FTP/Outlook related problem

santanu.santanu · 07-02-2008, 11:48 PM

OK..Thanks for reply....Another thing is that , from squid system I m able to login remote ftp server (I m not telling about browser based ftp websites; like ftp://ftp.abcd.com)and get mails through pop client . In linux I m using Evolution pop mail....But from other client ssytem those are connected with my squid server, they are not able to do this kind of activity . Only browse google etc. Even I use IPTABLEs to allow all source-all destination for FTP . Even put it in squid ACL as safeport.....Any suggestion.Pls tell.

win32sux · 07-03-2008, 12:04 AM

Quote:

Originally Posted by santanu.santanu

OK..Thanks for reply....Another thing is that , from squid system I m able to login remote ftp server (I m not telling about browser based ftp websites; like ftp://ftp.abcd.com)and get mails through pop client . In linux I m using Evolution pop mail....But from other client ssytem those are connected with my squid server, they are not able to do this kind of activity . Only browse google etc. Even I use IPTABLEs to allow all source-all destination for FTP . Even put it in squid ACL as safeport.....Any suggestion.Pls tell.

If I understand your post correctly, you are saying that your clients are having problems accessing FTP servers. If that is indeed what you are saying, then that is a completely separate issue and does not belong in this thread.

santanu.santanu · 07-03-2008, 12:09 AM

Yes you are right. Actually if I manually block required sites through squid it may be possible . But now I m seeing that users are unable to get mails through outlook or not able to login remote FTP server (not browser based ftp sites). Pls..Pls. help me out .

Its possible from local squid system...but not other client XP system who are connected with my squid system.

Mr. C. · 07-03-2008, 12:12 AM

Focus, Focus, F O C U S !

Focus on one problem at a time; it is way too challenging to follow what immediate, single problem you are trying to resolve.

santanu.santanu · 07-03-2008, 12:21 AM

But pls, tell me the way how to solve the FTP / Outlook related problem. This is a serious issue for me . Pls.don't take me other way . Actually I m focusing on this issue . And I m not getting proper suggestions from others . Pls help.....After solving the issue we can talk on previous matter......But pls tell me any way ; may be IPTABLES / Squid ACL .

Mr. C. · 07-03-2008, 12:23 AM

You misunderstand.

Are you trying to make POP work at this moment, or FTP. Chose one. Because each of them can have a different set of problems.

santanu.santanu · 07-03-2008, 12:31 AM

At the moment I have to allow connected XP users for getting mails through Outlook and allow them to login remote ftp server........>>>> through squid-proxy system....Here a common error coming " domain no resolved "...I think thats the problem . Client system are are unable to resolve remote domains through squid-proxy system..Any paramitter needed to add in squid . And POP (in case of Outlook)showing port 110 related error .

Mr. C. · 07-03-2008, 12:35 AM

Ok, since you prefer not to make a choice, I'll make one for you - we'll focus on POP,

From the command line on a system that has trouble:

Code:

telnet IP_OF_POP_SERVER 110

What happens?

santanu.santanu · 07-03-2008, 12:48 AM

I m able to connect from local squid system...but from XP client its showing connection failed

santanu.santanu · 07-03-2008, 01:08 AM

I m not getting any reason ... so that client systems are unable to resolve the remote domain....because google etc. are browsing . And my user's getway is my squid system.

win32sux · 07-03-2008, 01:14 AM

I've moved this new discussion into a separate thread in Networking.

santanu.santanu, I hope next time you will take a hint and start a new thread for your new issue. Asking how to filter Web-based email on your network is a security matter, but FTP and Outlook clients with connectivity problems is not.

chort · 07-03-2008, 06:25 PM

How are you forcing your POP users to connect through Squid any way? So far as I know Outlook doesn't have any proxy support... Are you using iptables to redirect all port 110/tcp connections to Squid, or haven't you done that? If you just blocked all outbound connections, but didn't direct any traffic to Squid and just relied on the browser Proxy settings, then of course nothing besides browsers are going to work, because those are the only applications that actually have the proxy settings.

santanu.santanu · 07-03-2008, 11:48 PM

First I put in Squid ACL - POP related ports as safe ports. I also used IPTABLES like ....
iptables -A OUTPUT -p tcp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
iptables -A OUTPUT -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
iptables -A INPUT -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
.........is there any other way , I can write in IPTABLES rules to allow POP users.Any thing needs to add in Squid ?

Mr. C. · 07-04-2008, 01:07 AM

POP3 is TCP, not UDP.
Squid is an HTTP proxy; not POP3.
Why are you using dport=110 on OUTPUT? Destination port will be a high-level, random port, and sport will be 110.
Perhaps you want to only allow ESTABLISHED connections on OUTPUT.

http://www.cyberciti.biz/tips/linux-...l-request.html

santanu.santanu · 07-04-2008, 02:29 AM

Thanks..for above link.Can I use domain name instead of iP in iptables rule( -s abcd.com or -d abcd.com ).And most importantly , genereally in normal situation (no firewall and direct connect to the internet); in outlook / pop client I just type :->>>> Full Name :-> user ;; E-mail Id :-> user@abcd.com ;; Receiving/POP :-> mail.abcd.com ;; Sending/SMTP :-> mail.abcd.com....like this . In this case how I map client pop form XP systems with this .