Also see DebianNotes/Iodine.


dns2tcpc -z -l 2222 -r ssh -k PASSWORD



listen =
port = 53535
# If you change this value, also change the USER variable in /etc/default/dns2tcpd
user = nobody
chroot = /tmp
domain =
resources = ssh:

With this listening on port 53535, you need

sudo iptables -t nat -A PREROUTING -i internet -p udp --dport 53 -m addrtype --dst-type LOCAL -j DNAT --to-destination :53535

This command will start the daemon.

sudo dns2tcpd -F -d 10 -f ./dns2tcpd.conf


dns2tcp will forward only certain TCP ports which you specify. In the example above -r ssh on the client requests the ssh resource, and this line in the server

resources = ssh:

mean that this resource will open a TCP socket to port 22 (from the perspective of the server). The client specifies using -l 2222 that it will listen locally on port 2222 for an incoming connection to forward over the DNS tunnel. You can specify multiple resources in the server config, to forward to different places.

DebianNotes/dns2tcp (last edited 2011-03-09 00:42:16 by RichardDarst)