15
Jun

How to setup a proxy for Iran citizens (for Mac!)

Update: There is now a recommended squid config file available.

Mac instructions (CONFIRMED)

1) Grab this dmg compile of Squid for OS X, and run the package inside it.

2) Look in your Applications folder for a folder called Squid. Inside THAT folder, there is a folder called etc. Inside the etc folder, there is a file called squid.conf. Open it in your text editor of choice.

3) To restrict access to people with Iranian IP addresses find line 1885 (which is blank), just above # And finally deny all other access to this proxy. Copy/paste this code:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

4) Go to the next line, which says http_access deny all and replace it with the following: http_access allow TRUSTED

5) On line 705, change the line # cache_access_log /Applications/Squid/var/logs/access.log to cache_access_log none. This is what makes users ‘anonymous’.

6) Open up your Terminal and type sudo /Applications/Squid/sbin/squid -z. Type in your password and hit return. It should give you some output. As long as it doesn’t say “error”, you are fine. If it gives you a “squid is already running” error, try sudo /Applications/Squid/sbin/squid -k reconfigure instead.

7) Go to whatismyip.com and get your IP Address. Note it down.

Tell @austinheap on Twitter or via email the IP address you got in step seven. I’ll see that it gets to the right people. Please do not publicize your IP!

Related posts:

  1. How to setup a proxy for Iran citizens
  2. How to setup a proxy for Iran citizens (for Windows!)
  3. How to setup a proxy for Iran citizens (Virtual Machine Disk Format!)
  4. Best Proxy Practices (BPP!) and an update
  5. State of the Iran Proxies
Posted under Internets, Iran, Politics by Austin

38 Responses


  • What’s up with “TRUSTEDTOO” — thats not in your other posts.

    by: Michael, Jun 16th at 12:07 am

  • Is there another step required to disable SSH?

    by: Mazuhl, Jun 16th at 1:49 am

  • Sorry, I’ve twisted my Squid files into lots of permutations, it should be fixed now!

    by: Austin, Jun 16th at 3:08 am

  • I’d just move SSH to another port, /etc/ssh/sshd_config on RedHat/CentOS systems…

    by: Austin, Jun 16th at 3:09 am

  • what’s a proxy and what is the terminal I am supposed to open? what am i supposed to be doing with this? i do want to help

    by: rubbersou1991, Jun 16th at 7:45 am

  • I’ve painstakingly ran through all the above steps (because this proxy stuff is not my expertise), but before I send on my IP, I am wondering if my files, computer, etc. will be protected, or if I need to enable something to do that? Thanks!

    by: Jacob, Jun 16th at 11:57 am

  • Got stuck on Step 6, “open up your terminal”. Can you explain what you mean by “opening up your terminal” in simple language?

    by: Lara, Jun 16th at 12:32 pm

  • hi there … very nice idea and i’d like to support it. but it seems that something isnt working with that IP list:

    2009/06/16 19:35:53| aclParseIpData: WARNING: Netmask masks away part of the specified IP in ‘192.168.0.0/8′
    2009/06/16 19:35:53| aclParseIpData: Bad host/IP: ‘93.110.0.0/’
    2009/06/16 19:35:53| parseConfigFile: line 1887 unrecognized: ‘16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15′
    2009/06/16 19:35:53| Creating Swap Directories

    i tried to delete 93.110.0.0/ entry but then it complains about the following entry. maybe the list is too long?

    best regards

    by: kyrd, Jun 16th at 12:38 pm

  • Got it, thanks.

    by: Lara, Jun 16th at 1:10 pm

  • I had a syntax problem before – but i figured what was wrong. the ip list should be written in this format:

    acl TRUSTED src 127.0.0.1
    acl TRUSTED src 62.60.128.0/17
    acl TRUSTED src 62.193.0.0/19
    acl TRUSTED src 62.220.96.0/19
    acl TRUSTED src 77.36.128.0/17
    acl TRUSTED src 77.77.64.0/18
    acl TRUSTED src 77.104.64.0/18
    acl TRUSTED src 77.237.64.0/19
    acl TRUSTED src 77.237.160.0/19
    acl TRUSTED src 77.245.224.0/20
    acl TRUSTED src 78.38.0.0/15
    acl TRUSTED src 78.109.192.0/20
    acl TRUSTED src 78.110.112.0/20
    acl TRUSTED src 78.111.0.0/20
    acl TRUSTED src 78.154.32.0/19
    acl TRUSTED src 78.157.32.0/19
    acl TRUSTED src 78.158.160.0/19
    acl TRUSTED src 79.127.0.0/17
    acl TRUSTED src 79.132.192.0/19
    acl TRUSTED src 79.170.144.0/21
    acl TRUSTED src 79.175.128.0/18
    acl TRUSTED src 80.66.176.0/20
    acl TRUSTED src 80.69.240.0/20
    acl TRUSTED src 80.71.112.0/20
    acl TRUSTED src 80.75.0.0/20
    acl TRUSTED src 80.191.0.0/16
    acl TRUSTED src 80.242.0.0/20
    acl TRUSTED src 80.253.128.0/20
    acl TRUSTED src 80.253.144.0/20
    acl TRUSTED src 81.12.0.0/17
    acl TRUSTED src 81.28.32.0/20
    acl TRUSTED src 81.28.48.0/20
    acl TRUSTED src 81.31.160.0/20
    acl TRUSTED src 81.31.176.0/20
    acl TRUSTED src 81.90.144.0/20
    acl TRUSTED src 81.91.128.0/20
    acl TRUSTED src 81.91.144.0/20
    acl TRUSTED src 82.99.192.0/18
    acl TRUSTED src 82.115.0.0/19
    acl TRUSTED src 83.147.192.0/18
    acl TRUSTED src 84.47.192.0/18
    acl TRUSTED src 84.241.0.0/18
    acl TRUSTED src 85.9.64.0/18
    acl TRUSTED src 85.15.0.0/18
    acl TRUSTED src 85.133.128.0/17
    acl TRUSTED src 85.185.0.0/16
    acl TRUSTED src 85.198.0.0/18
    acl TRUSTED src 86.109.32.0/19
    acl TRUSTED src 87.107.0.0/16
    acl TRUSTED src 87.247.160.0/19
    acl TRUSTED src 87.248.128.0/19
    acl TRUSTED src 89.144.128.0/18
    acl TRUSTED src 89.165.0.0/17
    acl TRUSTED src 89.221.80.0/20
    acl TRUSTED src 89.235.64.0/18
    acl TRUSTED src 91.98.0.0/15
    acl TRUSTED src 91.184.64.0/19
    acl TRUSTED src 91.186.192.0/19
    acl TRUSTED src 91.206.122.0/23
    acl TRUSTED src 91.208.165.0/24
    acl TRUSTED src 91.209.242.0/24
    acl TRUSTED src 91.212.16.0/24
    acl TRUSTED src 91.212.19.0/24
    acl TRUSTED src 91.212.252.0/24
    acl TRUSTED src 92.42.48.0/21
    acl TRUSTED src 92.50.0.0/18
    acl TRUSTED src 92.61.176.0/20
    acl TRUSTED src 92.62.176.0/20
    acl TRUSTED src 93.110.0.0/16
    acl TRUSTED src 93.190.24.0/21
    acl TRUSTED src 94.74.128.0/18
    acl TRUSTED src 94.101.128.0/20
    acl TRUSTED src 94.101.176.0/20
    acl TRUSTED src 94.101.240.0/20
    acl TRUSTED src 94.139.160.0/19
    acl TRUSTED src 94.182.0.0/15
    acl TRUSTED src 94.184.0.0/17
    acl TRUSTED src 94.232.168.0/21
    acl TRUSTED src 94.241.128.0/18
    acl TRUSTED src 95.38.0.0/16
    acl TRUSTED src 95.80.128.0/18
    acl TRUSTED src 95.81.64.0/18
    acl TRUSTED src 95.82.0.0/18
    acl TRUSTED src 95.82.64.0/18
    acl TRUSTED src 95.130.56.0/21
    acl TRUSTED src 95.130.240.0/21
    acl TRUSTED src 188.34.0.0/16
    acl TRUSTED src 188.93.64.0/21
    acl TRUSTED src 188.121.96.0/19
    acl TRUSTED src 188.121.128.0/19
    acl TRUSTED src 188.136.128.0/17
    acl TRUSTED src 188.158.0.0/15
    acl TRUSTED src 193.189.122.0/23
    acl TRUSTED src 194.225.0.0/16
    acl TRUSTED src 195.146.32.0/19
    acl TRUSTED src 212.16.64.0/19
    acl TRUSTED src 212.33.192.0/19
    acl TRUSTED src 212.50.224.0/19
    acl TRUSTED src 212.80.0.0/19
    acl TRUSTED src 212.95.128.0/19
    acl TRUSTED src 212.120.192.0/19
    acl TRUSTED src 213.176.0.0/19
    acl TRUSTED src 213.176.32.0/19
    acl TRUSTED src 213.176.64.0/18
    acl TRUSTED src 213.195.0.0/18
    acl TRUSTED src 213.207.192.0/18
    acl TRUSTED src 213.217.32.0/19
    acl TRUSTED src 213.233.160.0/19
    acl TRUSTED src 217.11.16.0/20
    acl TRUSTED src 217.24.144.0/20
    acl TRUSTED src 217.25.48.0/20
    acl TRUSTED src 217.64.144.0/20
    acl TRUSTED src 217.66.192.0/20
    acl TRUSTED src 217.66.208.0/20
    acl TRUSTED src 217.146.208.0/20
    acl TRUSTED src 217.172.96.0/19
    acl TRUSTED src 217.174.16.0/20
    acl TRUSTED src 217.218.0.0/15

    http_access allow TRUSTED

    ———-
    you should probably add your own local ip – so you can test the availability of the proxy (with help of the client which can be launched via the terminal: /Applications/Squid/bin/squidclient ).

    ( PS @admin -> I accidently posted this comment to the windows thread in first place, sorry for that )

    by: kyrd, Jun 16th at 4:21 pm

  • Can someone confirm my personal computer files and whatnot will be safe using the above directions? I don’t know anything about proxies but want to loan my IP to people in Iran and help out in whatever little way I can. Thanks!

    by: Jacob, Jun 16th at 10:04 pm

  • i was good up to opening the terminal, but when it prompts for password, i can’t type anything… no characters. any tips?

    by: michael, Jun 17th at 10:43 pm

  • I get two errors when i try this:

    “aclParseIpData: WARNING: Netmask masks away part of the specified IP in ‘192.168.0.0/8′

    and then

    Creating Swap Directories
    FATAL: Failed to make swap directory /Applications/Squid/var/cache/00: (13) Permission denied
    Squid Cache (Version 2.5.STABLE10): Terminated abnormally.

    Please help us! We want to help the Iranian people by setting up proxies they desperately need but can’t understand how Squid works! Many people are not technical but still want to help. Can you post a ready-made config file? Or a precompiled program that can do this out of the box?

    Thank you for your work on this which is really great, but we just need the final 10% in order to really help them, otherwise nobody will be able to do it.

    by: Morten Vine, Jun 18th at 12:53 pm

  • I get the same errors as Morten Vine.

    by: K, Jun 19th at 1:20 pm

  • Go into terminal and type

    sudo mkdir -p /Applications/Squid/var/cache/00
    sudo chmod 777 /Applications/Squid/var/cache /Applications/Squid/var/cache/00

    Hopefully that works! I’ve never seen that error though

    by: Austin, Jun 19th at 2:01 pm

  • Are we leaving the default port of 3128 ? I see others are requiring changing this.

    by: ayuda, Jun 20th at 4:43 pm

  • Also, how can we email you the IP, not finding an email for you. Thanks.

    by: ayuda, Jun 20th at 4:47 pm

  • 1.

    For people wondering about the terminal instructions:

    You will find the Terminal application in Your Applications/Utilities directory.

    Open it to get to a command line, that can give Unix the instructions provided.

    Make sure you copy properly!

    2.

    For people wondering about the security of their computer: proxyservers are just a kind of relay station for people who need it. There is not a direct risk involved.

    It might help to know how It works:
    #Iranelection folks want to go to their desired blocked website, and ar enot able to.
    They get a relay trough a proxy server, provided by Austin. They setup their browser/whole system to use the provided proxyserver. Then any website request (and other protocols if necessary) are sent to the proxy server, which will initiate the connection to the blocked website. The connection gets established and the person gets the content trough the proxyserver that forwards all the blocked stuff to #iranelection folks.

    But, as always when running a server: have a proper firewall set up. If you are behind a router set it up as dns for your local network, prefer individual port forwarding settings to a default dmz server, and check your logs from time to time.

    I have a router, with dns server for my local computers. I have ports forwarded from default port numbers to internal random port numbers, have firewall in stealth mode, and I’m as safe as could be!

    But I do back up regularly in case…

    by: olli, Jun 21st at 4:51 am

  • the email for communicating your (tested) proxy is update@austinheap.com by the way!

    by: olli, Jun 21st at 8:51 am

  • workin on a ready made package for OS X users!

    by: olli, Jun 21st at 9:06 am

  • also not in the tutorial above:
    you’ll need to fill in the http_port line with your 10 ports, “You may specify multiple socket addresses on multiple lines”

    Check the top of the config file,
    You should have something like this:

    http_port 1
    http_port 2
    http_port 3
    http_port 4

    etc… and off course, replace 1,2,3 and 4 by random port numbers!

    by: olli, Jun 21st at 12:43 pm

  • Okay so I’m done with the terminal, and I still don’t know if it works. I suppose I will just send it.

    by: Cavin G., Jun 21st at 12:59 pm

  • I agree with the logging disablement not being necessary at all. By adding the following line (I have it above the portnumbers):

    client_netmask 0.0.0.0

    This way logging is done like this (I paste from my log)

    1245627093.320 7014 0.0.0.0 TCP_MISS/302 424 GET http://…(edited)…
    1245627095.569 2202 0.0.0.0 TCP_MISS/200 4765 GET http://…(edited)…
    1245627095.891 378 0.0.0.0 TCP_MISS/200 13657 GET http://…(edited)…
    1245627095.986 473 0.0.0.0 TCP_MISS/200 124465 GET http://…(edited)…

    All proxy clients are reported to as 0.0.0.0

    ————–

    If you don’t have a static IP, use dyndns (http://dyndns.org) or no-ip (http://www.no-ip.com/)

    This way you direct an url to your home ip that gets updated from within your computer.

    Unless they block all the available domain types (a lot at dyndns)

    Check it out!
    —————

    Take your time setting things up!

    I’ll be posting an easy-to-edit config file tomorrow, including all relevant tips all around the blog here. And I’ll be packing a step-by-step for OSX as I said. (just gotta fix a launchdaemon)

    by: olli, Jun 21st at 7:22 pm

  • thanks olli!
    I’m waiting for your easy-to-edit config file, as I’m dying to help, but terribly numb in all this proxy stuff…

    by: limmershin, Jun 22nd at 2:07 pm

  • oh my gosh, it finally works!!!
    thank you austin and olli, your combined efforts got me up and running.

    michael: re: password – it looks like nothing is happening when you type but it is actually getting it, just type it correctly and it will go through

    question: when my computer is asleep will the squid thingy still be able to run?

    by: jane smith, Jun 22nd at 9:59 pm

  • this is the error i keep getting with the updated config file:
    2009/06/23 20:03:51| parseConfigFile: line 298 unrecognized: ‘cache deny all’
    2009/06/23 20:03:51| parseConfigFile: line 301 unrecognized: ‘access_log /dev/null’

    (i got also the swapdirectories error, but it was fixed by the commands posted by austin)

    hope you can give me some advice

    thanks

    by: limmershin, Jun 23rd at 1:01 pm

  • and this is the error i keep getting using the original squid.conf with modifications

    aclParseIpData: WARNING: Netmask masks away part of the specified IP in ‘192.168.0.0/8′

    (no swapdirectories problem)

    thank you

    by: limmershin, Jun 23rd at 1:21 pm

  • limmershin – i got those same two errors with the updated config file. i just deleted those two lines and hoped they weren’t too important. and then it worked.

    by: jane smith, Jun 23rd at 4:22 pm

  • jane – thanks. I deleted the lins and it doesn’t give errors anymore. It continues to fail the Proxyheap test though. For sure some problem with firewall etc from my ISP. DOH!

    by: limmershin, Jun 24th at 1:42 am

  • Squid set up fine; getting “fatal error: couldn’t connect to host” at proxychecker. Thoughts?

    by: sc, Jun 24th at 9:13 pm

  • There’s been setup posted here:

    http://blog.austinheap.com/2009/06/22/state-of-the-iran-proxies/

    since it was there, I thought to wait to release something. Sorry for the time it is taking, but I want a proper and easy to set up solution for the Mac-fellows.

    I’m sorry to say so, but I’d really like it to be easier to browse around here, as all the info is in blog posts.

    In the meantime you can post your mac installation questions to a dedicated mail address:

    squid.mac@gmail.com

    but please use the browsing tips first to collect you info:

    1. Try to take a look around the posts on this blog, as the essential info is a bit scattered around.
    Check the bottom of each page here to click to a next or previous post. You will encounter some medical tips, but just click trough …

    2. use the rss page feed://blog.austinheap.com/feed/ and make sure you can have an over view of 20 posts or so.

    I am not part of this website, so I cannot change the setup here.

    So long!

    by: olli, Jun 26th at 2:43 am

  • To conclude this post: check this page on this blog, it has a config file ready to be edited. And do know the haystack phenomenon is the new initiative.

    http://blog.austinheap.com/building-the-stack/

    I don’t know if any proxies of the kind talked about here are in use for the haystack network, and if setting up those is a concern in the future. If so, I want to provide serious help towards the Mac community, for simplifying things. Austin, if you read me, take direct contact to work communicate and work on this together.

    by: olli, Jul 22nd at 4:03 pm

  • sorry, the link for the config and squid setup guide: http://blog.austinheap.com/2009/06/22/state-of-the-iran-proxies/

    by: olli, Jul 22nd at 4:04 pm

  • Hi everyone
    I would like to present interesting site:
    acomplia online [url=http://veryacom.co.cc/]acomplia overnight[/url] ceftin oral [url=http://veryceft.co.cc/]ceftin prices[/url] celexa prescription [url=http://verycelex.co.cc/]celexa toronto[/url] cleocin pharmacy [url=http://verycleo.co.cc/]cleocin sale[/url] diflucan medikament [url=http://verydifl.co.cc/]diflucan oral[/url] elavil drug [url=http://veryelav.co.cc/]elavil doctor[/url] hytrin order [url=http://veryhytr.co.cc/]hytrin medikament[/url] imitrex online [url=http://veryimit.co.cc/]imitrex generic[/url] lexapro drug [url=http://verylexa.co.cc/]lexapro sale[/url] prednisone espana [url=http://verypred.co.cc/]prednisone prezzo[/url] remarin discount [url=http://veryprem.co.cc/]remarin generic[/url] prevacid prezzo [url=http://veryprev.co.cc/]prevacid online[/url] sustiva prescription [url=http://verysust.co.cc/]sustiva uk[/url] testosterone purchase [url=http://verytest.co.cc/]testosterone espana[/url] topamax buy [url=http://verytopa.co.cc/]topamax prezzo[/url] viramune prescription [url=http://veryvira.co.cc/]viramune oral[/url] xenical rezept [url=http://veryxeni.co.cc/]xenical toronto[/url] zyban espana [url=http://veryzyba.co.cc/]zyban doctor[/url] zyloprim prescription [url=http://veryzylo.co.cc/]zyloprim overnight[/url] zyprexa effects [url=http://veryzypr.co.cc/]zyprexa uk[/url]
    To greet!
    Bye

    by: Marcelinea, Jan 30th at 2:43 am

Share your comment

Name Your Message
Email Website * We know you have something to say