I have updated the OP with the iptables rules which work for me for Netflix Android app v3.8 and beyond
Last edited:
[HOWTO] Chromecast/Netflix outside USA without VPN
- Thread starter varun.c.jain
- Start date
Sorry for the n00b question but I mentioned people using a Raspberry Pi as an access point to get around these DNS issues - is that still possible after the latest Netflix update with DNS Hardcoded into the app?
Thanks! If it's still possible then I know what I'll be ordering today.
Thanks! If it's still possible then I know what I'll be ordering today.
Unlocator + BBC iPlayer + Chromecast stopped working
Hey Guys!
I have been using Unlocator for about the last 4 weeks. It's been like a dream compared to my previously already awesome solution, TunnelBear. Something must have changed this morning or yesterday on some side of things because I can no longer do what I was doing very easily for the last few weeks.
I'm located in the US.
I own a Chromecast w/ Firmware Version 19084 and country code US
I own a Netgear R6300 running DD-WRT setup with iptables as described here: http://goo.gl/JV0tRO
I own a Mac running OSX 10.10, Chromebook running the latest beta build, Android Phone running 4.4, and iPhone 4s running iOS 7.1. I am running Chrome 38.0.2125.111 on the Mac.
Previous to today, I could start watching content on any of my devices at www.bbc.co.uk/iplayer or the BBC iPlayer Apps AND when I clicked the Cast button it would successfully cast the content onto my Chromecast and continue playing. (I went out and bought a DD-WRT compatible router and paid for Unlocator even though I had 6 months left on Tunnelbear because I was tired of hooking up my computers via HDMI to our TV just so that we could watch BBC - when everything else we've been able to Cast. This was so awesome and felt like Magic when it all came together and worked.)
As of today, I can start watching content on all these devices, but when I try casting to the Chromecast, I get errors on the casting device and a Brain Freeze error on the Chromecast.
Chromecast: brain freeze
We're sorry, but something could not load
Activity Aborted
Android: Google Play Services Error. An error has occurred - please try again. (Error Code: 2002)
Chrome: Unable to cast to device.
An unexpected error occurred.
Please try the following:
Try to cast again
Verify your network connectivity
I have 3 Green Check marks at the Unlocator Dashboard. I visited the IP Updater link. I rebooted my router from within the DD-WRT GUI. I factory reset my Chromecast. I rebooted my Mac. I rebooted my Android phone. (I haven't been able to test on IOS but I suspect the same results). I sent a support email to Unlocator. What else do you guys think I could try out? Did Google or BBC take notice and make a change in the way they check geography? Anyone else experiencing this problem?
I really hope I can find a way to fix this!
Hey Guys!
I have been using Unlocator for about the last 4 weeks. It's been like a dream compared to my previously already awesome solution, TunnelBear. Something must have changed this morning or yesterday on some side of things because I can no longer do what I was doing very easily for the last few weeks.
I'm located in the US.
I own a Chromecast w/ Firmware Version 19084 and country code US
I own a Netgear R6300 running DD-WRT setup with iptables as described here: http://goo.gl/JV0tRO
I own a Mac running OSX 10.10, Chromebook running the latest beta build, Android Phone running 4.4, and iPhone 4s running iOS 7.1. I am running Chrome 38.0.2125.111 on the Mac.
Previous to today, I could start watching content on any of my devices at www.bbc.co.uk/iplayer or the BBC iPlayer Apps AND when I clicked the Cast button it would successfully cast the content onto my Chromecast and continue playing. (I went out and bought a DD-WRT compatible router and paid for Unlocator even though I had 6 months left on Tunnelbear because I was tired of hooking up my computers via HDMI to our TV just so that we could watch BBC - when everything else we've been able to Cast. This was so awesome and felt like Magic when it all came together and worked.)
As of today, I can start watching content on all these devices, but when I try casting to the Chromecast, I get errors on the casting device and a Brain Freeze error on the Chromecast.
Chromecast: brain freeze
We're sorry, but something could not load
Activity Aborted
Android: Google Play Services Error. An error has occurred - please try again. (Error Code: 2002)
Chrome: Unable to cast to device.
An unexpected error occurred.
Please try the following:
Try to cast again
Verify your network connectivity
I have 3 Green Check marks at the Unlocator Dashboard. I visited the IP Updater link. I rebooted my router from within the DD-WRT GUI. I factory reset my Chromecast. I rebooted my Mac. I rebooted my Android phone. (I haven't been able to test on IOS but I suspect the same results). I sent a support email to Unlocator. What else do you guys think I could try out? Did Google or BBC take notice and make a change in the way they check geography? Anyone else experiencing this problem?
I really hope I can find a way to fix this!
Attachments
Were you able to find a solution to this problem.
Also, add this iptables rule with the forwarding rule in your firewall setup:
Code:
iptables -t nat -A POSTROUTING -j MASQUERADELet us know if this works.
Custom DNS server and HOLA!
Would it be possible to run my own DNS server, and use that server with HOLA! ?
I can run netflix on android and on my pc with HOLA! without any problems, so i was thinking maybe it could be possible to run a DNS server on an old android phone i have laying around, and then installing HOLA! on the same phone and linking both apps together. Would that work or not?
I have it configured with servers ultimate, but my router is really crappy and I cant configure routing tables properly.
Would it be possible to run my own DNS server, and use that server with HOLA! ?
I can run netflix on android and on my pc with HOLA! without any problems, so i was thinking maybe it could be possible to run a DNS server on an old android phone i have laying around, and then installing HOLA! on the same phone and linking both apps together. Would that work or not?
I have it configured with servers ultimate, but my router is really crappy and I cant configure routing tables properly.
Use Hola? That doesn't seem like a good idea for a couple of reasons:
1. It would be complicated. Hola keeps their gateway addresses secret. You'd probably have to log Hola's internet activity and pick out the gateway addresses, then do some custom coding to use them in your own DNS server. They change frequently, so you'd have to do a lot of ongoing work. It might not work at all if Hola uses other security measures to verify that the access is only from the legit Hola app.
2. Hola logs your internet history for commercial purposes. They aren't a charity, they're selling your information.
There are free DNS services that work just fine and don't have those problems, so it seems like a lot of work for no good reason.
1. It would be complicated. Hola keeps their gateway addresses secret. You'd probably have to log Hola's internet activity and pick out the gateway addresses, then do some custom coding to use them in your own DNS server. They change frequently, so you'd have to do a lot of ongoing work. It might not work at all if Hola uses other security measures to verify that the access is only from the legit Hola app.
2. Hola logs your internet history for commercial purposes. They aren't a charity, they're selling your information.
There are free DNS services that work just fine and don't have those problems, so it seems like a lot of work for no good reason.
SOLUTION: I emailed Unlocator and they got back to me the next day (Nov. 5) and just said to try it again, which did work for me. They must have changed something
on their end to fix it. I'm going to try and fish out of them what they did, but I was super impressed that they responded so quickly with a solution.
Thanks zoot1 for replying. I am going to add this forwarding rule in the firewall setup in addition as a preventative measure. I don't see how it could hurt things. That sound pretty awesomely sneaky, for those who want to delve in further, there is a post here: http://xdaforums.com/showthread.php?p=49365627#post49365627
Hey DJames1,
Android - BBC iPlayer 4.3.1.2
I know there is a version number on the Chromecast when it says "Ready to Cast" but I am not at home to check it. It's been a couple weeks since the fix so it may have updated since I encountered the issue.
Thank you to both of you for your contributions to this thread and the general workaround
on their end to fix it. I'm going to try and fish out of them what they did, but I was super impressed that they responded so quickly with a solution.
Thanks zoot1 for replying. I am going to add this forwarding rule in the firewall setup in addition as a preventative measure. I don't see how it could hurt things. That sound pretty awesomely sneaky, for those who want to delve in further, there is a post here: http://xdaforums.com/showthread.php?p=49365627#post49365627
Hey DJames1,
Android - BBC iPlayer 4.3.1.2
I know there is a version number on the Chromecast when it says "Ready to Cast" but I am not at home to check it. It's been a couple weeks since the fix so it may have updated since I encountered the issue.
Thank you to both of you for your contributions to this thread and the general workaround
Hey Guys,
i found another solution for my netflix apps.
I havent a chromecast but all my other devices works with this method.
The benefit of this is that only the specified IPs using the alternative DNS Server.
I am still searching for a solution that i can foward only the DNS requests to 8.8.8.8 and 8.8.4.4 but i cant find a solution for DD WRT
Commands Firewall:
iptables -t nat -A PREROUTING -i br0 -s SOURCE(CHROMECAST)/32 -p udp --dport 53 -j DNAT --to (DESTINATION-DNS)
iptables -t nat -A PREROUTING -i br0 -s SOURCE(CHROMECAST)/32 -p tcp --dport 53 -j DNAT --to (DESTINATION-DNS)
example SmartDNSProxy
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.55/32 -p tcp --dport 53 -j DNAT --to 23.21.43.50
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.55/32 -p udp --dport 53 -j DNAT --to 23.21.43.50
i found another solution for my netflix apps.
I havent a chromecast but all my other devices works with this method.
The benefit of this is that only the specified IPs using the alternative DNS Server.
I am still searching for a solution that i can foward only the DNS requests to 8.8.8.8 and 8.8.4.4 but i cant find a solution for DD WRT
Commands Firewall:
iptables -t nat -A PREROUTING -i br0 -s SOURCE(CHROMECAST)/32 -p udp --dport 53 -j DNAT --to (DESTINATION-DNS)
iptables -t nat -A PREROUTING -i br0 -s SOURCE(CHROMECAST)/32 -p tcp --dport 53 -j DNAT --to (DESTINATION-DNS)
example SmartDNSProxy
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.55/32 -p tcp --dport 53 -j DNAT --to 23.21.43.50
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.55/32 -p udp --dport 53 -j DNAT --to 23.21.43.50
Hello,
I've been trying to setup iptables to use the netflix app on my tablet. For chromecasting it's pretty straight forward, my issue is that i can no longer play videos on the tablet. Here is my current setup:
Code:
iptables -t nat -A PREROUTING --destination 8.8.8.8 -j DNAT --to 149.154.157.61
iptables -t nat -A PREROUTING --destination 8.8.4.4 -j DNAT --to 149.154.157.61
iptables -t nat -A POSTROUTING -j MASQUERADEI've been trying to find out exactly what the masquerade line does, and how it affects other packets sent through the network. With the current setup I can barely open a movie on the tablet (i get error 12001) but if i keep trying it eventually works.
Try the method posted above your post where you only forward the traffic from the chromecast:
Code:
iptables -t nat -A PREROUTING -i br0 -s SOURCE(CHROMECAST)/32 -p udp --dport 53 -j DNAT --to (DESTINATION-DNS)
iptables -t nat -A PREROUTING -i br0 -s SOURCE(CHROMECAST)/32 -p tcp --dport 53 -j DNAT --to (DESTINATION-DNS)There's no need as watching netflix on chromecast works perfectly with any method. My only issue is with watching netflix with the latest app right on the tablet, without chromecasting.
Unotelly? If it's an Android tablet then check out their support database for a work-around. I can't post outside links yet sorry.
Basically, the updated version of Netflix (=> 3.7.2) seems to be forcing the use of Google DNS.
Exactly and the workaround posted on their site and also here is to use the redirects posted many times around here. Problem is, it doesn't seem to be working perfectly. For whatever reason, when I hit play i get a loading sign and more often the 12001 error... but if i keep pushing and hit play many times it will eventually load the content.
This makes me believe that the DNS redirect doesn't work properly... and there are some timeouts somewhere that allows content to be played once in a while. I think we're missing something in those iptables and thus my initial post in asking further details on the MASQUERADE line.
Use version 3.7.1 of the Netflix app. It works fine.
Some of the DNS providers have researched the latest problem with the erratic behavior of Netflix, and they say that it is because Netflix is rotating between different servers that appear to react differently. That's why it fails a few times in a row and then suddenly succeeds. So probably not due to the iptables at our end, or a random timing glitch.
Some of the DNS providers have researched the latest problem with the erratic behavior of Netflix, and they say that it is because Netflix is rotating between different servers that appear to react differently. That's why it fails a few times in a row and then suddenly succeeds. So probably not due to the iptables at our end, or a random timing glitch.
Version 3.7.1 works fine-ish. It has a bug displaying subtitles correctly. If the subtitle has 2 lines it shrinks the first line and cuts it off. It's not game breaking, yet it does get annoying.
Plus what can stop Netflix to decide to kill access of versions lower than 3.7.2
Similar threads
- Sticky
Top Liked Posts
-
There are no posts matching your filters.
-
29Using the already available information on the internet and a few threads of this XDA forum, I figured out how to get Netflix working in Switzerland, without having to use a VPN service.
DISCLAIMER: This is not a replacement for a VPN service and its functionality, but an alternative way to use geoblocked websites outside their origin countries. This workaround needs you to have either a DD-WRT router or atleast a router on which you can configure iptables via CLI.
- Sign up for the free beta at Unlocator
- You will need admin access to your home router. Connect to this router via web interface or command line whichever is applicable.
- Follow Setup Guides for Multiple Devices and setup your home router with the Unlocator DNS IPs
- Follow How to Setup DD-WRT to Work With Chromecast
- I didn't have a DD-WRT router but with admin access I could use the commands in the previous step on the command line of my TP-Link W8960N router.
- You can replace the DNS IPs in these commands with any other service that you are using for eg. Unblock-US
Code:iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 185.37.37.37 iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 185.37.37.185 - Edit: Due to some problems with newer Netflix app versions on the Chromecast build 19084 these iptables rules seem to be a better option. They redirect only DNS requests made to Google servers to the server of your choice
Code:iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 185.37.37.37 iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 185.37.37.37 - Try playing any Netflix content in the Chrome browser, and use the Netflix player's Chromecast button to cast your content. It will work without any issues as your Chromecast will be able to bypass having to query Google's DNS and query Unlocator's DNS.
- You can now try the same from any Android or iOS device using the appropriate Netflix app. (You can find the Netflix apk here)
- Happy Netflixing! :highfive:
Here are detailed and confirmed working steps to:
4I have found a solution that works for me, and I think it would do for everyone who uses private DNS servers as Unblock-Us or Unlocator. The only thing you need is a router capable of filtering outgoing connections, and every router I have seen can do this as part of the built-in firewall without need of flashing an alternate firmware that supports iptables (such as openwrt).
You only need to put two rules on your router firewall to block outgoing packets to Google DNS Servers (8.8.8.8 and 8.8.4.4) for TCP/UDP and port 53 (DNS). This way, Chromecast will get a timeout trying to reach Google DNS Servers and will fallback to your router defined DNS servers and your Netflix or Hulu will work again!4
I have an FB 7320 and it is working with routing the google IPs to some unused IP...
But you have to be careful how you enter the the google IPs (it should not be 8.8.8.8 and 8.8.4.4,
but should be 8.8.8.0 and 8.8.4.0 - because FB does not allow to enter netmask 255.255.255.255).
So it should look like:
IP: 8.8.8.0
Subnetmask: 255.255.255.0
Gateway:192.168.178.222 (per default you have the FB configured as GW 192.168.178.1,
so it must be in this network - and in this example .222 is an IP which is not used by any host).
And same for IP 8.8.4.0.4
I saw a script on reddit that is currently working just fine in my tomato-based router. You can use it to redirect all traffic going out on TCP/UDP port 53 to a specific IP address:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.1
(assumes router IP is 192.168.1.1 - change accordingly or reroute to your smart DNS server of choice directly)
(assumes interface is br0 - change accordingly)3
The static route method redirects Google DNS lookups to a black hole, so that no response is returned. That's equivalent to blocking Google DNS. That won't work with the new Android Netflix app 3.7.2. The iptables method might work because the app will get a valid response to its domain lookup.
New posts
-
AiNavi X6 6G 128G - Caller cannot hear me, I can hear them.
- Latest: lovestitanic2004
-
