setup a proxy for IRAN and VPN and TOR

Jun 15th, 2009 | By admin | Category: Iran

Yishay sez, “The road to hell is paved with the best intentions (including mine). Learn how to actually help the protesters and not the gov’t in Iran.” The purpose of this guide is to help you participate constructively in the Iranian election protests through Twitter.

1. Do NOT publicise proxy IP’s over twitter, and especially not using the #iranelection hashtag. Security forces are monitoring this hashtag, and the moment they identify a proxy IP they will block it in Iran. If you are creating new proxies for the Iranian bloggers, DM them to @stopAhmadi or @iran09 and they will distributed them discretely to bloggers in Iran.

2. Hashtags, the only two legitimate hashtags being used by bloggers in Iran are #iranelection and #gr88, other hashtag ideas run the risk of diluting the conversation.

3. Keep you bull$hit filter up! Security forces are now setting up twitter accounts to spread disinformation by posing as Iranian protesters. Please don’t retweet impetuosly, try to confirm information with reliable sources before retweeting. The legitimate sources are not hard to find and follow.

4. Help cover the bloggers: change your twitter settings so that your location is TEHRAN and your time zone is GMT +3.30. Security forces are hunting for bloggers using location and timezone searches. If we all become ‘Iranians’ it becomes much harder to find them.

5. Don’t blow their cover! If you discover a genuine source, please don’t publicise their name or location on a website. These bloggers are in REAL danger. Spread the word discretely through your own networks but don’t signpost them to the security forces. People are dying there, for real, please keep that in mind…

THANKS TO http://www.boingboing.net

If you’re using Windows, it’s pretty straight forward to setup a proxy and help give access to those in Iran who are being censored. If you’re running Redhat/CentOS, please use the linux instructions.

1) Download Squid for Windows
2) Extract that zip archive, and move the “squid” folder to the root of your drive (probably C:\).
3) After moving the squid folder, open “C:\squid\etc\squid.conf” in your favorite text editor (not Word).
4) Configure the DNS name servers on the line that says “dns_nameservers” to point at your ISPs DNS servers.
5) Now the fun part, locking access down the just the Iranian IP blocks.

Inside the text editor search (Control-W) for the line “http_access deny all” and change it to “http_access allow all”. This will make your proxy open and accessible to the world. If you would like to limit your proxy to Iranian IP blocks, you want to change “http_access deny all” to read “http_access allow TRUSTED” add a line (BEFORE the http_access line to setup an access control list [ACL]). This ACL line that defines TRUSTED should read:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

6) Setup “visible_hostname” (normally just the public IP address).
7) Turn off logging by adding these two lines:

access_log none
cache_store_log none

7) Setup the Squid cache by issuing the following command: “c:\squid\sbin\squid -D –z” (No quotes).
8) Setup Squid to run as a service by issuing the following command: “c:\squid\sbin\squid –i”

Please don’t run this on a machine that you’re worried about or is used for production sites; and take basic security precautions, ie: moving ftp off the default port, using a firewall package, etc.

Once your server is up and running please DM @austinheap and let me know! I will no longer posting proxies on the public list. If you set one up, please e-mail me@austinheap.com to contribute to the private one or e-mail me if your an Iranian that needs access!

ITV channels
http://www.itv.com/ITVPlayer/?intcmp=NAV_ITVPLAYE2

Established VPN (US only?) free, China bias
http://www.ultrareach.com/index_en.htm

Established free VPN for US
http://anchorfree.com/downloads/hotspot-shield/

New VPN (free in Beta)
http://www.acevpn.com/2009/04/free-proxy-server-to-surf-anonymous.html

Installing new VPN (Ace)
http://www.acevpn.com/2009/04/installing-ace-vpn-on-microsoft-windows.html

Article on VPN/Proxy and good links to free VPNs
http://www.aplusproxy.com/vpn/index.php

These can all be used to access Western TV ch
The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the faster the Tor network will be. If you have at least 20 kilobytes/s each way, please help out Tor by configuring your Tor to be a relay too. We have many features that make Tor relays easy and convenient, including rate limiting for bandwidth, exit policies so you can limit your exposure to abuse complaints, and support for dynamic IP addresses.

Having relays in many different places on the Internet is what makes Tor users secure. You may also get stronger anonymity yourself, since remote sites can’t know whether connections originated at your computer or were relayed from others.

Setting up a Tor relay is easy and convenient:

  • Tor has built-in support for rate limiting. Further, if you have a fast link but want to limit the number of bytes per day (or week or month) that you donate, check out the hibernation feature.
  • Each Tor relay has an exit policy that specifies what sort of outbound connections are allowed or refused from that relay. If you are uncomfortable allowing people to exit from your relay, you can set it up to only allow connections to other Tor relays.
  • It’s fine if the relay goes offline sometimes. The directories notice this quickly and stop advertising the relay. Just try to make sure it’s not too often, since connections using the relay when it disconnects will break.
  • We can handle relays with dynamic IPs just fine — simply leave the Address config option blank, and Tor will try to guess.
  • If your relay is behind a NAT and it doesn’t know its public IP (e.g. it has an IP of 192.168.x.y), you’ll need to set up port forwarding. Forwarding TCP connections is system dependent butthis FAQ entry offers some examples on how to do this.
  • Your relay will passively estimate and advertise its recent bandwidth capacity, so high-bandwidth relays will attract more users than low-bandwidth ones. Therefore having low-bandwidth relays is useful too.

You can run a Tor relay on pretty much any operating system, but see this FAQ entry for advice about which ones work best and other problems you might encounter.

Tags:

6 comments
Leave a comment »

  1. NChar June 15th, 2009 1:56 pm

    Proxy that I just set up:

    10.0.0.36:1080

    Hopefully it works

  2. PerlStalker June 15th, 2009 10:13 pm

    You might also be able to get around the blocks using Tor. http://www.torproject.org/

  3. shervin June 16th, 2009 12:49 pm

    please tell me what am i doing to when i choose squid\etc\squid.conf

  4. PCMcGee June 17th, 2009 8:13 am

    The best way to make sure that the people using these proxies are not put at risk, is to only give out one proxy to each contact, never share proxies. If the contacts proxy goes down, they should contact you for another. Do not publish the proxies anywhere. Do not use an unencrypted email system. Unencrypted email traffic will eventually be aggregated and acted upon. Cisco has routers specifically designed to sort this traffic out and route it to the authorities in Iran. The best bet is to send and receive email from web-based anonymous email clients. It does not need to be encrypted for this. I am not sure what sites are reachable from inside Iran, and I do not want to give the authorities any ideas on what to block.

  5. karel June 24th, 2009 1:00 pm

    ba salam man az iran hastam va niyaze shadid be vpn daram .
    mikhastam bedonam mitonid komakam konide?
    thanks for attention.

  6. Masoud June 24th, 2009 10:38 pm

    Hi
    I’m Iranian and I appreciate what you’re doing.

    thank you.

Leave Comment

Get Adobe Flash playerPlugin by wpburn.com wordpress themes