[squid-users] Proxy hierarchy and FTP access

Grey wehategrey at gmail.com
Wed Feb 28 08:30:54 UTC 2018


Hi guys,
I'm setting up a new infrastructure for my web proxy and I'm having a
problem with FTP access to the internet; I'm running Squid 3.5 on Debian 9
machines by the way.

I used to have a single Squid machine talking freely to the internet from
inside the LAN, with clients connecting on port 3128 for HTTP request and 21
for FTP using FileZilla with "FTP proxy" options enabled.
The relevant part of my Squid configuration is the following, and everything
worked like a charm:

ftp_port 21
acl FTP proto FTP
acl siti_ftp dstdomain "/etc/squid/ftp_sites"
http_access allow FTP ftp_sites

Then for security purposes I've set up a second Squid machine, in our DMZ,
to act as a cache parent for the LAN machine, but now FTP only works through
a browser; I've tried enabling the ftp_port directive on the parent machine,
disabling it in the LAN one and a bunch of other stuff but nothing seems to
be working.
For reference, the parent grants access to the chil proxy thanks to this
setting:

acl child_proxy src 10.9.10.X/32
http_access allow child_proxy

At this point, I'd like to know if what I'm trying to do is possible at all,
beacuse I'm starting to think there's something major I've totally
overlooked.
Thanks a lot to anyone willing to help :)



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list