Iodine (dns tunnel) on your Mac (to escape those evil firewalls)

1 minute read

Here’s a short how-to to get the iodine dns tunnel working on your Mac.

In this short howto, I’ll assume you’ll be using a linux server to act as your gateway to the world. I’ll also assume you’ve read the iodine documentation and setup your DNS accordingly. For my example, I’ll be using a (nonexistant) DynDNS.org static DNS entry, iodine.rulestheworld.tld. I’ll also assume that you’ll be using a public internet address of 1.2.3.4, and a private subnet of 10.0.0.1.

  1. Install the tun/tap driver for Mac OS X. Easy as doing *click* *click* done! :p
  2. Next, install iodine on your Mac. Easy as download, extract, and typing make; make install
  3. Now, install iodine on your linux box. It’s included in the package repositories of the usual suspects, for instance debian: apt-get install iodine. Start it (or configure it to use) with:
    iodined -P <password> <unused private IP> <dns name>
    or in our example:
    iodined -P mypass 10.0.0.1 iodine.rulestheworld.tld
This should return the following:

> Opened dns0  
> Setting IP of dns0 to 10.0.0.1  
> Setting MTU of dns0 to 1024  
> Opened UDP socket  
> Listening to dns for domain iodine.rulestheworld.tld
  1. Configure your linux box for IP forwarding: sysctl -e net.ipv4.ip_forward=1<br /> (and add this to your /etc/sysctl.conf file), and configuring your firewall (iptables) for masquerading:
    iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j MASQUERADE
  2. Next, download NStun.sh, a very handy script that does all the hard work of changing the routes and so on :p You’ll want to change the script: change the first lines as the script reads, and lower, change the
> NS=\`grep nameserver /etc/resolv.conf|head -1|awk &#8216;{print $2}&#8217;\`

line to read

> NS=&#8221;62.213.207.197&#8243;

Now, start NStun.sh on your Mac, and surf away! (well, slowly, but freely, atleast!)

Leave a comment