Ubuntu Tutorials

As I’m sure is the case with the rest of you (particularly if you use Twitter), I’ve been hearing more and more about the Iranian Election and the difficulties the people there are having in getting connectivity outside of the country. Without getting too detailed, it sounds like the incumbent president has cut off internet access to most major social networking sites. Sites that the protestors were trying to use to organize peaceful rallies and request recounts on the polls.

If you are interested in helping them fight to have their voices heard you can setup a Squid Proxy which will allow them to anonymously access Facebook, Twitter, YouTube and other such sites in order to organize and move forward. I have already personally setup and volunteered two proxies. The more that are available the better chance these people will have to continue to communicate with the outside world. If you would like to help out, please keep reading for instructions on how to setup a proxy and securely communicate the details to supporters inside Iran.

Note: please only configure and volunteer proxies for servers and internet connections that you own. Please do not run these on corporate or educational internet connections unless you have express permission.

Installing Squid

By following these instructions you should be able to have a Squid proxy available for use within just a few minutes. Even if you have setup Squid in the past, please make note of these customized instructions. The include access control restrictions to disallow Iranian government offices, and have logging disabled for anonymity.

To install squid use the command (or click on the link):

sudo aptitude install squid

Finding Your Public IP Address

You will need to document your public IP address for the configuration and for use by the protestors. You can find your public IP address by visiting the site: http://whatismyip.com. Make note of the address as you will need it for the configuration below.

Configuring Squid

We’ll now customize three things within the squid configuration.

1. Select a random port other than the default of 3128
2. Define access control list to allow Iranian subnets
3. Disable logging for anonymity of Iranian users

Open your squid configuration file, which is found in /etc/squid/squid.conf and search for the line “http_port 3128″. Change the port number to a different, random port. Do not use the following port numbers: 81/8080/8181/9090/3218. These are globally blocked within the country.

Next we’ll define the access control restrictions. What this will do is allow proxy access to the Iranian residential address ranges but not include the government offices. It will also block all other use of your proxy.

Search for the line beginning with “# INSERT YOUR OWN RULE(S)” and add the following on the next blank line:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

http_access allow TRUSTED
http_access deny all

access_log none
cache_store_log none

visible_hostname <your public IP>

Once you have saved these changes run the following two commands to activate things:

sudo squid -z
sudo /etc/init.d/squid start

If you don’t see any errors you should be ready to go. You can now submit your public IP address and random port to the following email addresses for secure propagation within Iran.

me@austinheap.com and smallworldnews@gmail.com

I hope you are able to volunteer toward this cause. The stories that I have read and the videos and images I have seen show a real injustice is going on in that country. There are many young people who are trying to vote in a real Democratic election, yet their votes are being ignored and their voices are being silenced. If you believe that Freedom is something we all deserve, get involved.

You can find more information and inside updates here here and here.

If this article has been helpful, please consider linking to it.

More and more I’ve been using ssh tunneling, encrypted emails or privacy networks while I’m online. Between (US) government sponsored wiretaps, to identity theft there are plenty of people out there that want to know what you’re doing and get your information. This is one of the reasons I recently looked into donating some bandwidth to the Tor network.

If you’re not familiar with the Tor network it is “The Onion Router”, basically meaning that between your machine and the machines you end up connecting to there are layers. Layers of encryption and anonymity that can help ensure your privacy.

Now this system (just like any system) can be abused. There are some people out there that feel the Tor network is simply for crackers and terrorists trying to do bad things. On the contrary, its for real people like you and me that don’t care for our personal information to be so freely available just by casual browsing.

I used the Tor network fairly early on and it was great. Eventually more and more people started using it and the limited donated bandwidth was running short and therefore your Tor-enabled private connections were slower. This became a common complaint about using Tor–it was too slow.

Well, we can help change that by donating a throttled section of our bandwidth to the Tor network. If one-hundred more people donated a bit of their bandwidth it would open the network quite a bit.

In any event, lets get to the details. (note: This was tested on Ubuntu 6.06.1 but should function on later versions)

Downloading the Tor software

The first thing we need to do is install the latest Tor software for handling the private connections. While the tor package is available it is not the latest version (with 6.06.1 backports) and not compatible with the latest network. We’ll need to add the latest package by adding this to our sources.list: The version we need is >=0.1.2.15

deb http://mirror.noreply.org/pub/tor dapper main

(replace dapper, of course, with the distribution version you are running)

You may also want to add the GPG key the package was signed with to validate it:

gpg --keyserver subkeys.pgp.net --recv 94C09C7F

gpg --export 94C09C7F | sudo apt-key add -

Once you have added that line to your /etc/sources.list file you’ll need to run these commands: (or use your favorite package manager front-end)

sudo aptitude update

sudo aptitude install tor

Config Preparation

We’ll now prepare the machine to run as a Tor server. Two things need to be done here.

1. Make sure your time clock is up to date
2. Make sure your machine can resolve DNS properly

We can do this via these two commands:

sudo ntpdate pool.ntp.org

(this will synchronize the clock unless you are already running the ntd daemon. If so you're probably synched)

host google.com / host ubuntu.com / host some-random-domain.com

(the host tool will resolve names to IPs using DNS lookups. If your machine is able to resolve domains quickly and easily you're set. If not, consider configuring OpenDNS on your machine)

Configure the Tor Server

Three last things to do and your machine will join the Tor network. We’ll need to set a Tor unique server ID and the ports to use. If you are behind a router you’ll need to configure NAT for the second step.

Edit your /etc/tor/torrc file:

sudo vim/nano/gedit /etc/tor/torrc

1. Find the line that says “Nickname” and define a nickname for your server. It’ll need to be something unique.
2. Find the line that says “ORPort” and define the port number. You can use the defaults (uncomment existing lines) or define an alternate port.
3. You’ll also probably want to define the bandwidth limitations that will be donated to the network. Look for “BandwidthRate” for the minimum long-term bandwidth rate. The minimum to join the network is 20K. Also find “BandwidthBurstRate” for occasional burst speeds across the network. The overall average, even with the burst rate will stay to the lower value. You may also want to look at the Hibernation value which lets you put a total cap on a timeline basis on shared bandwidth.

Running the Server

You’re now ready to start running the server and donating to the Tor privacy network. You’ll simply need to start the service and quickly watch a log file to see that everything functions as it should. If it does not please see the Tor FAQ for help.

sudo /etc/init.d/tor start

tail -f /var/log/tor/log

If you see a message like “Self-testing indicates your ORPort is reachable from the outside. Excellent” then you are ready to go. You can close the log (ctrl-c) and just let it go.

You’ll probably want to watch your bandwidth for the next day or two and find the best limit for your connection.

Thank you for donating to the Tor network. Thousands of privacy-concerned citizens around the world appreciate it!