Skip to main content

View Diary: ACTION: Ubuntu / Linux Gurus Needed - Iran Proxies (27 comments)

Comment Preferences

  •  Note the Windows version of Squid in blog (1+ / 0-)
    Recommended by:
    MKSinSA

    Normally, I'd really push the Linux solution.  The Austin Heap blog also indicates there is a version of squid for Windows.  (Squid is a proxy server which can 'remap' http: requests according to rules.  If this makes no sense, I can't give an overview of web protocals here.  It does contain documentation files.)

    Given the urgency and likelihood there are more Windows users than Linux users in Iran, especially amongst the Western people who may still be on the inside, let's get this out too -- add this quickie 'how to' explaining the set up of the Windows version of squid.

    How to set up Squid on Windows:

    1. Download Squid 2.7 for Windows
    1. Initialize the Squid cache by issuing the following command inside a Windows Command Prompt:

    c:\squid\sbin\squid -D –z

    1. Setup Squid to run as a service by issuing the following command:

    c:\squid\sbin\squid –i

    Making Windows secure is it's own project.  The above should be considered steps used to quickly create a disposable, throwaway system since Windows tends to be quite give away it's secrets to the savvy on the internet.  Don't leave any trails on this system that can lead back to anyone, at least anyone that you care about.

    When life gives you wingnuts, make wingnut butter!

    by antirove on Tue Jun 16, 2009 at 06:51:58 PM PDT

    •  That's kinda my point, though (4+ / 0-)
      Recommended by:
      bablhous, carver, kyril, MKSinSA

      Squid on Windows, or really any program that opens your computer up to anonymous requests from the outside world, is a security risk.

      A Linux Live CD (whether based on Debian, Ubuntu, whatever) could be configured to run as a stand-alone entity, on a PC that either sits in a corner, or run on an unused PC while the owner is at work.

      Using the live CD format means that you could use your primary PC as a Proxy Server without any security risk or alterations to your existing setup. The Live CD would be configured to not even mount Hard Drives, just run off RAM and use the internet connection, so there's no way it could do harm if the wrong person got ahold of it.

      There's a lot of ways to do it, but I was seeking a totally secure, totally simple solution... I'm making some headway on the problem, and if I manage to get it done in any kind of useful timeframe, I'll release it.

      Dance like no one is watching with one fist in the air... We are stronger than everything they have taught us that we should fear.

      by Surly Cracker on Tue Jun 16, 2009 at 07:23:33 PM PDT

      [ Parent ]

      •  How about a premade Vmware image for Debian? (5+ / 0-)

        Might be fastest to go the vmware route.
        Here's a possibly useful link:

        virtual machine squid reverse proxy server

        Mounting the volume as read only would have about the same effect as running from a Live boot CDROM.

        When life gives you wingnuts, make wingnut butter!

        by antirove on Tue Jun 16, 2009 at 07:39:35 PM PDT

        [ Parent ]

        •  That sounds pretty good too, for those (1+ / 0-)
          Recommended by:
          antirove

          who use Vmware. I'll check it out.

          Dance like no one is watching with one fist in the air... We are stronger than everything they have taught us that we should fear.

          by Surly Cracker on Tue Jun 16, 2009 at 08:30:36 PM PDT

          [ Parent ]

        •  Most of the 450+ pre-built (1+ / 0-)
          Recommended by:
          Surly Cracker

          "OS" images on the VMware site are some flavor of debian.

          Or maybe it just seemed that way:  it's hard to keep track when you can only display the damned things ten at a time (grrr).

          But there are lots of "vanilla" debian installs,  and just about every version of ubuntu from about 6 on,  in multiple server and desktop configurations.

          There might well be one with squid pre-installed:  try searching for "squid" there.

      •  Opera Web browers version 10 will include (3+ / 0-)

        web server as part of its effort to Reinvent the Web.  It may have technology that could be easily used by computer users with basic understandings.

        Opera 10 Unite

        Review of Opera 10:

        Review from techcrunch of Opera 10 'Unite'

        Keep working on your silver bullet Ubuntu Live CD solution, but perhaps we can evaluate a number of options in parallel.  

        Consider including webmin and the squid webmin module to make setup of the server easier or customizable.

        webmin server administration web interface

        Look for squid module

        When life gives you wingnuts, make wingnut butter!

        by antirove on Tue Jun 16, 2009 at 08:06:16 PM PDT

        [ Parent ]

      •  Speaking of open proxies, shouldn't these (1+ / 0-)
        Recommended by:
        Surly Cracker

        config files for squid be blocking port 25 and any other email related ports?  Otherwise, we could be unwittingly setting up open proxy servers that facilitate spam flow.

        •  Without knowing exactly (0+ / 0-)

          how Squid works, I imagine part of what I'd want to accomplish would be to block everything but http traffic on standard ports. I haven't dug into Squid's config files, as I'm still searching for an appropriate Distro and the knowledge needed to customize it.

          Damn Small Linux and Puppy Linux are looking promising, but I'm kind of out of my depth...

          Dance like no one is watching with one fist in the air... We are stronger than everything they have taught us that we should fear.

          by Surly Cracker on Tue Jun 16, 2009 at 09:07:19 PM PDT

          [ Parent ]

          •  Squid has been around for a long time, and its (1+ / 0-)
            Recommended by:
            Surly Cracker

            configuration amounts to editing a single text-based config file.  The config files contains helpful information and examples on #-escaped comment lines, so it is quite easy to configure.  The default config file results in an open proxy on a well-known port that enterprising spammers will eventually stumble upon, so it is good to at least edit the config file once.  Several years ago I used squid for a slightly naughty purpose so that I could route http requests through my university workstation and download journal articles at home.  In my case I used a high-numbered port and activated squid only when I needed to access the library.  Otherwise, I halted it to lessen the chances of it being discovered by bad guys.

Subscribe or Donate to support Daily Kos.

  • Recommended (137)
  • Community (62)
  • 2016 (44)
  • Environment (39)
  • Elections (38)
  • Culture (36)
  • Bernie Sanders (36)
  • Republicans (34)
  • Hillary Clinton (27)
  • Education (25)
  • Climate Change (24)
  • Labor (24)
  • Trans-Pacific Partnership (24)
  • Barack Obama (23)
  • Media (22)
  • GOP (21)
  • Civil Rights (21)
  • Economy (20)
  • Affordable Care Act (19)
  • Spam (18)
  • Click here for the mobile view of the site