I've had enough of being region restricted and want to setup a US proxy.

I have: a US based linux host
I need: a clue

What software would I need to get up and running? Any guides to follow in particular?

Initially i would like to redirct some HTTP traffic through it, but also other stuff like online video would be good too.

I had cgiproxy up and running for a while, but it broke, and ideally I would setup something a bit more robust - I just have no idea where to even start reading.

if you want to do your own i recommend this method;

> www.slicehost.com
> get your root login
# apt-get install squid

let me know when you've done that and i'll send you my squid config
from here you can either just firewall all traffic but your own or set it up so you are accessing the proxy via a secure tunnel

if you need help let us know
infact in the above example if a few people (5 or more) are willing to chip in $5/month i'd be happy to run it and everyone gets an account so they can all do the same

I use this method myself to access msn/irc/all websites while @ work
not because its banned at work, just because it cant be snooped unless they're super 1337 SSL-hackers

Tell you what, I'll give you money if you make an Australian proxy that I can use to avoid Australian geo-locking crap...

:(

as painful as it might be, it's worth setting up squid yourself and making sure you spend a bit of time understanding it - blindly accepting someone else's config has a high chance of asking for trouble imo

I use Quantact ($8/mth) for a VPS that I've setup Squid and the worlds-most-awesome-ping-reducing-ticcles-modified-socks5 proxy.

Install Squid, read some config guides and just lock it down. Out of the box it's virtually ready to get going.

true Jim, however I am doing exactly what nats wants to do on my slicehost

I just proxy localhost:3128 to localhost:3128 via an SSH tunnel on the colo box
no ip conenctivity to the primary interface on the colo box, just to lo0

squid only listens on 127.0.0.1:3128 on the colo box, perfectly secure

perfectly secure eh
you could bottle that and sell it

please deposit $1337 into my bank account and i'll send you bottle #001

I'll buy 30000 bottles of your Perfectly Secure so I can send them out to clients as christmas gifts :P

special discount 4 u short time offer only limit 1 per customer!!!1

30000 * 1337 = 40,110,000 - $110,000 = $40,000,000 !!!!!

i would set up squid. the docs on their site are pretty good. i would stay away from pre-configured options just because you don't learn anything that way.

i would also look into openvpn if you want to do more than just webpages.

i would have signed up for this, but we found a sneaky backdoor way to get to gmail through horrible new work proxy;

www.google.com/ig for the win!

Tell me more about your sneaky backdoor..

well, most places will block gmail with the usual gmail address

mail.google.com

but not www.google.com/ig (which is your personal google page)

if you use the google ig page with the gmail applet, it accesses your gmail fine, but not through the usual address, for the win:

if didnt have access to gmail and qgl (which also isnt blocked for now under the new proxy) i mite well have topped myself

as far as i know, most government offices will block gmail, but not google, so it will work fine for them also

You missed my innuendo :(

spook lies, he runs the proxy server and just sets up acls for his kiddy pr0n

we all miss putting it in ur endo since you went south ticcles

as far as i know, most government offices will block gmail, but not google, so it will work fine for them also

omg...I love you spook! :D

YAY FOR GMAIL AT WORK!!!!

edit: actually, which Addon did you use? I have tried a few now, they either don't work or get blocked by the policy (for having gmail in the address) :(

last edited by Fireblood at 20:00:43 11/Mar/09

https://vpnout.com/ could try that but you want linux based.

http://www.google.com/ig/adde?moduleurl=builtin_gmail.xml&source=imag

(make sure you are using the gadget at www.google.com/ig

Thanks. Squid looks good, i'll give it a shot hopefully this weekend.

super 1337 SSL-hackers

you cant beat SSL?

I just don't think anyone who has the ability to launch a man-in-the-middle attack within this network would actually bother

If it was me I'd be looking at routing all your traffic over OpenVPN, and just turning that on and off at the client-side as desired.

Side question, does anyone know why the only site that seems to be blocked on UQ ITEE VPN is qgl forums? There has to be a good story behind it :D

the vpn option is useful for things that might not necessarily be http/s but it would cause any existing connections you might have to other places prior to flicking it on, to be dropped each time, and then again when you turn it off. unless you manually set specific routes at the time just for the traffic you want to go via the vpn, as opposed to routing everything

that'd be annoying for me where I'm connected to a bunch of different things all the time like irc, any number of ssh and RD sessions, steam (where a reconnect from a new ip often requires entering your user/pass again) etc

having said all that, maybe learning to use the route/ip commands for that reason would be easier than using squid

Side question, does anyone know why the only site that seems to be blocked on UQ ITEE VPN is qgl forums? There has to be a good story behind it :D

Really?! That's crazy. When I was there I don't recall it being blocked.

i was on qgl the other day at uni (uq), def not blocked for me.

i had lots of problems setting up squid. i'm not root at the webhost where i have an account, so i got the source and tried to set it up in my home dir.

Should that work or do i need to be root to run squid?

When i gave up i was having authentication problems. The guide i was following said to add the following to the config:

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic childred 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth

(so i changed those paths to line up with where i was installing in my homedir), but it errored on squid/ncsa_auth. The guide included creating a squid_passwd file using htpasswd but not a squid/ncsa_auth file, so it kept falling over at that point.

you don't even need squid. if you have ssh installed you can set up putty to act as socks server. under tunnels add source port: xxx and destination:dynamic then just point your web browser to connect to socks server on port: xxx.

since you are not root, you need to change the prefix when you run configure prior to compiling.

try adding --prefix=/your/home/dir/squid to your configure line.

then after you make and make install, go into that dir and edit etc/squid.conf to reflect the the directory.

Really?! That's crazy. When I was there I don't recall it being blocked.

was on qgl the other day at uni (uq), def not blocked for me.

Getting to it via standard uq network is fine, its only ITEE staff VPN that blocks it. I asked infrastructure why it was blocked and they can't remember: ps ausgamers is fine to get to, its only qgl. Was more just curious if there was some urban legend.

Screeny:

http://img.skitch.com/20090321-mmwrdqqi46e5bsxrr2we2dnxs6.jpg

you don't even need squid. if you have ssh installed you can set up putty to act as socks server. under tunnels add source port: xxx and destination:dynamic then just point your web browser to connect to socks server on port: xxx.

f*** ducks that was too easy. where were you a week ago?? :-)

--> IP Address Location: Orem, UT United States

I just bought my first kindle book and successfully loaded it on to iKindle. f*** yeah!

Video on hulu.com doesn't work. It gets past the first check, like it doesn't reject me for not being american, but then the video doesn't play "Sorry we are unable to stream this video. Please check your internet connection and try again"

Should I be able to do that over putty?

root@extortion:~# grep -i acl /etc/squid/squid.conf | grep -v ^#
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl our_networks src 192.168.1.0/24 127.0.0.1
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache

sounds like flash is ignoring your proxy settings :( if you are doing this in a non-IE browser change IE to use socks as well and try again with your non-IE browser. flash might be looking at your system proxy settings instead of your browser proxy settings. otherwise maybe it will be back to squid....

you don't even need squid. if you have ssh installed you can set up putty to act as socks server. under tunnels add source port: xxx and destination:dynamic then just point your web browser to connect to socks server on port: xxx.

Just tried that as well. Amazing. Something simple that just works, no hassle. Thanks for the tip.

I just tried it in IE, using IE as the browser, same problem.

It must be something hulu is doing, cause i can play youtube videos no problem in the same browser using the proxy :-(

I did a test at whatismyipaddress.com to see if it could detect my proxy, and it didn't: http://whatismyipaddress.com/staticpages/index.php/advanced-proxy-test

IP 69.89.xx.xxx
rDNS FALSE
WIMIA Test FALSE
TOR Test FALSE
Loc Test FALSE
Header Test FALSE
DNSBL Test FALSE

damn you hulu.


last edited by natslovR at 21:20:15 22/Mar/09

yeah hlu is using a thingo to make direct connections and ignore proxy settings. if you have access to lunix you can get around it: http://www.alternativedenial.org/?p=94

allegedly this program can help you out: http://www.ufasoft.com/socks/

/SCRATCH THAT. won't work :(

http://www.freecap.ru/eng/ -> will do the job
http://www.widecap.com/ -> is the pay version with 30 day trial

might be easier to set up a vpn though...

last edited by hast at 21:38:34 22/Mar/09

Torrents at UQ:

Hi guys, i know this is a bit of topic, but i noticed a few replies from ppl at UQ. Is there anywhere on the UQ network where people keep torrents? (movies / tv / games / etc)??

I've just started going there this year, but i'm only part-time, so i'm only there a few hours a week and haven't had time to sus it out.

I suggest you try contacting the Prentice Centre for your question - they are more than happy dealing with newcomer students to UQnet.