Iodine (dns tunnel) on your Mac (to escape those evil firewalls)

Here’s a short how-to to get the iodine dns tunnel working on your Mac.

In this short howto, I’ll assume you’ll be using a linux server to act as your gateway to the world. I’ll also assume you’ve read the iodine documentation and setup your DNS accordingly. For my example, I’ll be using a (nonexistant) DynDNS.org static DNS entry, iodine.rulestheworld.tld. I’ll also assume that you’ll be using a public internet address of 1.2.3.4, and a private subnet of 10.0.0.1.

  1. Install the tun/tap driver for Mac OS X. Easy as doing *click* *click* done! :p
  2. Next, install iodine on your Mac. Easy as download, extract, and typing make; make install
  3. Now, install iodine on your linux box. It’s included in the package repositories of the usual suspects, for instance debian: apt-get install iodine.

    Start it (or configure it to use) with:
    iodined -P <password> <unused private IP> <dns name>
    or in our example:
    iodined -P mypass 10.0.0.1 iodine.rulestheworld.tld

    This should return the following:

    Opened dns0
    Setting IP of dns0 to 10.0.0.1
    Setting MTU of dns0 to 1024
    Opened UDP socket
    Listening to dns for domain iodine.rulestheworld.tld

  4. Configure your linux box for IP forwarding: sysctl -e net.ipv4.ip_forward=1
    (and add this to your /etc/sysctl.conf file), and configuring your firewall (iptables) for masquerading:
    iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j MASQUERADE
  5. Next, download NStun.sh, a very handy script that does all the hard work of changing the routes and so on :p

    You’ll want to change the script: change the first lines as the script reads, and lower, change the

    NS=`grep nameserver /etc/resolv.conf|head -1|awk ‘{print $2}’`

    line to read

    NS=”62.213.207.197″

Now, start NStun.sh on your Mac, and surf away! (well, slowly, but freely, atleast!)

Bookmark the permalink.

3 Comments

  1. The line: NS=`grep nameserver /etc/resolv.conf|head -1|awk ‘{print $2}’` can also be written as:
    NS=`awk ‘/nameserver/ {print $2}’ /etc/resolv.conf | head -n1`
    Saves a useless grep. There is some more in the NStun.sh script.
    GW=`netstat -rn|grep -v Gateway|grep G|awk ‘{print $2}’`
    Is suppose it searches for the line with the UG Flag.
    GW=`netstat -rn | awk ‘/UG/ {print $2}’

  2. thanks for sharing this! I got it working on my mac. Instead of using DNS I actually used direct UDP.

    My download speed is fast (1-5mbp/s) but my problem is the upload speed, It only stays at 1-2kb/s. Do you have any tips on how to make my upload speed faster?

  3. Pingback: ??????? ???? ???? ???? 2 – ???? ?? ??'??? - BinaryVision

Leave a Reply

Your email address will not be published. Required fields are marked *