Create Anonymous Squid Proxy For Iranian Election Protestors
As I’m sure is the case with the rest of you (particularly if you use Twitter), I’ve been hearing more and more about the Iranian Election and the difficulties the people there are having in getting connectivity outside of the country. Without getting too detailed, it sounds like the incumbent president has cut off internet access to most major social networking sites. Sites that the protestors were trying to use to organize peaceful rallies and request recounts on the polls.
If you are interested in helping them fight to have their voices heard you can setup a Squid Proxy which will allow them to anonymously access Facebook, Twitter, YouTube and other such sites in order to organize and move forward. I have already personally setup and volunteered two proxies. The more that are available the better chance these people will have to continue to communicate with the outside world. If you would like to help out, please keep reading for instructions on how to setup a proxy and securely communicate the details to supporters inside Iran.
Note: please only configure and volunteer proxies for servers and internet connections that you own. Please do not run these on corporate or educational internet connections unless you have express permission.
Installing Squid
By following these instructions you should be able to have a Squid proxy available for use within just a few minutes. Even if you have setup Squid in the past, please make note of these customized instructions. The include access control restrictions to disallow Iranian government offices, and have logging disabled for anonymity.
To install squid use the command (or click on the link):
sudo aptitude install squid
Finding Your Public IP Address
You will need to document your public IP address for the configuration and for use by the protestors. You can find your public IP address by visiting the site: http://whatismyip.com. Make note of the address as you will need it for the configuration below.
Configuring Squid
We’ll now customize three things within the squid configuration.
- Select a random port other than the default of 3128
- Define access control list to allow Iranian subnets
- Disable logging for anonymity of Iranian users
Open your squid configuration file, which is found in /etc/squid/squid.conf and search for the line “http_port 3128″. Change the port number to a different, random port. Do not use the following port numbers: 81/8080/8181/9090/3218. These are globally blocked within the country.
Next we’ll define the access control restrictions. What this will do is allow proxy access to the Iranian residential address ranges but not include the government offices. It will also block all other use of your proxy.
Search for the line beginning with “# INSERT YOUR OWN RULE(S)” and add the following on the next blank line:
acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15
http_access allow TRUSTED
http_access deny all
access_log none
cache_store_log none
visible_hostname <your public IP>
Once you have saved these changes run the following two commands to activate things:
sudo squid -z
sudo /etc/init.d/squid start
If you don’t see any errors you should be ready to go. You can now submit your public IP address and random port to the following email addresses for secure propagation within Iran.
me@austinheap.com and smallworldnews@gmail.com
I hope you are able to volunteer toward this cause. The stories that I have read and the videos and images I have seen show a real injustice is going on in that country. There are many young people who are trying to vote in a real Democratic election, yet their votes are being ignored and their voices are being silenced. If you believe that Freedom is something we all deserve, get involved.
You can find more information and inside updates here here and here.
If this article has been helpful, please consider linking to it.
you brought tears to my eyes. thank you! thank you! thank you!
Presumably I would I need to do something with port forwarding on my NAT router to make this squid proxy available to the outside world?
You would. Good catch. I will update the post.
Please keep this Ubuntu away from this. Or, at least verify facts before getting involved. What “real injustice”, what “votes being ignored”? There are many thousands of Iranian students living all around the world, and a fair number of Iranian expatriates, who can shed much light on the dark mobs in Tehran. Look, it was only a few days ago that Obama finally admitted in public that the US paid for the 1950s mobs in Iraq. Is it not obvious that this is the same in 2009? Anyway, please keep Ubuntu out of it.
GREAT tutorial! I am in the process of making one for Iranian protesters. I was wondering is there a way to make it https? Cuz I heard that https can not be blocked (is it true?). Also the part that you said we have to paste those subnets, does that mean only IPs from Iran can access the proxy? And how/where did you gather all the subnets for Iran only?
Tnx again for this GREAT tutorial.
A Squid proxy will transparently manage https sites, but it is not a feature (at least one that I'm aware of) to make Squid itself https. Yes, the acl TRUSTED section of the article will only allow Iranian addresses to use your proxy (as opposed to the entire world), and those addresses were taken from other sites sharing similar proxy instructions. There are public sites out there where you can find which internet subnets are assigned to which countries however. I'm sure that data was pulled from there.
Just a thought, is this not similar to what TOR is supposed to do? I'm not in a situation to offer a proxy (the only machine I have only has 256mb of RAM so not much use for a Squid proxy as well as the other little bits it does), but if people downloaded something like TORPark or similar then this should offer them end-to-end encryption (everything's encrypted until it leaves a TOR exit node, I believe) meaning that it's more likely to make it out of the country (surely they could put pressure on ISPs to block these anonymous proxies as they crop up since they would in theory be able to track which IPs are being used as proxies).
Unless of course they just put a blanket ban on encrypted traffic leaving the country altogether
http://en.wikipedia.org/wiki/XeroBank_Browser
Apparently this is the replacement for TorPark; runs over the onion network for the browser and also provides a local SOCKS proxy to run other things over it such as IM clients. Maybe people could also run exit nodes as well as proxies and help in this way?
is there a way to get to know when people are using it?
how will this be halpful for the elections?
thanks but right now , when I write this message many people kill by police in Enghelab street , please seed this news
Thank you very much.
But they've implemented some mechanisms that block sites even if you use http proxies after some freely browsing! Some firewalls monitor the content of packets and mangles encrypted packets. Therefore we can't even connect via ssh to our servers out of Iran! No HTTP tunneling, No VPN s, No HTTP Proxies, those simply don't work. We constantly get timeouts after connecting to a vpn/ssh server!
Can anybody send me the already configured file (squid.conf.default) to shad_darvi@yahoo.com ? Thank you for your help and support for Iranian people
is the above mentioned change incorporated to the instructions above?
thanks.
A big problem. The filters used by the Iranian government are actually clever enough to realize the proxy request to 'blocked' sites and filter them out before it reaches the proxy server. A new method to encrypt the communication is needed!
I have been trying to use TOR/Vidalia on WinXP but my ISP (Insightbb.com) will not allow open communication – am getting a lot of *Warning* lines in the Message Log…am I helping? I sure wish I could but my ISP support says "No Open Ports" for residential connections in its TOS Agreement, so they have me over a barrell. Anyone with tips which can help me please do.
NativeSonKY at Twitter
How do we run the two comands at the bottom? I'm a little confused. And does this work on a wirless computer becuase somewhere I heard it didn't?
Some one from Iran.
Great to whom concern about Freedom.
You all have your share hold in moving freedom toward.
Thanks
"If only you had presented the tutorial without editorial comments, as simple knowledge available to all freely! One wonders those who do not energetically protest stolen elections elsewhere such as in the USA 2000 and 2004, are so obsessed with Iran … so obsessed, as to simply ignore all verifiable facts let alone the desires of Iranians as a people, in favor of a smear campaign presented without a shred of evidence."
Your prose reads the way Rush Limbaugh's talks.. *shudder*..
you ought to try a little harder, Wallace, you'll convince no one here with such a pithy effort
I have heard this no where else.. could you elaborate?
Do you think it is anonymous proxy.I think this is a transparent proxy.Correct me if I am wrong
Hi
Is there no risk there are proponents of the old Shah’s regime among these protesters? They were ousted, after all. You would not want to let them use your proxy. Maybe it is better tol og the traffic after all, in case police come knocking on your door
I agree, about the Iranian government is actually clever enough to realize the proxy request to 'blocked' sites and filter them out before it reaches the proxy server. We need a new method to encrypt the communication.
somebody give me a proxy i am filterd
I’m from Iran and would like to thank all the people who care about us.
I believe internet censorship in Iran is even worst than China, the government puts many levels of filtering and even packet inspection and logging on traffic. It’s getting worse and worse everyday. They want people to hear just only what they say and nothing else.
I appreciate all efforts on internet freedom.
Thank you.
I need proxy site.please help me
Thank you, Wallace, for opening my eyes to the truth. Oh how blindly I fell for those all of those lies about the good and gentle government of Iran. It's such a relief to learn that they aren't actually engaging in censorship, torture, secret detention, and murder of unarmed civilians. Thank goodness for lofty intellectuals like you who can show us the light. Ubunnnnnnntu.
What censored posts are you referring to?