squid ftp access problem


i can’t access ftp sites from lan clients. i have a opensuse11 proxy server using squid v2.6 and here is the config:

from squid.conf:

acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
acl cti src

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow cti
http_access deny all

from /etc/sysconfig/SuSEfirewall2:


there’s no error message from the client browser. i cant even find any error from squid logs.

am i missing something?


FTP connections involve two TCP streams and what’s more the IP address and port for one of those connections is contained within the control stream so they cannot use interception/transparent proxying in the same way HTTP connections can. However they can be explicitly proxied if the client is set to use the proxy.


that means i have to manually setup client browsers to use proxy? transparent proxying doesn’t work with ftp connections?