On 17/01/11 10:42, Shawn wrote:
yes squid is running on my firewall which is debian lenny
here is the rule for the web based traffic
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport
--dports 80,21,443 -j ACCEPT
here is the other rules
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,21,443 -j DNAT --to-destination 10.2.2.4:23654
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,21,443 -j DNAT --to-destination 10.2.2.3:56754
Ah, Squid is an HTTP proxy. It cannot intercept port 21 or 443.
For port 21 you need one of the following:
* browsers configured to pass the proxy FTP URLs inside HTTP requests.
* a dedicated FTP proxy, frox is the one I recommend to people.
For port 443 you simply can't intercept it. The browser *has* to be
configured to know about the proxy. Clients will get connection security
rejections otherwise.
What you need to do is setup WPAD/PAC on your network. This is also
called "transparent proxy" or browser auto-configuration. It will set
the client browsers to work properly with the proxy without having to
manually configure them all.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
