jnimo wrote:
hello, Im trying to enable ftp access in squid and is not working, here is my
squid conf:
http_port 10.10.10.215:3128
icp_port 0
tcp_outgoing_address 10.10.10.215
acl ALLHTTP url_regex ^http://
acl ALLFTP url_regex ^ftp://
The above are the less-efficient exact equivalents to:
acl ALLHTTP proto HTTP
acl ALLFTP proto FTP
no_cache deny ALLFTP
Why not? FTP has a higher % of cacheable content than HTTP.
cache_dir ufs /var/spool/squid/ 128 16 128
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
ftp_user squid@xxxxxxxx
ftp_passive on
request_header_max_size 100 KB
request_body_max_size 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 8443 5190 5050 6697 9999 5222 # 5222 is Jabber
for CD.
acl Safe_ports port 80 443 563 70 210 1025-65535
acl Safe_ports port 81 # for some reason some sites use 81 (logwatch.org)
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 554 # RTSP
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 6667 # IRC -
acl Safe_ports port 1935 # RTE
acl Safe_ports port 2381 # HP SIM -
acl Safe_ports port 5222 # Jabber -
acl Safe_ports port 11371 # PGP keyservers -
acl Safe_ports port 3000 # ASD access to usa server -
acl Safe_ports port 20 # FTP access
acl Safe_ports port 21 # FTP access
acl CONNECT method CONNECT
acl FTP proto FTP
acl ftp_port port 21
always_direct allow FTP
acl Network src 10.10.2.0/255.255.255.0
acl Backup_Network src 10.10.4.0/255.255.255.0
acl Wireless_Network src 10.10.100.0/255.255.255.0
acl Network_Test src 10.10.128.0/255.255.255.0
acl Network_Ext src 10.10.10.192/255.255.255.224
acl Network_Ext src 10.10.8.32/255.255.255.224
acl Admins src 10.10.2.132/255.255.255.255
acl Cache src 10.10.2.226/255.255.255.255
http_access allow ftp_port CONNECT
http_access allow FTP
http_reply_access allow all
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager IEDR_Cache
http_access deny manager
http_access allow Network
http_access allow Wireless_Network
http_access allow Backup_Network
http_access allow Network_Test
http_access allow Network_Ext
http_access deny all
icp_access allow Network
icp_access allow Wireless_Network
icp_access allow Backup_Network
icp_access allow Network_Test
icp_access allow Network_Ext
icp_access deny all
miss_access allow Network
miss_access allow Wireless_Network
miss_access allow Backup_Network
miss_access allow Network_Test
miss_access allow Network_Ext
miss_access deny all
cache_mgr admin@xxxxxxxx?subject=squid_problems
cache_effective_user squid
cache_effective_group squid
logfile_rotate 14
append_domain .test.com
cachemgr_passwd gavisheq all
coredump_dir /var/spool/squid/
from the squid machine, Im able to open a ftp connection without a problem,
I already tried without iptables and nothing works
I changed some values but the squid has in reality a real ip address, and
every time that I try to go to any ftp I get this:
1272554063.196 8693 10.10.10.194 TCP_MISS/502 1509 GET
ftp://anonymous@xxxxxxxxxxxxxx/ - DIRECT/209.132.183.61 text/html
I tried with ftp.redhat.com and ftp.samba.org and no joy, any ideas?
That log line shows the FTP server at 209.132.183.61 being contacted and
some error message came back. What did the 504 error page contain?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.1
