allowing ftp access

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

allowing ftp access

Norman Noah
Good day to all readers,

I have a problem in my network before this i'm allowing ftp without
proxy but yahoo mesengger is using that port to connect. so we block
port 21 on our firewall. but the problem is at proxy server that we
block numericall ips using method CONNECT since skype is using that
method. skype have hundreds of ips.

how can i allow ftp to connect since after succesfully connect to the
ftp server the ftp client request ips to list file.

example like this
(ftp client log)
[R] PASV
[R] 227 Entering Passive Mode (203,223,150,153,130,243)
[R] Opening data connection via Proxy

this is my squid config (in order)
......
ftp_user [hidden email]
ftp_list_width 64
ftp_passive on
......
acl Safe_ports port 21  # ftp
acl CONNECT method CONNECT
acl FTP proto FTP
........
http_access allow FTP
http_reply_access allow FTP
.......
#skype
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
.....
# allow direct ftp
always_direct allow FTP
.....
http_access deny numeric_IPS
.......

we are using proxy 2.5 stable 11
Reply | Threaded
Open this post in threaded view
|

Re: allowing ftp access

Henrik Nordström
mån 2007-05-28 klockan 12:08 +0800 skrev Norman Noah:

> I have a problem in my network before this i'm allowing ftp without
> proxy but yahoo mesengger is using that port to connect. so we block
> port 21 on our firewall. but the problem is at proxy server that we
> block numericall ips using method CONNECT since skype is using that
> method. skype have hundreds of ips.

CONNECT is not meant to be used for ftp. Better use the ftp:// support
in Squid, as used if you try FTP using a browser configured to use the
proxy...

Regards
Henrik

signature.asc (316 bytes) Download Attachment