LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Desktops behind Linux getway cannot FTP and resolve names (squid works) (https://www.linuxquestions.org/questions/linux-newbie-8/desktops-behind-linux-getway-cannot-ftp-and-resolve-names-squid-works-644829/)

tincs 05-26-2008 07:24 AM
Desktops behind Linux getway cannot FTP and resolve names (squid works)
 
I am a linux newbie, but have an understanding of networking concepts

I have an unusual setup at a client where there is an internet connection through a router, which is connected to a switch for the local area network.

All PCs (windows and a linux supposed "gateway") are connect to the switch.

The router only allows connection from the linux box (checks by IP).

The PCs(all running windows) share the same subnet mask as the router and the Linux "gateway"

The Linux Gateway has one network card. This is why I think there is this strange insecure setup.

The linux box is running Squid and users can browse well through HTTP.

The problem is that you cannot FTP from a user's PC to an FTP site outside location

I assumed this has to do with translating the network address or name resolution. I think this is the case because when I ping from the windows desktops, I get the error
Quote:
Ping request could not find hostname.com. Please check the host name and try again :
I thought maybe the DNS records were not being sent/shared with the desktops since people can access websites (HTTP)

I have gone through the net and have come accross making use of IP tables. They all seem to make use of 2 network cards and not the one I have in this setup.

Bear in mind that:

1) I didnt set it up and I dont have/ cannot influence a decision on what is best practice. i.e. I cannot make them purchase a second network card.

2) I am supposed to just teach them how to use FTP then move on. I can only point out the problem with the setup but we need to get this working

3) I do have administrative access, so at least I can work from there.


Thank-you for this good resource!

And "hi all!!!!", by the way

watcher69b 05-26-2008 08:13 AM
Yea make them spend the $30 on a new network card...

i would...
change your layout to be
<www> --- <Router> --- <Squid> --- <Switch> --- <Clients>
(assuming your switch is a dumb-switch)

Nathanael 05-26-2008 08:51 AM
you could start off trying if passive ftp connections fail also!

ilikejam 05-26-2008 08:54 AM
I wouldn't expect ping to work - external addresses (and external DNS) shouldn't be visible to the clients. And only having one network card on your proxy host is fine.

2 questions:

1) Are the FTP clients set up to use the proxy?
2) Is squid set up to allow FTP proxying?

Dave

tincs 05-26-2008 09:48 AM
Quote:
Originally Posted by Nathanael (Post 3164966)
you could start off trying if passive ftp connections fail also!
thanks for replying

how do i test if passive ftp connections fail?

how do I configure them?

tincs 05-26-2008 09:55 AM
Quote:
Originally Posted by ilikejam (Post 3164970)
I wouldn't expect ping to work - external addresses (and external DNS) shouldn't be visible to the clients. And only having one network card on your proxy host is fine.

2 questions:

1) Are the FTP clients set up to use the proxy?
2) Is squid set up to allow FTP proxying?

Dave
thanks for replying

To answer you,

1) I have setup the FTP clients to use the proxy.

2) How do I set up or check if squid allows FTP proxying?

ilikejam 05-26-2008 10:06 AM
OK. You should have something like:

acl Safe_ports port 21

in your squid.conf (the exact syntax will depend on the rest of the configuration, but it should be reasonably obvious what's going on). This allows connections out to port 21 (FTP).

Dave


All times are GMT -5. The time now is 05:29 AM.