Skip to content

spritsail/iodine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits

.drone.star

.drone.star

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

start.sh

start.sh

 
 

Repository files navigation

spritsail/Iodine

Latest Version Git Commit Docker Pulls Docker Stars Build Status

This Dockerfile needs to be run with the NET_ADMIN capability, and a TUN device passed through.

A busybox based Dockerfile to run Iodine - a program to tunnel IP over DNS requests. For more information on Iodine, see the official website.

Environment Variables

This dockerfile requires some environment variables set to run. $IODINE_HOST must be set to the external hostname DNS requests are coming from, and $IODINE_PASS must be set to the password clients will use to connect. You may also set $IODINE_IP to define the range of IPs that Iodine will assign clients. This can be defined as the start IP (such as 10.0.0.1), or the subnet to assign from (such as 10.0.0.0/24). However this is not a required variable and defaults to 10.42.16.1/24, which should be sufficient for most users. $IPTABLES can also be used to define custom routing rules (see below). These variables can also be defined using a environment variable file.

Packet Routing

Packets that come in via Iodine can be treated in a number of ways. By default, iptables is configured to masqurade the packets, and then send them on via the eth0 interface Docker provides. For a basic usage scenario, these rules are fine, however as Iodine does not encrypt its traffic it may be advisable to route traffic through another service, such as OpenVPN. Below are some examples of how to configure iptables to achieve some common scenarios.

Allow all traffic to a certain IP:
IPTABLES="iptables -t filter -A FORWARD -i dns0 -o eth0 -d 1.2.3.4 -j ACCEPT"
Allow all traffic to any OpenVPN server on the network:
IPTABLES="iptables -t filter -A FORWARD -i dns0 -o eth0 -p udp --dport 1194 -j ACCEPT"
Allow any port except port 22:
IPTABLES="iptables -t filter -A FORWARD -i dns0 -o eth0 ! --dport 22 -j ACCEPT"
Allow only web traffic (ports 80 and 443, tcp):
IPTABLES="iptables -t filter -A FORWARD -i dns0 -o eth0 -p tcp --dport 80 -j ACCEPT && iptables -t filter -A FORWARD -i dns0 -o eth0 -p tcp --dport 443 -j ACCEPT"

Note: Iodine does not encrypt traffic, if you require security, consider using a VPN on top of Iodine.

Example run commands

Bare minimum:
docker run -p 53:53/udp --cap-add=NET_ADMIN --device /dev/net/tun -e IODINE_HOST=tunnel.example.com -e IODINE_PASS=password spritsail/iodine
All variables:
docker run -d --name Iodine -p 53:53/udp --cap-add=NET_ADMIN --device /dev/net/tun -e IODINE_HOST=tunnel.example.com -e IODINE_PASS=password -e IODINE_IP=10.0.0.1 -e IPTABLES="iptables -t filter -A FORWARD -i dns0 -o eth0 -d 1.2.3.4 -j ACCEPT" spritsail/iodine

About

Iodine - A program to tunnel IP over DNS, in Docker

code.kryo.se/iodine

Resources

Readme
Activity
Custom properties

Stars

26 stars

Watchers

5 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages