iodine 0.7.0 - DEPRECATED⚓︎

• Package: master/make/pkgs/iodine/
• Steward: -

iodine allows
IPv4 data to be tunneled over DNS. This is helpful, for example, when
you are behind a restrictive firewall, because DNS traffic is rarely
blocked.

Further Links⚓︎

• iodine Homepage
• iodine Man
  page
• iodine
  documentation

Using with FreeDNS⚓︎

See package dns2tcp for signing up with FreeDNS
and some other details.

Put this in your rc.custom (there is no WebIF):

mkdir /tmp/iodine
chown nobody /tmp/iodine
iodined -c -P <password> -u nobody -t /tmp/iodine 10.0.0.1 -p 10053 dns2tcp.strangled.net

(assuming user nobody exists)

The trunk version of Freetz has an iodine WebIF now
(Changeset r6657; thanks oliver!)

Create a tunnel from the client like this:

sudo ./bin/iodine -f -P <password> dns2tcp.strangled.net

To connect to [Polipo?]:

ssh root@10.0.0.1 -L 8123:localhost:8123

The advantages over dns2tcp are:

• There is an iodine Windows client available
• It is possible to run iodine on Android
• Traffic can easily be route through the tunnel

Building iodine for
Android.

Security⚓︎

Install iptables and add these rules to allow
only traffic to the internet and not your local net:

iptables -I OUTPUT -o dns0 -s 192.168.178.0/24 -j DROP
iptables -I INPUT -i dns0 -d 192.168.178.0/24 -j DROP
iptables -A FORWARD -i dns0 -o dsl -j ACCEPT
iptables -A FORWARD -i dns0 -j DROP

Of course you can always allow specific traffic from tunnel to your
local net, for example to a SSH server by using something like:

iptables -I INPUT -i dns0 -p tcp --dport 22 -j ACCEPT

Forwarding⚓︎

iodine can forward DNS requests for unknown (sub)domains to a real
DNS-server on another port with this switch:

-b 5353