-
Notifications
You must be signed in to change notification settings - Fork 8
DNS Tunnel with Raspberry PI
This guide will help you set up an Iodine server on a Raspberry Pi running Raspbian. The server will forward all traffic to your WiFi interface, allowing you to use your DNS tunnel as a proxy.
Disclaimer: Note that by exposing your internal network to external clients (through Iodine), you are at greater risk of being attacked.
First, install Iodine if you have not already.
$ sudo apt update
$ sudo apt install iodine
Next edit the configuration file
$ sudo nano /etc/default/iodine
Use the following settings, changing the password to something unique and secret and t.yourdomain.com to your top domain.
START_IODINED="true"
IODINED_ARGS="-c 10.0.0.1 t.yourdomain.com"
IODINED_PASSWORD="password"
Save the file and start the service:
$ sudo systemctl unmask iodined
$ sudo systemctl enable iodined
$ sudo systemctl start iodined
Confirm that it is running:
$ sudo systemctl status iodined
Edit /etc/sysctl.conf to enable IPv4 forwarding.
$ sudo nano /etc/sysctl.conf
Look for the line #net.ipv4.ip_forward=1 and change it to net.ipv4.ip_forward=1 and save the file. Then load the changes.
$ sudo sysctl -p /etc/sysctl.conf
Next, add the NAT forwarding rule with iptables. We use wifi0 on a WiFi enabled Pi. If you have a different way of connecting to the internet, use ifconfig to find the name.
$ sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.224.0 -o wifi0 -j MASQUERADE
Finally, we persist the iptable changes.
$ sudo apt install iptables-persistent
When prompted to save the current IPv4 tables, choose to do so.
Sometimes, when the Pi reboots, iodined fails to start automatically. You can manually start it with sudo systemctl start iodined.