Austin Heap is supporting an effort to set up hundreds/thousands of proxy servers to offer nearly unblockable access to the Internet for Iranian citizens. He has posted detailed instructions on how to do this for Windows and Linux boxes, including how to allow only Iranian IP addresses to access your machine. For Mac, try Squidman & adapt the Linux instructions.
If you're not confident about it, don't try something like this. (If you are thinking of going into that house, DON'T.)
Please don’t run this on a machine that you’re worried about or is used for production sites; and take basic security precautions, ie: moving ftp off the default port, using a firewall package, etc.
Once your server is up and running please DM @austinheap and let me know! I will no longer posting proxies on the public list. If you set one up, please e-mail me@austinheap.com to contribute to the private one or e-mail me if your an Iranian that needs access!
UPDATE: Two great ideas from the comments.
- see tullyccro's diary about using Tor;
- thanks to Surly Cracker and Omir the Storyteller for having really cool user names! Oh, and also maybe the ultimate idea along these lines, short of the not-yet-there truly ubiquitous nanotech/wireless/distributed introwebs
I'll let them explain:
You didn't have an option for (2+ / 0-)
"I've already done it"
But seriously, people shouldn't try this unless they're at least passingly familiar with network administration, and how to secure the system, and realize there's a certain amount of liability here, as well.
Dance like no one is watching with one fist in the air... We are stronger than everything they have taught us that we should fear.
by Surly Cracker on Tue Jun 16, 2009 at 09:35:31 AM PDT
* What someone needs to do (3+ / 0-)
is create an Ubuntu-based CD that already has squid and the proxy settings baked in so someone with a spare computer and a willingness to help can just boot up and be relatively secure -- since the machine is booting from a CD you can just reboot if something goes awry.
But you're right, nobody should try this if none of what's been said above other than "willingness to help" makes sense to them.
You should view the world as a conspiracy run by a closely-knit group of nearly omnipotent people -- yourself and your friends. Robert Anton Wilson
by Omir the Storyteller on Tue Jun 16, 2009 at 09:48:57 AM PDT
o Now that's an idea... (1+ / 0-)
Might have to see about that. I assume (and I've never made any modifications to an Ubuntu distro) that you could probably do this without Gnome/KDE (based on a server-only, non graphical distro to cut down on the size of the DL) that someone could just put in a computer that was connected to the internet, boot from disc, and walk away? You could just remove the automount routines for HD's and other attached media, so the only filesystem it could mount is the CD... They could just let it run all day, and then reboot when they needed the computer.
I'm headed over to the Ubuntu forums right now to figure this out. If I can do it, I'll convert it to an ISO and release it as a torrent ASAP.
Dance like no one is watching with one fist in the air... We are stronger than everything they have taught us that we should fear.
by Surly Cracker on Tue Jun 16, 2009 at 11:16:31 AM PDT
end UPDATE =====================
This involves using a program called squid.
Here are the PC instructions.
(Given the nature of this post, I'm going to assume that Fair Use restrictions don't apply, ie a "please RT" situation. If Austin feels different I will of course modify appropriately.)
(See the 'older comments' linkfor a variety of troubleshooting suggestions if you have problems.)
Posted in Internets, Politics, Technology on 06/15/2009 05:13 pm by Austin
If you’re using Windows, it’s pretty straight forward to setup a proxy and help give access to those in Iran who are being censored. If you’re running Redhat/CentOS, please use the linux instructions.
- Download Squid for Windows
- Extract that zip archive, and move the "squid" folder to the root of your drive (probably C:).
- After moving the squid folder, open "C:\squid\etc\squid.conf" in your favorite text editor (not Word).
- Configure the DNS name servers on the line that says "dns_nameservers" to point at your ISPs DNS servers.
- Now the fun part, locking access down the just the Iranian IP blocks.
Inside the text editor search (Control-W) for the line "http_access deny all" and change it to "http_access allow all". This will make your proxy open and accessible to the world. If you would like to limit your proxy to Iranian IP blocks, you want to change "http_access deny all" to read "http_access allow TRUSTED" add a line (BEFORE the http_access line to setup an access control list [ACL]). This ACL line that defines TRUSTED should read:
acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15
- Setup "visible_hostname" (normally just the public IP address).
- Turn off logging by adding these two lines:
access_log none
cache_store_log none
- Setup the Squid cache by issuing the following command: "c:\squid\sbin\squid -D –z" (No quotes).
- Setup Squid to run as a service by issuing the following command: "c:\squid\sbin\squid –i"
Please don’t run this on a machine that you’re worried about or is used for production sites; and take basic security precautions, ie: moving ftp off the default port, using a firewall package, etc.
Once your server is up and running please DM @austinheap and let me know! I will no longer posting proxies on the public list. If you set one up, please e-mail me@austinheap.com to contribute to the private one or e-mail me if your an Iranian that needs access!
Tags: Iran, Proxy, squid, windows