Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[ChrisWH]

HI,

I have used iptables to set up a specific DNS server for a device on my LAN. This can be useful for certain Internet TV services such as Netflix. Thought others may find this useful.


Telnet to the router and open Busybox shell:

Code: [Select]

$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
VMG8324-B10A
Login: admin
Password:

> echo && bash

Check the current iptables listing for Prerouting:

Code: [Select]

~ # iptables -t nat -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             224.0.0.0/4         
REMOTE_MGMT  all  --  anywhere             anywhere           
WEB_REDIRECT  all  --  anywhere             anywhere           
CUSTOM_WEB_REDIRECT  all  --  anywhere             anywhere           
PORT_FORWARD  all  --  anywhere             anywhere           
DMZ        all  --  anywhere             anywhere           
IGMP_CHAIN  all  --  anywhere             anywhere           
OTHERS     all  --  anywhere             anywhere           
~ #

Add the rule to use specific dns  server (replace <<>> ip adresses with those you wish to use:

Code: [Select]

~ # iptables -t nat -I PREROUTING -i br0 -s <<device IP>>/32 -p udp --dport 53 -j DNAT --to <<DNS Server IP>>
~ # iptables -t nat -I PREROUTING -i br0 -s <<device IP>>/32 -p tcp --dport 53 -j DNAT --to <<DNS Server IP>>

Check the updated iptables listing for Prerouting:

Code: [Select]

~ # iptables -t nat -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  <<device IP>>        anywhere            tcp dpt:domain to:<<DNS Server IP>>
DNAT       udp  --  <<device IP>>        anywhere            udp dpt:domain to:<<DNS Server IP>>
ACCEPT     all  --  anywhere             224.0.0.0/4         
REMOTE_MGMT  all  --  anywhere             anywhere           
WEB_REDIRECT  all  --  anywhere             anywhere           
CUSTOM_WEB_REDIRECT  all  --  anywhere             anywhere           
PORT_FORWARD  all  --  anywhere             anywhere           
DMZ        all  --  anywhere             anywhere           
IGMP_CHAIN  all  --  anywhere             anywhere           
OTHERS     all  --  anywhere             anywhere


These rules disappear on reboot, if anyone knows how these rules can be made persistent please post the method here.

Chris.

[Ronski]

This looks very useful thank you, must get around to trying this for Netflix.

[Bald_Eagle1]

How would that help for Netflix?

We use Homeplugs to get the internet to the room with the TV in it & a wireless connection from the Homeplug adaptor in that room to get it to the TV.

There is a Netflix app on the TV & we don't ever see any problems when watching films via Netflix.

[ChrisWH]

How would that help for Netflix?

We use Homeplugs to get the internet to the room with the TV in it & a wireless connection from the Homeplug adaptor in that room to get it to the TV.

There is a Netflix app on the TV & we don't ever see any problems when watching films via Netflix.

By directing the device that connects to Netflix (in your case your TV) at certain DNS servers, it can change your region, opening up different content.

[kitzuser87430]

it can change your region

Hmmm....I always thought you needed a VPN with an exit point in the country you "wanted" to be in; so that it changed your perceived IP address.

Ian

[ChrisWH]

it can change your region

Hmmm....I always thought you needed a VPN with an exit point in the country you "wanted" to be in; so that it changed your perceived IP address.

Ian

There are DNS services on the web that are designed to unblock services like Netflix. As I understand it they route certain name requests through proxies in the country you wish to appear to be in.

[Ronski]

From what I understand it takes too much time to check where everybody's IP address originates, so instead they use different IP addresses for different parts of the world, so a UK dns would send you to the UK ip address for netflix and thus you get the UK content. But an American dns would send you to the US netflix thus giving you the American content.