tag:blogger.com,1999:blog-6120228533311158172.post3931905771059136196..comments2022-12-13T15:56:58.548+00:00Comments on on many things randomly and in no particular order: DIY clone of Netflix Tunlr/Unblock-Us/UnoTelly on cheap US based VPSbelodetekhttp://www.blogger.com/profile/01617937936106321211noreply@blogger.comBlogger168125tag:blogger.com,1999:blog-6120228533311158172.post-20917458755559364642015-01-07T11:44:00.814+00:002015-01-07T11:44:00.814+00:00Thank you, hopefully it all works for you.
If you...Thank you, hopefully it all works for you.<br /><br />If you encounter any issues, do let me know and I'll try to help..<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-14749068122221763102015-01-07T11:38:31.694+00:002015-01-07T11:38:31.694+00:00Really appreciate this guide - most thorough I hav...Really appreciate this guide - most thorough I have found on the net so far for "smart dns" setup. I've not put it into practice yet but all makes sense (which is a good thing!). Once I have this working i'm going to make a YouTube guide too, with credits to you ad the other sources I found. Excellent!Philhttps://www.blogger.com/profile/10909725650146735628noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-88579828467013307872015-01-05T18:56:11.988+00:002015-01-05T18:56:11.988+00:00Very interesting.. I also found this:
http://www.e...Very interesting.. I also found this:<br />http://www.engadget.com/2015/01/03/netflix-clamps-down-on-vpns/<br /><br />Response from Netflix apparently. Not sure how true, but may not be as bad as the original article suggests.<br /><br />In any case, your own DIY solution should be much more bullet proof with respect to these counter measures, as long as not too many Netflix users appear to come from a single IP at the same time.<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-33997234597726864392015-01-04T17:35:19.500+00:002015-01-04T17:35:19.500+00:00Are you 100% sure where your server is located? Tr...Are you 100% sure where your server is located? Try tunnel through it and visit www.ip2location.com. Or even better, add that domain to bind and SNI proxy. What does that tell you?<br /><br />Oh, here's a link everyone should read:<br />http://gizmodo.com/it-looks-like-netflix-is-cracking-down-on-vpn-pirating-1677277648Mikaelhttps://www.blogger.com/profile/15191577644825288837noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-36492135744384522372015-01-04T17:11:01.542+00:002015-01-04T17:11:01.542+00:00..yep all that those tests resut as expected and I.....yep all that those tests resut as expected and I did changed my local DNS.<br /><br />Help me to understand something so maybe I will figure this out. They way your hack works is:<br /><br />1. My local device (the one running netflix) resolves any netflix doain to my remote VPS<br /><br />2. VPS receives the call on port 80 and 443 from my local and forwards it to Netflix actual servers<br /><br />3. Netflix servers receive the call with the src ip of my VPS so they respond as they would to an american client.<br /><br />.. but if this is correct then all the streaming would be going through the VPS..so I most be wrong somwhereAnonymoushttps://www.blogger.com/profile/04528339977479398381noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-47450425134248790462015-01-04T08:05:17.768+00:002015-01-04T08:05:17.768+00:00Thank you for spotting the typo, I'll update t...Thank you for spotting the typo, I'll update the guide.<br /><br />Make sure you are changing DNS servers on the machine you are watching Netflix on, not on your VPS.<br /><br />There are some diagnostic tests at the end of the tutorial, which hopefully you've run locally on yor VPS. The DNS test should resolve to your local VPS IP.<br /><br />Then also try resolving it directly against your local BIND instance:<br />dig netflix.com @127.0.0.1<br /><br />Have a look at the response to make sure it is giving you a US Netflix cluster..<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-9383890201225260112015-01-03T22:54:58.694+00:002015-01-03T22:54:58.694+00:00Nice tutorial. I got it all working but Im still g...Nice tutorial. I got it all working but Im still getting my local netflix (scratching head).<br /><br />Im sure Ive changed the dns servers (did so by editing /etc/resolv.conf).<br /><br />Also to be even more sure I shut down sniproxy and tested..netflix.com times out. Turn sniproxy back up and..local netflix. Cant figure it out. Any advices?<br /><br />btw there seems to be a mistake in your bind configurations:<br /><br />include "/etc/named/etc/zones.override";<br /><br />should be:<br /><br />include "/etc/named/zones.override";Anonymoushttps://www.blogger.com/profile/04528339977479398381noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-61714294559594251022015-01-02T07:19:10.139+00:002015-01-02T07:19:10.139+00:00You can add a directive into named.conf to limit t...You can add a directive into named.conf to limit the DNS response rate as follows:<br />https://deepthought.isc.org/article/AA-00994/0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html<br /><br />Seems to work pretty well on my box. If you are also all using static IPs, you could lock it right down in up tables, but I realise that isn't always practical.<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-46642932512250225052015-01-02T00:04:30.390+00:002015-01-02T00:04:30.390+00:00I am just worried about the bad guys using my vps ...I am just worried about the bad guys using my vps for DNS DDoS Amplification Attack. Would Iptables be enough to secure DNS. Since, I am sharing my vps IP with many friends and colleagues. I feel concerned. Any advice??CrowdBerrieshttps://www.blogger.com/profile/10152812037954385129noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-14738633275596777952014-12-30T09:30:36.330+00:002014-12-30T09:30:36.330+00:00Good point, I am also hosting a small public site ...Good point, I am also hosting a small public site using httpd on another VPS with sniproxy where I've configured httpd to bind to localhost:80 and in my sniproxy.conf, I've go the following:<br /><br />listener my.vps.public.ipv4 80 {<br /> proto http<br />}<br /><br />table {<br /> mydomain.\info 127.0.0.1:80<br />}<br /><br />So snipropxy is binding the the public IP and sends any traffic for the local domain to my httpd instance. Seems to work fine so far.<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-76796833918201020472014-12-30T09:20:49.405+00:002014-12-30T09:20:49.405+00:00If you want to use apache/nginx/whatever as a http...If you want to use apache/nginx/whatever as a httpd server you can easily do that:<br />1. Change Apache default ports, in my case I changed 80 to 81 (didn't try https)<br />2. Add a rule in the table part of sniproxy.conf: <i>yourdomain.com 127.0.0.1:81</i><br />3. Restart apache and sniproxy (in that order)Mikaelhttps://www.blogger.com/profile/15191577644825288837noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-48257635489585877292014-12-30T07:47:07.147+00:002014-12-30T07:47:07.147+00:00That’s a good article. I personally prefer UnoTell...That’s a good article. I personally prefer UnoTelly. It’s similar to unblock-us (or other DNS service) but they offer a DNS server close to physical location and I can achieve better performance.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-36906725370236660622014-12-12T09:10:33.913+00:002014-12-12T09:10:33.913+00:00So you were probably using a more advanced commerc...So you were probably using a more advanced commercial service, where they have a different proxy listener for each distinct hostname (we are proxying everything using one listener).<br /><br />If you wanted to set something like that up yourself, you could follow this guide:<br />http://trick77.com/2014/03/02/dns-unblocking-using-dnsmasq-haproxy/<br /><br />This one works pretty well, but you'll need an additional piece of kit at home - a small Linux router with DNSmasq and IPtables.<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-55357291005663174732014-12-11T21:33:55.279+00:002014-12-11T21:33:55.279+00:00See that's the catch, I'm not sure what co...See that's the catch, I'm not sure what configuration they were running on those numbers.<br /><br />The new setup you VERY helpfully provided works great...but of course my WDTVlive doesn't seem to use SNI....so it doesn't work.<br /><br />I may either replace it with a different device or try something with the router, but those previous dns numbers DID work without any changes on my part...I'm just trying to see if I can identify what they did to have that happen...perhaps I can duplicate it :)<br /><br />Any suggestions as usual are hugely apppreciated :)Davidhttps://www.blogger.com/profile/10708832858925280632noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-53618788305461668872014-12-11T08:54:03.366+00:002014-12-11T08:54:03.366+00:00Hi David, do you mean that the 3rd party DNS serve...Hi David, do you mean that the 3rd party DNS server you were using before with your WD box worked and this configuration does not?<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-4998952798152038912014-12-10T22:02:16.553+00:002014-12-10T22:02:16.553+00:00Hey there guys,
In the past I've been given d...Hey there guys,<br /><br />In the past I've been given dns numbers by friends for the western digital tv live plus box, and they worked just fine...for a while.<br /><br />Any suggestions on what those dns's might have been doing to make it work for western digital?Davidhttps://www.blogger.com/profile/10708832858925280632noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-34689774017221460272014-12-10T09:26:00.489+00:002014-12-10T09:26:00.489+00:00Dear Cloud, the most valuable advice I can give yo...Dear Cloud, the most valuable advice I can give you is to do your own research using all of the free tools available to you, such as Google.<br /><br />And also remember, when people give you money for a service, they expect quality, which for a technical service usually means a lot of hard work in designing it correctly from the start.<br /><br />Good luck!<br /><br /> -- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-7794221112670251202014-12-10T09:17:19.950+00:002014-12-10T09:17:19.950+00:00Hi Ab,
Thank You for your help. I'm planning ...Hi Ab,<br /><br />Thank You for your help. I'm planning to implement like commercial for unblocker service like unotelly.com. <br /><br /> For that What i have to do?. Give me valuable suggestions?.<br /><br />Thank You.<br /><br />CloudAnonymoushttps://www.blogger.com/profile/01363929308008355718noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-32226275908097514562014-12-04T09:48:28.961+00:002014-12-04T09:48:28.961+00:00Hello, thank you for your support.
I think all yo...Hello, thank you for your support.<br /><br />I think all you need is the following restrictions in your iptables configuration:<br /><br /># iptables -A INPUT -s 86.144.x.y/32 -p udp -m udp --dport 53 -j ACCEPT<br /># iptables -A INPUT -s 86.144.x.y/32 -p tcp -m tcp --dport 80 -j ACCEPT<br /># iptables -A INPUT -s 86.144.x.y/32 -p tcp -m tcp --dport 443 -j ACCEPT<br /><br />Where 86.144.x.y is your home IP address, from which you will be accessing the DNS/HTTP proxy on your VPS.<br /><br />Provided those rules are in place, no one else on the internet will be able to query your DNS or proxy through your VPS.<br /><br />Make sure you test this is actually the case once you put the rules in place, by trying to do a DNS lookup from an unauthorised IP.<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-13341073784421774562014-12-04T04:38:33.991+00:002014-12-04T04:38:33.991+00:00Hi Great tutorial, I have been using it for 2 mont...Hi Great tutorial, I have been using it for 2 months without any error and i want to thank you for that.<br />Recently my VPS was held hostage to target an attack as it is an Open DNS Resolver(I am only using it for SNI Proxy).<br />What steps have you taken to harden your VPS, can you please suggest some if you have got time. <br />I have added all the firewall rules as you suggested in your post and also am running Denyhosts.neeshuhttps://www.blogger.com/profile/01112591189883752445noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-82468223690470488022014-11-18T12:08:57.075+00:002014-11-18T12:08:57.075+00:00So what specific issue(s) are you having when buil...So what specific issue(s) are you having when building/installing sniproxy on your Azure VM?<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-90557321571268911902014-11-17T22:27:19.637+00:002014-11-17T22:27:19.637+00:00I'm having issues... I get to the point where ...I'm having issues... I get to the point where I type telnet serverip 80 and Im getting could not open connection to the host, on port 80: connection failed. The main diference in my setup was that I used the following rule for my iptables:<br /><br />[root@server]# iptables -I INPUT 1 -j ACCEPT<br />[root@server]# iptables -I OUTPUT 1 -j ACCEPT<br /><br />this is because the machine I was on wasn't my home device and this was for testing purposes (I was going to restrict later)<br /><br />Oh also, my sniproxy I had to use their install guidelines as yours wern't working.<br /><br />It's being hosted on azure and I've added endpoints for the 3 ports as described by your iptables michaelhttps://www.blogger.com/profile/11706311914573504122noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-92068405461639529202014-11-07T09:51:06.052+00:002014-11-07T09:51:06.052+00:00Having the same issue with debchange on CentOS 6.5...Having the same issue with debchange on CentOS 6.5 . Was working with a previous VPS now having issues with installshttps://www.blogger.com/profile/03202213438968676377noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-66473810866514456522014-11-03T08:29:40.467+00:002014-11-03T08:29:40.467+00:00Have you tried Google?
http://manpages.ubuntu.com...Have you tried Google?<br /><br />http://manpages.ubuntu.com/manpages/precise/en/man1/dch.1.html<br /><br />http://stackoverflow.com/questions/18957811/debian-packages-on-xubuntu-install-debchange-dch<br /><br />You probably want to:<br /># sudo apt-get install devscripts<br /><br />-- ab1belodetekhttps://www.blogger.com/profile/01617937936106321211noreply@blogger.comtag:blogger.com,1999:blog-6120228533311158172.post-49567101223476696872014-11-03T02:50:42.091+00:002014-11-03T02:50:42.091+00:00Hello There,
i got the bind working but unable to...Hello There,<br /><br />i got the bind working but unable to install sniproxy getting following error when i run ./autogen.sh && ./configure && make dist. I looked through all the comments and didn't find any one else having this issue.<br />can you please what might be causing this. thanks <br /><br />[root@vultr sniproxy]# ./autogen.sh && ./configure && make dist<br />./setver.sh: line 35: debchange: command not found <<<<<<<<<<<Anonymoushttps://www.blogger.com/profile/17313401774677935973noreply@blogger.com