I am trying to route netflix traffic over vpn1 and have run into a snag with a chromecast. The routing works using the netflix app on my android phone but when I try to cast to the chromecast I get the dreaded proxy error.
I believe the problem lies within the hard coded DNS on the chromecasts, also I have read that the chromecasts now use DNS over TLS.
I am using the shell script method and this is my nat-start file.
Code:
#!/bin/sh
### IPSET Shell Script Method
sh /jffs/scripts/x3mRouting/load_ASN_ipset_iface.sh 1 NETFLIX AS2906
sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 1 NETFLIX1 amazonaws.com,netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net,nflximg.com,netflix.net,nflxext.com,nflxso.net
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 8.8.4.4 -p udp --dport 53 -j DNAT --to 162.168.0.1
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 8.8.8.8 -p udp --dport 53 -j DNAT --to 162.168.0.1
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 8.8.4.4 -p tcp --dport 53 -j DNAT --to 162.168.0.1
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 8.8.8.8 -p tcp --dport 53 -j DNAT --to 162.168.0.1
ip6tables -I FORWARD --destination 2001:4860:4860::8844 -j REJECT
ip6tables -I FORWARD --destination 2001:4860:4860::8888 -j REJECT
iptables -A INPUT -p tcp --destination-port 853 -j DROP
iptables -A OUTPUT -p tcp --destination-port 853 -j DROP
What am I doing something wrong here?
Should I be using something like this instead of the PREROUTING/FORWARD/IN/OUT rules to route requests from the chromecast to port 53 and port 853(DoT) to vpn1?
Code:
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range <CHROMECAST_IP> -p tcp -m multiport --dport 53,853 -j MARK --set-mark 0x1000/0x1000
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range <CHROMECAST_IP> -p udp -m multiport --dport 53,853 -j MARK --set-mark 0x1000/0x1000
Also, thanks for the excellent work on this project Xentrk.