What's new

x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware (1-Nov-2020)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi all - I have recently setup a VPN so I can watch BBC iplayer on my apple TV while temporarily living in Australia.

So far I have got the VPN connection to a UK server working. Installed x3mrouting. Configured the client to use 'policy rules (strict)' and added my apple TV as a specific device/ip to use the VPN. and.... it is working so thanks for this great project on top on another great project - merlin.

The only issue is that I have to switch VPN on/off to toggle between UK and AU services which means it's too hard for wifey and a little bit of a pain for me.

Is there a way to isolate just the BBC iplayer traffic and only push this through the VPN connection?
 
@Xentrk Thank you, I will try that.

Just found out my work laptop doesn't like my VPN for whatever reason. I now have reserved ip 192.168.50.60 to the laptop and want to bypass all traffic from this directly to WAN.

can I still do this with x3mRouting option 3 or do I have to install option 1?

or can I use this option under VPN Client UI.

View attachment 33348
You don't need x3mRouting for only one client bypass. Just as you have it above should work fine. It is suggested that you also route the router IP address to the WAN interface so services like ntp can still be accessed when the VPN is down.
 
Hi all - I have recently setup a VPN so I can watch BBC iplayer on my apple TV while temporarily living in Australia.

So far I have got the VPN connection to a UK server working. Installed x3mrouting. Configured the client to use 'policy rules (strict)' and added my apple TV as a specific device/ip to use the VPN. and.... it is working so thanks for this great project on top on another great project - merlin.

The only issue is that I have to switch VPN on/off to toggle between UK and AU services which means it's too hard for wifey and a little bit of a pain for me.

Is there a way to isolate just the BBC iplayer traffic and only push this through the VPN connection?

A recent update caused some changes to BBC which required some analysis. So far, I have it working with the method below. I am routing ALL BBC traffic to the "source destination" VPN Client 4. So adjust accordingly. The other item is the AWS method may not be required. I noticed many reply records resolving to AWS EU server and added it during the initial analysis. It may work without it but I have not confirmed.

Install x3mRouting option 3. Then, in a SSH command line copy/paste the following after adjusting the "to destination 4":

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 AWS_EU aws_region=EU
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 BBC_ASN asnum=AS2818,AS31459
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 BBC_WEB1 dnsmasq=2cnt.net,at-o.net,bbc.com,bbcverticals.com,co.uk,dotmetrics.net,net.uk

BBC traffic will have a higher priority than the clients specified in the policy table.

For the dnsmasq method to work, you have to have dnsmasq logging enabled.
 
You don't need x3mRouting for only one client bypass. Just as you have it above should work fine. It is suggested that you also route the router IP address to the WAN interface so services like ntp can still be accessed when the VPN is down.
all good with current setup so far.

now I want to route traffic from vpn client 1 to vpn client 5 for website zee5.com. vpn client 1 is connected to newyrok server, vpn client 5 is connected to India server, both on at the same time.

will this work?
Code:
x3mRouting ALL 5 ZEE5  dnsmasq=zee5.com

or should I do this?
Code:
x3mRouting 1 5 ZEE5  dnsmasq=zee5.com
 
Last edited:
A recent update caused some changes to BBC which required some analysis. So far, I have it working with the method below. I am routing ALL BBC traffic to the "source destination" VPN Client 4. So adjust accordingly. The other item is the AWS method may not be required. I noticed many reply records resolving to AWS EU server and added it during the initial analysis. It may work without it but I have not confirmed.

Install x3mRouting option 3. Then, in a SSH command line copy/paste the following after adjusting the "to destination 4":

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 AWS_EU aws_region=EU
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 BBC_ASN asnum=AS2818,AS31459
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 BBC_WEB1 dnsmasq=2cnt.net,at-o.net,bbc.com,bbcverticals.com,co.uk,dotmetrics.net,net.uk

BBC traffic will have a higher priority than the clients specified in the policy table.

For the dnsmasq method to work, you have to have dnsmasq logging enabled.
Thank you for this info - much appreciated.

I think i know what I need to do but how do I 'just' do this action for the one client - my apple TV.

I think i need to adjust the above as follows:

1. change the ALL above to just the IP of my apple tv
2. use the correct VPN client (I have it setup on 2 not 4)
3. remove the client from the list in the policy table

Does that sound right?
 
all good with current setup so far.

now I want to route traffic from vpn client 1 to vpn client 5 for website zee5.com. vpn client 1 is connected to newyrok server, vpn client 5 is connected to India server, both on at the same time.

will this work?
Code:
x3mRouting ALL 5 ZEE5  dnsmasq=zee5.com

or should I do this?
Code:
x3mRouting 1 5 ZEE5  dnsmasq=zee5.com
The first command is correct. It is saying direct ALL domains that end with zee5.com to VPN Client 5. The first parm after x3mRouting is the "source" of the traffic and the third parm the "destination".
 
The first command is correct. It is saying direct ALL domains that end with zee5.com to VPN Client 5. The first parm after x3mRouting is the "source" of the traffic and the third parm the "destination".
I tried the first command, it did not work.
 
Thank you for this info - much appreciated.

I think i know what I need to do but how do I 'just' do this action for the one client - my apple TV.

I think i need to adjust the above as follows:

1. change the ALL above to just the IP of my apple tv
2. use the correct VPN client (I have it setup on 2 not 4)
3. remove the client from the list in the policy table

Does that sound right?
The BBC rule will take priority over rules for LAN clients. For example, you can specify that the Apple TV get routed to VPN Client 1 or the WAN. However, BBC traffic will have a higher priority. We call this the Policy Routing Data Base or RMDB. You can use the "ip rule" command to display the list of rules/priorities.

I have policy rules to route most streaming media to Dedicated/Private VPN and rules to route LAN clients to shared VPN servers.
 
I tried the first command, it did not work.
Is dnsmasq logging enabled? It is required for dnsmasq method.

The other issue is the site may be referencing other domains. For example, for Netflix, you can't just specify dnsmasq=netflix.com. I wish it was that easy. As a result, you will have to do some analysis.
Code:
For example, get our network as quiet as possible. Direct all internet traffic to the destination that will work with zee5.com.  Make sure all browser sessions are closed. In SSH session, run the getdomainnames.sh script. Next specify the name of the output file and device IP address

/jffs/scripts/x3mRouting# sh getdomainnames.sh

Enter a descriptive name of the output file ==> zee

Enter the IP address ==> 192.168.20.152

Press Ctrl-C to stop logging
^C
Done capturing domains from dnsmasq.log
Sorting file.
File contents are:

a.fc.namequery.com
api.quantumgraph.com
apv-launcher.minute.ly
b2bapi.zee5.com
catalogapi.zee5.com
cdn.qgr.ph
cdnapisec.kaltura.com
dbceqs1bhjtwe.cloudfront.net
e4669.dscd.akamaiedge.net
e8959.b.akamaiedge.net
e8959.dscb.akamaiedge.net
e8959.dscf.akamaiedge.net
geolocation.onetrust.com
subscriptionapi.zee5.com
users.quantumgraph.com
vid.zee5.com

File location is: /opt/var/log/zee

I suspect the domains that contain the words specified below are being used by the site. So run a scan to just list domains with those words:

Code:
/jffs/scripts/x3mRouting# sh autoscan.sh scan=zee,quantum,minute,qgr,kaltura

IPSET Format
-------------------------------------
kaltura.com
minute.ly
qgr.ph
qgraph.io
quantumgraph.com
zee5.com

FQDN Format
-------------------------------------
akamaividz2.zee5.com
api.quantumgraph.com
apv-launcher.minute.ly
b2bapi.zee5.com
catalogapi.zee5.com
cdn.qgr.ph
cdn.qgraph.io
cdnapisec.kaltura.com
comingsoon.zee5.com
gwapi.zee5.com
playerscript.zee5.com
snippet.minute.ly
subscriptionapi.zee5.com
useraction.zee5.com
users.quantumgraph.com
vid.zee5.com
whapi-prod-node.zee5.com
www.zee5.com
zee5.com

I suspect you need to add more top level domain:

Code:
dnsmasq=kaltura.com,minute.ly,qgr.ph,qgraph.io,quantumgraph.com,zee5.com

But it is a trial and error. It took me several days off and on to get it right for BBC and Paramount Plus with their recent changes.

The other thing I do sometimes is use the follow dnsmasq log feature of Diversion to spot other domains. The other trick I do sometimes is to right click on the browswer of the site and view the source code. Then search for .com or .net.
 
Below is an example of view dnsmasq.log option 2 in Diversion. It is the query[A] records we want to specify in the dnsmasq method. The ipset feature of dnsmasq will then load the IPv4 addresses of the reply records.


1619138753006.png
 
The BBC rule will take priority over rules for LAN clients. For example, you can specify that the Apple TV get routed to VPN Client 1 or the WAN. However, BBC traffic will have a higher priority. We call this the Policy Routing Data Base or RMDB. You can use the "ip rule" command to display the list of rules/priorities.

I have policy rules to route most streaming media to Dedicated/Private VPN and rules to route LAN clients to shared VPN servers.
Thanks and appreciate you taking the time to explain this all to me!

So, for my use case (iplayer on appletv) I think i have to choose - either:

1. route the apple TV through the VPN - so turn on VPN when I want to watch iplayer on ATV
2. route all bbc streaming related content through the vpn - so keep vpn on and all LAN clients use VPN for bbc streaming
 
Thanks and appreciate you taking the time to explain this all to me!

So, for my use case (iplayer on appletv) I think i have to choose - either:

1. route the apple TV through the VPN - so turn on VPN when I want to watch iplayer on ATV
2. route all bbc streaming related content through the vpn - so keep vpn on and all LAN clients use VPN for bbc streaming

With Asuswrt-Merlin, you can run from 1 to 5 VPN Clients at the same time. BBC blocks known VPN servers. As a result, I have a dedicated or private IP in UK that is not shared. I then route BBC traffic to the VPN Client to UK. For me, this is VPN client 3. I also have Netflix and other streaming services in my home country that block shared VPNs too. As a result, I route Netflix, Hulu, etc to my Private IP in US. This is VPN Client 1 on my router. Most LAN clients are assigned to use a shared VPN servers in Los Angeles. This is VPN client 2. I also have a few sites I need to route to the WAN. So I use the dnsmasq method for that.

As a result, most of my LAN devices default to Los Angeles for most web traffic. But BBC goes to VPN client 3 and US streaming services to VPN client 1. The x3mRouting rules will take higher priority than the LAN rules for clients. So, the clients can also be assigned to use the WAN or a VPN tunnel, but when they access BBC, the traffic will traverse thru the VPN in UK.
 
Is dnsmasq logging enabled? It is required for dnsmasq method.

The other issue is the site may be referencing other domains. For example, for Netflix, you can't just specify dnsmasq=netflix.com. I wish it was that easy. As a result, you will have to do some analysis.
Code:
For example, get our network as quiet as possible. Direct all internet traffic to the destination that will work with zee5.com.  Make sure all browser sessions are closed. In SSH session, run the getdomainnames.sh script. Next specify the name of the output file and device IP address

/jffs/scripts/x3mRouting# sh getdomainnames.sh

Enter a descriptive name of the output file ==> zee

Enter the IP address ==> 192.168.20.152

Press Ctrl-C to stop logging
^C
Done capturing domains from dnsmasq.log
Sorting file.
File contents are:

a.fc.namequery.com
api.quantumgraph.com
apv-launcher.minute.ly
b2bapi.zee5.com
catalogapi.zee5.com
cdn.qgr.ph
cdnapisec.kaltura.com
dbceqs1bhjtwe.cloudfront.net
e4669.dscd.akamaiedge.net
e8959.b.akamaiedge.net
e8959.dscb.akamaiedge.net
e8959.dscf.akamaiedge.net
geolocation.onetrust.com
subscriptionapi.zee5.com
users.quantumgraph.com
vid.zee5.com

File location is: /opt/var/log/zee

I suspect the domains that contain the words specified below are being used by the site. So run a scan to just list domains with those words:

Code:
/jffs/scripts/x3mRouting# sh autoscan.sh scan=zee,quantum,minute,qgr,kaltura

IPSET Format
-------------------------------------
kaltura.com
minute.ly
qgr.ph
qgraph.io
quantumgraph.com
zee5.com

FQDN Format
-------------------------------------
akamaividz2.zee5.com
api.quantumgraph.com
apv-launcher.minute.ly
b2bapi.zee5.com
catalogapi.zee5.com
cdn.qgr.ph
cdn.qgraph.io
cdnapisec.kaltura.com
comingsoon.zee5.com
gwapi.zee5.com
playerscript.zee5.com
snippet.minute.ly
subscriptionapi.zee5.com
useraction.zee5.com
users.quantumgraph.com
vid.zee5.com
whapi-prod-node.zee5.com
www.zee5.com
zee5.com

I suspect you need to add more top level domain:

Code:
dnsmasq=kaltura.com,minute.ly,qgr.ph,qgraph.io,quantumgraph.com,zee5.com

But it is a trial and error. It took me several days off and on to get it right for BBC and Paramount Plus with their recent changes.

The other thing I do sometimes is use the follow dnsmasq log feature of Diversion to spot other domains. The other trick I do sometimes is to right click on the browswer of the site and view the source code. Then search for .com or .net.
I can clearly see from the getdomainnames.sh that the two domains the zee5 app is hitting to detect country, both are xxxx.zee5.com so I added the code for it but still doesn't work. I do not see any other domains names even with Diversion option 2 before the app blocks

I even tried the code you provided with more additional domains, still no luck, can't even get to open the app.
1619143486883.png
 

Attachments

  • 1619142794524.png
    1619142794524.png
    473.1 KB · Views: 120
I can clearly see from the getdomainnames.sh that the two domains the zee5 app is hitting to detect country, both are xxxx.zee5.com so I added the code for it but still doesn't work. I do not see any other domains names even with Diversion option 2 before the app blocks

I even tried the code you provided with more additional domains, still no luck, can't even get to open the app.
View attachment 33375
What is the output of the following

Code:
liststats

Code:
ip rule

Code:
iptables -nvL PREROUTING -t mangle --line

Code:
grep -wc "ipset add ZEE5" /opt/var/log/dnsmasq.log
 
With Asuswrt-Merlin, you can run from 1 to 5 VPN Clients at the same time. BBC blocks known VPN servers. As a result, I have a dedicated or private IP in UK that is not shared. I then route BBC traffic to the VPN Client to UK. For me, this is VPN client 3. I also have Netflix and other streaming services in my home country that block shared VPNs too. As a result, I route Netflix, Hulu, etc to my Private IP in US. This is VPN Client 1 on my router. Most LAN clients are assigned to use a shared VPN servers in Los Angeles. This is VPN client 2. I also have a few sites I need to route to the WAN. So I use the dnsmasq method for that.

As a result, most of my LAN devices default to Los Angeles for most web traffic. But BBC goes to VPN client 3 and US streaming services to VPN client 1. The x3mRouting rules will take higher priority than the LAN rules for clients. So, the clients can also be assigned to use the WAN or a VPN tunnel, but when they access BBC, the traffic will traverse thru the VPN in UK.
Thanks again for all the help. You have a very clever and advanced setup. Amazing.

I have bbc iplayer working on my ATV when i switch on my VPN so this is a good start for now.
 
Suresh@AX86U:/jffs/scripts# liststats

AMAZON - 129
HOTSTAR - 308
NETFLIX - 1924
ZEE5 - 1

Suresh@AX86U:/jffs/scripts# ip rule

0: from all lookup local
9990: from all fwmark 0x8000/0x8000 lookup main
9991: from all fwmark 0x3000/0x3000 lookup ovpnc5
10001: from 192.168.50.60 lookup main
10101: from 192.168.50.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default

Suresh@AX86U:/jffs/scripts# iptables -nvL PREROUTING -t mangle --line


Chain PREROUTING (policy ACCEPT 669K packets, 611M bytes)


num pkts bytes target prot opt in out source destination


1 708 231K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst MARK or 0x8000
2 1392 232K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON dst MARK or 0x8000
3 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set HOTSTAR dst MARK or 0x8000
4 73 10031 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set ZEE5 dst MARK or 0x3000

Suresh@AX86U:/jffs/scripts# grep -wc "ipset add ZEE5" /opt/var/log/dnsmasq.log
64

What is the output of the following

Code:
liststats

Code:
ip rule

Code:
iptables -nvL PREROUTING -t mangle --line

Code:
grep -wc "ipset add ZEE5" /opt/var/log/dnsmasq.log
 
@Suresh Only seeing one IPv4 entry in the ZEE ipset list may be the problem.

Check contents of dnsmasq.conf.add
Code:
grep ZEE /jffs/configs/dnsmasq.conf.add

What reply records are being added?
Code:
grep -w "ipset add ZEE5" /opt/var/log/dnsmasq.log | sort -u
 
@Suresh Only seeing one IPv4 entry in the ZEE ipset list may be the problem.

Check contents of dnsmasq.conf.add
Code:
grep ZEE /jffs/configs/dnsmasq.conf.add

What reply records are being added?
Code:
grep -w "ipset add ZEE5" /opt/var/log/dnsmasq.log | sort -u
Suresh@AX86U:/jffs/scripts# grep ZEE /jffs/configs/dnsmasq.conf.add
ipset=/kaltura.com/minute.ly/qgr.ph/qgraph.io/quantumgraph.com/zee5.com/ZEE5

Suresh@AX86U:/jffs/scripts# grep -w "ipset add ZEE5" /opt/var/log/dnsmasq.log | sort -u

Apr 22 14:05:32 dnsmasq[25939]: ipset add ZEE5 184.25.221.23 e8959.dscb.akamaiedge.net
Apr 22 14:05:34 dnsmasq[25939]: ipset add ZEE5 184.25.221.23 e8959.dscb.akamaiedge.net
Apr 22 14:11:26 dnsmasq[25939]: ipset add ZEE5 184.25.221.23 e8959.dscb.akamaiedge.net
Apr 22 14:11:28 dnsmasq[25939]: ipset add ZEE5 184.25.221.23 e8959.dscb.akamaiedge.net
Apr 22 14:12:14 dnsmasq[25939]: ipset add ZEE5 3.6.97.109 zee5.com
Apr 22 14:12:15 dnsmasq[25939]: ipset add ZEE5 23.77.17.210 e8959.dscf.akamaiedge.net
Apr 22 14:12:17 dnsmasq[25939]: ipset add ZEE5 13.229.253.207 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 14:12:17 dnsmasq[25939]: ipset add ZEE5 54.254.165.227 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 14:22:04 dnsmasq[25939]: ipset add ZEE5 3.6.97.109 zee5.com
Apr 22 14:22:05 dnsmasq[25939]: ipset add ZEE5 13.229.253.207 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 14:22:05 dnsmasq[25939]: ipset add ZEE5 54.254.165.227 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 14:22:13 dnsmasq[25939]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 14:22:15 dnsmasq[25939]: ipset add ZEE5 23.200.13.79 e8959.dscb.akamaiedge.net
Apr 22 21:35:45 dnsmasq[16447]: ipset add ZEE5 23.55.205.9 e8959.dscb.akamaiedge.net
Apr 22 21:35:47 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:39:21 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:39:24 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:39:26 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:39:28 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:39:30 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:39:34 dnsmasq[16447]: ipset add ZEE5 184.28.235.160 a1913.dscd.akamai.net
Apr 22 21:39:34 dnsmasq[16447]: ipset add ZEE5 184.28.235.203 a1913.dscd.akamai.net
Apr 22 21:39:45 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:40:07 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:40:18 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:40:20 dnsmasq[16447]: ipset add ZEE5 184.28.235.160 a1913.dscd.akamai.net
Apr 22 21:40:20 dnsmasq[16447]: ipset add ZEE5 184.28.235.203 a1913.dscd.akamai.net
Apr 22 21:40:30 dnsmasq[16447]: ipset add ZEE5 184.28.235.211 a1865.dscd.akamai.net
Apr 22 21:40:30 dnsmasq[16447]: ipset add ZEE5 184.28.235.224 a1865.dscd.akamai.net
Apr 22 21:40:30 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:40:36 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:40:56 dnsmasq[16447]: ipset add ZEE5 52.84.229.126 d1roptettbrgs5.cloudfront.net
Apr 22 21:40:56 dnsmasq[16447]: ipset add ZEE5 52.84.229.34 d1roptettbrgs5.cloudfront.net
Apr 22 21:40:56 dnsmasq[16447]: ipset add ZEE5 52.84.229.61 d1roptettbrgs5.cloudfront.net
Apr 22 21:40:56 dnsmasq[16447]: ipset add ZEE5 52.84.229.68 d1roptettbrgs5.cloudfront.net
Apr 22 21:42:52 dnsmasq[16447]: ipset add ZEE5 3.6.97.109 zee5.com
Apr 22 21:42:53 dnsmasq[16447]: ipset add ZEE5 13.229.253.207 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 21:42:53 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:42:53 dnsmasq[16447]: ipset add ZEE5 54.254.165.227 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 21:42:55 dnsmasq[16447]: ipset add ZEE5 184.27.122.187 a1863.dscd.akamai.net
Apr 22 21:42:55 dnsmasq[16447]: ipset add ZEE5 184.28.235.203 a1863.dscd.akamai.net
Apr 22 21:42:55 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:42:55 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:42:55 dnsmasq[16447]: ipset add ZEE5 65.0.235.162 whapi-node-prod-16298435.ap-south-1.elb.amazonaws.com
Apr 22 21:42:55 dnsmasq[16447]: ipset add ZEE5 65.1.162.71 whapi-node-prod-16298435.ap-south-1.elb.amazonaws.com
Apr 22 21:42:56 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:42:57 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.b.akamaiedge.net
Apr 22 21:42:57 dnsmasq[16447]: ipset add ZEE5 52.84.229.34 d1vpk0mawbvlvp.cloudfront.net
Apr 22 21:42:57 dnsmasq[16447]: ipset add ZEE5 52.84.229.43 d1vpk0mawbvlvp.cloudfront.net
Apr 22 21:42:57 dnsmasq[16447]: ipset add ZEE5 52.84.229.61 d1vpk0mawbvlvp.cloudfront.net
Apr 22 21:42:57 dnsmasq[16447]: ipset add ZEE5 52.84.229.98 d1vpk0mawbvlvp.cloudfront.net
Apr 22 21:43:15 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:43:48 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 21:49:37 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:49:38 dnsmasq[16447]: ipset add ZEE5 23.195.153.16 e8959.dscb.akamaiedge.net
Apr 22 21:54:57 dnsmasq[16447]: ipset add ZEE5 3.6.97.109 zee5.com
Apr 22 21:54:59 dnsmasq[16447]: ipset add ZEE5 13.229.253.207 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 21:54:59 dnsmasq[16447]: ipset add ZEE5 54.254.165.227 apaclb-611154239.ap-southeast-1.elb.amazonaws.com
Apr 22 21:55:23 dnsmasq[16447]: ipset add ZEE5 23.199.137.102 e8959.dscf.akamaiedge.net
Apr 22 22:03:09 dnsmasq[32381]: ipset add ZEE5 23.41.169.15 e8959.dscb.akamaiedge.net
Apr 22 22:03:10 dnsmasq[32381]: ipset add ZEE5 23.41.169.15 e8959.dscb.akamaiedge.net
 
Your reply above confirms that you should have more than one entry in the ipset list. You can view using the command

ipset -L ZEE5

Another thing is zee5.com is hosted on Amazon AWS server.

1619145917075.png


There may be a conflict with the rule you have for Amazon as you are routing Amazon traffic to the WAN.

It took me several days to analyze BBC with an hour here or there as time allowed. I created a dedicated rule to route the appliance to the VPN. I would start streaming, selecting various menu choices, etc to create traffic. Not only on one device but on laptop and iOs as well. I kept monitoring dnsmasq log and refining until I finally got them all. So it can take some persistence and patience.
 
Your reply above confirms that you should have more than one entry in the ipset list. You can view using the command

ipset -L ZEE5

Another thing is zee5.com is hosted on Amazon AWS server.

View attachment 33376

There may be a conflict with the rule you have for Amazon as you are routing Amazon traffic to the WAN.

It took me several days to analyze BBC with an hour here or there as time allowed. I created a dedicated rule to route the appliance to the VPN. I would start streaming, selecting various menu choices, etc to create traffic. Not only on one device but on laptop and iOs as well. I kept monitoring dnsmasq log and refining until I finally got them all. So it can take some persistence and patience.
You are right, I see only one entry in the ipset.

Suresh@AX86U:/jffs/scripts# ipset -L ZEE5
Name: ZEE5
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 416
References: 1
Number of entries: 1
Members:
23.41.169.15

I can live without amazon.com rule, should I delete both amazon and zee5 and re-add just zee5? hope it populates correctly in ipset list.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top