hi navneet, Squid is more http proxy than ftp. But still you will be able to get download. It is able to use GET but not put. Actually which i percieve thhat u r trying to do ftp at windows machine. If this is the case then please upgrade your explorer to IE6. Earlier versions of explorer have bug. Actually IE do not allow Passive Mode.
and you can also try in your squid.conf acl ftp_protocol proto FTP always_direct allow ftp_protocol In my case it works, hope that works for you also. Regards, Narender On 31 Jan 2005 15:48:30 -0000, Navneet Choudhary <[EMAIL PROTECTED]> wrote: > > Many many thanks to all of you for devoting you valuable by reading & > replying to my mail(query). > > Quick recaps and updates: > > 1.i am still using RedHat Linux 9 > > #uname -a > > Linux agni.leo.com 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 > GNU/Linux > > 2.Having: RTL8139 on board + RTL 8029 plugged in(external label is of SMC > ?). > > #lspci -v > > 3:06.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8029(AS) > > Subsystem: Standard Microsystems Corp [SMC] EZ-Card (SMC1208) > > Flags: medium devsel, IRQ 5 > > I/O ports at cc00 [size=32] > > Expansion ROM at ffffc000 [disabled] [size=16K] > > 03:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. > RTL-8139/8139C/8139C+ (rev 10) > > Subsystem: Unknown device 1849:8139 > > Flags: bus master, medium devsel, latency 32, IRQ 3 > > I/O ports at c800 [size=256] > > Memory at dfdfff00 (32-bit, non-prefetchable) [size=256] > > Capabilities: [50] Power Management version 2 > > NOTE: should I use different NIC , that use different modules ? > > 3. iptables v1.2.7a > > 4.Now I am port redirecting i.e http/80 >>squid-cache/3128 > > adding my current iptables rules > > 5.users can browse Internet, but can't able to access FTP sites? > > Please refer below for ftp error logs/X'fer log > > 6.What I am trying to : > > a.> This Linux system should act as gateway 9router) between my LAN & > WAN.[Working] > > b.> Act as proxy server trough Squid & url filtering by using SquidGuard. > [Working] > > c.> Act as firewall > > Allowed traffic http/https,POP3/SMTP,FTP & SonicMQ. > > Please help in configuring this system > > [EMAIL PROTECTED] root]# insmod ip_conntrack_ftp > Using /lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o > [root@ leo root]# lsmod > Module Size Used by Not tainted > ip_conntrack_ftp 5296 0 (unused) > autofs 13268 0 (autoclean) (unused) > iptable_filter 2412 0 (autoclean) (unused) > ne2k-pci 7232 1 > 8390 8508 0 [ne2k-pci] > 8139too 18088 1 > mii 3976 0 [8139too] > ipt_REDIRECT 1368 1 (autoclean) > iptable_nat 21720 1 (autoclean) [ipt_REDIRECT] > ip_conntrack 26976 2 (autoclean) [ip_conntrack_ftp ipt_REDIRECT > ipt > able_nat] > iptable_mangle 2776 0 (autoclean) (unused) > ip_tables 15096 6 [iptable_filter ipt_REDIRECT iptable_nat > iptab > le_mangle] > microcode 4668 0 (autoclean) > keybdev 2944 0 (unused) > mousedev 5492 0 (unused) > hid 22148 0 (unused) > input 5856 0 [keybdev mousedev hid] > usb-uhci 26348 0 (unused) > ehci-hcd 19976 0 (unused) > usbcore 78784 1 [hid usb-uhci ehci-hcd] > ext3 70784 1 > jbd 51892 1 [ext3] > > Please refer belows log file for details: > > ##########FTP LOG STARTS################## > > SYST > Not connected > Host type (I): Automatic detect > WINSOCK.DLL: WinSock 2.0 > WS_FTP32 4.04, Copyright © 1992-1996 Ipswitch, Inc. All rights reserved. > - - > connecting to X.X.X.X... > Connected to X.X.X.X port 21 > 220 ProFTPD 1.2.4 Server (ftpserver) [X.X.X.X] > USER crpovsat > 331 Password required for data > PASS xxxxxx > 230 User crpovsat logged in. > Host type (I): UNIX (standard) > PWD > 257 "/leo/ftp" is current directory. > PORT 192,168,0,234,11,12 > 500 Illegal PORT command. > DoDirList returned 0 > > #############IPTABLES RULES STARTS HERE##################################### > > # Generated by iptables-save v1.2.7a on Mon Jan 31 18:08:44 2005 > *filter > :INPUT ACCEPT [3142:390380] > :FORWARD ACCEPT [129:8201] > :OUTPUT ACCEPT [2368:283021] > COMMIT > # Completed on Mon Jan 31 18:08:44 2005 > # Generated by iptables-save v1.2.7a on Mon Jan 31 18:08:44 2005 > *nat > :PREROUTING ACCEPT [42124:6973903] > :POSTROUTING ACCEPT [3981:238915] > :OUTPUT ACCEPT [3981:238915] > -A PREROUTING -s 192.168.0.0/255.255.0.0 -i eth0 -p tcp -m tcp --dport 80 -j > REDIRECT --to-ports 3128 > -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j SNAT --to-source > 172.21.0.132 > COMMIT > # Completed on Mon Jan 31 18:08:44 2005 > # Generated by iptables-save v1.2.7a on Mon Jan 31 18:08:44 2005 > *mangle > :PREROUTING ACCEPT [91110:21827250] > :INPUT ACCEPT [85740:19815355] > :FORWARD ACCEPT [5288:2008168] > :OUTPUT ACCEPT [66867:17702084] > :POSTROUTING ACCEPT [72155:19710252] > COMMIT > # Completed on Mon Jan 31 18:08:44 2005 > > On Sat, 22 Jan 2005 Sandip Bhattacharya wrote : > >On Sat, 2005-01-22 at 08:07 +0000, Navneet Choudhary wrote: > > > > > for reference purpose i am sending current iptables rules. > > > > > > tried traceroute > > > > > > #iptable-save >current_rule > > > > > > # Generated by iptables-save v1.2.9 on Sat Jan 22 12:00:34 2005 > > > *nat > > > :PREROUTING ACCEPT [3126:541380] > > > :POSTROUTING ACCEPT [199:22737] > > > :OUTPUT ACCEPT [97:16472] > > > COMMIT > > > >Where is the NAT rule here that you just showed? > > > >- Sandip > > > > > >-- > >Sandip Bhattacharya * Puroga Technologies * [EMAIL PROTECTED] > >Work: http://www.puroga.com * Home/Blog: http://www.sandipb.net/blog > > > >PGP/GPG Signature: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3 > > > > > > _______________________________________________ > ilugd mailinglist -- ilugd@lists.linux-delhi.org > http://frodo.hserus.net/mailman/listinfo/ilugd > Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi > http://www.mail-archive.com/ilugd@lists.linux-delhi.org/ > _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
