LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-25-2009, 05:45 AM   #1
ajayan
Member
 
Registered: Dec 2007
Posts: 89

Rep: Reputation: 16
Ftp Connection through squid


Hi All
I am facing some problem with establishing ftp connection through my squid.My OS is Centos 5.2 and i have 2 lan cards.eth0 holds local and eth1 holds Public.I have enabled ipforwading in sysctl.conf.i have entered only masquerading rule for testing.The problem is i can upload to my remote ftp sites from this proxy machine.But not from my local machines.I am using Filezilla and WS_FTp as ftp client tools.I have properly given proxy ip and port int Proxy Settings.When i checked my squid access.log the messages are

1245872884.770 25 91.0.0.77 TCP_DENIED/403 1414 CONNECT 69.16.113.125:21 - NONE/- text/html

And Filezilla showing this error
Status: Connection with proxy established, performing handshake...
Response: Proxy reply: HTTP/1.0 403 Forbidden

My squid.conf is posted here


#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl ftp proto FTP


#acl our_networks src 192.168.1.0/24 192.168.2.0/24
acl exam src 91.0.0.0/24
http_access allow exam
http_access allow ftp
always_direct allow ftp
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all


These are the modules loaded via modeprobe


[root@proxy ~]# lsmod | grep ftp
ip_nat_ftp 7361 0
ip_conntrack_ftp 11697 1 ip_nat_ftp
ip_nat 20973 3 ip_nat_ftp,ipt_MASQUERADE,iptable_nat
ip_conntrack 53025 6 ip_nat_ftp,ip_conntrack_ftp,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat

# /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp ip_nat_ftp"

Iptable Rule

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

Other things are Working fine ie,http,https etc.How can i solve this problem

Any Help will be appreciated.
 
Old 06-26-2009, 03:01 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
What happens if you make these two additions?
Code:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl ftp proto FTP
acl ftp_port port 21

#acl our_networks src 192.168.1.0/24 192.168.2.0/24
acl exam src 91.0.0.0/24
http_access allow exam
http_access allow ftp_port CONNECT
http_access allow ftp
always_direct allow ftp
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
Remember to restart Squid in order for changes made to squid.conf to take effect.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Recoonect ftp without exiting ftp connection ! shipon_97 Linux - Newbie 1 05-05-2009 06:58 AM
Squid + FTP james321 Linux - Server 1 10-28-2008 10:09 AM
Access authenticating FTP sites using FTP Clients on XP clients via SQUID munirg2003 Linux - Networking 2 06-12-2007 11:58 PM
Squid And Ftp jvalas Linux - Networking 2 11-26-2005 06:44 AM
squid - ftp = connection failed apara197 Linux - Networking 1 11-14-2005 08:18 AM


All times are GMT -5. The time now is 05:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration