Redirect google play through vpn

[bilboSNB]

I have had alot of success with the below but there must be a better way, using ipset somehow?

iptables -t mangle -A PREROUTING -d play.google.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 5228 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d r18.sn-aigllnly.c.android.clients.google.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d r18---sn-aigllnly.c.android.clients.google.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d android.l.google.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d clients.l.google.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d android.l.google.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d wallet.google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d checkout.l.google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d google.co.uk -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d www.google.co.uk -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d www.google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d android.clients.google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d 216.239.32.20 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d www4.l.google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d clients1.google.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d s2.googleusercontent.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d googlehosted.l.googleusercontent.com  -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d clients4.google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d www3.l.google.com -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -d plus.google.com -j MARK --set-mark 10

This seems a bit messy to me and I don't want all of a devices traffic redirected.

 

[bilboSNB]

So I have used nslookup to resolve the addresses and manually put them in a file "play"
173.194.44.71
173.194.44.65
173.194.44.68
173.194.44.67
173.194.44.69
173.194.44.70
173.194.44.66
173.194.44.78
173.194.44.72
173.194.44.73
173.194.44.64
173.194.41.142
173.194.41.129
173.194.41.130
173.194.41.136
173.194.41.132
173.194.41.133
173.194.41.137
173.194.41.128
173.194.41.131
173.194.41.134
173.194.41.135
173.194.44.7
173.194.129.247
173.194.78.115
141.8.224.187
173.194.41.138
173.194.41.139
173.194.41.140

Then in firewall-start script:


ipset -N play iphash

for IP in $(cat /jffs/scripts/play)
do
ipset -A play $IP
done


and in my vpn up script:

iptables -t mangle -A PREROUTING -m set --set play dst -j MARK --set-mark 10

This seems to be working ok although it would be nice to automate the creation of play. I think the ipset function of dnsmasq would enable this but is not part of the current fw yet.

 

[bilboSNB]

err no, that attempt was a load of rubbish!

I am using ipset nethash instead with the google networks in the "play" file rather than a handful of googles several thousand ips which was just ridiculous duh.