Create Anonymous Squid Proxy For Iranian Election Protestors

By | 2009/06/18

As I’m sure is the case with the rest of you (particularly if you use Twitter), I’ve been hearing more and more about the Iranian Election and the difficulties the people there are having in getting connectivity outside of the country. Without getting too detailed, it sounds like the incumbent president has cut off internet access to most major social networking sites. Sites that the protestors were trying to use to organize peaceful rallies and request recounts on the polls.

If you are interested in helping them fight to have their voices heard you can setup a Squid Proxy which will allow them to anonymously access Facebook, Twitter, YouTube and other such sites in order to organize and move forward. I have already personally setup and volunteered two proxies. The more that are available the better chance these people will have to continue to communicate with the outside world. If you would like to help out, please keep reading for instructions on how to setup a proxy and securely communicate the details to supporters inside Iran.

Note: please only configure and volunteer proxies for servers and internet connections that you own. Please do not run these on corporate or educational internet connections unless you have express permission.

Installing Squid

By following these instructions you should be able to have a Squid proxy available for use within just a few minutes. Even if you have setup Squid in the past, please make note of these customized instructions. The include access control restrictions to disallow Iranian government offices, and have logging disabled for anonymity.

To install squid use the command (or click on the link):

sudo aptitude install squid

Finding Your Public IP Address

You will need to document your public IP address for the configuration and for use by the protestors. You can find your public IP address by visiting the site: http://whatismyip.com. Make note of the address as you will need it for the configuration below.

Configuring Squid

We’ll now customize three things within the squid configuration.

  1. Select a random port other than the default of 3128
  2. Define access control list to allow Iranian subnets
  3. Disable logging for anonymity of Iranian users

Open your squid configuration file, which is found in /etc/squid/squid.conf and search for the line “http_port 3128”. Change the port number to a different, random port. Do not use the following port numbers: 81/8080/8181/9090/3218. These are globally blocked within the country.

Next we’ll define the access control restrictions. What this will do is allow proxy access to the Iranian residential address ranges but not include the government offices. It will also block all other use of your proxy.

Search for the line beginning with “# INSERT YOUR OWN RULE(S)” and add the following on the next blank line:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

http_access allow TRUSTED
http_access deny all

access_log none
cache_store_log none

visible_hostname <your public IP>

Once you have saved these changes run the following two commands to activate things:

sudo squid -z
sudo /etc/init.d/squid start

If you don’t see any errors you should be ready to go. You can now submit your public IP address and random port to the following email addresses for secure propagation within Iran.

[email protected] andΒ [email protected]

I hope you are able to volunteer toward this cause. The stories that I have read and the videos and images I have seen show a real injustice is going on in that country. There are many young people who are trying to vote in a real Democratic election, yet their votes are being ignored and their voices are being silenced. If you believe that Freedom is something we all deserve, get involved.

You can find more information and inside updates here here and here.

29 thoughts on “Create Anonymous Squid Proxy For Iranian Election Protestors

  1. Anon

    you brought tears to my eyes. thank you! thank you! thank you!

    Reply
  2. dflock

    Presumably I would I need to do something with port forwarding on my NAT router to make this squid proxy available to the outside world?

    Reply
  3. BhiWallace

    Please keep this Ubuntu away from this. Or, at least verify facts before getting involved. What “real injustice”, what “votes being ignored”? There are many thousands of Iranian students living all around the world, and a fair number of Iranian expatriates, who can shed much light on the dark mobs in Tehran. Look, it was only a few days ago that Obama finally admitted in public that the US paid for the 1950s mobs in Iraq. Is it not obvious that this is the same in 2009? Anyway, please keep Ubuntu out of it.

    Reply
  4. lmn

    GREAT tutorial! I am in the process of making one for Iranian protesters. I was wondering is there a way to make it https? Cuz I heard that https can not be blocked (is it true?). Also the part that you said we have to paste those subnets, does that mean only IPs from Iran can access the proxy? And how/where did you gather all the subnets for Iran only?

    Tnx again for this GREAT tutorial. πŸ™‚

    Reply
    1. Christer Edwards Post author

      A Squid proxy will transparently manage https sites, but it is not a feature (at least one that I'm aware of) to make Squid itself https. Yes, the acl TRUSTED section of the article will only allow Iranian addresses to use your proxy (as opposed to the entire world), and those addresses were taken from other sites sharing similar proxy instructions. There are public sites out there where you can find which internet subnets are assigned to which countries however. I'm sure that data was pulled from there.

      Reply
  5. G-A-C

    Just a thought, is this not similar to what TOR is supposed to do? I'm not in a situation to offer a proxy (the only machine I have only has 256mb of RAM so not much use for a Squid proxy as well as the other little bits it does), but if people downloaded something like TORPark or similar then this should offer them end-to-end encryption (everything's encrypted until it leaves a TOR exit node, I believe) meaning that it's more likely to make it out of the country (surely they could put pressure on ISPs to block these anonymous proxies as they crop up since they would in theory be able to track which IPs are being used as proxies).

    Unless of course they just put a blanket ban on encrypted traffic leaving the country altogether πŸ™

    Reply
  6. G-A-C

    http://en.wikipedia.org/wiki/XeroBank_Browser

    Apparently this is the replacement for TorPark; runs over the onion network for the browser and also provides a local SOCKS proxy to run other things over it such as IM clients. Maybe people could also run exit nodes as well as proxies and help in this way?

    Reply
  7. a bit anonymous

    is there a way to get to know when people are using it?

    Reply
  8. jefri

    thanks but right now , when I write this message many people kill by police in Enghelab street , please seed this news

    Reply
  9. Nima

    Thank you very much.
    But they've implemented some mechanisms that block sites even if you use http proxies after some freely browsing! Some firewalls monitor the content of packets and mangles encrypted packets. Therefore we can't even connect via ssh to our servers out of Iran! No HTTP tunneling, No VPN s, No HTTP Proxies, those simply don't work. We constantly get timeouts after connecting to a vpn/ssh server! πŸ™

    Reply
  10. Shad

    Can anybody send me the already configured file (squid.conf.default) to [email protected] ? Thank you for your help and support for Iranian people

    Reply
  11. farz

    is the above mentioned change incorporated to the instructions above?
    thanks.

    Reply
  12. A user

    A big problem. The filters used by the Iranian government are actually clever enough to realize the proxy request to 'blocked' sites and filter them out before it reaches the proxy server. A new method to encrypt the communication is needed!

    Reply
  13. NativeSonKY

    I have been trying to use TOR/Vidalia on WinXP but my ISP (Insightbb.com) will not allow open communication – am getting a lot of *Warning* lines in the Message Log…am I helping? I sure wish I could but my ISP support says "No Open Ports" for residential connections in its TOS Agreement, so they have me over a barrell. Anyone with tips which can help me please do.

    NativeSonKY at Twitter

    Reply
  14. Needs Help

    How do we run the two comands at the bottom? I'm a little confused. And does this work on a wirless computer becuase somewhere I heard it didn't?

    Reply
  15. aliasghar

    Some one from Iran.
    Great to whom concern about Freedom.
    You all have your share hold in moving freedom toward.
    Thanks

    Reply
  16. James Matthew

    "If only you had presented the tutorial without editorial comments, as simple knowledge available to all freely! One wonders those who do not energetically protest stolen elections elsewhere such as in the USA 2000 and 2004, are so obsessed with Iran … so obsessed, as to simply ignore all verifiable facts let alone the desires of Iranians as a people, in favor of a smear campaign presented without a shred of evidence."

    Your prose reads the way Rush Limbaugh's talks.. *shudder*..
    you ought to try a little harder, Wallace, you'll convince no one here with such a pithy effort

    Reply
  17. James Matthew

    I have heard this no where else.. could you elaborate?

    Reply
  18. Ubuntu

    Do you think it is anonymous proxy.I think this is a transparent proxy.Correct me if I am wrong

    Reply
  19. Ronko

    Hi

    Is there no risk there are proponents of the old Shah’s regime among these protesters? They were ousted, after all. You would not want to let them use your proxy. Maybe it is better tol og the traffic after all, in case police come knocking on your door

    Reply
  20. furniture

    I agree, about the Iranian government is actually clever enough to realize the proxy request to 'blocked' sites and filter them out before it reaches the proxy server. We need a new method to encrypt the communication.

    Reply
  21. vahid

    I’m from Iran and would like to thank all the people who care about us.

    I believe internet censorship in Iran is even worst than China, the government puts many levels of filtering and even packet inspection and logging on traffic. It’s getting worse and worse everyday. They want people to hear just only what they say and nothing else.

    I appreciate all efforts on internet freedom.
    Thank you.

    Reply
  22. David Nerd

    can u send me a proxy
    this school that im in doesnt want any student on facebook but thats the only way i can communicate with my family so since ive been in this school i havent talk to my family in a year

    Reply

Leave a Reply