HowTo: Listen Pandora In Europe ( Outside USA )

I have Pandora Internet Radio One subscription, and recently I moved to Europe for a few months as part of my work schedule. The service fully available only in the United States. How do I access Pandora one service in Europe? Can I get around it by using a proxy server installed on my own server located in USA at home or ISP data center?

Tutorial details
Difficulty	Intermediate (rss)
Root privileges	Yes
Requirements	Squid Proxy Linux or Unix
Estimated completion time	N/A

From the wikipedia page:

Pandora Internet Radio is an automated music recommendation service and "custodian" of the Music Genome Project. The service, operated by Pandora Media, Inc., is fully available only in the United States, with limited access in Australia and New Zealand. The service plays musical selections similar to song suggestions entered by a user. The user provides positive or negative feedback for songs chosen by the service, which are taken into account for future selections. Due to licensing restrictions service is not available in Asia or Eurpoe.

If listeners are located outside of the US, you will be greeted with the following page:

Fig.01: Pandora blocked outside the US

How do I unblock Pandora in Europe/Asia or School/Work?

Consider the following setup:

  +-----------+
  | Computer  |        +-------+       +-------------+
  | in Europe |        | Linux |       | Pandora.com |
  |   OR      +--------+ Proxy +-------+ Radio       |
  | at work/  |        +-------+       +-------------+
  | school    |         Located
  +-----------+         in USA with
                        US based
                        Public IP
                        Address 1.2.3.4
                        on port 80

You need:

A server running on Linux or Unix like operating system.
US based location and IP address.
US based DNS servers.
Optional - Use OpenSSH to act as a VPN provider with your own server in the US.

I'm using FiOS based connection located in Montclair, New Jersey and my setup is as follows:

                  +-------------+
                  | CentOS 6.x  |      +--------+
  +----------+    | Squid Proxy |      |Pandora |
  | Laptop   |----+ Running on  +------+--------+
  +----------+    | 1.2.3.4:80  |
                  +-------------+
                    + Iptables

Step #1: Install Squid Proxy Server On CentOS Linux 6.x

I'm assuming that you have CentOS Linux 6.x / RHEL 6.x / Scientific Linux 6.x server is installed and working properly with 1.2.3.4 as a public IP address. Type the following yum command to install Squid Proxy Server:
# yum install squid
Sample outputs:

 
Loaded plugins: product-id, protectbase, rhnplugin
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.x86_64 7:3.1.10-9.el6_3 will be installed
--> Processing Dependency: perl(DBI) for package: 7:squid-3.1.10-9.el6_3.x86_64
--> Running transaction check
---> Package perl-DBI.x86_64 0:1.609-4.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package      Arch       Version                 Repository                Size
================================================================================
Installing:
 squid        x86_64     7:3.1.10-9.el6_3        rhel-x86_64-server-6     1.7 M
Installing for dependencies:
 perl-DBI     x86_64     1.609-4.el6             rhel-x86_64-server-6     707 k
 
Transaction Summary
================================================================================
Install       2 Package(s)
 
Total download size: 2.4 M
Installed size: 0
Is this ok [y/N]: y
Downloading Packages:
(1/2): perl-DBI-1.609-4.el6.x86_64.rpm                   | 707 kB     00:00
(2/2): squid-3.1.10-9.el6_3.x86_64.rpm                   | 1.7 MB     00:00
--------------------------------------------------------------------------------
Total                                           5.0 MB/s | 2.4 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : perl-DBI-1.609-4.el6.x86_64                                  1/2
  Installing : 7:squid-3.1.10-9.el6_3.x86_64                                2/2
Installed products updated.
  Verifying  : 7:squid-3.1.10-9.el6_3.x86_64                                1/2
  Verifying  : perl-DBI-1.609-4.el6.x86_64                                  2/2
 
Installed:
  squid.x86_64 7:3.1.10-9.el6_3
 
Dependency Installed:
  perl-DBI.x86_64 0:1.609-4.el6
 
Complete!

Enable squid service using chkconfig command, run:
# chkconfig squid on

Step #2: Configure squid proxy server

The Squid configuration file is /etc/squid/squid.conf. Edit /etc/squid/squid.conf, enter:
# vi /etc/squid/squid.conf
The default listening port for the Squid service is 3128. You need to set it to tcp port # 80 and public IP 1.2.3.4:

http_port 1.2.3.4:80

Set forwarded_for to off to prevent the leakage of internal network configuration details such as proxy client IP address:

forwarded_for off

Next, setup access list for the specific network or networks that the proxy is intended to serve. Only this subset of IP addresses or a single IP address should be allowed access. The syntax is:

 
acl your-acl-name src ip-range
acl your-acl-name src ip-address

In this example, setup ACL for a single IP address 212.58.1.2 to access your proxy server:

 
## Your laptop public ip ##
acl europeisp src 212.58.1.2

OR setup ACL for ip-range in the format of xxx.xxx.xxx.xxx/xx i.e. allow 202.58.1.0/24:

 
## Your laptop public ip ##
acl europeispnetwork src 202.58.1.0/24

You need to allow acl europeisp or europeispnetwork to access the proxy server:

http_access allow acl europeisp
#http_access allow acl europeispnetwork

Finally, you need to configure proxy server authentication. See how to configure authentication for more information:

Save and close the file. Start the squid service:
# service squid start

Sample working squid.conf file

 
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
## my acl ##
acl mylaptop   src 202.1.2.3
 
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
 
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
 
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
 
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
 
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
 
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
 
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
http_access allow mylaptop
 
# And finally deny all other access to this proxy
http_access deny all
 
# Squid normally listens to port 3128
http_port 1.2.3.4:80
 
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
 
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
 
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
 
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320
 
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Step #3: Configure iptables to allow access to the proxy server

Edit /etc/sysconfig/iptables, enter:
# vi /etc/sysconfig/iptables
Add the following line. Make sure that it appears before the final LOG and DROP lines for the INPUT chain:
## accept the squid proxy connections on 1.2.3.4 port 80 ##

 
-A INPUT -m state --state NEW -d 1.2.3.4 -m tcp -p tcp --dport 80 -j ACCEPT

Save and close the file. Restart the firewall:
# service iptables restart

Step #4: Update `/etc/resolv.conf`

Make sure /etc/resolv.conf point to your ISP dns server located in the US:
# vi /etc/resolv.conf
Append/edit as follows

## update these as per your ISP ##
nameserver 10.0.70.1
nameserver 10.0.70.2

Save and close the file.

Step #5: Proxy network settings

Firefox, Chrome, Opera, and IE uses your computer's system proxy settings to connect to the network. However, you can change these settings by visiting network settings option. You need to supply the following information:

In the HTTP Proxy (Address box), type the address of the proxy server such as 1.2.3.4 or DNS name such as proxy1.cyberciti.biz or server1.cyberciti.biz.
In the Port box, type the port number such as 80.

Sample outputs:

Fig.02: Firefox proxy settings

IE user, see proxy server settings in the Microsoft help site or entering proxy settings in the Apple support site for Safari user.

Step #6: (Optional) Use Openssh to squid HTTP/SSL proxy

The following instructions will only work on Unix like operating systems such as Linux, *BSD, Apple OS X and so on. It may also work on MS-Windows with the help of putty ssh client. Type the following ssh command to forward local port 8080 to host server1.cyberciti.biz, port 80, via ssh port forwarding tunnel:

 
ssh -N -f -L 8080:127.0.0.1:{PROXY-PORT} {USER}@{PROXY-SERVER-IP}
 
 
##################[ Example ] ##############################################
### Start the ssh and connect to vivek@server1.cyberciti.biz proxy server
### Port 8080 on 127.0.0.1 (localhost) on the Linux/Unix system
### Squid will listen on server1.cyberciti.biz port 80 
### All request send to 127.0.0.1 port 80 will be sent via the ssh tunnel
#############################################################################
 
ssh -N -f -L 8080:127.0.0.1:80 vivek@server1.cyberciti.biz

Fire a web-browser > Visit the network settings > In the HTTP Proxy (Address box), type the address of the proxy server 127.0.0.1 > In the Port box, type the port number 8080:

Fig.03: Firefox proxy+SSH tunnel settings

Editor's note

This is an user contributed and tested Q and A.
The IP address and port numbers used in this examples are for demonstration purpose only and not the valid one.
The Instruction should work with any VPS server or dedicated server. The server can be hosted in one of the "clouds".
The Instruction are tested on the CentOS / RHEL only, but can be easily produced on any Unix like operating systems such as Debian / Ubuntu Linux or FreeBSD/OpenBSD.

If you would like to be kept up to date with our posts, you can follow us on Twitter, Facebook, Google+, or even by subscribing to our RSS Feed.

This entry is 1 of 3 in the Squid Proxy Server and Proxy Auto Configuration (PAC) Tutorial series. Keep reading the rest of the series:

HowTo: Configure Squid Proxy Server To Access Pandora In Europe
HowTo: Create a Proxy PAC File
HowTo: Test a Proxy PAC File Syntax With pactester Command

{ 3 comments… read them below or add one }

1 Prasenjit November 18, 2012 at 8:57 am: Try installing “Media Hint” Firefox/chrome extension which allows you to access Pandora, Hulu and lot of other US based websites from outside US.
It’s pretty awesome and I use it a lot. Give it a try and let me know how it goes.
2 Ollie November 18, 2012 at 12:28 pm: Just as a suggestion in the spirit of green computing, installing squid on a raspberry Pi works very well and only uses 5V/700mA of electricity. The Raspberry Pi only costs around $30 so is a nice cheap alternative. Check out the Raspberry Pi foundation (a charitable organisation) at http://www.raspberrypi.org…. Just a thought!
3 tagno25 November 19, 2012 at 11:17 pm: A faster and easier way would be to use ssh dynamic forwarding.