Iodine (dns tunnel) on your Mac (to escape those evil firewalls)

Here’s a short how-to to get the iodine dns tunnel working on your Mac.

In this short howto, I’ll assume you’ll be using a linux server to act as your gateway to the world. I’ll also assume you’ve read the iodine documentation and setup your DNS accordingly. For my example, I’ll be using a (nonexistant) static DNS entry, iodine.rulestheworld.tld. I’ll also assume that you’ll be using a public internet address of, and a private subnet of

  1. Install the tun/tap driver for Mac OS X. Easy as doing *click* *click* done! :p
  2. Next, install iodine on your Mac. Easy as download, extract, and typing make; make install
  3. Now, install iodine on your linux box. It’s included in the package repositories of the usual suspects, for instance debian: apt-get install iodine.

    Start it (or configure it to use) with:
    iodined -P <password> <unused private IP> <dns name>
    or in our example:
    iodined -P mypass iodine.rulestheworld.tld

    This should return the following:

    Opened dns0
    Setting IP of dns0 to
    Setting MTU of dns0 to 1024
    Opened UDP socket
    Listening to dns for domain iodine.rulestheworld.tld

  4. Configure your linux box for IP forwarding: sysctl -e net.ipv4.ip_forward=1
    (and add this to your /etc/sysctl.conf file), and configuring your firewall (iptables) for masquerading:
    iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
  5. Next, download, a very handy script that does all the hard work of changing the routes and so on :p

    You’ll want to change the script: change the first lines as the script reads, and lower, change the

    NS=`grep nameserver /etc/resolv.conf|head -1|awk ‘{print $2}’`

    line to read


Now, start on your Mac, and surf away! (well, slowly, but freely, atleast!)

Bookmark the permalink.


  1. The line: NS=`grep nameserver /etc/resolv.conf|head -1|awk ‘{print $2}’` can also be written as:
    NS=`awk ‘/nameserver/ {print $2}’ /etc/resolv.conf | head -n1`
    Saves a useless grep. There is some more in the script.
    GW=`netstat -rn|grep -v Gateway|grep G|awk ‘{print $2}’`
    Is suppose it searches for the line with the UG Flag.
    GW=`netstat -rn | awk ‘/UG/ {print $2}’

  2. thanks for sharing this! I got it working on my mac. Instead of using DNS I actually used direct UDP.

    My download speed is fast (1-5mbp/s) but my problem is the upload speed, It only stays at 1-2kb/s. Do you have any tips on how to make my upload speed faster?

  3. Pingback: ??????? ???? ???? ???? 2 – ???? ?? ??'??? - BinaryVision

Leave a Reply

Your email address will not be published. Required fields are marked *