How to setup a proxy for Iran citizens (for Windows!)

[...] 3: Here’s a guide for the Windows users out there. Update 2: I will no longer posting proxies on the public list. If you set one up, please [...]

for DM to work, you have to be following the person, so you should just have people e-mail you.

the squid folder extracts as hidden. You have to go to folder options and turn on the “show hidden files and folders” option

and what about on a mac?

Is there high-demand for this and an under-supply or is the demand being met?

[...] 15, 2009 at 7:27 pm · Filed under Uncategorized At HuffPo, Nico Pitney’s linked to instructions on how to set up a proxy server for use by Iranians to get around state [...]

can anyone provide instructions on doing something similar for mac os x? since there’s already a webserver loaded on osx, I imagine this could be easier (?) than on windows but am at a loss how to pull this off and want to help. thanks.

How can I help if I am a Mac user?

Could we have an example config file and perhaps some info on how to test squid is working properly :p

How do I figure out what my ISP’s DNS server is?

I have an always-on Linksys wireless broadband router running the dd-wrt firmware ( http://www.dd-wrt.com/dd-wrtv3/ ) that appears able to do SOMETHING with squid. Can this function completely within the router or need to interact with a PC? I don’t know. Can you advise?

[...] tip to Austin for the Windows [...]

Let me know if this is needed – i tried… getting errors.

@Scott: There’s a revolution going on. What do you think?

Directions leave a lot to be inferred and are not clear. I gave up on item #4. I found the line, but it is not really clear what I am to do exactly where.

I have put up instructions for Mac OS X users: http://extrafuture.com/2009/06/15/how-to-set-up-an-anonymous-proxy-for-iranians-using-squid-on-mac-os-x/

Help Plez

C:\Documents and Settings\Boss>c:\squid\sbin\squid -D -z
2009/06/16 13:30:04| decode_addr: Invalid IP address ’81.9′
2009/06/16 13:30:04| squid.conf line 625: acl TRUSTED src 62.60.128.0/17 62.193.
0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19
77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78
.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.1
92.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.
0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81
.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.9
2009/06/16 13:30:04| aclParseIpData: Ignoring invalid IP acl entry: unknown firs
t address ’81.9′
2009/06/16 13:30:04| parseConfigFile: squid.conf:626 unrecognized: ’0.144.0/20′
2009/06/16 13:30:04| parseConfigFile: squid.conf:627 unrecognized: ‘.0/19′
2009/06/16 13:30:04| parseConfigFile: squid.conf:628 unrecognized: ’13.176.0.0/1
9′
2009/06/16 13:30:04| parseConfigFile: squid.conf:3384 unrecognized: ‘visable_hos
tname’

There will no doubt be demand as the crackdown proceeds.

Second the request: Anyone know a way to do this on a mac?

sorry is there any way you could elaborate on steps 4, 6 & 7 for those who don’t have experience doing these types of things? eg, how do i configure the DNS name servers?

Update: thank you for the Mac instructions in your post above, Phil.

[...] there’s these instructions to to setup a web proxy to provide internet access to those in Iran who are being censored. (Sorry [...]

When I enter the “c:\squid\sbin\squid –i” command, I get the message “OpenSCManager failed,” and I haven’t managed to figure this one out yet. Any tips? (If so, please keep it simple; I know almost nothing about computer programs, and have never done anything like this before. Thanks in advance…)

don’t have the security with my current systems to provide proxy right now. the one machine that i could use is in service with an ongoing project. i am forwarding this project to many people. peace.

could someone with tech writing skills whose gotten the process to function write a copy? Many of the steps are ambiguous; for instance, when one adds the ACL list are the # tags removed? left in place… what about ISPS with dynamic dns such as comcast?? do i still need to set a dns server???….etc.

Please clarify or mock up a dummy set of config files for the most common broadband providers…

Example: dns_nameservers 10.0.0.1 192.172.0.4

this line?

How do I figure out what my ISP’s DNS server is?

go to start—>run–>nslookup

surely one would have to first set up nat if one were behind a router…

From the Mac instructions I got some warnings that concerned me:

xxxxxx’s-power-mac-g5:~ xxxxxx$ sudo /Applications/Squid/sbin/squid -k reconfigure
2009/06/15 22:13:40| aclParseIpData: WARNING: Netmask masks away part of the specified IP in ’192.168.0.0/8′
2009/06/15 22:13:40| decode_addr: Invalid IP address ’92.242.192.’
2009/06/15 22:13:40| squid.conf line 1884: acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.
2009/06/15 22:13:40| aclParseIpData: Ignoring invalid IP acl entry: unknown first address ’92.242.192.’
2009/06/15 22:13:40| parseConfigFile: line 1885 unrecognized: ’0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15′

@Richard. I have a second puter I could put to use, but that would require hours to wipe, re-set up, install and figure out how to make this program work. My interrogatory was: are all the proxies currently being offered – actually being used? (vs. is there a revolution going on?) If you have nothing intelligent to offer on the topic – your snark was somewhere below helpful. Can anyone report yes/no that their proxy offered is actually being used? Thanks.

I think I have it just past 4…..I typed my DNS in the file I opened in notepad, now I can’t figure out what Control-W is supposed to do. If I do a Ctr-W..the open doc just flashes…..can’t even do Ctl Find and locate the allow access script to continue on. Am I supposed to be doing all this in this open text file? Or am I in the wrong location all together. The doc is named squid.conf.default and has many instructions…..correct place?? Sorry never played with changing script at all. Just trying to help.

I don’t think you have to specify your ISP’s DNS servers b/c they can be read from your computer’s registry. The squid.conf file says this:

# On Windows platforms, if no value is specified here or in
# the /etc/resolv.conf file, the list of DNS name servers are
# taken from the Windows registry, both static and dynamic DHCP
# configurations are supported.

Can any more experienced techies comment on this?

Weightgain4000,
Looks like some of the IP’s in the list might be invalid… just remove the offending ones. It might reduce access (not really sure though if the IP’s are not working anyways) but at least it will work.

I’m looking at twitterfall and somebody is posting new ones every minute or so, I think they’re good for now

at least, they seem to have enough, not sure if they are getting through to the people that need them

We should work with VPS providers and Amazon.com for them to create Iranian Proxy ready image. This way people can just purchase an account for a month for 20-40 dollars and contribute to providing proxies without having to worry about all these technical stuffs.

Just wanted to say thanks for helping out with the guys in Iran. If your work continues the Info Ministry in Iran can not catch up locking up all proxis . I just got back from Iran and any help you can give the freedom seekers is more appreciated than you could imagine. Thnx. Thnx Thnx.

Just wanted to share a few things I learned while trying to set Squid up:

* In step 4, if you leave “dns_nameservers” commented out, Squid will grab your computer’s DNS settings straight from the Windows registry.
* In step 5, the Windows port of Squid appears to have a maximum character length for the access control lists. That means it’ll have to be split up into chunks and added separately (insert this around line 670):

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20
acl TRUSTED2 src 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20
acl TRUSTED3 src 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19
acl TRUSTED4 src 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15
http_access allow TRUSTED
http_access allow TRUSTED2
http_access allow TRUSTED3
http_access allow TRUSTED4

* The Windows port of Squid *DOES NOT* create the cache directories automatically; unfortunately, you will need to do so by hand. Since by default Squid expects 16 cache folders of 256 subfolders each, you may want to reduce that amount, at least to get started.

Go into C:\squid\var\ and create the following directory structure:
–> cache
|–> 00
|–> 00
|–> 01
.
.
.
|–> 09
|–> 0A
.
.
.
|–> 0F
|–> 01
|–> 00
|–> 01
.
.
.
|–> 0F
|–> 02
.
.
.
|–> 0F
|–> 00
|–> 01
.
.
.
|–> 0F

That is, create a folder “cache”, in that folder create 16 folders labeled “00″ through “0F”, then in each of those folders create 16 folders labeled “00″ through “0F”.

Next, near line 1942, find the “cache_dir” directive, uncomment it and replace it with:

cache_dir ufs c:/squid/var/cache 100 16 16

After that, I was finally able to get it running. Hope this helps others.

Same problem as weightgain4000

Whoops, my spacing to show folder levels got stripped. Let me try that directory structure again:

–> cache
-–> 00
––> 00
—> 01
.
.
.
––> 09
––> 0A
.
.
.
––> 0F
-–> 01
––> 00
––> 01
.
.
.
––> 0F
-–> 02
––> 00
––> 01
.
.
.
––> 0F
–> 03
.
.
.
-–> 0F
––> 00
––> 01
.
.
.
––> 0F

Halp!

I really want to lend a hand but I’m stuck on #4. The comment says “the list of DNS name servers are taken from the Windows registry, both static and dynamic DHCP configurations are supported.” Does that mean I can just leave it blank and it’ll use what ever’s in the registry?

If not, how do I find my ISP’s DNS server?

[...] users in Iran if you have a spare box and some bandwidth to spare – setting up a proxy. Go here for details on how to do it on Windows, and here for [...]

I use an Amazon AMI (aws.amazon.com) with squid proxy installed there.
So what you require on Mac/PC/Linux is just a ssh client
On Windows: (putty or cygwin ssh)
On Mac/Linux: you should already have ssh

Then you connect to your AMI instance, tunnel 3128 from your client to the AMI, start squid and point your browser at localhost:3128

eg. using ssh it would be
ssh -C -L3128:localhost:3128 user@hostname

If you get stuck, google ssh tunnels, there are sites where steps similar to this are freely available and much more detailed.

I’m trying to get this working, but I’m behind a router and can’t find a good way to test that the proxy I set up is actually working.

Running XP, many years of computer experience, just don’t mess with network configurations very often…

@John,
What you need to do is poke a hole in your router to let squid use your public IP address.

To do so, go into your router admin settings, and map the port from your router (say, 3128, or whatever squid is running on) to your internal IP address for the computer you are running squid on (example may be 192.168.1.101 or something) also add the port number that squid is running on.

Then restart your router. This should let any incoming requests to your router on port 3128 go to your computer, on port 3128, where squid will be awaiting the incoming requests. (tutorial here: http://www.squidoo.com/portforwardingtutorial)

TO test: set firefox to your squid proxy server and see if it will work. (http://www.proxy-server.info/set-proxy-server-in-firefox.shtml)

If you can connect to webpages, things are working. (you can first test locally by setting the proxy server to localhost, assuming you set up squid on that same computer) then work your way out to your router IP address, and finally your external IP address. Good luck! Mine is set up!

I know basic shit and hardware, but im havin a bitch of a time

sry, im tryin. stuck at 6. if anyone can

anyone that can help, much appreciated, i wanna get up n runnin

[...] For Windows, use the instructions here. [...]

So I’m horrible with computer networks and stuff so I’m going to get my dad who’s in IT to help me. Just wondering, once I have it done, how can you tell if the proxy is being used? And are the proxies ppl have already done being used?

ditto, im tryin so hard, i even took 3 adderals so i could help all night

ıts very helpful for the Iranıans to be heard outsıde theır country. indeed, technology brings social revolution to new heights!

I’ve been messing with this for a few hours, and am still stuck on the last step: the command “c:\squid\sbin\squid –i” gives me a message reading “OpenSCManager failed.” Can anyone help?

I think I’d recommend running something like [Freenet](http://freenetproject.org/) instead of running an open proxy, if for no other reason than it provides better protection for the folks using the system and the software is better geared for dealing with the difficulties of having anonymous users using you as a proxy.

Phil –

I’ve been trying to get this to run on the Mac, and, every time I invoke Squid, I get an “ACL name ‘TRUSTED’ not defined!” error, followed by a “FATAL: Bungled squid.conf line 1890: http_access allow TRUSTED TRUSTEDTOO” — WTF?

Nevermind, I found the IPS’s DNS server. For anyone else stuck on this, open the DOS prompt and type ipconfig \all. DNS server should be listed there.

But now it’s telling me squid.conf 646, 647 and 648 are unrecognized when I do \squid\sbin\squid -D -z and then when I do \squid\sbin\squid -i it tells me that createservice failed.

[...] coverage on HuffPo — how to help Iranians make an end-run around internet blockages by setting up a web proxy.  Don’t do this if you don’t know at least a little bit about network [...]

@ Alien Cyborg

I’m afraid your directions to create the ‘cache’ folder are less than clear, to this one. I don’t know what you are trying to indicate what folder goes in what, how do you have two folders labeled ’00′ in the same folder? I’m sorry if I’m coming off as completely ignorant, but I’m not familiar with the directions you are giving, using the “->” and “–>”.

Hope you get back to me.

Blossom Morphine

[...] and How to setup a proxy for Iran citizens (for Windows!) [...]

i’m in tehran. i’ve been combing the net for the past 24 hrs trying to find some proxies that are still open with no luck. i’m the sales rep for a major canadian satellite networking equipment company and until yesterday had unfiltered internet over an illegal VSAT terminal that i was sharing with a bunch of people here. the client providing me with the terminal got scared and pulled the plug. we really do need these proxies to get free access to info – keeping in mind satellite tv signals are blocked by massive rf noise generated by goverment at great financial and health costs. only if those morons operating these noise stations knew what they’re doing to themselves…
i’ll post the proxy addresses on some farsi sites for the people who really need them. sincere thanks to all of you, not only for the effective help you’re providing, but most importantly: for not looking the other way.

I read your instructions but I have no background at all at doing this and I don’t think I will be able to set up a proxy.

Is there anything else I can do to help?

Great! thank’s a lot

Christopher, wouldn’t Iranian users also have to be running Freenet in order for it to benefit them? I h aven’t tried it yet, I’ve just been reading the “About” page, so maybe I am missing something.

@Alien Cyborg trusted list seems to work fine

@ everyone eles unsure if my proxy is able to be used by outside world
any ideas on how we can test to ensure we have configured proxy correctly for incoming connections?

Cheers all

[...] for Iranians to use to get the word out about what’s going on in their country. Here are two sites with instructions for how to go about setting up a safe proxy for such use. I have no idea what [...]

[...] for Iranians to use to get the word out about what’s going on in their country. Here are two sites with instructions for how to go about setting up a safe proxy for such use. I have no idea what [...]

[...] sent this link about setting up a proxy to some of my Iranian friends and said that I’d be willing to help. What else can one [...]

When I installed Squid, all the files in c:/squid/etc had the file extension .default. To get the commands to work, make copies of all the files and remove the .default file extension. The correct extension is .conf

[...] Windows instructions [...]

To view incoming connections you will need to turn the logging back on and check in the /var/log directory under file access.logs. Also not noted in this walk through is that you will need to unblock the port you allowing to proxy: search syslog.conf for acl Safe_ports port

Also forward this port on your router.

To test add an IP from another computer into the ACL
in your browser enable proxy. Add the IP assigned to you from your ISP and the Port and try to browse.

thank you abrashtx, that helped i was able to run the setup commands without an error now

[...] are also feeling like big gay bourgeois college-educated humanist babbies about this, there are a couple things you can [...]

[...] to help the people in Iran access it, here’s instructions on how to set up a proxy server (Windows, Mac, [...]

Had to create some folders and changing name on some files, otherwise it worked perfect.

Death to the dictator!

[...] June 16, 2009 · No Comments Austin Heap » Blog Archive » How to setup a proxy for Iran citizens (for Windows!). [...]

Why does everything related to “dns_nameservers” have the # marks? Where do I enter my dns server – where it says “example” or “default”? Also, am I going to have to get rid of the # marks to make it work?

#Example: dns_nameservers xxx.xxx.x.xxx
#
#Default:
# xxx.xxx.x.xxx

How do I complete step 4? I have no idea what I’m doing.

Thanks

chris

[...] you use windows, I’m sorry.  But you can still use these directions [...]

Austin Heap, could you please take screenshots of what you’re talking about?

I’m getting an error message after I run c:\squid\sbin\squid -D -z that says:

ACL name ‘TRUSTED’ is not defined!
FATAL: Bungled squid.conf line 670: http_access allow TRUSTED
Squid Cache : Terminated abnormally

I’m doing something wrong (obviously), but one point of confusion for me is when the guide says “the line that says” when there are two lines that say it. “It” being “dns_nameservers” in step #4 and “http_access deny all” in #5 – which one exactly are you talking about? Also for steps #6 and #7:

6) Setup “visible_hostname” (normally just the public IP address).
7) Turn off logging by adding these two lines:

access_log none
cache_store_log none

Does you mean from this:

# TAG: visible_hostname
# If you want to present a special hostname in error messages, etc,
# define this. Otherwise, the return value of gethostname()
# will be used. If you have multiple caches in a cluster and
# get errors about IP-forwarding you must set them to have individual
# names with this setting.
#
#Default:
# none

to this?

# TAG: visible_hostname
# If you want to present a special hostname in error messages, etc,
# define this. Otherwise, the return value of gethostname()
# will be used. If you have multiple caches in a cluster and
# get errors about IP-forwarding you must set them to have individual
# names with this setting.
#
#Default:
# access_log none
cache_store_log none

Thank you in advance.

-In the /etc/ folder, remove the .default from all the filenames so they end with just .conf

-When setting the dns_nameservers line, make sure it DOES NOT start with a #, all lines that start with # are completely ignored!
-Explicit directions: Click start button, click run, type cmd press enter, type ipconfig /all press enter,
look for a line that says “DNS Servers . . . . . . . . . . . : xxx.xxx.xxx.xxx” where x is a number.
Add a new line to the squid.conf file like this: dns_nameservers xxx.xxx.xxx.xxx (notice there is no #)

-Other problem, the list of IPs is too long. Here is how to fix it. Make multiple lines that start with “acl TRUSTED src”.
Here is what I used in my squid.conf:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20
acl TRUSTED src 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18
acl TRUSTED src 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19
acl TRUSTED src 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

-When you run c:\squid\sbin\squid -D –z you should not get any error messages.
Here is what I see for instance:

C:\squid\sbin>squid -D -z
2009/06/16 12:22:16| Creating Swap Directories

C:\squid\sbin>

Hi all,

i just have configured the squid proxy server, and the Prozess ID is running, but i didnt test it yet if it is working.

Can someone tell me how to test it?

regards,

Jan

Thanks to the many trying to help troubleshoot. Let me post a few tips for those, like me, who are trying to do this from behind a router:

1) Have you forwarded the appropriate port on your router? (Usually 3128, look up your router model + “port forwarding” on google for instructions – for me this was “WDR-1310 port forwarding”)

2) Have you listed the above IPs in the squid.conf file without getting an error? (I literally just put “acl TRUSTED src” in front of every IP, putting each on a separate line)

3) Have you put “http_access allow TRUSTED” in the squid.conf file BEFORE “http_access deny all” – order matters apparently. (I just searched for “http_access deny all” and put it on the line before)

4) Have you put your actual router IP into the TRUSTED list? (I spent an hour wondering what was going on until I realized that I had put 192.168.0.1 – the setup IP – instead of 192.168.0.101 – the IP assigned to me by the router. If you can set up port forwarded, you can find this as well.)

5) Have you put your external IP address (the one coming into yoru router) into the TRUSTED list? (Google “what’s my ip” for any number of options for finding this number.)

If you don’t have a router, you probably still need to Step 5 (but not Step 4) before trying to test. From what I understand, the IP:port from Step 5 is the one you email for people to use.

To test in Firefox: Go to Tools->Options->Advanced->Network->Settings In that menu click the manual proxy configuration and FIRST put in your router IP if you have a router, click ok, then try to browse after starting up the proxy. If that works, THEN put in your external IP and try the same. Took me two hours to go from my getting my router IP to work to getting my external IP to work – remember to check the boxes on your port-forwarding screen so it’s actually forwarding the port!

This isn’t perfect, but it should help other technically inclined people like me who can fumble around to make this work.

Question: Can we get a quick ‘n dirty explanation of how to secure ourselves on top of running a firewall? How to remap FTP and SSH ports? Do we need to be running some kind of SSH server for this to work?

Folks, for help setting up DNS, see Windows Help article “To configure a computer’s preferred DNS server” and others.

Question: Can we use OpenDNS.org servers? If yes, I’ll add instructions.

Could you give us some other directions, or a sample completed configuration file? I can’t get this to work at all.

[...] Also, you can help hack the filters Iran has put up using this tool. [...]

I have a configuration file that works. you can access it here. Just download that file and replace your own squid.conf with it.

http://www.funkywasabi.com/squid/squid.conf

[...] Also, you can set up proxies for them to use: http://blog.austinheap.com/2009/06/15/how-to-setup-a-proxy-for-iran-citizens-for-windows/ [...]

@anon8mizer: I just replaced my squid.conf file with yours (I’m sure I screwed up my version anyway), but I’m still stuck on the last step: “c:\squid\sbin\squid -D –z” gives me an error message that says “unable to open configuration file.” Can you help?

Also: I’ve been running TOR in the meanwhile, mainly because that was the only thing I’ve been able to figure out. Anyone think that’s done any good? Should I keep at it, or try to get squid going instead?

i have NO IDEA how to do this. i am stuck on getting my ISP’s DNS server. i don’t even know what that means. i take good direction though so let me know…

i keep getting FATAL: cache_dir c:/squid/var/cache: (2) no such file or directory
any help?

i live in iran and this is not working…any idea?

[...] Windows Linux Mac OS X [...]

I think you’d be better off running a TOR node

http://www.torproject.org/

http://www.anonnet.org/webirc/iran
This for all your live chat needs,
This is where the proxies are being sorted, get there to help or to get help.

I’m getting this closer to working… I managed to run \squid\sbin\squid -D -Z and it created a swap directory but then when I run \squid\sbin\squid -i it says CreateService failed.

I’m not giving up but I also have little confidence I’ll figure it out in time for it to be of any use. Screen shots of what it’s supposed to look like would be extremely helpful.

EVERYONE GETTING ERRORS

remove default from end of .conf files in /etc
the default DOESNT show up normally
-go to tools then folder options
-view
-uncheck hide extensions for known file types

(if it’s not the file types option one of them lets you see the .default after the .conf)

Couldnt those of us not puter savvy allow a trusted person here remote access to our computer and set up a proxy that way?

@riley,

click start, run, enter cmd
enter nslookup
now it mentions the DNS server you use

@penguin,

You’re probably not running as Administrator when you install the service; find a shortcut in your start menu for the command prompt (there should be one somewhere) and right-click to run it as Administrator. Then retry the “squid -i” command, and if I’m not mistaken, also you need to issue a “net start squid” command.

Hey, I think I did it! Control Panel>Administrative Tools>Services says it’s running.

This page is useful for what the dns_nameservers and visible_hostname is supposed to look like:
http://markus.revti.com/2007/06/installing-squid-cache-for-windows/

Now what?

@Penguin: I’m in the same situation. I think I’ve got it running but I have no idea what to do now. I really want to help!!

how can i help if i have a mac?

I followed all the instructions and the service started without a single hitch. Does anyone know of a simple way to verify that the proxy will serve its purpose?

After some tinkering (many thanks to all the folks commenting here for help) i got my proxy up and running. I’m going to go back and make a step by step instruction set with pictures.

I’ll post it in a bit when i finish.

I’ve managed to configure Squid without error and enable it as a service on a Windows machine. But I am unsure of how to determine the server address, or confirm any traffic. What should I do after apparent successful config? Any advise is appreciated, I don’t want to lose too much time and want to make this available to the right people asap! Help.

I’ve managed to configure Squid without error and enable it as a service on a Windows machine. But I am unsure of how to determine the server address, or confirm any traffic. What should I do after apparent successful config? Any advise is appreciated, I don’t want to lose too much time and want to make this available to the right people asap!

Its not a good idea to download a sample file that somebody has posted.
It would be very easy for this person to configure the file to give them access to your pc
You may want to uninstall that.

Followed all the instructions on this posting. The command c:\squid\sbin\squid -i generated the error CreateService failed. Been working on this for three hours now. Guess our compatriots in Iran gonna have to wait, to bed now. Too bad geeks can’t write coherent documentation/instructions.

salam be dade ma berasin

I also keep getting FATAL: cache_dir c:/squid/var/cache: (2) no such file or directory
What should i do, the file is missing??

[...] Here’s for the real tech-savvy: set up an internet proxy for Iranian citizens to use in this time of restricted communications. For obvious reasons, you can’t just list the proxies, but their names and locations must be secretly distributed to those who need them. While I understand very little of this, I have been assured that it makes sense to those who know: here is a link that will assist in setting up a proxy for Iranian citizens in need. http://blog.austinheap.com/2009/06/15/how-to-setup-a-proxy-for-iran-citizens-for-windows/ [...]

I still seem to be getting an ‘abnormal program termination’ error when I try to run squid -i. Has anyone else gotten this, and what am I doing wrong?

I’m getting an error 1067 in Windows when trying to start the service. Any ideas???

[...] man sätter upp en proxyserver som iranier kan använda: http://blog.austinheap.com/2009/06/15/how-to-setup-a-proxy-for-iran-citizens-for-windows/ Kommentarer [...]

[...] Sie den iranischen Oppositionellen einen Proxy zur Verfügung! Genaue Anleitungen für Mac und für Windows finden Sie auf dem Blog von Austin [...]

I’ve posted a walkthrough on how i got my proxy set up on my blog at:

http://thoughtsections.blogspot.com/2009/06/proxies-for-iran-walkthrough.html

It isn’t quite finished (i haven’t put up a section on testing the proxy) but it covers the points where i ran into snags.

How should we create a group maybe in the bay area, for some of us to do a ‘tutorial’ maybe even cuz i’m somewhere between epenguin and the other guy up there that didn’t know anything at all but follows direction well..I feel i should be able to contribute, I have downloaded the zip file and am not sure why I can’t open it in microsoft word..for example anyways, i use to take courses in firewalls and internet security at deanaza/foothill so I think this isn’t going to be something that I can’t master, and also for all we know, this may end up having a more long-term need and effect than we all predicted, after all, these turns of events are always so quick to happen and change, I ‘ve wondered for years actually, why we couldn’t do more out of the country to stop the psycho authorities in iran from stopping something as natural and really by it’s own nature ‘unstoppable’ as information itslef, I mean c’mon..so maybe now we are all finally rallying; or replying under some ‘rallying cry’[ that maybe should’ve happened years ago, after all we’re all in this crap together..

these ridiculous so called ‘authorities’ in iran, cannot possibly be better equipped to deal with the speed of which tech info changes and information can or can’t move, than an entire tech-savvy innovative bay area??right

Hi everyone, it is really easy to setup a Proxy-Server with Psiphon. You need less than 5 Minutes.

Any Pros/Cons for using Psiphon in the current situation?!?

hey, if you do a paste of your working conf file. might help?
i’m close, but also getting cache_dir c:/squid/var/cache: (2) type errors, i’ve selected all caching logging to none, to see if that would work but no dice. let us know. thanks.

I think I am completely lost. I do everything the instructions say to do along with a few troubleshooting suggestions about microsoft not having the cache file so I’m suppose to make it, and still, I get FATAL: Unable to open configuration file: c:/squid/etc/squid.conf: (2) No such file or directory
abnormal program termination

What am I doing wrong?

[...] tech community across the globe did what they could to support it. We started posting functioning relays (or proxies) through which Iranians could subvert government [...]

[...] Heap, a 25-year-old information technology consultant in San Francisco, is running his own private proxies to help Iranians, and is advertising them on Twitter. He said on Monday that his servers were [...]

[...] den här guiden och sätt upp en proxy för bloggare i [...]

please help me ii need a proxy

[...] How to setup a proxy for Iran citizens (for Windows!) ________________ [...]

[...] iraniani basta semplicemente settare un proxy diverso, generosamente messo a disposizione (come in questo caso), per eludere il Grande Fratello [...]

[...] fuese Madrid, nos tocaría refugiarnos en los consejos de otros internautas. Por ejemplo, para aprender a utilizar Internet a través de un servidor ‘proxy’ que esquive las restricciones e impida que nos identifiquen. O para saber que podría ser peligroso [...]

I hear what you have been doing via B.B.C, I think what you are doing is fantastic & a great thing for freedom of speech. And to all the Iranians who wear Green, I wish you good luck & take care in what you are doing. Good Luck Austin Heap

To those getting “abnormal program termination” errors:

- Make sure you created the folder “cache” in “C:\squid\var” (C:\squid\var)
- Run both setup commands with admin rights. Find the shortcut to “Command Pompt” in your start menu, right clik it, and choose “Run as Administrator.
Even though you might already by signed in, on some Windows OSes you need to specifically choose run as administrator for this to work. It fixed the problem for me.

[...] post the IP anywhere and especially that you don’t post with the hashtags above. On Windows, do this and on Linux do this. On Mac, do this. Direct Message your proxy to @austinheap or @ProtesterHelp [...]

I did it, thanks for the help.

I’m not sure if it works, but it said it works. I just have to test it somehow.

How do the Iranians get my proxy? Do I have to tell them it myself?

Hail Democracy, for a free Iran.

**********AUSTIN PLEASE READ************

Can you possibly modify the chain rules in squid to allow for relaying of traffic on port 5190? Perhaps allowing the relaying of traffic on other ports that are used by chat programs?

My idea was to use Pidgin, which has a farsi translation (http://www.pidgin.im/), then use pidgin encryption plug-in (http://pidgin-encrypt.sourceforge.net/), which allows for two safe communication (uses RSA encryption, public-private key exchanging).

Pidgin has the option to use an http proxy in its network settings, so I tried to relay using one of those proxies, but I keep getting a relaying to port 5190 denied. I’m guessing the proxy server does not allow you to open connections to anything other than addresses on port 80. This can be changed correct? If so that would allow Iranians to relay their pidgin login/chatting through that proxy, and the RSA encryption would keep it safe from sniffing/tcpdump type programs.

What do you think? Let me know.

Is there someway to do this for Macs?

thank you
Y

Mahyar, if you see this reply, you can contact me via email! and I can post to Facebook and Twitter. Im here in Los Angeles and we are hoping for everyone in Iran and watching / protesting! We protested yesterday at the Federal building in Westwood, California and also held candlelight vigil for the 7 people that died in Tehran. And there is another protest today in Orange County, California @ 5pm. Everyone is behind you 100% and we DONT want you guys to give up at all! If you do, they are going to take over and things will go back to how they were.. Iran deserves change! Like Mousavi has said, “There is no going back”!!

-Sincerely Roya, roya4csun@yahoo.com

twitter: http://www.twitter.com/royasmusic

RE: mahyar
06/16/2009 at 5:58 am

i’m in tehran. i’ve been combing the net for the past 24 hrs trying to find some proxies that are still open with no luck. i’m the sales rep for a major canadian satellite networking equipment company and until yesterday had unfiltered internet over an illegal VSAT terminal that i was sharing with a bunch of people here. the client providing me with the terminal got scared and pulled the plug. we really do need these proxies to get free access to info – keeping in mind satellite tv signals are blocked by massive rf noise generated by goverment at great financial and health costs. only if those morons operating these noise stations knew what they’re doing to themselves…
i’ll post the proxy addresses on some farsi sites for the people who really need them. sincere thanks to all of you, not only for the effective help you’re providing, but most importantly: for not looking the other way.

Is there any way to set this up from a Mac?

I used anon8mizer’s .conf file and get the following errors in squid.exe.log

2009/06/17 10:36:20| decode_addr: Invalid IP address ’81.9′
2009/06/17 10:36:20| squid.conf line 611: acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.9
2009/06/17 10:36:20| aclParseIpData: Ignoring invalid IP acl entry: unknown first address ’81.9′
2009/06/17 10:36:20| parseConfigFile: squid.conf:612 unrecognized: ’0.144.0/20′
2009/06/17 10:36:20| parseConfigFile: squid.conf:613 unrecognized: ‘.0/19′
2009/06/17 10:36:20| parseConfigFile: squid.conf:614 unrecognized: ’13.176.0.0/19′

Mahyar, I have a proxy you can use. Email me at scarolan[at]gmail.com for the details.

BrianTerrel’s instructions (see above) worked like a charm for me. Thanks Brian!

have you ever considered the possibility that you are only aiding and abetting the US government to overthrow an legitimately elected government?

have you ever heard of mohammed mossadeq?

or SAVAK?

do you know that Mousavi is ALSO an establishment figure in the Iranian Islamic Republic who as prime minister (1981-1989) was responsible for the imprisonment of thousands of leftists and the slaughter of thousands of poor and working class iranians in the ongoing war with iraq? did you know that Mousavi was a key player in the Iran-Contra affair of a quarter century ago?

There’s a demonstration in Sweden tomorrow (18/6) 16.00 European time (german etc), Sergels torg in Stockholm.

http://www.facebook.com/profile.php?id=1037148639#/event.php?eid=90917637508&ref=ts

For all the Swedes, good luck!

DO NOT stop the demonstrations! We want our freedom and we are supporting you as much as we can! Spread the word about how to connect to proxys, spread the word about spreading the word!

I’m currently hosting a Proxy Server, I got 100 MB Fiber line which makes it good. I hope that people will use it, I’ve emailed my external ip.

For freedom!

[...] as Twitter and Facebook, have been cut off in Iran, although Iranians are evading the controls via proxy servers, which can disguise a user’s location to be able to organize themselves and send [...]

In windows, squib cannot parse lines that are as long as the acl trusted line on here is. I don’t know why.

Now, I don’t know much about how proxy servers work, so please forgive me if this question is a little ridiculous. But would it be worth asking establishments, such as universities (especially those with Iranian students) to contribute proxies? I think, but again may be wrong, that some universities use them to allow students access to online journals and so on. My university doesn’t, but perhaps they could set something up? It’s now outside term time, so the servers are probably not working anything near full capacity. I want know if this is worth trying. Please let me know.

Hi all,

i installed everything, configured it and Squid is running as a service. Now all i need to do is forward a port on my router to the PC running the proxy. I noticed Squid is using port 80, but what do i need to fill in on my router in the following fields:

Protocol Public port Local port Local IP address

Google didn’t really give me any answers because when it comes to forwarding, it’s usually about opening ports for downloading torrents. (Oh, and i am using a Siemens Gigaset SX551 router)

Thanks in advance

I’m trying to set this up, I was able to run \squid\sbin\squid -D -Z and it created a swap directory but then when I run \squid\sbin\squid -i it says OpenSCManager failed, what am I doing wrong here? I took out the list of Iranian IPs and just did http_access allow all, would that make a difference?

I’m in Israel and want to help you guys. I’m using a personal computer. Can you use proxies coming from Israel?

@ Peter B

Protocol PublicPort LocalPort LocalIPAddress
TCP 80 80 192.???.???.???

How to check your local IP Address:
http://www.helpfulpctools.com/HowToCheckYourLocalIP.php

Hi Rachel!

It is worth trying! I hope you succed.

I’m stuck at a road block.

I’ve forwarded my port from my router, changed what I needed to change in the config file, added a cache under \var and I still can’t get it to run. I’m stuck at getting this message:

C:\Windows\system32>c:\squid\sbin\squid -D -z
FATAL: Unable to open configuration file: c:/squid/etc/squid.conf: (2) No such f
ile or directory
Squid Cache (Version 2.7.STABLE6): Terminated abnormally.
CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

abnormal program termination

Someone get back to me asap here, or at my email, bangxbangxbang@gmail.com

Followed this instruction and it worked perfectly.

http://thoughtsections.blogspot.com/2009/06/proxies-for-iran-walkthrough.html

Thank you BrianTerrel

I have a dynamic IP address, but I’m wondering if this will still work if I obtain a domain name from DynDNS, and then provide the Iranians with that domain?

One existing proxy system that allows you to post notes and share them on top of ANY webpage, as well as allowing surfing to any website via their proxy servers (access to Twitter, YouTube, Facebook, etc.) is:

http://www.piin.it

secure server, and designed for social networking and shared commentary anywhere on the web – …Excellent service for groups sharing ideas or critiques of webpages as a whole, or published news articles, etc.

Might help…

John

If you need a proxy just type proxy at the AAfter search and you will be in it or here is the direct link..

AAfter Search

Ok. Set it up. Sent an email… hope it went to the right place.

Many hours working on this, many many problems. The acl TRUSTED block reports many many invalid IP addresses (using the original posted, not the substitutes). Much much tired of it all. Best of luck everyone. We gone.

Can someone please show a text example of what the cache directory is supposed to look like?

Trying to set it up on my macbook but having the same troubles as mike a:

aclParseIpData: WARNING: Netmask masks away part of the specified IP in ’192.168.0.0/8′

I’m behind a router. Any ideas?

Iranians have a positive talent for replacing one dictator with the next via revolution. The same pictures protesting the shah now show up protesting the Mullah’s. Forget this revolution, most dictators have the enthusiastic support of the dictatees. These revolutionaries first have to do away with their own ignorance and then go teach their compatriots to read and write and then some basic civilization like forgiveness. This revolution is a waste of energy…

Reference to “worker of the world” … it’s not like we don’t know who is Mousavi or Savak… It’s not our war it’s people of Iran rights. They decides what they want, this is the democracy. We are trying to help them getting what they elect for… thanks

Hey Austin Heap !

Greetings from BAHRAIN… (It’s a tiny island in persian gulf, next to Saudi Arab, you don’t hear much about us apart from Formula 1 race, becoz we don’t make much noise).

Saw your name on BBC today, and have been spreading the word since then.

YOU ARE MY HERO!!!

I’d like to express my gratitude to you…

Shukran, that’s Arabic for Thanx.

Azazel.

tnx alot guys

[...] in the last 48 hours. Another form of aid rendered by internet-savvy Americans involves setting up proxy servers for their Iranian counterparts to utilize, granting them bandwidth and allowing the [...]

[...] אם אתם בעלי יכולות גיקיות גבוהות, שיקלו להיעזר במדריך הזה כדי להקים כתובות פרוקסי בטוחות לאיראנים. עם זאת, צריך [...]

[...] Quick way to set up a proxy and help give Iranian protestors safe channels to reach the rest of the world. [...]

on Windows XP i had to run “squid.exe” instead of just “squid”.

[...] can create a proxy server so that Iranian protesters can gain unrestricted access to the Internet. Instructions on how to set one up here. var disqus_title = “5 Ways to Help the Iranian People”;var disqus_message = ” With the Iranian [...]

YES! finally got it working. I’ll mail the details

[...] the excitement about what these new technologies are doing — such as the story of people like Austin Heap rallying people around the world to convert their laptops to proxies to help Iranians get Net [...]

Just break the TRUSTED block into several other blocks, naming each one uniquely (TRUSTED1 TRUSTED2) etc. You’ll need to break it into about four chunks. Then modify the http_access_allow TRUSTED TRUSTED1 TRUSTED2, etc.

when I unzip the “squid” file, the file I’m supposed to open in a text editor shows up as “squid.conf.default” and I can’t get it to open in any program on my computer. Help?

found another tutorial, figured it out – never mind!

Hi what do you mean by the security precautions: moving ftp off the default port? Please explain to someone who has never done this before more clearly.. Is it ok to use the my University (office) property for this means? I cannot use my personal home PC for this because it is not on all the time.

I was told to use a different number after http_port. What number should I use?

Once I set it up and it’s running, what do I do?

I can’t set up a proxy here because i share the connection w/ my husband.BUT i can do it at my mother’s. I will forward this page to her computer and do it tomorrow.I hope that’s not too late!!!
if you like seeing green check out the url.
Also,i want to respond to these people who are saying this is a prelude to a US invasion.
had to pick myself up off floor from lauging.
If i thought this were possible be the first to say so.This is just MISINFORMATION to discourage the protests.

[...] can do more than color their personal avatars green.  If you have a PC and want to help, you can find instructions on how to download software that will turn your PC into a way station between Iranian [...]

[...] How to setup a proxy for Iran citizens (for Windows!) [...]

God bless you Austin. I’ve been hooked in in much the same way. You are providing a truly invaluable service. If I had my own ‘puter, and not a work ‘puter, I’d be part of this solution. For now, I need to do what I can. But God Bless YOU

Hey, when I downloaded the windows package the entire squid.conf file is commented out with #s. Is it supposed to be like that, or do I need to go hunting down the necessary lines and remove the #s?

http://www.feedostyle.com/preview.aspx?id=3b08deee641b42f5893bb778621563cf

Email me at curtedwards@gmail.com for my proxy. I have a dedicated machine on a 5mb Comcast business line.

squid -i, Problem with OpenSCManager is, if you have VISTA. Logon with ADMINISTRATOR (Not user with administrator-right) and it’s work

nako
could you post the other tutorial you found as I am having the same problem.
Cheers

Please be careful about how you give iranians your proxies. Do NOT post them on ANY website. It’s then easy for the iranians to shut it down or worse.

only send a proxie via private message to someone you know you can trust. If you’ve been following twitter you’ll know who they are.

Be careful too, I read a report from someone that a kid providing a proxie server in ohio was intimidated after his personal details were leaked online.

Dont let that put you off though, intimidation would be all they would try for a minor thing in a foreign country. good luck!

These people need our help.

People from Iran can contact admin@xerobank.com to have free account at: https://xerobank.com

The admin announced it here: http://www.wilderssecurity.com/showthread.php?t=245329

Spread the news.

[...] http://blog.austinheap.com/2009/06/15/how-to-setup-a-proxy-for-iran-citizens-for-windows/ [...]

[...] If you want to make your proxy server safer, look here for a list of Iranian IP blocks (the instructions are for squid, but they’re adaptable)] Personal, Philosophy, [...]

Email me: iranproxy09 at gmail.com for my proxy. I have couple of dedicated servers up and running.

[...] Iran luck. Tomorrow will literally be history in the making. And, if you are on the technical side, click here to actually help them. Possibly related posts: (automatically generated)The Pope, Facebook, breasts [...]

[...] are some friendly internet do-gooders that are helping Iranians bypass the government’s internet blockers. I read those [...]

[...] is a guide to setting up a proxy server for Iranian [...]

[...] How to set up a proxy server for use by Iranians [...]

What if you use FireFox?

Inna

Daniel, OpenSCManager failed appears when you are not running in administrator mode. To resolve, click on the start button, right-click on the command prompt program listing and select Run as Administrator.

Assalamu aleikum wa rahmatu allah wa barakatu

Nako, your computer is automatically defaulting the program to a .default file, all of the files in the c:\squid\etc need to be changed to a .conf file type. You can do so in the following manner:

1. access the cmd prompt: Vista -> Click on the start button, in the search window, type in cmd and enter
2. at the c prompt type in cd c:\squid\etc
3.rename all files identified as .default at the end to .conf in the following manner
at the c prompt type
rename mime.conf.default mime.conf
hit the enter key
repeat for all four files listed in the directory
type in c:\squid\sbin\squid -D -z
and you should have no issues

Salaam

[...] 4. Squid to open-source’owy program, dzięki któremu możemy ustawić serwer proxy dla Irańczyków. Dokładną instrukcję użycia programu w takim celu, można odnaleźć na tym blogu. [...]

To: “worker of the world”

I don’t think you “Get it”! these proxy’s do not tell people what to do with them, I am sure people from both sides in Iran are using them for a unfiltered connection. I don’t think these proxy’s are bad for anybody. LET PEOPLE KNOW whats going on! Give them a means of communication and what happens happens.

!! ATTN WINDOWS USERS !!

As noted above, several issues. Here are some solutions.

First, the TRUSTED acl. Too long: will break as noted and choke on the rest. You can break the line up perl-style with \ like this:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 \
77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 \

etc, or as noted you can make it several acls, like TRUSTED1, TRUSTED2 and so on.

Second: if you explicitly are allowing via
http_access allow TRUSTED

follow that line with

http_access deny all

and everything that isn’t in TRUSTED will be denied.

You’ll also note the config files come called things that end in .default. Get rid of the .default so they end in .conf, or better yet, copy them to new files called squid.conf etc. so you have the originals in case things get screwey.

Look for “http_port” – this is where you change what port it binds to. By default, it is 3128. Try not to use a port used by any other service. Here’s the master list of internet ports, pick something unused:

http://www.iana.org/assignments/port-numbers

!!! Important: to get started on windows, you must manually create the cache directory, or you’ll get the abnormal term errors! Go to \squid\var and inside var, create a directory (folder) named “cache” with no quotes. Then:
open a cmd prompt (Start -> Run -> type in cmd)
Enter the command “C:\squid\sbin\squid -z” (no quotes)

This will run for a bit then give you your C: prompt back. Now it’s set up and ready to go. Try using this command:

c:\squid\sbin\squid -d 1 i

That dee-one is Debug level one. It will tell you if all is working. As you’re starting it for the first time, you’ll see everything at zero (0 entries scanned, 0 invalid entries, etc). This will keep the cmd window opened and events will show in it.

You may want to keep that up until you can verify things are working. As per above advice, you have hopefully turned off logging. Once things are working, quickly CTRL-C then up arrow to get the command back, cursor back to delete the -d 1 (so it just says squid -i) and enter. Squid will start up again, but not show (or log) any info at all.

Lastly…. you are, i hope, behind a good hardware firewall/router! Don’t forget to point your external IP to the proxy! You must forward a port to Squid.

For example, if your external public ip (go to whatismyip.com to find it) is 1.2.3.4 and your internal ip of your machine is 5.5.5.5, and you want people to use port 80 for your proxy but internally squid is running on 3128, you must

forward 1.2.3.4:80 to 5.5.5.5:3128

in your firewall.

I think this covers everything. Good luck.

[...] can do more than color their personal avatars green.  If you have a PC and want to help, you can find instructions on how to download software that will turn your PC into a way station between Iranian [...]

Someone post the WINDOWS broken up TRUSTED stanzas so we can get this shit working.

when you do PLEASE email me bmcferon@gmail.com

Thx for your help with all this.

If I set my port forwarding on my router to send all port 3128 calls to my internal address (ex. 192.168.1.105) and give out my external IP to the the outside world, would the proxy work correctly?

Basically, do I have to use my external IP in my router’s port forwarding setting or can I have my router send all 3128 calls to my local IP address?

At the moment, I can reach the web via firefox/Iexplorer on my machine using [port 3128 -----> internal IP address] proxy settings but don’t know if people outside my firewall can get through. How do I know if I my port forwarding config is correct?

Please advise and thx!

Thanks Austin for your good deeds
May God give you an ocean-view house in heaven
I talked to group of people in Iran and they mentioned that they would need https and also some of them that tried my server said they could not get face book to work correctly
images were not showing up. Any clues as to how to accomplish the ttps and facebook problem?
I appreciate all answers and hope to see you all in a peaceful Iran soon

hi, I am running vista x64 on my desktop, vista x32 on my laptop. I connect through a Linksys WRT250N router, its internal address is 192.168.1.1, my desktop is at 192.168.1.x, laptop 192.168.1.y. My firewall is Norton 360 3.0.0.135. Since I am connecting through a cable modem I setup a DDNS with dyndsn – whatismypc.com shows I have a stable external IP address.
How do setup port forwarding? I can’t find any screens that will allow me to enter a IP/port address on either my router or the Norton firewall.
How can I test that the squid proxy server I setup on my desktop is working? Can I use my laptop?

Sorry, but I’m having trouble. The first time I connect it works fine, then the second time, BANG! It’s dead as Kennedy.

Whaaa?

This is the first time I have set up a proxy server so I need to know what information I need to give to you that you can give out to others in Iran. From what I can tell I have set everything up correctly.

Hmmm. Seems to be really tempremental. First it works, then it doesnt’ work, then after a while it works agian. I’ve got netstat running on the proxy itsself and I’m the only one using it, so it’s not traffic or anything. Can anyone help?

The posts attempting to help people individually create their own squid.conf files are appreciated.

What would be much better though, IMHO, would be a sample .conf file with some instructions on how to modify it as needed (e.g. “insert random port numbers here…” I think more people wanting to set up proxies will have more success using that approach.

Will someone with a working squid setup and some expertise please do that?

pictures of actual script placement changes would help tremendously. I also had to move the “http_access allow trusted” line before the “acl TRUSTED src” list then the “http_access deny all” in order to get things to run. But I’m having problems on where exactly to put my IP’s.

hey guys, i’m worried. Will the Iranian goverment DDoS me if I run one of these?

[...] Set up a proxy. and send a DM to @ProtesterHelp. On Windows, do this and on Linux do this. On Mac, do this (NOTE: These will be reposted here soon to save bandwidth)DO NOT POST THESE PUBLICLY. DM TO @austinheap or ProtesterHelp [...]

[...] How to setup a proxy for Iran citizens (for Windows!) [...]

For those windows users having problems getting the trusted acl’s to work, here’s the Trusted ACL section. This goes after the line that reads “# And finally deny all other access to this proxy”

ACL TRUSTED src cl TRUSTED src 62.60.128.0/17 62.193.0.0/19 \ 62.220.96.0/19 77.36.128.0/17 \
77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 \ 77.245.224.0/20 78.38.0.0/15 \
78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 \
78.157.32.0/19 78.158.160.0/19 \
79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 \ 80.66.176.0/20 80.69.240.0/20 \
80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 \ 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 \
81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 \ 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 \
82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 \ 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 \
85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 \ 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 \
89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 \ 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 \
91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 \ 91.212.19.0/24 91.212.252.0/24 \
92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 \ 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 \
94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 \ 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 \
94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 \ 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 \
95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 \ 188.121.96.0/19 188.121.128.0/19 \
188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 \ 195.146.32.0/19 212.16.64.0/19 \
212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 \ 212.120.192.0/19 213.176.0.0/19 \
213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 \ 213.217.32.0/19 213.233.160.0/19 \
217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 \ 217.66.192.0/20 217.66.208.0/20 \
217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15 \

http_access TRUSTED
http_access deny all

Notice that each line must end in a “\” character to note that it’s the end of the line. This will tell Squid to continue reading the trusted ACL’s on the next line and load them in properly.

If you want a copy of my .conf file, email me at freeiran@comcast.net and I’ll send you a copy.

Note: My squid.conf assumes that your installation is in c:\squid on Windows Systems to work.

FREE IRAN!

I am having a lot of trouble with these instructions. There is clearly a LOT of information not here for windows users. I am having so many issues with alc, where the “access_log none” goes(if it even matters), among other issues.

1st error: decode_addr: Invalid IP address ’81.9′

2nd error: FATAL: cache_dir c:/squid/var/cache: (2) No such file or directory
Squid Cache (Version 2.7.STABLE6): Terminated abnormally.

I wanna do my part…

I seem to get all of the errors gone but still get

“abnormal program termination”

Austin,

Someone approached me on fb. He has servers and a t1 connection. Wants to set up dedicated servers, but I have no way to contact you with his details. Please advise.

Alexa O’Brien

[...] up your computer as a full proxy server to allow them even greater access go here for instructions http://blog.austinheap.com/2009/06/15/how-to-setup-a-proxy-for-iran-citizens-for-windows/ (I assume anyone reading this is using [...]

[...] to getting the truth out.  Instructions on how to set up a Squid proxy are available elsewhere (Windows and Mac), so in this space, I will describe how to set up a Tor proxy.  It’s a lot easier [...]

I dont know much about computers but ” Let the bell of freedom ring loud and clear in Iran! I will do anything I can to help them!!! I am trying to get this straight so I can help get the news out GOD BLESS IRAN!!

I have a machine that i don’t use much i could use to host a server, but i can’t make heads or tails of most of this. I would really like to help. Could you dumb this down a little bit for me?

I am getting derailed on the part about using a text editor, my faorite one, (c’mon give me specifics man, how about Notebook/) to open up a file c:squid\etc\squid.conf

But i do not see it. break it down for the people who at least tried to pass the A+ certification exam…i can do this if you give me simpler tasks to follow…

the dilithium crystals are really taking on a load now, cap’n

Here’s the broken-up ACL list:
acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 \
77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 \
77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 \
78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 \
78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 \
79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 \
80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 \
80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 \
81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 \
81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 \
84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 \
85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 \
87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 \
89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 \
91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 \
91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 \
92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 \
92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18\
94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 \
94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 \
95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 \
95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 \
188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 \
188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 \
212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 \
212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 \
213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 \
213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 \
217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 \
217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

[...] by Aaron Austin Heap » Blog Archive » How to setup a proxy for Iran citizens for Windows!. [...]

Thanks for the ACL list! It had one slight error, a missing space before the final slash on this line:

92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18\

… this will resolve the “invalid IP” error. The full, corrected block is:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 \
77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 \
77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 \
78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 \
78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 \
79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 \
80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 \
80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 \
81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 \
81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 \
84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 \
85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 \
87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 \
89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 \
91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 \
91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 \
92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 \
92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 \
94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 \
94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 \
95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 \
95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 \
188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 \
188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 \
212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 \
212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 \
213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 \
213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 \
217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 \
217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

Yeah please dumb it down for us! I have tried but some of the instructions are unclear to me…

listen i want to help to but can not follow the info. can those of us who wish to help allow you to come into our pc to set-it in a remote way? we are trusting for a good cause.

[...] Heap, a 25-year-old information technology consultant in San Francisco, is running his own private proxies to help Iranians, and is advertising them on Twitter. He said on Monday that his servers were [...]

there is a misprint there. The space is missing so it reads 1894 as unsafe IP: “94.74.128.0/18\94.101.128.0/20″.

Use the corrected version bellow:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 \
77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 \
77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 \
78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 \
78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 \
79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 \
80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 \
80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 \
81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 \
81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 \
84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 \
85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 \
87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 \
89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 \
91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 \
91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 \
92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 \
92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 \
94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 \
94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 \
95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 \
95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 \
188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 \
188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 \ 195.146.32.0/19 \
212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 \
212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 \
213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 \
213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 \
217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 \
217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

and yet another correction. Ignore my above post.

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 \
77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 \
77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 \
78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 \
78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 \
79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 \
80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 \
80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 \
81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 \
81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 \
84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 \
85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 \
87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 \
89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 \
91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 \
91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 \
92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 \
92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 \
94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 \
94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 \
95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 \
95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 \
188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 \
188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 \
212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 \
212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 \
213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 \
213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 \
217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 \
217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

I went into several traps getting Squid on Windows running:

First, the ACL issue:
==============================================================
decode_addr: Invalid IP address ‘81.9′)

Under Windows you have to cut the long line with ip-addresses! As others stated: Notice that each line must end in a “\” character to note that it’s the end of the line. This will tell Squid to continue reading the trusted ACL’s on the next line and load them in properly. In addition, there must be a space between the last digit and the backslash. This is wrong in the previous posting (” 94.74.128.0/18\”)

Second, the cache issue:
========================
(FATAL: cache_dir c:/squid/var/cache: (2) No such file or directory)

The command “c:\squid\sbin\squid -D –z” must be executed from within the directory “c:\squid\sbin” !!
– Run “CMD” (or open DOS Box)
– Navigate to “c:\squid”
– Enter: “squid -D –z”

Third, the DNS issue:
=====================

Don’t expect your local DNS Server to work! My ISP limits DNS request to a specific IP-Address range.
I tried OpenDNS name servers
My line is: “dns_nameservers 208.67.222.222 208.67.220.220″

Forth, the start issue:
=======================

I found no special controlpanel as somewhere stated. I used the easy command in a DOS prompt:
“net start squid”

Good luck all,
Thomas

PS: again the ACL list, this time functional under Windows:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 \
77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 \
77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 \
78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 \
78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 \
79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 \
80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 \
80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 \
81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 \
81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 \
84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 \
85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 \
87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 \
89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 \
91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 \
91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 \
92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 \
92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 \
94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 \
94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 \
95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 \
95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 \
188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 \
188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 \
212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 \
212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 \
213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 \
213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 \
217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 \
217.172.96.0/19 217.174.16.0/20 217.218.0.0/15 208.116.53.210 208.116.53.211

http_access allow TRUSTED

[...] Instructions for Windows users are under development. [...]

Hi all,

I’ve tried the above instructions – after a bit of tweaking, Squid now starts caching, but with the following errors:

2009/06/23 00:16:55| aclParseIpData: Bad host/IP: ‘cl’
2009/06/23 00:16:55| aclParseIpData: Bad host/IP: ‘TRUSTED’
2009/06/23 00:16:55| aclParseIpData: Bad host/IP: ‘src’
2009/06/23 00:16:55| aclParseIpData: Bad host/IP: ‘\’
2009/06/23 00:16:55| aclParseIpData: Bad host/IP: ‘\’
2009/06/23 00:16:55| aclParseIpData: Bad host/IP: ‘\’

P.

Seriously, this is too complicated, I can’t get the thing to work. I really want to help, and so do a lot of dummies I suppose, so a basic (and I mean VERY basic) rundown of how to get a proxy running would be much appreciated. I really want to help.

Dude, I contacted you 3 times now. I finally got it working using your windows tutorial and I checked it with your checker script (http://proxyheap.austinheap.com/checker.php) and it said:
Success
Your proxy passed the basic validation test!

Perhaps you want to submit it now?

I’m right now talking to one of my friends in Iran and I gave him my proxy. He is saying that this way DOES NOT work at all. It will only let them to browse the sites that ARE NOT blocked with an IP that is not in Iran. But all the blocked websites ARE STILL blocked. He says that Iran has the same blocking system that China is using. The only way to make these proxies work is to make a virtual network (127.0.0.1 with a port) like “FreeGate” or “UltraSurf”. But freegate and ultrasurf they don’t work either cuz EVERYBODY is using it right now in Iran…

I don’t know if it’s possible to make this proxy a virtual proxy or not but the way we are doing right now DOES NOT work.

Useless stuff, communications are still in clear text, protesters—–>iranianISP——>proxy server .

We need to deploy an encrypted tunnel to the proxy!!!

I am having trouble too on windows XP. Squid seems to run OK (see bellow) but the proxy test always fails (fatal error: couldn’t connect to host).

I have the port open on my router as well so it shouldn’t be the problem.

Any ideas please?

2009/06/23 09:57:58| Accepting ICP messages at 0.0.0.0, port 3130, FD 34.
2009/06/23 09:57:58| Accepting HTCP messages on port 4827, FD 35.
2009/06/23 09:57:58| Accepting SNMP messages on port 3401, FD 36.
2009/06/23 09:57:58| Ready to serve requests.
2009/06/23 09:57:58| Done reading c:/squid/var/cache swaplog (0 entries)
2009/06/23 09:57:58| Finished rebuilding storage from disk.
2009/06/23 09:57:58| 0 Entries scanned
2009/06/23 09:57:58| 0 Invalid entries.
2009/06/23 09:57:58| 0 With invalid flags.
2009/06/23 09:57:58| 0 Objects loaded.
2009/06/23 09:57:58| 0 Objects expired.
2009/06/23 09:57:58| 0 Objects cancelled.
2009/06/23 09:57:58| 0 Duplicate URLs purged.
2009/06/23 09:57:58| 0 Swapfile clashes avoided.
2009/06/23 09:57:58| Took 0.2 seconds ( 0.0 objects/sec).
2009/06/23 09:57:58| Beginning Validation Procedure
2009/06/23 09:57:58| Completed Validation Procedure
2009/06/23 09:57:58| Validated 0 Entries
2009/06/23 09:57:58| store_swap_size = 0k
2009/06/23 09:57:59| storeLateRelease: released 0 objects

OK never mind I got it working! It was a question of forwarding the right ports. As soon as I have openned all the ports and added some random port numbers to the script I’ll submit my detail!

awsome!

I’m pretty ignorant about networking, how do I find out what/where my ISP’s DNS servers are and how do I configure the DNS name to point at my ISP’s DNS servers? What’s the syntax? Thanks in advance if anyone can help me with this.

[...] does the job for them. If you want to set up a proxy for the Iranians, follow the directions here: Austin Heap Blog Archive How to setup a proxy for Iran citizens (for Windows!) And then report your set up here: proxyheap (phase one) a project for iran __________________ [...]

OK done! Hope it’s working..

Thanks

I appreciated the author’s efforts to engage others in setting up a Squid proxy server. What’s discouraging is that the instructions are incomplete and wrong. Not only does this delay bringing more proxies online it as runs the risk of having people setup boxes that do more harm than good.

>> If you’re using Windows, it’s pretty straight forward to setup a proxy…

My advice is torewrite the instructions and have someone attempt to follow them from scratch. If they get stuck, you’re not done. I’m no newbie but what’s here don’t cut it.

Done. I’ve passed on this information to others.

qalso you could install Cygwin & its squid package

[...] Originally Posted by Unregistered I’m a Windows person. Can somebody give a link on how to configure IP tables to accept Iranian traffic? What are Iran’s IP ranges? use google Austin Heap Blog Archive How to setup a proxy for Iran citizens (for Windows!) [...]

I’ve followed the instructions on how to set it up and when I test it, it fails. I’ve gone though a couple of walk throughs with out any success. My system is running under WinXp connected to a router then to another router then to a modem and off to the internet. I’ve put in all the DNS name servers

Can someone send me their squid.conf text for Mac??? I’ve tried so many different times so many different ways and still continue to get errors I really want to help but am at the point of giving up. Can someone post pics of the script placement??? I think that would be very helpful since sometimes there is an extra line or the line number doesn’t match with what should be there (once I start modifying the doc).

Can you make the instructions a little more simple.
Example: insert name_server HERE BOLD TEXT.
Insert port settings HERE IN BOLD TEXT.

Could anyone post a complete, working config? I can edit the hostname and nameservers as required, but I just can’t get any config to work for me.

Pretty please? I’d just like to help out.

Hi,

maybe silly question, but why don’t you provide config file on this blog post as well? Then people don’t have troubles with configuration… Or even better – make squid installer with modified config inside..

cheers,

Jan

This page is the first hit on Google for “iran proxy”. Could someone come up with a Dummies guide to installing this software for those of us who still can’t get it working?

P.

may the great SATAN known as Mah-moud Ah-MAD-in-e-jad perish in the depths of the HELL he has brought upon this Earth. Allah is not pleased with vote stealers & murderers who pretend to be in his grace.

[...] more sophisticated users, Austin Heap has detailed instructions on his blog on how to set up a proxy for Iranians on a computer running Windows. Phil Nelson has instructions for setting up a proxy for people using Mac OS [...]

hi

at the first blush,i must admit my english isnot good and so sorry for intrict and silly email.
I have a question about my pc and antifilter.i use many proxyserver,at the moment “google translator ” but i couldnot enter to facebook .
some of the antifilter are able to go the first page of facebook,but when i become so happy ,happy, facebook says please active “java”.
this eror come in expelor ,mozzila and opera ,i used to opera.
my PC always confirm that the java is activity.but i could not enter at all. i become disapear and i prefer to ask u….imnot expert in computer pc.
I like to say ,,,a lot of Iranian people to esteem highly you -guardian and the other foreign journalist becouse of your confidently and leading.
please send to mail

at the first blush,i must admit my english isnot good and so sorry for intrict and silly email.
I have a question about my pc and antifilter.i use many proxyserver,at the moment “google translator ” but i couldnot enter to facebook .
some of the antifilter are able to go the first page of facebook,but when i become so happy ,happy, facebook says please active “java”.
this eror come in expelor ,mozzila and opera ,i used to opera.
my PC always confirm that the java is activity.but i could not enter at all. i become disapear and i prefer to ask u….imnot expert in computer pc.
I like to say ,,,a lot of Iranian people to esteem highly you -guardian and the other foreign journalist becouse of your confidently and leading.

[...] more sophisticated users, Austin Heap has detailed instructions on his blog on how to set up a proxy for Iranians on a computer running Windows. Phil Nelson has instructions for setting up a proxy for people using Mac OS [...]

[...] In the US, a group of ‘hacktivists’ around ICT advisor Austin Heap have developed software to bypass the Iranian censure filters; [...]

Damn, that sound’s so easy if you think about it.

I need a power proxy for using face book. we are in a polotical company.

Dear Austin,
Do you think you could help shut down the site http://www.gerdab.ir ?

hi, thaks for helping us but it was not helpfull to me ! this is my first time i setup proxy and i did not understand you mean and texts. why you dont give us a proxy without this trouble such as VOA.
any iranian peaple can help me by sending mail to me (omidkoochooloo@gmail.com) ?
thanks

Apply For Credit Card today @ Getacreditcard.biz Find All Top Offers From Visa, Mastercard, Discover, American Express, We Offer A Wide Variety Of Credit Card Applications, Balance Transfers, Bad Credit Credit Cards, Student Cards, Business Credit Cards, Cash Back & Rewards, Gas Cards, Airline Mileage Cards, This Is A 5 Star Website its Easy To Find What You Want, Be Approved In Minutes!

Mastercard

Hi Austin, I have sent again the message via FB. Could you please check ? Thank you.

setup proxy

faghat nourizadeh

I need to have a good free facebook proxy, please send me.

I need to have a good free facebook proxy, please send me.

please give me a persian help

give me the crack of cproxy

i need power prxy in iran

i need the power proxy for iran

please send me proxys everyday

thanks for your kindnesess

Thank you for assisting the people of Iran. Kindly send me proxy address too.

kkk

please give me a persian help

Thank you for assisting the people of Iran. Kindly send me proxy address too

please send me too

pleaze send me too

pleaze send to me a filter shekan

wwww

i did all the things u said and in the end when i want to run the service i see this error: could not start the squid service on local computer. error 1067: the proccess terminated unexpectedly.

please contact me with my email address. thanks alot.

There are also easier proxies to use that are fully accessible online, such as http://proxy974.co.cc and http://business974.somee.com that a lot of iranians use, and that are absolutely not logged… It’s possible to access Facebook, Twitter, Myspace and all the internet

plz send me proxy

proxy site

[...] video, donated USB keys to load with censorship circumvention software and send to activists, and opened proxy servers to offer Iranians an uncensored path to the [...]

باتشکر

سلام کلیه سایتهای فیلتر شکت رو میخوام لطفا…

send some phproxy for me please

is there any way to keep the ACL and MAC address in mysql …. so that a web interface can be made for it

Please some proxy

PLEASE HELP, I AM A FOREIGHNER LIVING IN TEHRAN, I USE TO USE A PROXY BUT NOW THEY HAVE FINALLY BLOCKED IT AS WELL….
I M NOT VERY TECHNICAL, IS THERE A WAY U CAN EMAIL ME A SIMPLE BUT WILL WORK PROXY FOR ME TO BE ABLE TO USE FACEBOOK MY ONLY JOY OF LIVING HERE…..

PLEASE HELP, I AM A FOREIGHNER LIVING IN TEHRAN, I USE TO USE A PROXY BUT NOW THEY HAVE FINALLY BLOCKED IT AS WELL….PLEASE EMAIL ME….
I M NOT VERY TECHNICAL, IS THERE A WAY U CAN EMAIL ME A SIMPLE BUT WILL WORK PROXY FOR ME TO BE ABLE TO USE FACEBOOK MY ONLY JOY OF LIVING HERE…..

plese give me good proxy for iran

Good points, I think I will definitely subscribe! I’ll go and read some more! What do you see the future of this being?

I sell proxies for $10 each. They can be used anywhere in the world, including IRAN and are not blocked. Send me an email. They are USA based and I offer both HTTP and SOCKS5 configured proxy ip addresses for you to use.

How can I find more information related to this post? Its very interesting and I think this will benefit others after reading through the provided material. Thank you and keep up the good work!

go here and download it and use scure and free https://blog.torproject.org/

[...] som internationellt hjälpte Iranier att få ut information om protesterna genom att sätta upp massor av små och svårspårade http-proxies för att göra det i praktiken omöjligt för Iranska myndigheter att stoppa [...]

[...] är en sak att se och en helt annan sak att agera. Jag tror att vi lyckades att höja Europeiska unionens profil i dessa frågor, även om mycket [...]

I need to have a good free proxy, please send me.

hi…would u please send me a kind of powerfull program for uncensoreing the sites..thanks

Please advise on the top Software Deployment program available?
I Googled the web and discovered the following:
Kaseya.com
GFI.com
Logmein.com

They all look different… Does anyone can recommend any other?
Also did anybody else hear about that software:
N-able remote monitoring software ?

please send to me some freshproxy sites

plese give me good proxy for iran

hello,please send me some proxy.

very thanks astin

please send me several anti pproxy for iran citizens

send me too

pls send me proxy

hi austin im from iran thanks a lot for your struggle please send the haystack if may thanks again

plz give me good proxy for iran.

please send me several anti pproxy for iran citizens

i need the power proxy for iran

i need a power proxy for iran

I think, this tutorial is not in the spirit. You can make much better(more scalable, more secure, more robust) proxy server on linux. Try googling ‘squid proxy server how to setup’

nothing happened ,the text isn’t not clear,plz make it friendly

I also have a new proxy setup online at http://online-proxy-server.appspot.com/ on Google Apps, works like a charm!

I need proxy site

Nice information. I have been needing a proxy site as well.

If you could get me a proxy, I would really appreciate.

Hello, I’m from Florida and I am glad, I have found your site,cuz it’s really cute.

helpful post.

darkhast filtrshkan rozaneh ya haftege

If you could get me a proxy, I would really glad.

Thanks and Please keep updating your Internet site. I are going to be stopping by every time you do .

please give me new proxy now

fraa vpn freeproxy

ye anti filter top mikham ina pedar maro dar avordan

If you could get me a proxy, I would really glad

please send me money or 5000 dolars i am very bad spacial life my calleg giv me my account ejucation i am sory recus from you becuse my father are poor thank

i need proxy or vpn please

i need proxy or vpn please help me

salam.
bache ha ina kalak nabashe?
be jaie proxy ie chiz dige bedan khordemoon?! ?:-(

скачать игру nfs скачать игру countre strike

az

i love u

Thank you on behalf of Iranians and humanity!

That’s a mold-bkraeer. Great thinking!

vCf2l1 That’s really thinking out of the box. Thknas!

I bow down humbly in the presence of such gerntaess.

Too many complimntes too little space, thanks!