Tief und Langsam, Baby!

Okay, so there’s lots of you who are willing to set up their own SSH->Squid tunnels but don’t know how to do that. I’ll have to leave the house in a couple of minutes so I don’t have enough time to give instructions for every operating system / distro, but for Ubuntu (either virtual or not) it’s pretty simple:

• sudo aptitude install openssh-server squid
• Follow instructions on http://iran.sharearchy.com/ for how to edit Squid’s configuration file and then do “/etc/init.d/squid restart” (as those instructions also state)
• Edit /etc/ssh/sshd_config (i.e. into a terminal type “gedit /etc/ssh/sshd_config” and change the line “Port 22″ to read “Port 80″ or use some other number between 1 and 65535 that isn’t used (above 10000 you should be safe in any case). Similar to Squid, do “/etc/init.d/ssh restart”
• Using Ubuntu’s graphical tools (System->Settings->Users and Groups) create a new unpriviledged user, at best with a random password and write that down somewhere
• Send all your info (IP address of the server, username, password, port you chose and port of the Squid server, 3128 if you didn’t change it) to Austin Heap or whoever you know can pass it on. IMPORTANT: don’t communicate that information through any public channels as the Iranian security forces ARE watching!
• In the case that you’re using your home internet line for this, your router will have to be configured to forward the port you chose to the box that runs the proxy. For most routers this is easy and can be configured under something called “Virtual Servers” or “NAT”.

Freedom for Iran!

With all the crap going on in Iran at the moment, some of us around the world are setting up proxy servers to help the people in Iran communicate among each other and also get info out to the world. However, simple HTTP proxy servers don’t cut it anymore since the Iranian government seems to be quick to block them.

The best thing right now seem to be SSH tunnels, which can be challenging to set up for not-so technically inclined users. For everybody within Iran who wants to go through such an SSH tunnel, a quick step-by-step guide. You’ll usually get an IP address, 2 ports (usually 80 and 3128), username and password (one distributor of these is Austin Heap). What to do with that info depends on the operating system you’re using.

Windows:

• Use BitTorrent to download http://iran.sharearchy.com/tunnel.torrent
• Read the Howto and run the tunnel.exe file which you got in the torrent
• Enter the info (ports, IP address, username, password) into the Tunnel program
• Configure your browser (i.e., Firefox) as per the instructions in the Howto

Linux, Mac:

• Open a Terminal
• Type this into it: “ssh -oPort=PORT1 -L PORT2:localhost:PORT2 USERNAME@IPADDRESS” – so for example: “ssh -oPort=80 -L 3128:localhost:3128 iran@80.25.15.30″ and press . After that it’ll ask you for the password
• Set your browser to use “localhost:PORT2″ (so, for example, “localhost:3128″) as the HTTP proxy

Please try to get this info into Iran by whatever means available to you.