how to allow ftp connection through Squid

Discussion:

(too old to reply)

Pavee

2006-04-19 13:18:27 UTC

Hi all I am new to the squid server. Please help me

I made all my clients on LAN to use squid to connect internet.
When my clients want to connect to ftp server with their username
through internet.
They have to pass through squid only and through squid they are
blocking to connect ftp, so how to
allow them to connect ftp through squid.

Thanking in advance.

Regards,
Praveen

Rich Piotrowski

2006-04-19 14:19:38 UTC

Permalink

Post by Pavee
Hi all I am new to the squid server. Please help me
I made all my clients on LAN to use squid to connect internet.
When my clients want to connect to ftp server with their username
through internet.
They have to pass through squid only and through squid they are
blocking to connect ftp, so how to
allow them to connect ftp through squid.
Thanking in advance.
Regards,
Praveen

Not sure. Maybe;

# To always forward FTP requests directly, use
#
acl FTP proto FTP
always_direct allow FTP

--
"Now are you talking about what it is you know
or just repeating what it was you heard."
Grace Slick
To E-mail use: rpiotro(at)wi(dot)rr(dot)com

Pavee

2006-04-20 04:52:35 UTC

Permalink

This post might be inappropriate. Click to display it.

SenthilMurugan

2006-04-20 09:10:01 UTC

Permalink

What FTP client you are using? Squid allows only browser based FTP.

Regards,
Senthil Murugan

Pavee

2006-04-20 09:48:54 UTC

Permalink

I tried both when i want to connect ftp server located at remote
through internet the squid is not allowing to connect it gives error
permission denied.

We have Internet connection through lease line they have given two
static IP address that are Class A IP address through them only we
conncect to internet no other IP address will work. But Our LAN is in
192.168.0.0 series, so I added two IP address one for accessing
internet from out side world and one more IP 192.168.0.15 for the same
Ethernet card for the clients to access internet through squid and they
are accessing internet. When they connect to remote ftp server with the
public IP address through squid they are blocking.

I am new to this squid, Help me.

Thanking you in advance

Regards,
Praveen

SenthilMurugan

2006-04-20 10:12:32 UTC

Permalink

If you are getting the permission denied problem, then your squid.conf
file may contain the following entry

http_access deny all

So please change the above value to
http_access allow all

or add the following lines above the deny line

acl yournetwork src 192.168.0.0/192.168.0.255
http_access allow yournetwork
http_access deny all

then reconfigure squid using

<SQUID-PATH>/sbin/squid -k reconfigure

Regards,
Senthil Murugan

Pavee

2006-04-20 11:17:24 UTC

Permalink

I allowed that one also all and mynetwork

They are accessing internet only thing is they are not connecting to
the ftp server which is located in remote place it is blocking any ftp
request from the client.

and also i tried this one
acl FTP proto ftp
always_direct allow FTP

Then also it is not connecting.

Can u send me the configuration file.
I am very greatfull to u.

Regards,
Praveen

SenthilMurugan

2006-04-20 11:56:01 UTC

Permalink

If ther FTP server itself is blocking then you cannot do anything. May
be you can get the access from that server...

Anyway this is my sample squid.conf file after removing the comments

#----------------------------------------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow all

http_reply_access allow all

icp_access allow all

cache_effective_group nobody

coredump_dir /usr/local/squid25s12/var/cache

Pavee

2006-04-20 12:07:40 UTC

Permalink

Thanq u very much i will try out this.

Thanq u very much for ur help.

If u don't mind can i have ur personal mail if u wish.

Regards,
Praveen

Pavee

2006-04-21 12:53:53 UTC

Permalink

This is not sloved.

Please help me