Re: Problem with FTP II

From: Thomas Knauer <>
Date: Wed, 3 Jul 1996 14:15:44 +0200 (MET DST)

God dag Henrik,

> I am not sure if I understand your setup fully, but here are
> what I think you have, and want to do...
> You are inside a firewall. Does this firewall forward traffic?

The machine squid is running on forwards traffic - http, ftp, gopher etc.

> if it does, then you do not need to use inside_firewall. inside_firewall
> forces Squid to use a parent for all requests outside the firewall
> (it is not possible to override this) and should be used only when
> you can't (or is not allowed to) contact other sites directly if
> outside your firewall.

That was the mistake (I thought). I played a bit with this option.
If I use #inside_firewall then it SEEMS to work,

Now, both ftp AND http are fetched directly from the destination
hosts. :-(((

> You have one parent which does not accept FTP proxy requests. Here you
> should use the cache_host_acl (I forgot about this tag in my earlier answ=
> er)
> to tell Squid to not use that parent for FTP requests.

Right, I did:

acl ftp_access proto ftp
cache_host_acl !ftp_access

Then the nice "double-check-config" message appears again, the host
is outside of my firewall.

> If you are in the "messy" situation that your firewall does not forward
> HTTP traffic from/to your Squid host but forwards FTP and other protocols=
> ,
> then you have no choice other than to manually hack the Squid source to
> disable the inside_firewall check for ftp requests.

Well, I'm not in the "messy" situation, but it seems I've to hack
the code anyway. :-)

Thanks for your help !!!


 Thomas Knauer                                CUBENet  Multiline  BBS  Munich
 FIDO 2:2480/66        TKnauer @ IRC          +49 89 1498811       (36 Lines)
 {tknauer|postmaster|sysop}           45 8900 20443           (X.25)
 WWW:          +49 89 143 1643-1/2 (ISDN/X.75)
                                      "Bed 'em, but don't wed 'em" - Al Bundy
Received on Wed Jul 03 1996 - 05:17:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:34 MST