As I’m sure is the case with the rest of you (particularly if you use Twitter), I’ve been hearing more and more about the Iranian Election and the difficulties the people there are having in getting connectivity outside of the country. Without getting too detailed, it sounds like the incumbent president has cut off internet access to most major social networking sites. Sites that the protestors were trying to use to organize peaceful rallies and request recounts on the polls.
If you are interested in helping them fight to have their voices heard you can setup a Squid Proxy which will allow them to anonymously access Facebook, Twitter, YouTube and other such sites in order to organize and move forward. I have already personally setup and volunteered two proxies. The more that are available the better chance these people will have to continue to communicate with the outside world. If you would like to help out, please keep reading for instructions on how to setup a proxy and securely communicate the details to supporters inside Iran.
Note: please only configure and volunteer proxies for servers and internet connections that you own. Please do not run these on corporate or educational internet connections unless you have express permission.
By following these instructions you should be able to have a Squid proxy available for use within just a few minutes. Even if you have setup Squid in the past, please make note of these customized instructions. The include access control restrictions to disallow Iranian government offices, and have logging disabled for anonymity.
To install squid use the command (or click on the link):
sudo aptitude install squid
Finding Your Public IP Address
You will need to document your public IP address for the configuration and for use by the protestors. You can find your public IP address by visiting the site: http://whatismyip.com. Make note of the address as you will need it for the configuration below.
We’ll now customize three things within the squid configuration.
- Select a random port other than the default of 3128
- Define access control list to allow Iranian subnets
- Disable logging for anonymity of Iranian users
Open your squid configuration file, which is found in /etc/squid/squid.conf and search for the line “http_port 3128”. Change the port number to a different, random port. Do not use the following port numbers: 81/8080/8181/9090/3218. These are globally blocked within the country.
Next we’ll define the access control restrictions. What this will do is allow proxy access to the Iranian residential address ranges but not include the government offices. It will also block all other use of your proxy.
Search for the line beginning with “# INSERT YOUR OWN RULE(S)” and add the following on the next blank line:
acl TRUSTED src 184.108.40.206/17 220.127.116.11/19 18.104.22.168/19 22.214.171.124/17 126.96.36.199/18 188.8.131.52/18 184.108.40.206/19 220.127.116.11/19 18.104.22.168/20 22.214.171.124/15 126.96.36.199/20 188.8.131.52/20 184.108.40.206/20 220.127.116.11/19 18.104.22.168/19 22.214.171.124/19 126.96.36.199/17 188.8.131.52/19 184.108.40.206/21 220.127.116.11/18 18.104.22.168/20 22.214.171.124/20 126.96.36.199/20 188.8.131.52/20 184.108.40.206/16 220.127.116.11/20 18.104.22.168/20 22.214.171.124/20 126.96.36.199/17 188.8.131.52/20 184.108.40.206/20 220.127.116.11/20 18.104.22.168/20 22.214.171.124/20 126.96.36.199/20 188.8.131.52/20 184.108.40.206/18 220.127.116.11/19 18.104.22.168/18 22.214.171.124/18 126.96.36.199/18 188.8.131.52/18 184.108.40.206/18 220.127.116.11/17 18.104.22.168/16 22.214.171.124/18 126.96.36.199/19 188.8.131.52/16 184.108.40.206/19 220.127.116.11/19 18.104.22.168/18 22.214.171.124/17 126.96.36.199/20 188.8.131.52/18 184.108.40.206/15 220.127.116.11/19 18.104.22.168/19 22.214.171.124/23 126.96.36.199/24 188.8.131.52/24 184.108.40.206/24 220.127.116.11/24 18.104.22.168/24 22.214.171.124/21 126.96.36.199/18 188.8.131.52/20 184.108.40.206/20 220.127.116.11/19 18.104.22.168/16 22.214.171.124/21 126.96.36.199/18 188.8.131.52/20 184.108.40.206/20 220.127.116.11/20 18.104.22.168/19 22.214.171.124/15 126.96.36.199/17 188.8.131.52/21 184.108.40.206/18 220.127.116.11/16 18.104.22.168/18 22.214.171.124/18 126.96.36.199/18 188.8.131.52/18 184.108.40.206/21 220.127.116.11/21 18.104.22.168/16 22.214.171.124/21 126.96.36.199/19 188.8.131.52/19 184.108.40.206/17 220.127.116.11/15 18.104.22.168/23 22.214.171.124/16 126.96.36.199/19 188.8.131.52/19 184.108.40.206/19 220.127.116.11/19 18.104.22.168/19 22.214.171.124/19 126.96.36.199/19 188.8.131.52/19 184.108.40.206/19 220.127.116.11/18 18.104.22.168/18 22.214.171.124/18 126.96.36.199/19 188.8.131.52/19 184.108.40.206/20 220.127.116.11/20 18.104.22.168/20 22.214.171.124/20 126.96.36.199/20 188.8.131.52/20 184.108.40.206/20 220.127.116.11/19 18.104.22.168/20 22.214.171.124/15
http_access allow TRUSTED
http_access deny all
visible_hostname <your public IP>
Once you have saved these changes run the following two commands to activate things:
sudo squid -z
sudo /etc/init.d/squid start
If you don’t see any errors you should be ready to go. You can now submit your public IP address and random port to the following email addresses for secure propagation within Iran.
I hope you are able to volunteer toward this cause. The stories that I have read and the videos and images I have seen show a real injustice is going on in that country. There are many young people who are trying to vote in a real Democratic election, yet their votes are being ignored and their voices are being silenced. If you believe that Freedom is something we all deserve, get involved.