I’ve had some troubles getting Iodine-server to work under CentOS 7. So iv’e decided to write an article how I’ve managed to get it to work.
This instruction is based on a setup using iptables instead of firewalld, because I run iptables on all my servers since forever.
For iodine to work there are two records required. An A-record and an NS record. I’ve used the same naming as the iodine documentation, to keep it as simple as possible.
First add an A-record with the name t1ns that points to the ip of your server that will run the iodine server. The ip used here for the example should be replaced by your ip.
A: t1ns.<<yourdomain>> → 374.263.291.194
Then add an NS record with the name t1 that points to the A-record you’ve just made;
NS: t1.<<youdomain>> → t1ns.<<yourdomain>>
That’s all there is required for iodine to work with your domain.
Firstly, make sure the EPEL repository is installed:
yum -y install epel-release
Then install iodine-server:
yum -y install iodine-server
Next is configuring iodine by editing /etc/sysconfig/iodine-server.
Make sure the line that starts with OPTIONS look something like this:
OPTIONS="-f -c -P <<yourpassword>> 10.1.1.1 t1.<<yourdomain>>"
Replace <<yourpassword>> with the password you wish to use, and <<yourdomain>> with the domain you are using for iodine.
Then, start iodine-server and enable it at boot:
systemctl start iodine-server
systemctl enable iodine-server
Configure traffic routing
Allow DNS and NAT traffic trough iptables:
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
iptables -t filter -A INPUT -p udp -m multiport --dports 53 -j ACCEPT
iptables -t filter -A INPUT -i dns0 -j ACCEPT
iptables -t filter -A OUTPUT -o dns0 -j ACCEPT
iptables -t -A OUTPUT -p udp -m multiport --dports 53 -j ACCEPT
iptables -t filter -A FORWARD -i dns0 -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT
And save the new ruleset:
iptables-save > /etc/sysconfig/iptables
Next, allow ipv4 packet forwarding and restart the network service to apply this change:
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_forward.conf
systemctl restart network
That’s it. You should be able to connect with iodine to your server by using the address t1.<<yourdomain>>.
Please leave a comment if this post was helpfull in any way.