Use a Netflix-enabled VPS to unlock other VPSs that also support Netflix

I understand, it’s actually very simple. 1. VPS A: supports Netflix; VPS B: does not support Netflix 2. The principle is: VPS A uses Tinyproxy to set up an https proxy, and then uses redsocks on VPS B to convert it to a transparent proxy and then forward it

Set up Tinyproxy Https proxy

It's actually very simple, just apt-get install tinyproxy. I made almost no modifications to the settings. I just added an Allow statement to allow the IP of VPS B. Otherwise, it cannot be used. Moreover, this also blocks access from other IPs by default, avoiding being taken advantage of. The final configuration is as follows:

User tinyproxy Group tinyproxy Port 8888 Timeout 600 DefaultErrorFile "/usr/share/tinyproxy/default.html" StatFile "/usr/share/tinyproxy/stats.html" Logfile "/var/log/tinyproxy/tinyproxy.log" LogLevel Info PidFile "/run/tinyproxy/tinyproxy.pid" MaxClients 100 MinSpareServers 5 MaxSpareServers 20 StartServers 10 MaxRequestsPerChild 0 Allow 127.0.0.1 Allow YOUR_VPS_B_IP ViaProxyName "tinyproxy" ConnectPort 443 ConnectPort 563

Setting up Redsocks proxy

It is also directly apt-get install redsocks. In the configuration, you only need to set the IP and port of the https proxy. Remember to fill in http-connect for the type of https proxy.

base { // debug: connection progress & client list on SIGUSR1 log_debug = off; // info: start and end of client session log_info = on; /* possible `log' values ​​are: *stderr * "file:/path/to/file" * syslog:FACILITY facility is any of "daemon", "local0"..."local7" */ log = "syslog:daemon"; //detach from console daemon = on; /* Change uid, gid and root directory, these options require root * privileges on startup. * Note, your chroot may requre /etc/localtime if you write log to syslog. * Log is opened before chroot & uid changing. */ user = redsocks; group = redsocks; // chroot = "/var/chroot"; /* possible `redirector' values ​​are: * iptables - for Linux * ipf - for FreeBSD * pf - for OpenBSD * generic - some generic redirector that MAY work */ redirector = iptables; } redsocks { /* `local_ip' defaults to 127.0.0.1 for security reasons, * use 0.0.0.0 if you want to listen on every interface. * `local_*' are used as port to redirect to. */ local_ip = 127.0.0.1; local_port = 12345; // `ip' and `port' are IP and tcp-port of proxy-server // You can also use hostname instead of IP, only one (random) // address of multihomed host will be used. ip = YOUR_VPS_A_IP; port = 8888; // known types: socks4, socks5, http-connect, http-relay type = http-connect; // login = "foobar"; // password = "baz"; }

Then configure iptables and first create a REDSOCKS chain:

iptables -t nat -N REDSOCKS

There are two sets of ideas for forwarding. One is to find out all the IP addresses of Netflix and then add them to the REDSOCKS chain, for example:

iptables -t nat -A OUTPUT -d 198.38.0.0/16 -j REDSOCKS

But the problem is that Netflix uses akamai’s CDN server, and the IP address range is too large. I have assigned Netflix’s entire AS addressEven after adding it, you will still be prompted to use proxy.

Just be more violent and add all https traffic directly:

iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDSOCKS

Finally, forward to the transparent proxy port of redsocks:

iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

Finally, remember to use a tool like iptables-persistent to save the iptables rules, so that whether it is accessed from VPS B locally or through the proxy on VPS B, Netflix’s HTTPS traffic will finally be accessed through VPS A, and Netflix It is all HTTPS, so we don’t need to care about the http part.

Smaller IP range

Forwarding all may still be too violent. A simpler approach is to forward all IPs of Netflix and all IPs of AWS (because currently many Netflix services are installed on AWS).

The IP of Netflix can be found here, while the IP of AWS can be found See here, and then add these IP ranges to two IPSETs respectively, I named them aws and netflix respectively.

ipset create aws hash:net ipset create netflix hash:net

I am too lazy to write how to convert it into a command. There is a ready-made script Here. Update: The Python script that generates bash commands is here. Check it out for yourself.

Then, forward all the target traffic of port 443 of the IPs in these two IPSETs to the transparent proxy of REDSOCKS.

iptables -t nat -A PREROUTING -p tcp --dport 443 -m set --match-set aws dst -j REDIRECT --to-ports 12345 iptables -t nat -A PREROUTING -p tcp --dport 443 -m set --match-set netflix dst -j REDIRECT --to-ports 12345 iptables -t nat -A OUTPUT -p tcp --dport 443 -m set --match-set aws dst -j REDIRECT --to-ports 12345 iptables -t nat -A OUTPUT -p tcp --dport 443 -m set --match-set netflix dst -j REDIRECT --to-ports 12345

Possible problem: Your proxy server itself is an AWS server. This is more embarrassing. Add an exclusion rule yourself. In fact, even if the AWS server can watch Netflix, it is temporary and will be blocked sooner or later. The ipset is lost after restarting. This is a problem. I don’t know of a more elegant way to solve it at the moment. To make it simple, you can rewrite the ipset in the startup item.

Save these rules

ipset save > /etc/ipset.conf iptables-save > /etc/iptables.conf

Then write in /etc/rc.local:

ipset restore < /etc/ipset.conf iptables-restore < /etc/iptables.conf

Reprinted from: https://lifetyper.com/posts/setup_netflix_unblocker_for_vps.html

Recommended site search: US virtual host purchase and rental virtual host, space server, vps host, overseas virtual host, local IP query, virtual host purchase, linux virtual host Tencent cloud server 12 yuan a year, domain name price,