(User) Error somewhere.

[Nobeernogman]

Hi,

For the last 3 days i am busy with the Tunlr-Clone. My situation

My home: internet service provider ip: 84.31.x.x. Local ip range: 192.168.178.x Ip adres of my homeserver 192.168.178.16 running DNSMasq / HTTPS-SNI-Proxy.

Now i want to connect from another county to my homeserver to watch Netflix. I am living in The Netherlands, And i want to watch Netflix from Germany (Netflix is not available in Germany)

Situation now: I am at Germany with DNSserver: 84.31.x.x. configed.(My server) And it works great. except www.netflix.com i will only get the message: Netflix is not available in your part of the world. So there must be a problem with the sniproxy / iptable rules i guess?

Config of /etc/sniproxy.conf:

grep '^[^#]' /etc/sniproxy.conf

user daemon pidfile /var/tmp/sniproxy.pid listener 172.y.y.y 80 { proto http } listener 172.y.y.y 443 { proto tls } table { (hulu|huluim).com abc.(go.)?com (nbc|nbcuni).com netflix.com ip2location.com * }

My IP tables: sudo iptables -A INPUT -i eth0 -s 84.31.x.x -d 192.168.178.16 -p tcp -m tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -i eth0 -s 84.31.x.x -d 192.168.178.16 -p tcp -m tcp --dport 443 -j ACCEPT

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.178.16 sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 192.168.178.16

Kind regards.

[rbvonvo]

I think you stated the problem pretty clearly - Netflix isn't available in Germany. Get a VPS in a country that has the Netflix catalog you'd like to access and run it from there.

On Sat, Nov 2, 2013 at 8:10 AM, Nobeernogman notifications@github.comwrote:

Hi,

For the last 3 days i am busy with the Tunlr-Clone. My situation

My home: internet service provider ip: 84.31.x.x. Local ip range: 192.168.178.x Ip adres of my homeserver 192.168.178.16 running DNSMasq / HTTPS-SNI-Proxy.

Now i want to connect from another county to my homeserver to watch Netflix. I am living in The Netherlands, And i want to watch Netflix from Germany (Netflix is not available in Germany)

Situation now: I am at Germany set up DNSserver: 84.31.x.x. At www.netflix.com i will only get the message: Netflix is not available in your part of the world.

Config of /etc/sniproxy.conf:

grep '^[^#]' /etc/sniproxy.conf

user daemon pidfile /var/tmp/sniproxy.pid listener 172.y.y.y 80 { proto http } listener 172.y.y.y 443 { proto tls } table { (hulu|huluim).com abc.(go.)?com (nbc|nbcuni).com netflix.com ip2location.com * }

My IP tables: sudo iptables -A INPUT -i eth0 -s 84.31.x.x -d 192.168.178.16 -p tcp -m tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -i eth0 -s 84.31.x.x -d 192.168.178.16 -p tcp -m tcp --dport 443 -j ACCEPT

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.178.16 sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 192.168.178.16

Kind regards.

— Reply to this email directly or view it on GitHubhttps://github.com/corporate-gadfly/Tunlr-Clone/issues/21 .

[Nobeernogman]

But my home (where my homeserver is) in the Netherlands. Netflix is available in Holland. That's not the problem.

Situation: Netherlands: Where i live, where my home is, where my server is. Germany: Vacation country for me. Want to acces Netflix by connecting to my server in the Netherlands.

[corporate-gadfly]

When you are in Germany, what is the output of host www.netflix.com? The answer should be the DNS address of your Netherlands server.

Remember DNS is always the first step.

[Nobeernogman]

When i am at Germany, i set my DNS server to 84.31, my dutch server. The DNS server is running okey. I guess there is something wrong with HTTPS-SNI-Proxy.

https://www.dropbox.com/s/7ne9k1m1no01fue/2013-11-02%2023_21_20-Netwerkcentrum.png

https://www.dnsleaktest.com will also tell me that i am using my dutch home server dns.

[corporate-gadfly]

The DNS server is running okey.

How do you know it is okay?

I understand that your windows machine in Germany is setup to use your Dutch DNS server. However, is your Dutch DNS server resolving the IP address of netflix as 84.31.x.x? In other words, nslookup www.netflix.com should come back with 84.31.x.x (SNIProxy should be running on this server. Correct?).

[corporate-gadfly]

E.g., my DNS server and SNIProxy are both running on 199.195.x.x. When I try to resolve www.netflix.com, I get the following:

$ nslookup www.netflix.com
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
Name:   www.netflix.com
Address: 199.195.x.x

[Nobeernogman]

Hi,

This is what i get on my windows machine at Germany with my dutch DNS server/sniproxy. http://i.imgur.com/gpgoEio.png The server/adress are my dutch hostname+ip adres.

When i put sniproxy off, i will get exact the same results.

The DNS server is working correctly, but i guess sniproxy is not proxy'ing the traffing correctly.

[corporate-gadfly]

Looks like your DNS server is not working properly. The DNS server should respond back with only one IP address. That IP address should be 84.31.x.x. Please double-check all of your named files.

[Nobeernogman]

I am using DNSMasq instead of bind9. Is that a problem?

My /etc/dnsmasq.conf looks like this:

server=212.x.x.x server=212.x.x.x

(the 212 adress is the DNS server from my dutch internet provider)

Or must i add a rule like this in tne DNSMasq config? "server=/netflix.com/[some-ip-address-here?]

[corporate-gadfly]

You are missing an important piece.

DNSMasq is just used to selectively send DNS queries to different DNS servers.

The piece of the puzzle that you are missing is step 3 from this page. You need to run your own DNS server. DNSMasq is not enough by itself.

[Nobeernogman]

I must trow dnsmasq away and install bind9 instead?

[corporate-gadfly]

Yes, you must install bind9 on your Dutch server.

I advocated use of DNSMasq but only on the router. This way only selective DNS traffic goes to my VPS server. I didn't want all DNS traffic to go to my VPS server.

[Nobeernogman]

I hope that i know the problem now. i always tought that dnsmasq or bind9 are both dns servers. but there is a big difference then. Now i am going to sleep. 12.36 pm in holland. hope to fix it tmorrow. i send the results then :)

[Nobeernogman]

New day!

Installed bind 9: sudo apt-get install bind9

Bind9 will start/stop/ normal. But when i edit te config files bind9 wont start anymore.

This is my config

/etc/bind/named.conf.options: http://pastebin.com/P1N3rAQY

/etc/bind/named.conf.local: http://pastebin.com/L5rSdUBu

/etc/bind/zones.override: http://pastebin.com/Xt64KASh

/etc/bind/db.override: http://pastebin.com/wcz303fC

Result:Starting domain name service...: bind9 failed!: https://db.tt/dsOR2w40

[corporate-gadfly]

Result:Starting domain name service...: bind9 failed!: https://db.tt/dsOR2w40

Please provide the output of named-checkconf -p

[Nobeernogman]

First was the output of : named-checkconf -p: https://www.dropbox.com/s/clqr6qxwjenys41/2013-11-03%2017_58_32-pi%40pi2_%20_etc_bind.png (permission denied)

Then i did a sudo chmod 755 for the rndc.key file, now i will get this output: http://pastebin.com/PssEBScD

But still fail to start bind9.

[corporate-gadfly]

Looks okay to me. You should not change the permission of rndc.key to 755. Instead, I should have explicitly said to run sudo named-checkconf -p. I don't have any other ideas for getting bind9 running :-(

[Nobeernogman]

Sorry, what is the default persmission setting for rndc.key? with sudo named-checkconf -p i get the following:

/etc/bind/named.conf.options:5: expected IP address near 'This'

https://www.dropbox.com/s/mohpgyix3g5q976/2013-11-03%2018_08_15-pi%40pi2_%20_etc.png

[corporate-gadfly]

1. -rw-r----- 1 bind bind 77 Aug 14 23:28 /etc/bind/rndc.key
2. line 5 in /etc/bind/named.conf.options has the word This. Put a # mark in front of it. Should be like this:

        212.54.x.x; # This is a DNS server from my internet service provider.
        212.54.x.x; # This is a DNS server from my internet service provider.

[Nobeernogman]

Fixed the # part. But still 'fail' when i start bind9. Output of sudo named-checkconf -p: http://pastebin.com/YQVtkdUS

[corporate-gadfly]

Fixed the #. Output of sudo named-checkconf -p: http://pastebin.com/YQVtkdUS

Should be able to start now, shouldn't it?

[Nobeernogman]

Nope, stil the big red "failed" in my screen. My last hope is asking you to help me with teamviewer. That would be great. This also looks more like a chatroom here :$

[corporate-gadfly]

I have TeamViewer 8 running on a Mac.

[corporate-gadfly]

Few more attempts to fix:

1. Output of cat /etc/default/bind9?
2. Output sudo named -g -u bind?

[Nobeernogman]

output of cat /etc/default/bind9: (#) run resolvconf? RESOLVCONF=no

(#) startup options for the server OPTIONS="-u bind"

---

Output of sudo named -g -u bind http://pastebin.com/uNVBNTLV

I made a 10minutes mail, i dont want to put my teamviewer details here. I will answer back with my normal Gmail mail adres.

c133728@drdrb.com