Re: Socks and lsocks question

Alberto de Poo Bas <adepoo@tamnet.com.mx> writes:
> I have configured my browser to http and ftp proxy the squid.machine.mx
> port 3128 (no socks)

The correct configuration to make the browser send all requests to the
squid machine, assuming they're on the same network, is to enter the
squid machine's hostname and port 3128 for all four of HTTP, FTP, Gopher,
and secure connections. The socks information should be left blank.
This works on current Netscape and MSIE. The latter even lets you enter
the squid information only once and click a button to make the other
three the same.

> I configure squid machine to check for .EXE and .ZIP files in a parent
> proxy wingate.machine.mx, and here is the problem, I can't put http and
> ftp proxy in the same port, because wingate use different protocol for
> this two types of connection, so only http objects can be called in
> wingate, if I want ftp objects from Wingate, I have to use socks.

Hmm? You're trying to go to the wingate machine to fetch EXE and ZIP
files only?

The FTP protocol is yet another different protocol, unlike the HTTP and
socks protocols I described in my previous message. FTP opens one control
channel to make requests, and then a data connection for each file transfer,
with the latter often opened by the server connecting back to the client
depending on the version of the protocol you're using. I tried to determine
exactly what the rules for FTP were once, but concluded that I was in a
twisty maze of RFC's all alike, and gave up.

The assumption made by Squid and most other caching proxies is that FTP
requests (from the browser, or to neighbour proxies) will be made to look
like HTTP requests, by doing an HTTP request with an URL that begins with
"ftp://". When Squid goes to fetch an FTP object from its ultimate
source it'll use its ftpget subprocess to speak the FTP protocol.

If the wingate will accept "ftp://" requests on its HTTP port then it'll
work with Squid, and Squid needs to know only the HTTP port. There's no
way to tell Squid to direct only HTTP and not FTP requests to a given
neighbour, or to tell Squid to use the FTP protocol to fetch objects from
another cache, as opposed to their ultimate source. If perhaps wingate
understands ICP it could be set up as a sibling proxy, so that a refusal
of an FTP URL would cause a socksified Squid to request the object
directly. Unfortunately (or perhaps fortunately for me, judging from
what you seem to be saying wingate won't do) I've never had to deal with
wingate myself so I don't have any manuals or experience with it.

> So, if I compile squid with socks, then squid can talk with wingate with
> socks and get ftp files from wingate, right?.

I believe so, if wingate also acts as a socks proxy.

> But here goes my question
> again, do I have to put in my browser to use socks for connecting to
> squid, or no?

Only if the squid proxy isn't on the same network as the browser. If the
browser can connect directly to the squid machine's IP number, then socks
is not needed in the browser.

-- 
Anthony DeBoer <adb@geac.com>                    #include <std.disclaimer>