[squid-users] allowing ftp access

From: Norman Noah <norman.noah@dont-contact.us>
Date: Mon, 28 May 2007 12:08:47 +0800

Good day to all readers,

I have a problem in my network before this i'm allowing ftp without
proxy but yahoo mesengger is using that port to connect. so we block
port 21 on our firewall. but the problem is at proxy server that we
block numericall ips using method CONNECT since skype is using that
method. skype have hundreds of ips.

how can i allow ftp to connect since after succesfully connect to the
ftp server the ftp client request ips to list file.

example like this
(ftp client log)
[R] PASV
[R] 227 Entering Passive Mode (203,223,150,153,130,243)
[R] Opening data connection via Proxy

this is my squid config (in order)
......
ftp_user user@domain.com
ftp_list_width 64
ftp_passive on
......
acl Safe_ports port 21 # ftp
acl CONNECT method CONNECT
acl FTP proto FTP
........
http_access allow FTP
http_reply_access allow FTP
.......
#skype
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
.....
# allow direct ftp
always_direct allow FTP
.....
http_access deny numeric_IPS
.......

we are using proxy 2.5 stable 11
Received on Sun May 27 2007 - 22:08:50 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT