bjkeefe: "How to setup a proxy for Iran citizens"

Monday, June 15, 2009

"How to setup a proxy for Iran citizens"

I saw a link to a useful-looking post on the Dish and FDL. Looks like that site might be getting hammered pretty hard (for all the right reasons, I hope), so I am reposting the entire contents of that post and a related one here, just in case. I have not tested the instructions listed.

The URL for the original post is as follows. Apologies for it being broken across two lines. If the link doesn't work by clicking on it, you can cut and paste the text elsewhere, and remove the embedded line feed, if need be.

http://blog.austinheap.com/2009/06/15/
how-to-setup-a-proxy-for-iran-citizens-for-windows/

The URL for the original related post is as follows. Same apology.

http://blog.austinheap.com/2009/06/15/
how-to-setup-a-proxy-for-iran-citizens/

Everything that follows, except for what's inside square brackets and tagged with my initials, is straight from those two posts on the blog Austin Heap. [Added: I have also decided to remove the mailto: links and the @ signs, to help keep the email address from being picked up by spam harvesters.]

How to setup a proxy for Iran citizens (for Windows!)
Posted in Internets, Politics, Technology on 06/15/2009 05:13 pm by Austin

If you’re using Windows, it’s pretty straight forward to setup a proxy and help give access to those in Iran who are being censored. If you’re running Redhat/CentOS, please use the linux instructions. [I have reposted the Linux instructions below --bjk]

1) Download Squid for Windows

2) Extract that zip archive, and move the “squid” folder to the root of your drive (probably C:\).

3) After moving the squid folder, open “C:\squid\etc\squid.conf” in your favorite text editor (not Word).

4) Configure the DNS name servers on the line that says “dns_nameservers” to point at your ISPs DNS servers.

5) Now the fun part, locking access down the just the Iranian IP blocks.

Inside the text editor search (Control-W) for the line “http_access deny all” and change it to “http_access allow all”. This will make your proxy open and accessible to the world. If you would like to limit your proxy to Iranian IP blocks, you want to change “http_access deny all” to read “http_access allow TRUSTED” add a line (BEFORE the http_access line to setup an access control list [ACL]). This ACL line that defines TRUSTED should read:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

6) Setup “visible_hostname” (normally just the public IP address).

7) Turn off logging by adding these two lines:

access_log none

cache_store_log none

7) Setup the Squid cache by issuing the following command: “c:\squid\sbin\squid -D –z” (No quotes).

8) Setup Squid to run as a service by issuing the following command: “c:\squid\sbin\squid –i”

Please don’t run this on a machine that you’re worried about or is used for production sites; and take basic security precautions, ie: moving ftp off the default port, using a firewall package, etc.

Once your server is up and running please DM @austinheap and let me know! I will no longer posting proxies on the public list. If you set one up, please e-mail me at austinheap.com [yes, literally "me" --bjk] to contribute to the private one or e-mail me if your an Iranian that needs access!

[Linux instructions follow --bjk]

How to setup a proxy for Iran citizens
Posted in Internets, Politics, Technology on 06/15/2009 02:45 pm by Austin

Update 3: Here’s a guide for the Windows users out there. [what's also posted above --bjk]

Update 2: I will no longer posting proxies on the public list. If you set one up, please e-mail me at austinheap.com [yes, literally "me" --bjk] to contribute to the private one or e-mail me if your an Iranian that needs access!

Update: There’s a list of working Iran proxy servers over here.

If you’re using CentOS/Redhat, it’s pretty straight forward to setup a proxy and help give access to those in Iran who are being censored.

yum install squid

nano -w /etc/squid/squid.conf

Inside the code editor search (Control-W) for the line “http_access deny all” and change it to “http_access allow all”. This will make your proxy open and accessible to the world. If you would like to limit your proxy to Iranian IP blocks, you want to change “http_access deny all” to read “http_access allow TRUSTED” add a line (BEFORE the http_access line to setup an access control list [ACL]). This ACL line that defines TRUSTED should read:

Turn off logging by adding these two lines:

access_log none

cache_store_log none

Save the config file and as root issue the following command to start the Squid proxy server:

service squid start

Please don’t run this on a machine that you’re worried about or is used for production sites; and take basic security precautions, ie: moving SSH off the default port, using iptables, etc.

Once your server is up and running please tweet @austinheap and let me know!

[End of copied material --bjk]