth0  proto kernel  scope link  src 73.xxx.xxx.xxx
10.0.0.0/8 dev br0  proto kernel  scope link  src 10.10.10.2
127.0.0.0/8 dev lo  scope link
default via 73.xxx.xxx.xxx dev eth0
What port is the VPN server using? Change the VPN client to use another port rather than 443. Perhaps there is a conflict with pixelserv? Maybe pixelserv-tls service starts before ovpn, and reserves the 443/TCP port.

https://www.snbforums.com/threads/ab-solution-the-ad-blocking-solution.37511/page-131#post-386022




Routes don't get created for pixelserv on the routers I support. I would try turning off pixelserv first to see if that is the source of the problem.

The routes get created by the program vpnrouting.sh. There is a new version on github. You can try testing with it:

Code:
curl https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/others/vpnrouting.sh -o /jffs/scripts/vpnrouting.sh
mount -o bind /jffs/scripts/vpnrouting.sh /usr/sbin/vpnrouting.sh

To revert to 384.19 code:
Code:
umount /usr/sbin/vpnrouting.sh
rm /jffs/scripts/vpnrouting.sh

Instructions for deleting routes from the command line:
 
Last edited:
I will test further and inform you.
The issue is not about a particular website. Sometimes it is google or some other website. Totally random. The website is not in the list so it should use regular internet connection. With chrome I get "DNS_PROBE_FINISHED_NXDOMAIN" error.

This points me that there is a problem with DNS resolution.
It is also possible that this is a problem with DoT and not related to x3m at all. It is hard to pinpoint.
Okay. Let me know. Try different browsers too.
 
What port is the VPN server using? Change the VPN client to use another port rather than 443. Perhaps there is a conflict with pixelserv? Maybe pixelserv-tls service starts before ovpn, and reserves the 443/TCP port.

https://www.snbforums.com/threads/ab-solution-the-ad-blocking-solution.37511/page-131#post-386022




Routes don't get created for pixelserv on the routers I support. I would try turning off pixelserv first to see if that is the source of the problem.

The routes get created by the program vpnrouting.sh. There is a new version on github. You can try testing with it:

Code:
curl https://raw.githubusercontent.com/RMerl/asuswrt-merlin.ng/master/release/src/router/others/vpnrouting.sh -o /jffs/scripts/vpnrouting.sh
mount -o bind /jffs/scripts/vpnrouting.sh /usr/sbin/vpnrouting.sh

To revert to 384.19 code:
Code:
umount /usr/sbin/vpnrouting.sh
rm /jffs/scripts/vpnrouting.sh

Instructions for deleting routes from the command line:
thanks for all your help. i really appreciate the time you have provided me. unfortunately, nothing has given me good results. :(

i plan to wipe my router in the upcoming weeks and start from scratch

i will let you know how it goes
 
Last edited:
thanks for all your help. i really appreciate the time you have provided me. unfortunately, nothing has given me good results. :(

i plan to wipe my router in the upcoming weeks and start from scratch

i will let you know how it goes
Thanks for the update. Probably best to use a port other than 443 for VPN Client and Servers when you reconfigure the router to avoid any conflicts.
 
x3mRouting.sh Update V 2.3.4 (23 September, 2020)

Fixed a typo in the code that checks for the required iptables entries in the openvpn-event down file. The entry was being written to the openvpn-event up file rather than the down file.

First, run option
[5] Check for updates to existing x3mRouting installation
to update x3mRouting.sh.

To clean up any errors, copy/paste the code below in an SSH session to remove the openvpn up/down files. They will get recreated when running the x3mRouting scripts inside of /jffs/scripts/nat-start.

Code:
rm /jffs/scripts/x3mRouting/*route-up
rm /jffs/scripts/x3mRouting/*route-pre-down
sh /jffs/scripts/nat-start
 
@Xentrk - Minor issue, not sure if this is a script or amtm issue (or something with my setup)
Running u from amtm did not show any update and version shows as
6 open x3mRouting v2.3.0
running 5 > 1 successfully downloads update to 2.3.4 but page shows
______________________________________________________
| |
| Welcome to the x3mRouting Installation Menu |
| Version 2.3.0 by Xentrk |
and amtm still reports as
6 open x3mRouting v2.3.0
 
@Xentrk - Minor issue, not sure if this is a script or amtm issue (or something with my setup)
Running u from amtm did not show any update and version shows as

running 5 > 1 successfully downloads update to 2.3.4 but page shows

and amtm still reports as
There was no update to the x3mMenu. Only x3mRouting.sh. So amtm won't show that an update to the menu is available. I sometimes add a space to x3mMenu to prompt ppl to update. But I didn't do it this time. There are many programs in x3mRouting and each one has it's own version number. I only bump the version on the x3mRouting Menu if it changed or if there was a significant update to functionality.
 
Hello I am trying to route all traffic from a list of IPs called PREMIUM and stored within /mnt/cleusb/backup to WAN (VPN client 1 bypass) with
x3mRouting 1 0 PREMIUM dir=/mnt/cleusb/backup/
But it fails with
(x3mRouting): 32534 Starting Script Execution 1 0 PREMIUM dir=/mnt/cleusb/backup/
(x3mRouting): 32534 Encountered an invalid parameter: 1 0 PREMIUM dir=/mnt/cleusb/backup/
What am I doing wrong ?
 
Hello I am trying to route all traffic from a list of IPs called PREMIUM and stored within /mnt/cleusb/backup to WAN (VPN client 1 bypass) with

But it fails with

What am I doing wrong ?
I just pushed an update to x3mRouting.sh to fix the issue.

Run option 5 from the x3mMenu to update.
 
Last edited:
x3mRouting.sh Update 2.3.3 (24 Sept, 2020)

Add check to run the manual method when no method is specified but the the 'dir=' parm is specified.
 
First, thank you Xentrk for the fantastic work!

I'm a long time user, 2 years now, with the original IPSET_Netflix_Domains.sh tweaked to include other domains/services. I'm happy to report that I've been using it largely trouble free on 2 AC86U routers, one powering my home network (~20-30 clients) and the other at a hotel (~30-75 clients) for all that time. Kudos to Xentrk for making such a reliable and useful tool for the community!

In those 2 years, I've only had a couple minor hiccups that required intervention, so I only recently decided it was time to upgrade to x3mrouting and retire the old tweaked version of IPSET_Netflix_Domains.sh I had been running for so long. I'm impressed at just how far this has come, and Xentrk's new features should squash all the little issues I've been having. To help the community, I'd thought I'd share some of the issues I experienced over the years, and how I'm using Xentrk's latest script to mitigate them going forward.

For context, my routers are setup to route all traffic through the VPN (policy strict), with a few devices configured in the GUI to bypass the VPN altogether, and the rest handled by xentrk's script to bypass the VPN for Amazon Prime Video, Netflix, Google, Youtube, and Facebook. The last 3 weren't necessary per say, but I wasn't concerned about anonymizing that traffic since I was already signed into those account, so I figured I'd skip the vpn overhead.
  1. A few times a year, my FireTV devices or Android phone would throw up a VPN detected error when trying to stream something off Amazon Prime Video. Sometimes simply rebooting the router would resolve the issue but other times I had to fish through the dnsmasq log to find some new domains to bypass the VPN. With the old IPSET_NETFLIX_DOMAINS script, I just kept adding domains as discovered.
    • When upgrading to x3mRouting, in addition to my old custom domain list, I added AMAZON_US, AMAZON_GLOBAL, as well as AMAZON AS16509. There's a good bit of redundancy, but my hope is that this means my FireTVs / Amazon Prime Video will never see the VPN block errors again, or at least less frequently. You can see the custom domain list I'm using in my config shared below.
  2. On the hotel router, I started seeing errors in syslog that the IPSET had reached its size limit. I believe this was induced by #1 above and the ever growing list of domains I had assigned to one IPSET. My temp fix was to log in periodically to the router, delete the IPSET restore file the script was creating, and have it start the IPSET from scratch. At first, this seemed to work for awhile, but as I added domains, it started filling up faster and faster, so I bumped up the "maxelem" in the script where it creates the IPSET.
    • At this point, I started questioning whether saving/restoring the IPSET was worthwile and if the IPSET should occasionally get purged anyway. My theory, which I didn't get around to testing, was maybe some old IPs were getting saved to that list or DNS load balancing was growing the list to an unmanagable size. I think today once an IP is identified using the DOMAIN/DNSMASQ logic, it will persist forever, but maybe they should expire over time to keep the list fresh and from growing too large. Having said that, for now I'm not overly concerned and tweaked my usage to split the bypass rules across IPSETs intead of using just one. You can see my new IPSETs in the config I shared below.
    • Here's my original monolith IPSET string (~36 domains) which likley triggered this issue, along with the number of unique clients that use this router: "ipset=/akamai.net/movenetworks.com/movetv.com/footprint.net/conviva.com/sling.com/cloudflare.net/akamaiedge.net/fastly.net/adobeprimetime.com/adobepass.com/roku.com/apple.com/amazoncrl.com/elasticbeanstalk.com/amazon-alexa.com/aiv-cdn.net/aiv-delivery.net/amazonsilk.com/amazon-adsystem.com/cloudfront.net/google.com/ytimg.com/googlevideo.com/youtube.com/fbsbx.com/fbcdn.net/facebook.com/amazon.com/whatismyip.com/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/x3mRouting_DNSMASQ"

A recent issue I experienced with the new x3mrouting is that a specific nat-start entry kept getting deleted. I worked around it by moving to a dnsmasq file instead of keeping the domains in-line, but I'm still curious as to why this happened. Also, note that when running nat-start, the issue was silent. It wasn't until I opened nat-start that I noticed the line had been removed and then dug through the syslog that some script was doing it, and not me losing my mind every time I thought I added it back =)

nat-start line:
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMZN_CUST2 dnsmasq=amazonaws.com,ntp-fireos.com,amazon.com,Akamai.net,amazonvideo.com,amazonaws.com,media-amazon.com,images-amazon.com,amazonalexa.com,cloudfront.net,amazon-adsystem.com,aiv-delivery.net,aiv-cdn.net,peer5.com,akamaihd.net,ssl-images-amazon.com

syslog output, note line 5, deleting from nat-start:
Sep 23 15:15:44 (x3mRouting.sh): 15945 Starting Script Execution 1 0 AMZN_CUST2 dnsmasq=amazonaws.com,ntp-fireos.com,amazon.com,Akamai.net,amazonvideo.com,amazonaws.com,media-amazon.com,images-amazon.com,amazonalexa.com,cloudfront.net,amazon-adsystem.com,aiv-delivery.net,aiv-cdn.net,peer5.com,akamaihd.net,ssl-images-amazon.com
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking /jffs/configs/dnsmasq.conf.add...
Sep 23 15:15:44 (x3mRouting.sh): 15945 no references for IPSET AMZN_CUST2 found in /jffs/configs/dnsmasq.conf.add
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking /jffs/scripts/nat-start...
Sep 23 15:15:44 (x3mRouting.sh): 15945 Script entry for AMZN_CUST2 deleted from /jffs/scripts/nat-start
Sep 23 15:15:44 (x3mRouting.sh): 15945 No AMZN_CUST2 references found in /jffs/scripts/nat-start
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking /jffs/scripts/x3mRouting/vpnclient1-route-up...
Sep 23 15:15:44 (x3mRouting.sh): 15945 No AMZN_CUST2 references found in /jffs/scripts/x3mRouting/vpnclient1-route-up
Sep 23 15:15:44 (x3mRouting.sh): 15945 No AMZN_CUST2 references found in /jffs/scripts/x3mRouting/vpnclient1-route-pre-down
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking crontab...
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking PREROUTING iptables rules...
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking POSTROUTNG iptables rules...
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking if IPSET list AMZN_CUST2 exists...
Sep 23 15:15:44 (x3mRouting.sh): 15945 Checking if IPSET backup file exists...
Sep 23 15:15:44 (x3mRouting.sh): 15945 Completed Script Execution

Here's my current nat_start config.

As discussed above, you'll see some redundancy in my config, sometimes opting for 2 or 3 different ways to bypass the VPN for a single service. I'm going more for a set it and forget it, so I don't have to fiddle to much with specific domains anymore and I'm okay with some extra traffic bypassing the VPN.

#vpn bypass scripts sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_US aws_region=US sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_GLOBAL aws_region=GLOBAL sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_AS16509 asnum=AS16509 sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_CUSTOM dnsmasq_file=/jffs/scripts/x3mRouting/AMAZON_CUSTOM sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906 sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX_CUSTOM dnsmasq=netflix.com,,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 GOOGLE asnum=AS15169 sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 FACEBOOK asnum=AS32934

#AMAZON_CUSTOM file contents
amazonaws.com ntp-fireos.com amazon.com Akamai.net amazonvideo.com amazonaws.com media-amazon.com images-amazon.com amazonalexa.com cloudfront.net amazon-adsystem.com aiv-delivery.net aiv-cdn.net peer5.com akamaihd.net ssl-images-amazon.com

Thanks again, Xentrk!
 
@tejesh83 Thanks for letting me know. Glad you find x3mRouting useful. I am looking into the issue now. I will report back ASAP.

Update:
This domain was causing the issue.

aiv-delivery

The code found a match of 'del' so it removed the entry from nat-start. The code has been updated to match for the word 'del' rather than the characters 'del'.
 
Last edited:
x3mRouting.sh Version 2.3.6 (25 Sept, 2020)

When checking for 'del' parm, check for whole word separated by a space by using the -w parm in the grep command.

Use option [5] from x3mMenu to download the new version.
 
x3mRouting.sh Version 2.3.6 (25 Sept, 2020)

When checking for 'del' parm, check for whole word separated by a space by using the -w parm in the grep command.

Use option [5] from x3mMenu to download the new version.
Thanks again for the script. Just updated to latest update. Just wanted to let you know that I have all streaming apps (Netflix|HBOMax|Hulu|Disney|Amazon Prime|CBS All Access) running flawlessly with your script using option 3. I did have to go back to Amazon US vs Global as I kept getting the "VPN is being used" message!!!

Everything is working flawlessly on my full time VPN on my network. Thanks again.
 
As always, thanks Xentrk for the rapid response!


Just wanted to let you know that I have all streaming apps (Netflix|HBOMax|Hulu|Disney|Amazon Prime|CBS All Access) running flawlessly with your script using option 3. I did have to go back to Amazon US vs Global as I kept getting the "VPN is being used" message!!!

Do you mind sharing your nat-start, so we can compare notes. Are you using the ASNs or domain list for these?

Thanks!
 
As always, thanks Xentrk for the rapid response!




Do you mind sharing your nat-start, so we can compare notes. Are you using the ASNs or domain list for these?

Thanks!


This is what I have below and I also use the "CBS_IPV4" file that Xentrk provided inside opt/tmp folder. As I mentioned earlier, I only use option 3 of the script and I have PIA VPN running full time on VPN 1. I also have the following rules setup:

192.168.1.0/24 = VPN
192.168.1.1/27 = WAN (I have these static IP devices to not go thru VPN i.e. nest devices, router etc...)
Finally, for my setup, under the LAN-->DHCP Server-->IP Pool Starting Address, I start with 192.168.1.100 - 192.168.1.254 (as ending). You can setup this up however you like. However, with this setup all my devices running thru VPN have an IP address between .100 - .254!!!


Code:
#!/bin/sh

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_US aws_region=US
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON asnum=AS16509
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON asnum=AS14618
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 COMCAST asnum=AS7922
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 COMCAST asnum=AS7016
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AKAMAI asnum=AS20940
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 FUNIMATION asnum=AS19551
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 ADULTSWIM asnum=AS5662
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 CBS_WEB asnum=AS15169
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 OFFERUP dnsmasq=offerup.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 CBS_WEB dnsmasq=cbs.com,cbsaavideo.com,cbsi.com,cbsig.net,cbsnews.com,cbsstatic.com,irdeto.com,omtrdc.net,syncbak.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 HBOGO dnsmasq=hbogo.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 HBOMAX dnsmasq=hbomax.com,warnermediacdn.com,amazonaws.com,go-mpulse.net,akamaihd.net,cutestat.com,hbo.com,omtrdc.net,pubmatic.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 HULU dnsmasq=hulu.com,hulustream.com,akamaihd.net
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 FUNIMATION dnsmasq=funimation.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DAZN dnsmasq=dazn.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 ADULTSWIM dnsmasq=adultswim.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 MERCARI dnsmasq=mercari.com,akamaized.net,fastly.net,mercariapp.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 TWITCH dnsmasq=twitch.tv,m.twitch.tv
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 GEARS_WEB dnsmasq=live.gearsofwar.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh ipset_name=CBS_IPV4
sh /jffs/scripts/x3mRouting/x3mRouting.sh ipset_name=CBS_WEB dnsmasq=cbs.com,cbsaavideo.com,cbsi.com,cbsig.net,cbsnews.com,cbsstatic.com,irdeto.com,omtrdc.net,syncbak.com
 
Last edited:
x3mRouting Version 2.4.0 (29 September 2020)

A new feature called the ASN Lookup Tool has been added to x3mRouting Option 4 to assist users in identifying selective routing information for websites and streaming services.
  • To install, type x3mMenu at the command line or access via amtm.
  • Select option [7] Update x3mRouting Menu
  • Select option [4] Install x3mRouting Utility Scripts.
The ASN Lookup Tool is used to search ASN/IPv4/IPv6/Prefix/ASPath/Organization lookup.

The script will perform an AS path trace (using mtr in raw mode and retrieving AS data from the results) for single IPs or DNS results, optionally reporting detailed data for each hop, such as organization/network name, geographic location, etc.

It is also possible to search by organization name in order to retrieve a list of IPv4/6 network ranges related to a given company. A multiple choice menu will be presented if more than one organization matches the search query.

See the README for examples

Code:
ASN Lookup Tool

Usage:
        asn [-d|-n] <TARGET>

Options:

-d, --detailed
        Output detailed hop info (collected from pWhois) during the AS path trace to the TARGET
-n, --notrace
        Disable tracing the AS path to the TARGET

Supported targets:

<AS Number>
        (lookup matching ASN data. Supports "as123" and "123" formats - case insensitive)
<IPv4/IPv6>
        (lookup matching route and ASN data)
<Prefix>
        (lookup matching ASN data)
<host.name.tld>
        (lookup matching IP, route and ASN data. Supports multiple IPs - e.g. DNS RR)

Note: AS path tracing will be performed only for single IPs/DNS lookup results.
 
Need some support here, can’t get it to work in the way I want it to work.

2 clients, 1 smarttv (192.168.1.12) and 1 mediacenter (192.168.1.13), both are Manually Assigned Ips.
2 vpnclients set to support with both US and EUR.

(VPN1) What I want to do, have all requests for Prime and Nextflix request with ip-range 192.168.1.12-192.168.1.13 are sent to PrimeUS, Netflix.
(VPN2) All requests for IPTV, with source IP 192.168.1.13 should be sent to IPTV EUR.
All other data should go to WAN for both VPN1 & VPN2
With other words.
If Prime/Netflix: 192.168.1.12-13 > VPNCLIENT1 > SITE/APP
If GOOGLE: 192.168.1.12-13 > WAN > SITE/APP
If IPTV: 192.168.1.13 > VPNCLIENT2 > SITE/APP

I cant get the routing to work, I have used option 2 (Web GUI) to force it and part of option 3, but still have some minor issues.


#PrimeUS
x3mRouting 1 0 AMAZON1aws_region=GLOBAL src_range=192.168.1.12-192.168.1.13
x3mRouting 1 0 AMAZON asnum=AS16509
x3mRouting 1 0 AMAZON dnsmasq_file=/jffs/scripts/x3mRouting/AWS

#NetflixUS
x3mRouting 1 0 NETFLIX asnum=AS2906 src_range=192.168.1.12-192.168.1.13
x3mRouting 1 0 NETFLIX dnsmasq_file=/jffs/scripts/x3mRouting/FLIX

#IPTV EUR
x3mRouting ALL 2 ipset_name=IPTV asnum=AS206264
x3mRouting ALL 2 IPTV dnsmasq=iptv.com,iptv1.com autoscan=iptv src=192.168.1.13


#AWS

amazonaws.com

ntp-fireos.com

amazon.com

Akamai.net

primevideo.com

amazonvideo.com

media-amazon.com

images-amazon.com

amazonalexa.com

cloudfront.net

amazon-adsystem.com

aiv-delivery.net

aiv-cdn.net

peer5.com

akamaihd.net

ssl-images-amazon.com

www.myip.com

awsdns-38.com

awsdns-02.net

awsdns-18.org

awsdns-49.co.uk



#FLIX

netflix.com

netflix.net

nflxext.com

nflximg.com

nflximg.net

nflxso.net

nflxvideo.net

netflix.ca

nflxsearch.net

netflixinvestor.com

netflixdnstest0.com

netflixdnstest1.com

netflixdnstest2.com

netflixdnstest3.com

netflixdnstest4.com

netflixdnstest5.com

netflixdnstest6.com

netflixdnstest7.com

netflixdnstest8.com

netflixdnstest9.com

fast.com

amazonaws.com


VPNclient1 & VPNclient2:
Force Internet traffic through tunnel: policy rule
Accept DNS Configuration: exclusive

Installed AMTM services:
Diversion, scribe, x3mRouting, uiDivStats, uiScribe

Chain POSTROUTING (policy ACCEPT 176 packets, 17101 bytes)
num pkts bytes target prot opt in out source destination
1 1 60 MASQUERADE all -- * tun12 192.168.1.0/24 0.0.0.0/0
2 426 74516 MASQUERADE all -- * tun11 192.168.1.0/24 0.0.0.0/0
3 29325 2868K PUPNP all -- * eth0 0.0.0.0/0 0.0.0.0/0
4 21089 2307K MASQUERADE all -- * eth0 !EXTERNALIP 0.0.0.0/0
5 2043 518K MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24

Chain PREROUTING (policy ACCEPT 651K packets, 717M bytes)
num pkts bytes target prot opt in out source destination
1 7606 947K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON dst MARK or 0x1000
2 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst MARK or 0x1000
3 5 532 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set IPTV dst MARK or 0x2000
4 7594 946K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON dst MARK or 0x8000
5 3016 613K MARK all -- br0 * 192.168.1.13 0.0.0.0/0 match-set AMAZON dst MARK or 0x8000
6 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst MARK or 0x8000
7 0 0 MARK all -- br0 * 192.168.1.13 0.0.0.0/0 match-set NETFLIX dst MARK or 0x8000
8 5 532 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.1.12-192.168.1.13 match-set IPTV dst MARK or 0x2000


0: from all lookup local
9990: from all fwmark 0x8000/0x8000 lookup main
9994: from all fwmark 0x2000/0x2000 lookup ovpnc2
9995: from all fwmark 0x1000/0x1000 lookup ovpnc1
10101: from 192.168.1.13 lookup ovpnc1
10102: from 192.168.1.20 lookup ovpnc1
10301: from 192.168.1.13 lookup ovpnc2
32766: from all lookup main
32767: from all lookup default
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top