netflix

this is a complete server Setup to run a minimal sni proxy.
you will need a little server with a IP located in the US.
http://123systems.net/ offers very cheap ones.
one virtual root server with 256mb ram should be enough.

after the server is setup and you are logged in as root generate the locales:

locale-gen en_US.UTF-8  
export LANGUAGE=en_US.UTF-8  
export LANG=en_US.UTF-8  
export LC_ALL=en_US.UTF-8  
locale-gen en_US.UTF-8  
dpkg-reconfigure locales  

than we will need dependencies and standard software
nano is my favorite text editor, tmux a terminal multiplexor, bmon a bandwith monitor, ufw the firewall from ubuntu, landscape-common to get a little report on every login, netcat to check if a port is open, fail2ban to protect against ssh attacks. And the rest is for the sni-proxy

apt-get update  
apt-get install nano tmux bmon ufw landscape-common netcat fail2ban git build-essential autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev libudns-dev pkg-config  

change your hostname

nano /etc/hostname  
nano /etc/hosts  

a handy script to reset the firewall

nano clear_iptables  
iptables -F  
iptables -X  
iptables -t nat -F  
iptables -t nat -X  
iptables -t mangle -F  
iptables -t mangle -X  
iptables -P INPUT ACCEPT  
iptables -P FORWARD ACCEPT  
iptables -P OUTPUT ACCEPT  

later we only want to get access to the sni proxy from our home ip, for that we will need a iptables rule
i use noip.net to get a dyndns host and use this one in the rule below

nano iptables  
iptables -A INPUT -i venet0 -s xxx.redirectme.net -d 192.x.x.x -p tcp -m tcp --dport 80 -j ACCEPT  
iptables -A INPUT -i venet0 -s xxx.redirectme.net -d 192.x.x.x -p tcp -m tcp --dport 443 -j ACCEPT  

make the script executeable and use ufw to allow access to port 22 and close every other port

chmod 755 iptables  
chmod 755 clear_iptables  
./iptables

ufw allow 22  
ufw status  
ufw enable  

now we will install the sni proxy

git clone https://github.com/dlundquist/sniproxy.git  
cd sniproxy/

./autogen && dpkg-buildpackage

dpkg -i ../sniproxy_0.3.6_amd64.deb  

and here comes the config to forward all requests for netflix

nano /etc/sniproxy.conf  
user daemon  
pidfile /var/tmp/sniproxy.pid

error_log {  
    syslog daemon
    priority notice
}

listener 80 {  
    proto http
    access_log {
        filename /var/log/sniproxy/http_access.log
        priority notice
    }
}
listener 443 {  
    proto tls
    access_log {
        filename /var/log/sniproxy/https_access.log
        priority notice
    }
}

table {  
    netflix\.com *
    ip2location\.com *
}

to start the proxy with the provided initscript we will need to edit

nano /etc/default/sniproxy.conf  

set enable 1 and uncomment deamon_args
after that start the proxy with

service sniproxy start  

thats the server part.
Now you need to manipulate our dns querys.
i use dnsmasq on my router, here is a simple config:

nano /etc/dnsmasq/dnsmasq.conf  
domain-needed  
bogus-priv  
resolv-file=/etc/dnsmasq/resolv.conf  
user=dnsmasq  
group=dnsmasq  
bogus-nxdomain=64.94.110.11  
conf-dir=/etc/dnsmasq/dnsmasq.d  
cache-size=2048

conf-file=/etc/dnsmasq/sni-proxy.conf  

and the intereisng part

nano /etc/dnsmasq/sni-proxy.conf  
address=/netflix.com/192.x.x.x  
address=/ip2location.com/192.x.x.x  

restart dnsmasq

service dnsmasq restart  

and browse to ip2location.com and look if you ip is the US ip of your little new server