Re: [squid-users] Re: FTP through squid from Eliezer Croitoru on 2012-05-03 (squid-users)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Thu, 03 May 2012 16:54:45 +0300

as it states in the error:
The requested URL could not be retrieved

it's not an acl problem.
means that you can access the ftp server.
the problem is something on a routing level.
can you ping the domain from the linux proxy server shell?

ping ftp.free.fr

Regards,
Eliezer

On 03/05/2012 16:48, Hugo Deprez wrote:
> Hello,
>
> no one have an idea on this issue ?
>
> Regards
>
>
>
> On 2 May 2012 11:55, Hugo Deprez<hugo.deprez_at_gmail.com> wrote:
>> Dear community,
>>
>> I am setting up a squid proxy but I am not able to allow access to ftp server.
>> I read many explanation on this but I'm a bit lost.
>>
>> So here is my conf :
>>
>>
>> acl SSL_ports port 443 20 21
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl CONNECT method CONNECT
>>
>> ####### IPOC ACL's
>> acl sub1 src 10.1.1.0/24
>> acl sub2 src 10.1.2.128/25
>> acl ftp proto FTP
>> http_access allow ftp
>> ###### Default access based on defined access lists
>> http_access allow manager localhost
>> http_access deny manager
>> # Deny requests to certain unsafe ports
>> http_access deny !Safe_ports
>> # Deny CONNECT to other than secure SSL ports
>> http_access deny CONNECT !SSL_ports
>> http_access allow sub1
>> http_access allow sub2
>> # Deny all
>> http_access deny all
>>
>> ###### Squid's port
>> http_port 3128
>>
>> ###### Default Squid
>>
>> hierarchy_stoplist cgi-bin ?
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>>
>> I can see the following log in the access.log :
>>
>> [02/May/2012:11:44:55 +0200] "GET ftp://ftp.free.fr/ HTTP/1.0" 504
>> 3190 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101
>> Firefox/12.0" TCP_MISS:DIRECT
>>
>> But I get a squid error message on firefox :
>> The requested URL could not be retrieved
>>
>> What am I missing here ?
>>
>> Regards,
>>
>> Hugo

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il

Received on Thu May 03 2012 - 13:54:52 MDT

This archive was generated by hypermail 2.2.0 : Thu May 03 2012 - 12:00:02 MDT