I am a linux newbie, but have an understanding of networking concepts

I have an unusual setup at a client where there is an internet connection through a router, which is connected to a switch for the local area network.

All PCs (windows and a linux supposed "gateway") are connect to the switch.

The router only allows connection from the linux box (checks by IP).

The PCs(all running windows) share the same subnet mask as the router and the Linux "gateway"

The Linux Gateway has one network card. This is why I think there is this strange insecure setup.

The linux box is running Squid and users can browse well through HTTP.

The problem is that you cannot FTP from a user's PC to an FTP site outside location

I assumed this has to do with translating the network address or name resolution. I think this is the case because when I ping from the windows desktops, I get the error I thought maybe the DNS records were not being sent/shared with the desktops since people can access websites (HTTP)

I have gone through the net and have come accross making use of IP tables. They all seem to make use of 2 network cards and not the one I have in this setup.

Bear in mind that:

1) I didnt set it up and I dont have/ cannot influence a decision on what is best practice. i.e. I cannot make them purchase a second network card.

2) I am supposed to just teach them how to use FTP then move on. I can only point out the problem with the setup but we need to get this working

3) I do have administrative access, so at least I can work from there.


Thank-you for this good resource!

And "hi all!!!!", by the way

Yea make them spend the $30 on a new network card...

i would...
change your layout to be
<www> --- <Router> --- <Squid> --- <Switch> --- <Clients>
(assuming your switch is a dumb-switch)

you could start off trying if passive ftp connections fail also!

I wouldn't expect ping to work - external addresses (and external DNS) shouldn't be visible to the clients. And only having one network card on your proxy host is fine.

2 questions:

1) Are the FTP clients set up to use the proxy?
2) Is squid set up to allow FTP proxying?

Dave

thanks for replying

how do i test if passive ftp connections fail?

how do I configure them?

thanks for replying

To answer you,

1) I have setup the FTP clients to use the proxy.

2) How do I set up or check if squid allows FTP proxying?

OK. You should have something like:

acl Safe_ports port 21

in your squid.conf (the exact syntax will depend on the rest of the configuration, but it should be reasonably obvious what's going on). This allows connections out to port 21 (FTP).

Dave