On 17/01/11 10:42, Shawn wrote:
> yes squid is running on my firewall which is debian lenny
>
>
> here is the rule for the web based traffic
>
> -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport
> --dports 80,21,443 -j ACCEPT
>
>
> here is the other rules
>
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,21,443 -j DNAT --to-destination 10.2.2.4:23654
> -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,21,443 -j DNAT --to-destination 10.2.2.3:56754
Ah, Squid is an HTTP proxy. It cannot intercept port 21 or 443.
For port 21 you need one of the following:
* browsers configured to pass the proxy FTP URLs inside HTTP requests.
* a dedicated FTP proxy, frox is the one I recommend to people.
For port 443 you simply can't intercept it. The browser *has* to be
configured to know about the proxy. Clients will get connection security
rejections otherwise.
What you need to do is setup WPAD/PAC on your network. This is also
called "transparent proxy" or browser auto-configuration. It will set
the client browsers to work properly with the proxy without having to
manually configure them all.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Sun Jan 16 2011 - 22:34:45 MST
This archive was generated by hypermail 2.2.0 : Mon Jan 17 2011 - 12:00:03 MST