[squid-users] FTP direct allow

From: Robert Becskei <brobiwbe@dont-contact.us>
Date: Tue, 17 May 2005 18:13:56 +0200

Hello everyone,

 I'm trying to make ftp go directly without squid touching it...but failing
at it...

 acl FTP proto FTP
 always_direct allow FTP

I've left IE 6 at default (proxy is configured) but display ftp folderview
is checked...and passive is unchecked...

 and I still get errors when I wanna open ftp... using folder view in IE

 200: SWITCHING TO ASCII MODE
 500: ILLEGAL PORT COMMAND
 500: Unknown COMMAND

 my iptables is modifid like this to allow (hopefully) both active passive
ftp

iptables -A INPUT -i eth1 -p tcp --sport 21 -m state --state ESTABLISHED -j
ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 20 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 1024:65535 --dport 1024:65535 -m
state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth1 -p tcp --dport 21 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --dport 20 -m state --state ESTABLISHED -j
ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --sport 1024:65535 --dport 1024:65535 -m
state ESTABLISHED,RELATED -j ACCEPT

a simple drawing of how my clients access the internet

clients ---- PROXY SERVER --- Firewall

my ISP did it for the ftp dunno how but they use squid...transparent and ftp
works if I turn of my proxy server...

so I guess this is something I did wrong, could anyone give me a hint ? ( !=
firefox :) )

Sincerely
Robert B
Received on Tue May 17 2005 - 10:13:34 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT