Ubuntu Tutorials

I’m sure that I’ve mentioned a number of times that the bandwidth speeds at my house are pretty horrible. It is very frustrating to have such a limited pipe considering the amount of work I do that requires bandwidth. Based on this limitation I regularly come up with ways to conserve and cache. One of these methods (which I have blogged about in the past) is apt-cacher.

Apt-Cacher is a method by which you can centrally cache and share packages already stored within your network. It also allows the option of caching any downloaded packages in the future. This allows me to download a package once and transparently share it with an unlimited number of machines within my network. This way I only use my Lanwidth (LAN-bandwidth), and not my limited WAN connection.

Apt-Cacher can be installed and configured network wide in five simple steps. These steps are:

• Install
• Autostart daemon
• Configure ACL
• Import current packages
• Configure Clients

To be honest, the first four steps are finished in just a few minutes. The last step of configuring your clients can take longer. The amount of time depends on how many clients you have.

Install

To install apt-cacher simply install the package (or click the link below):

sudo aptitude install apt-cacher

Autostart daemon

If you want the apt-cacher daemon to autostart at boot you’ll need to change a single value in the config:

sudo sed -i.orig 's/AUTOSTART=0/AUTOSTART=1/' /etc/default/apt-cacher

sudo /etc/init.d/apt-cacher restart

Configure ACL

This step is optional. By default apt-cacher will allow access to any IP. If you would like to limit access to your cache from a specific subnet or other specific addresses you’ll need to change the values for allowed_hosts and denied_hosts in the /etc/apt-cacher/apt-cacher.conf.

Import current packages

You’ll likely want to import the current packages that you have in your machine’s package cache. This can be done using the command:

sudo /usr/share/apt-cacher/apt-cacher-import.pl -s /var/cache/apt/archives/

At this point this machine will have the ability to share any packages that it has previously downloaded as well as any package that it (or any client) will download in the future. The only requirement to begin using this cache throughout your network is configuring the clients to use it.

Configure Clients

To configure your clients to use your cache you can simply add a line to your apt.conf file, telling the client to use the cache server. To do this add the following line to your /etc/apt/apt.conf file, replacing the IP with your own:

Acquire::http::Proxy "http://192.168.0.30:3142"

You’re now done. As long as your apt-cacher is accessible your client will look there for cached packages.

If anyone knows of a method to allow for multiple proxy entries I would be very interested. For example, if this were configured on a laptop and the apt-cacher were not accessible, I would like the client to transparently try the next entry in a list. This is something available in many other package managers, I would hope Debian based distributions would support the same.

As I’m sure is the case with the rest of you (particularly if you use Twitter), I’ve been hearing more and more about the Iranian Election and the difficulties the people there are having in getting connectivity outside of the country. Without getting too detailed, it sounds like the incumbent president has cut off internet access to most major social networking sites. Sites that the protestors were trying to use to organize peaceful rallies and request recounts on the polls.

If you are interested in helping them fight to have their voices heard you can setup a Squid Proxy which will allow them to anonymously access Facebook, Twitter, YouTube and other such sites in order to organize and move forward. I have already personally setup and volunteered two proxies. The more that are available the better chance these people will have to continue to communicate with the outside world. If you would like to help out, please keep reading for instructions on how to setup a proxy and securely communicate the details to supporters inside Iran.

Note: please only configure and volunteer proxies for servers and internet connections that you own. Please do not run these on corporate or educational internet connections unless you have express permission.

Installing Squid

By following these instructions you should be able to have a Squid proxy available for use within just a few minutes. Even if you have setup Squid in the past, please make note of these customized instructions. The include access control restrictions to disallow Iranian government offices, and have logging disabled for anonymity.

To install squid use the command (or click on the link):

sudo aptitude install squid

Finding Your Public IP Address

You will need to document your public IP address for the configuration and for use by the protestors. You can find your public IP address by visiting the site: http://whatismyip.com. Make note of the address as you will need it for the configuration below.

Configuring Squid

We’ll now customize three things within the squid configuration.

1. Select a random port other than the default of 3128
2. Define access control list to allow Iranian subnets
3. Disable logging for anonymity of Iranian users

Open your squid configuration file, which is found in /etc/squid/squid.conf and search for the line “http_port 3128″. Change the port number to a different, random port. Do not use the following port numbers: 81/8080/8181/9090/3218. These are globally blocked within the country.

Next we’ll define the access control restrictions. What this will do is allow proxy access to the Iranian residential address ranges but not include the government offices. It will also block all other use of your proxy.

Search for the line beginning with “# INSERT YOUR OWN RULE(S)” and add the following on the next blank line:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

http_access allow TRUSTED
http_access deny all

access_log none
cache_store_log none

visible_hostname <your public IP>

Once you have saved these changes run the following two commands to activate things:

sudo squid -z
sudo /etc/init.d/squid start

If you don’t see any errors you should be ready to go. You can now submit your public IP address and random port to the following email addresses for secure propagation within Iran.

me@austinheap.com and smallworldnews@gmail.com

I hope you are able to volunteer toward this cause. The stories that I have read and the videos and images I have seen show a real injustice is going on in that country. There are many young people who are trying to vote in a real Democratic election, yet their votes are being ignored and their voices are being silenced. If you believe that Freedom is something we all deserve, get involved.

You can find more information and inside updates here here and here.

At home I run my own DHCP, DNS and Squid proxy. I implemented the proxy because my DSL connection is pretty bad and anything I can do to improve that goes a long way.  Now my proxy works fine, but the issue that I’m running into is having it auto-configure the browser(s) on each machine in the house. It doesn’t do me any good to be running a proxy if it doesn’t actually get used.

Can anyone outline for me, or point me to a reliable resource, on how to automagically configure proxy settings via DHCP.  I have spent some time googling this but nothing has worked so far. Either the pages I found were out dated or missing information. Basically I would like any browsing within the LAN to go through the proxy. This will include Firefox, Safari and Epiphany browsers.

Thanks in advance.