sni proxy to watch us netflix

this is a complete server Setup to run a minimal sni proxy.
you will need a little server with a IP located in the US. offers very cheap ones.
one virtual root server with 256mb ram should be enough.

after the server is setup and you are logged in as root generate the locales:

locale-gen en_US.UTF-8  
export LANGUAGE=en_US.UTF-8  
export LANG=en_US.UTF-8  
export LC_ALL=en_US.UTF-8  
locale-gen en_US.UTF-8  
dpkg-reconfigure locales  

than we will need dependencies and standard software
nano is my favorite text editor, tmux a terminal multiplexor, bmon a bandwith monitor, ufw the firewall from ubuntu, landscape-common to get a little report on every login, netcat to check if a port is open, fail2ban to protect against ssh attacks. And the rest is for the sni-proxy

apt-get update  
apt-get install nano tmux bmon ufw landscape-common netcat fail2ban git build-essential autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev libudns-dev pkg-config  

change your hostname

nano /etc/hostname  
nano /etc/hosts  

a handy script to reset the firewall

nano clear_iptables  
iptables -F  
iptables -X  
iptables -t nat -F  
iptables -t nat -X  
iptables -t mangle -F  
iptables -t mangle -X  
iptables -P INPUT ACCEPT  
iptables -P FORWARD ACCEPT  
iptables -P OUTPUT ACCEPT  

later we only want to get access to the sni proxy from our home ip, for that we will need a iptables rule
i use to get a dyndns host and use this one in the rule below

nano iptables  
iptables -A INPUT -i venet0 -s -d 192.x.x.x -p tcp -m tcp --dport 80 -j ACCEPT  
iptables -A INPUT -i venet0 -s -d 192.x.x.x -p tcp -m tcp --dport 443 -j ACCEPT  

make the script executeable and use ufw to allow access to port 22 and close every other port

chmod 755 iptables  
chmod 755 clear_iptables  

ufw allow 22  
ufw status  
ufw enable  

now we will install the sni proxy

git clone  
cd sniproxy/

./autogen && dpkg-buildpackage

dpkg -i ../sniproxy_0.3.6_amd64.deb  

and here comes the config to forward all requests for netflix

nano /etc/sniproxy.conf  
user daemon  
pidfile /var/tmp/

error_log {  
    syslog daemon
    priority notice

listener 80 {  
    proto http
    access_log {
        filename /var/log/sniproxy/http_access.log
        priority notice
listener 443 {  
    proto tls
    access_log {
        filename /var/log/sniproxy/https_access.log
        priority notice

table {  
    netflix\.com *
    ip2location\.com *

to start the proxy with the provided initscript we will need to edit

nano /etc/default/sniproxy.conf  

set enable 1 and uncomment deamon_args
after that start the proxy with

service sniproxy start  

thats the server part.
Now you need to manipulate our dns querys.
i use dnsmasq on my router, here is a simple config:

nano /etc/dnsmasq/dnsmasq.conf  


and the intereisng part

nano /etc/dnsmasq/sni-proxy.conf  

restart dnsmasq

service dnsmasq restart  

and browse to and look if you ip is the US ip of your little new server