Iodine (dns tunnel) on your Mac (to escape those evil firewalls)

Here’s a short how-to to get the iodine dns tunnel working on your Mac.

In this short howto, I’ll assume you’ll be using a linux server to act as your gateway to the world. I’ll also assume you’ve read the iodine documentation and setup your DNS accordingly. For my example, I’ll be using a (nonexistant) DynDNS.org static DNS entry, iodine.rulestheworld.tld. I’ll also assume that you’ll be using a public internet address of 1.2.3.4, and a private subnet of 10.0.0.1.

  1. Install the tun/tap driver for Mac OS X. Easy as doing *click* *click* done! :p
  2. Next, install iodine on your Mac. Easy as download, extract, and typing make; make install
  3. Now, install iodine on your linux box. It’s included in the package repositories of the usual suspects, for instance debian: apt-get install iodine.

    Start it (or configure it to use) with:
    iodined -P <password> <unused private IP> <dns name>
    or in our example:
    iodined -P mypass 10.0.0.1 iodine.rulestheworld.tld

    This should return the following:

    Opened dns0
    Setting IP of dns0 to 10.0.0.1
    Setting MTU of dns0 to 1024
    Opened UDP socket
    Listening to dns for domain iodine.rulestheworld.tld

  4. Configure your linux box for IP forwarding: sysctl -e net.ipv4.ip_forward=1
    (and add this to your /etc/sysctl.conf file), and configuring your firewall (iptables) for masquerading:
    iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j MASQUERADE
  5. Next, download NStun.sh, a very handy script that does all the hard work of changing the routes and so on :p

    You’ll want to change the script: change the first lines as the script reads, and lower, change the

    NS=`grep nameserver /etc/resolv.conf|head -1|awk ‘{print $2}’`

    line to read

    NS=”62.213.207.197″

Now, start NStun.sh on your Mac, and surf away! (well, slowly, but freely, atleast!)

Bookmark the permalink.