Hi, > I'm setting up a new infrastructure for my web proxy and I'm having a > problem with FTP access to the internet; I'm running Squid 3.5 on Debian 9 > machines by the way. > > I used to have a single Squid machine talking freely to the internet from > inside the LAN, with clients connecting on port 3128 for HTTP request and 21 > for FTP using FileZilla with "FTP proxy" options enabled. > The relevant part of my Squid configuration is the following, and everything > worked like a charm: > > ftp_port 21 > acl FTP proto FTP > acl siti_ftp dstdomain "/etc/squid/ftp_sites" > http_access allow FTP ftp_sites > > Then for security purposes I've set up a second Squid machine, in our DMZ, > to act as a cache parent for the LAN machine, but now FTP only works > through > a browser; I've tried enabling the ftp_port directive on the parent machine, > disabling it in the LAN one and a bunch of other stuff but nothing seems to > be working. This is exactly my setup right there and I came with the same question to this mailing list. Sadly, the is no support for an explicit FTP-forwarding proxy at the moment and no development to implement this as far as I know. > For reference, the parent grants access to the chil proxy thanks to this > setting: > acl child_proxy src 10.9.10.X/32 > http_access allow child_proxy This is for HTTP-Pakets only. When using FTP via the browser you are actually using ftp over http, which uses the 3128 port on your client-side proxy. When using a FTP client with a FTP proxy you are connecting via native FTP, which does not use the cache_peer settings (as those only support HTTP messages) I'm guessing you use to access the parent proxy. See http://squid-web-proxy-cache.1019090.n4.nabble.com/FTP-proxy-chain-with-native-ftp-td4684366.html for the suggested workarounds from my thread. Kind regards, Jascha > Erleben Sie Industrie 4.0 konkret – auf der HANNOVER MESSE. Vom 23. bis 27. April 2018. www.fujitsu.com/de/microsite/hmi/register/index.html?utm_source=Email&utm_medium=Signature%20EMail&utm_campaign=HANNOVER%20MESSE%20DE&utm_term=&utm_content=Ticket-anfordern -----Ursprüngliche Nachricht----- > Von: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Im > Auftrag von Grey > Gesendet: Mittwoch, 28. Februar 2018 09:31 > An: squid-users@xxxxxxxxxxxxxxxxxxxxx > Betreff: Proxy hierarchy and FTP access > > Hi guys, > > > At this point, I'd like to know if what I'm trying to do is possible at all, > beacuse I'm starting to think there's something major I've totally > overlooked. > Thanks a lot to anyone willing to help :) > > > > -- > Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid- > Users-f1019091.html > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
