Re: [squid-users] squid ftp proxying clarification from Muthukumar on 2004-07-24 (squid-users)

From: Muthukumar <kmuthu_gct@dont-contact.us>
Date: Sat, 24 Jul 2004 20:26:44 +0530

> I Plan to swithch over to OpenBSD 3.5 Proxy and Firewall
> machine. So now I
> have OpenBSD 3.5 installed on a computer with Squid Proxy
> Installed on it. I
> also managed to get Squid configured and the LAN users can access the
> Websites on the Internet through it. There is no problem with
> http access
> and it is much faster I think.
>

Squid is used to cache the http requests not the ftp requests. We can use the ftp with http requests as a passive request.

> I am a bit confused about configuring the ftp proxy part of
> it. I got a bit
> confused from the documentation about transparent proxying and all.
>
> Could You please tell me what are the parameters I should
> change in the
> squid.conf and what values I should give them so that the
> users in the LAN
> can access the FTP sites as earlier?

Are you trying on squid-2.5.x versions, then
If you are firewall setting is not giving support for passive ftp requests, then use ftp_passive off
There are few more parameters with the keyword ftp.

> Is it possible to restrict users and specify which users can
> access which
> sites?

We can give the access based on users,domains, sites, etc using the acl and http_access for http requests.
There is two more applications avaialable as frox an wget for ftp proxying,

http://frox.sourceforge.net/
http://www.gnu.org/software/wget/

You can control the users to access the ftp requests using frox or wget based on Squid acl's type ( Refer TAG: external_acl_type )

> Note: The Squid Proxy is installed on an OpenBSD 3.5 computer
> with 2 NICs.
> One NIC has an Internet static IP address and is connected to an ADSL
> router. The other NIC has an Internal IP Address and is
> connected to the LAN
> switch.
>

Redirect all local users http or ftp requests to squid's internal IP address whose connection is with LAN switch. Forward all
redirected requests to squid through the ADSL router IP-Address connected IP.

> Could you also please refer me to some resource on the internet which
> explains what "transparent proxying" is and what "passive
> mode" and "active
> mode" is.

A transparant proxy basic details and linux implementation is available over here,
http://squid.visolve.com/squid/trans_caching.htm

See http://slacksite.com/other/ftp.html to know active vs passive mode ftp requests

> If I enable "packet filtering" in OpenBSD are there specific
> issues that I
> should be careful about while using "Squid Proxy"?

I am not known with OpenBSD*

Regards,
Muthukumar.

---
===============  It is a "Virus Free Mail" ===============
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004

Received on Sat Jul 24 2004 - 09:27:48 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT