squid ftp access problem

user · October 17, 2008, 9:26am

hi!

i can’t access ftp sites from lan clients. i have a opensuse11 proxy server using squid v2.6 and here is the config:

from squid.conf:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
acl cti src 192.168.0.0/24

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow cti
http_access deny all

from /etc/sysconfig/SuSEfirewall2:

FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128 192.168.0.0/24,0/0,tcp,21,3128 192.168.0.0/24,0/0,udp,80,3128 192.168.0.0/24,0/0,udp,21,3128"

there’s no error message from the client browser. i cant even find any error from squid logs.

am i missing something?

thanks

ken_yap · October 17, 2008, 9:52am

FTP connections involve two TCP streams and what’s more the IP address and port for one of those connections is contained within the control stream so they cannot use interception/transparent proxying in the same way HTTP connections can. However they can be explicitly proxied if the client is set to use the proxy.

user · October 17, 2008, 1:22pm

thanks…

that means i have to manually setup client browsers to use proxy? transparent proxying doesn’t work with ftp connections?

ken_yap · October 17, 2008, 1:30pm

Correct…