How to setup an Iran proxy, quick guide (not detailed)

Jun 19, ’09 7:02 PM
Author jesse Categories Misc Tags , , , , ,

Intro
If you are unaware, Iranian protesters are having to use proxies to avoid Internet and journalist censorship in Iran. Proxies are allowing them to post on sites such as Twitter, Facebook, Flickr, Youtube and others. As many people don’t know how to do this, I threw together a guide. I apologize for its brevity, but I am at work and trying to get the post up quickly and follow events in Iran all at the same time.

Having said that:

Install Squid
If you’re on Windows, just follow these instructions:

http://blog.austinheap.com/2009/06/15/how-to-setup-a-proxy-for-iran-citizens-for-windows/

If you’re on a Mac, first install MacPorts (if you don’t already have it):

http://www.macports.org

Then, in the Terminal, run

sudo port install squid

(if you’re on Linux I assume you know how to install, if not Google “install squid proxy”, I also highly recommend using Rackspace’s Cloud Servers or Amazon for this type of thing since you can bring servers up and down or increase capacity so quickly)

Configure
From there it is a matter of configuring and running Squid. Edit /opt/local/etc/squid/squid.conf in a text editor (like Textmate or vi or emacs) per Austin Heap’s instructions:

4) Configure the DNS name servers on the line that says “dns_nameservers” to point at your ISPs DNS servers.
5) Now the fun part, locking access down the just the Iranian IP blocks.

Inside the text editor search (Control-W) for the line “http_access deny all” and change it to “http_access allow all”. This will make your proxy open and accessible to the world. If you would like to limit your proxy to Iranian IP blocks, you want to change “http_access deny all” to read “http_access allow TRUSTED” add a line (BEFORE the http_access line to setup an access control list [ACL]). This ACL line that defines TRUSTED should read:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

6) Setup “visible_hostname” (normally just the public IP address).
7) Turn off logging by adding these two lines:

access_log none
cache_store_log none

And finally, start is up, on the Terminal, run:

sudo launchctl load -w /Library/LaunchDaemons/org.macports.Squid.plist

Making your proxy available from home
Finally, if you are running Squid from your home network, you will probably have to configure your router. There are decent instructions here:

http://thoughtsections.blogspot.com/2009/06/proxies-for-iran-walkthrough.html

Although I still recommend using Mosso or Amazon (do you really want your home network blocked from Iran?)

Share and Enjoy:
  • Print this article!
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Fark
  • FriendFeed
  • LinkedIn
  • NewsVine
  • Slashdot
  • Technorati
  • TwitThis
  • Reddit
blog comments powered by Disqus