Dear Friends,

Hello ! I need your help in sorting out an issue :

I have squid proxy server up and running nicely. Some of the client PCs on our internal network need command line (and sometimes they use client like gftp) access to some ftp sites on the internet. With present setup they are not able to do that. The squid server has two ethernet cards- eth0 connected to ADSL modem and eth1 connected to internal network. Please note that we are not running any iptables script as of now !!

Also another issue is that I do not want to run in "Transparent Proxy" mode as in that the entire purpose of using squid (( to have content filtering and caching) is defeated.Also we may not be in a position to open secured sites in transparent proxy mode.

Can some one help in resolving my problem ?




regards
rajesh.bahl

i guess you don't actually appreciate what a transparent proxy is? squid in that mode will filter and block just fine, it just won't allow user specific authorisation and such. i think you're actually talking about routing, which is nothing to do with proxies in the slightest. squid apparently can't do transparent ftp proxying anyway, so either you use squid as an explicit proxy, or allow ftp connections to route through, or find a server that will.

Very right !! My requirement is that along with squid proxy, I need my clients to be able to reach ftp sites through command line or through ftp client software like gftp.

I am sure there must be some solution to do that---- may be by running some kind of iptables script.

Why ftp port gets blocked after squid is put to action ?



regards
rajesh.bahl

squid doens't block ftp, that is not correct / possible. you sound like you simply need to enable ip forwarding and masquerading on the box, a very stndard thing to want. just search this site for "ip_forward masquerade" and you'll find plenty of hits.