Re: [SQU] squid to bypass ftp block

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 27 Jan 2001 00:05:41 +0100

http_access allow all is a bad thing. Usually it should read like

acl mynetworks src 192.168.1.0/24
http_access allow mynetworks
(assuming your internal network is 192.168.1.0/24)

Regarding the FTP problem. If you have problem reaching some FTP sites
then the problems are most likely caused by either
  * inproper firewalling of ident requests. Many FTP servers expect the
machine to respond on the ident port (113), either with ident or "TCP
Reset".
  * Non-working reverse lookups of the external IP of the proxy.

--
Henrik Nordstrom
Squid hacker
Mike Egglestone wrote:
> 
> Hi..
> Question about a user FTP ing through the proxy....
> 
> I have a basic default install of squid
> I put an FTP block using IP chains....
> I figured that because the proxy was set in the browser...
> I could use FTP...
> however.. it still gets blocked....sort of...
> I noticed most FTP sites were unreadable... but others were ok
> anyway...
> Can someone point to the right area of the squid.conf to help me out...?
> I noticed I had to enable the "http_access allow all" to get surfing
> going....
> but is there something similar for FTP...
> or.. if ipchains blocks ftp... then the user is out of luck?
> 
> thanks
> Mike
> 
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Jan 26 2001 - 16:39:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:36 MST