iodine¶
iodine erlaubt es, IPv4 Daten über
DNS zu tunneln. Eine hilfreiche Sache, wenn man z.B. hinter einer
restriktiven Firewall sitzt - da DNS Traffic in den seltensten Fällen
geblockt wird
Weiterführende Links¶
Using with FreeDNS¶
See package dns2tcp for signing up with FreeDNS and some other details.
Put this in your rc.custom (there is no WebIF):
mkdir /tmp/iodine
chown nobody /tmp/iodine
iodined -c -P <password> -u nobody -t /tmp/iodine 10.0.0.1 -p 10053 dns2tcp.strangled.net
(assuming user nobody exists)
The trunk version of Freetz has an iodine WebIF now (changeset #6657; thanks oliver!)
Create a tunnel from the client like this:
sudo ./bin/iodine -f -P <password> dns2tcp.strangled.net
To connect to Polipo?:
ssh root@10.0.0.1 -L 8123:localhost:8123
The advantages over dns2tcp are:
- There is an iodine Windows client available
- It is possible to run iodine on Android
- Traffic can easily be route through the tunnel
Building iodine for Android.
Security¶
Install iptables and add these rules to allow only traffic to the internet and not your local net:
iptables -I OUTPUT -o dns0 -s 192.168.178.0/24 -j DROP
iptables -I INPUT -i dns0 -d 192.168.178.0/24 -j DROP
iptables -A FORWARD -i dns0 -o dsl -j ACCEPT
iptables -A FORWARD -i dns0 -j DROP
Of course you can always allow specific traffic from tunnel to your local net, for example to a SSH server by using something like:
iptables -I INPUT -i dns0 -p tcp --dport 22 -j ACCEPT