[HOWTO] Chromecast/Netflix outside USA without VPN

Search This thread

Seano22

Member
Oct 7, 2013
6
0
An error?! that is strange. Stranger that it still works for you with an error. Just for clarity's sake, what exactly works for you now?
Being able to access Netflix from your PC should work by just changing the DNS IPs. The iptables commands are required to make Netflix work on Chromecast. Does it work for you?

Can you paste the error in a reply here so I know what you are talking about?


I'm actually out of the house at moment I will try and paste error when I get back. Before I did what you said I couldn't chromecast Netflix from pc or any devices now I can chromecast from pc, ipad, nexus 7. I'm in Australia so not being in the US was stopping me from using Netflix. I am using Unblock-Us so I changed the DNS settings to theirs
 

Seano22

Member
Oct 7, 2013
6
0
An error?! that is strange. Stranger that it still works for you with an error. Just for clarity's sake, what exactly works for you now?
Being able to access Netflix from your PC should work by just changing the DNS IPs. The iptables commands are required to make Netflix work on Chromecast. Does it work for you?

Can you paste the error in a reply here so I know what you are talking about?

admin@192.168.1.1's password:
> # iptables -t nat -I PREROUTING -d 8.8.4.4 -j DNAT --to-destination 111.118.175.56

sshd:error:636.830:processInput:395:unrecognized command # iptables -t nat -I PREROUTING -d 8.8.4.4 -j DNAT --to-destination 111.118.175.56
 

varun.c.jain

Senior Member
Dec 24, 2010
58
44
Bern
admin@192.168.1.1's password:
> # iptables -t nat -I PREROUTING -d 8.8.4.4 -j DNAT --to-destination 111.118.175.56

sshd:error:636.830:processInput:395:unrecognized command # iptables -t nat -I PREROUTING -d 8.8.4.4 -j DNAT --to-destination 111.118.175.56

Hey the # was supposed to indicate that you are writing the command against a prompt. It is not part of the actual command! My mistake. The prompt in your case is the > symbol.

So as I said, Netflix works for you on all your devices currently, because you have properly configured your router with the Unblock-US DNS IPs. However, Netflix won't work on your Chromecast yet. For that you shall have to use the commands (this time without the misleading #)
Code:
iptables -t nat -I PREROUTING -d 8.8.4.4 -j DNAT --to-destination 208.122.23.23
iptables -t nat -I PREROUTING -d 8.8.8.8 -j DNAT --to-destination 208.122.23.22

P.S. I don't see 11.118.175.56 as the DNS IP on Unblock-US. The correct IPs are 208.122.23.22 and 208.122.23.23. Here is the source of my information from the Unblock-US website: Setting up a generic router
 

Seano22

Member
Oct 7, 2013
6
0
My mistake I think the first time I did it I didn't use the # it didn't look like it did anything so I added the #, I am able to chromecast Netflix from my devices
 

Seano22

Member
Oct 7, 2013
6
0
My mistake I think the first time I did it I didn't use the # it didn't look like it did anything so I added the #, I am able to chromecast Netflix from my devices


The DNS 11.118.175.56 is what Unblock-US gave me when I first joined I think they have changed to new ones but
The old ones still worl
 

noamxda

New member
Oct 8, 2013
4
1
chromecast withoutVPN

Hello All,
Firstly, Thank u so much Junior member for this awesome tutorial really put some hope into my Cast device.
Please forgive me for the nonexpertee this is my first message in xda.

I read the manual and i have a NETGEAR DGN2200 router which does not support DD-WRT. Anyway i connected to the Unlocator service ,setup the DNS and got an active IP for the router. I had some trouble on the next step.

I didn't find the DNSMasq option in my router manager smart wizard (i attached a printscr for the routers interface).
Mean that, I understood that the main part is to define the iptables and for that I enabled Telnet Client but actually i didn't know how to connect to the host and what are the particular commands that I should write down (what's my host IP/name anyway?)
Is the last part, if working, enough for enabling the neflix without the VPN?
what should I look for in the web? And how should i enable those firewall rules?


Thank U very much for any comment , Im really tired to burn out hours trying to fix that...

**p.s. I Use "Hola" as a free VPN service
 

Attachments

  • NETGEAR1.jpg
    NETGEAR1.jpg
    245.9 KB · Views: 501
  • NETGEARFIREWALL.jpg
    NETGEARFIREWALL.jpg
    262.2 KB · Views: 381
  • Like
Reactions: paracha3

varun.c.jain

Senior Member
Dec 24, 2010
58
44
Bern
Mean that, I understood that the main part is to define the iptables and for that I enabled Telnet Client but actually i didn't know how to connect to the host and what are the particular commands that I should write down (what's my host IP/name anyway?)

To begin with, you're welcome for anything that helped you. I quickly Googled up the possible ways to use the iptables commands for you on your Netgear DGN2200 router:
 
  • Like
Reactions: noamxda

noamxda

New member
Oct 8, 2013
4
1
[*]My source of information is ...
[*]Enable the Telnet shell by using the debug backdoor by opening ..
[*]View your current iptables rules
Code:
iptables -t nat -L PREROUTING
[*]If this works, then go ahead and use the iptables commands which have been mentioned in the first post
[/LIST]

Thanks for the quick reply. Actually I was already working with this source but yet didn't manage to connect properly to Telnet.
I enabled debug but this time i tried (and succeded) in the same time to connect to the router's IP with the commands:
Code:
telnet
o
192.168.0.1
I also tried to connectd to the IP i've got from Unlocator and got into BusyBox v.1 ,which allows me commands like #free or #df ,but didn't respond to iptabels (returned - iptables:not found).
How do I embed new rules and to which host do I need to connect?

THX again
 

varun.c.jain

Senior Member
Dec 24, 2010
58
44
Bern
I enabled debug but this time i tried (and succeded) in the same time to connect to the router's IP with the commands:
Code:
telnet
o
192.168.0.1

Yeah so you are able to open a Telnet session to your router at 192.168.0.1, which is exactly what the debug backdoor provides. This is the session in which you are supposed to type the iptables commands. You never mentioned whether you tried those commands or not.

I am not sure what you mean by
I also tried to connectd to the IP i've got from Unlocator
Which IP did Unlocator give to you? Are you talking about the Unlocator DNS IPs? You aren't expected to connect to these IPs via Telnet or anything. These IPs are simply the DNS servers, which you should configure in your router's DNS section.
 

noamxda

New member
Oct 8, 2013
4
1
Yeah so you are able to open a Telnet session to your router at 192.168.0.1, which is exactly what the debug backdoor provides. This is the session in which you are supposed to type the iptables commands. You never mentioned whether you tried those commands or not.

As I described, I've connected to the BusyBox via telnet but the iptables commands returned: "iptables:not found" .I'll added some screenshots below.. anyway, should I have in this point a physical connection to the router (I'm connected wireless).
THX
TELNET2.jpg
 

varun.c.jain

Senior Member
Dec 24, 2010
58
44
Bern
As I described, I've connected to the BusyBox via telnet but the iptables commands returned: "iptables:not found" .I'll added some screenshots below.. anyway, should I have in this point a physical connection to the router (I'm connected wireless).

Ok I see, so there this shell doesn't include iptables. Unfortunately I can't help you then. The source from where we got this information talks about Netgear DGN220v3. I don't suppose your HW version is v3, so you are unable to see the same options as he can. The only solution I can give you is to try and install a Custom Firmware for DGN2200, all at your own risk.

If this is too much for you, then just get a cheap Wifi router like the TP-Link TL-WR702N for your Wifi LAN, and configure your existing Netgear DGN220 in bridge mode. There is always a workaround.
 
Last edited:

noamxda

New member
Oct 8, 2013
4
1
Yep, I knew there is something fishy...
I think that im going to preform the firmware update. I guess it's gonna be pretty though but ill survive! Do you think that the update will remove the shell and enable me to write down the iptables?
Thank U so much for saving me a lot of time and money.
 

Antiq

Member
Jun 16, 2013
7
2
Hulu+ app on Android is not working "Bad response from server [34]" :( Is there any solution like for netflix? :confused:
 

varun.c.jain

Senior Member
Dec 24, 2010
58
44
Bern
Hulu+ app on Android is not working "Bad response from server [34]" :( Is there any solution like for netflix? :confused:
The same solution should work for Hulu+ too. Unlocator's DNS should lift the geoblocking restrictions for Hulu+ just like it does for Netflix. I haven't subscribed to Hulu+ so cannot say for sure if you can Chromecast it from Android, but I can sure watch Hulu on my PC using Unlocator. I believe it should be no different when working with Chromecast.
 

CliveWRSA

Member
Aug 6, 2013
39
15
Cape Town
Working with Ubuntu and PPPOE

Using the already available information on the internet and a few threads of this XDA forum, I figured out how to get Netflix working in Switzerland, without having to use a VPN service.

DISCLAIMER: This is not a replacement for a VPN service and its functionality, but an alternative way to use geoblocked websites outside their origin countries. This workaround needs you to have either a DD-WRT router or atleast a router on which you can configure iptables via CLI.

  • Sign up for the free beta at Unlocator
  • You will need admin access to your home router. Connect to this router via web interface or command line whichever is applicable.
  • Follow Setup Guides for Multiple Devices and setup your home router with the Unlocator DNS IPs
  • Follow How to Setup DD-WRT to Work With Chromecast
  • I didn't have a DD-WRT router but with admin access I could use the commands in the previous step on the command line of my TP-Link W8960N router.
  • You can replace the DNS IPs in these commands with any other service that you are using for eg. Unblock-US
    Code:
    iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 50.112.186.233
    iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 50.112.143.40
  • Try playing any Netflix content in the Chrome browser, and use the Netflix player's Chromecast button to cast your content. It will work without any issues as your Chromecast will be able to bypass having to query Google's DNS and query Unlocator's DNS.
  • You can now try the same from any Android or iOS device using the appropriate Netflix app. (You can find the Netflix apk here)
  • Happy Netflixing! :highfive:

Here are detailed and confirmed working steps to:

I just would like to let people know this method works just fine if your internet gateway is an Ubuntu Server and you are dialing your internet over PPPOE.

My iptables rules are as follows.

-A PREROUTING -p tcp -m tcp -d 8.8.8.8/32 --dport 53 -j DNAT --to-destination 196.41.139.189
-A PREROUTING -p udp -m udp -d 8.8.8.8/32 --dport 53 -j DNAT --to-destination 196.41.139.189
-A PREROUTING -p tcp -m tcp -d 8.8.4.4/32 --dport 53 -j DNAT --to-destination 196.41.139.189
-A PREROUTING -p udp -m udp -d 8.8.4.4/32 --dport 53 -j DNAT --to-destination 196.41.139.189
-A PREROUTING -p udp -m udp -d 192.168.1.1/32 -i p135p1 --dport 53 -j DNAT --to-destination 196.41.139.189
-A PREROUTING -p tcp -m tcp -d 192.168.1.1/32 -i p135p1 --dport 53 -j DNAT --to-destination 196.41.139.189

I use unotelly for my Netflix unblocking. I live in South Africa.

Regards to all

Thanks to OP for the original work around.
 
Last edited:
  • Like
Reactions: L3RMiNi

ykphuah

Senior Member
Dec 17, 2009
417
38
Asus RT-N12

Thanks for the instructions!

Would like to add on that for Asus RT-N12, I just need to enable Telnet, and then I can run the two iptables commands after logging in to telnet. DD-WRT is not needed. It doesn't persist after reboot though.
 
Last edited:

CliveWRSA

Member
Aug 6, 2013
39
15
Cape Town
Thanks for the instructions!

Would like to add on that for Asus RT-N12, I just need to enable Telnet, and then I can run the two iptables commands after logging in to telnet. DD-WRT is not needed. It doesn't persist after reboot though.

Nice one :)

I'm quite sure you could add your own init script that will apply the settings when the router boots. Or amend it to some rc script somewhere.
 

ykphuah

Senior Member
Dec 17, 2009
417
38
Nice one :)

I'm quite sure you could add your own init script that will apply the settings when the router boots. Or amend it to some rc script somewhere.

Well, I am quite well versed with Linux, and tried to look for ways to do this in 2 hours, failed, and gave up.

Basically the whole /etc/ is mounted on /tmp and will get wiped out on every boot.

If you have any clue how to do this please let me know!
 

CliveWRSA

Member
Aug 6, 2013
39
15
Cape Town
Well, I am quite well versed with Linux, and tried to look for ways to do this in 2 hours, failed, and gave up.

Basically the whole /etc/ is mounted on /tmp and will get wiped out on every boot.

If you have any clue how to do this please let me know!

I had a poke around for stuff about your router. From what I can find, you are correct in that its not as simple as an rc script on boot. Looks like your only option is a custom modfs implementation, or going with DD-WRT. Which is pretty awesome anyways.

My router is only used as an ATM point for dialing internet from my linux server. So it was much simpler for me than doing stuff on the router.

Your only other option would be to get a little Mikrotik routerboard and set up some routing rules on that.

Good luck mate
 

croques

Senior Member
Oct 20, 2009
427
80
ping

the ping times just recorded for unlocator's dns is
Code:
15 packets transmitted, 15 received, 0% packet loss, time 14020ms
rtt min/avg/max/mdev = 158.718/166.061/177.317/5.924 ms

whilst Google's dns is
Code:
12 packets transmitted, 12 received, 0% packet loss, time 11017ms
rtt min/avg/max/mdev = 16.914/17.496/18.799/0.581 ms

I know unlocator is only a beta but those times are the pits.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 29
    Using the already available information on the internet and a few threads of this XDA forum, I figured out how to get Netflix working in Switzerland, without having to use a VPN service.

    DISCLAIMER: This is not a replacement for a VPN service and its functionality, but an alternative way to use geoblocked websites outside their origin countries. This workaround needs you to have either a DD-WRT router or atleast a router on which you can configure iptables via CLI.

    • Sign up for the free beta at Unlocator
    • You will need admin access to your home router. Connect to this router via web interface or command line whichever is applicable.
    • Follow Setup Guides for Multiple Devices and setup your home router with the Unlocator DNS IPs
    • Follow How to Setup DD-WRT to Work With Chromecast
    • I didn't have a DD-WRT router but with admin access I could use the commands in the previous step on the command line of my TP-Link W8960N router.
    • You can replace the DNS IPs in these commands with any other service that you are using for eg. Unblock-US
      Code:
      iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 185.37.37.37
      iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 185.37.37.185
    • Edit: Due to some problems with newer Netflix app versions on the Chromecast build 19084 these iptables rules seem to be a better option. They redirect only DNS requests made to Google servers to the server of your choice
      Code:
      iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 185.37.37.37
      iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 185.37.37.37
    • Try playing any Netflix content in the Chrome browser, and use the Netflix player's Chromecast button to cast your content. It will work without any issues as your Chromecast will be able to bypass having to query Google's DNS and query Unlocator's DNS.
    • You can now try the same from any Android or iOS device using the appropriate Netflix app. (You can find the Netflix apk here)
    • Happy Netflixing! :highfive:

    Here are detailed and confirmed working steps to:
    4
    I have found a solution that works for me, and I think it would do for everyone who uses private DNS servers as Unblock-Us or Unlocator. The only thing you need is a router capable of filtering outgoing connections, and every router I have seen can do this as part of the built-in firewall without need of flashing an alternate firmware that supports iptables (such as openwrt).

    You only need to put two rules on your router firewall to block outgoing packets to Google DNS Servers (8.8.8.8 and 8.8.4.4) for TCP/UDP and port 53 (DNS). This way, Chromecast will get a timeout trying to reach Google DNS Servers and will fallback to your router defined DNS servers and your Netflix or Hulu will work again!
    4
    Let me know if you get it working. I'll have an fritz 7390 with the same problems.


    I have an FB 7320 and it is working with routing the google IPs to some unused IP...

    But you have to be careful how you enter the the google IPs (it should not be 8.8.8.8 and 8.8.4.4,
    but should be 8.8.8.0 and 8.8.4.0 - because FB does not allow to enter netmask 255.255.255.255).

    So it should look like:
    IP: 8.8.8.0
    Subnetmask: 255.255.255.0
    Gateway:192.168.178.222 (per default you have the FB configured as GW 192.168.178.1,
    so it must be in this network - and in this example .222 is an IP which is not used by any host).

    And same for IP 8.8.4.0.
    4
    This looks interesting mate.

    Do you have any idea if its possible on DDWRT / tomato?

    Is it a firewall script like this one (that i have been using but no longer works. Presumably because of the return.

    iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j DNAT --to-destination

    I saw a script on reddit that is currently working just fine in my tomato-based router. You can use it to redirect all traffic going out on TCP/UDP port 53 to a specific IP address:

    iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.1
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.1

    (assumes router IP is 192.168.1.1 - change accordingly or reroute to your smart DNS server of choice directly)
    (assumes interface is br0 - change accordingly)
    3
    I re-direct the Google DNS requests in the Router, using Static Routes, which works quite well.

    The static route method redirects Google DNS lookups to a black hole, so that no response is returned. That's equivalent to blocking Google DNS. That won't work with the new Android Netflix app 3.7.2. The iptables method might work because the app will get a valid response to its domain lookup.