Re: [squid-users] FTP not connected through Squid
Still not able to connect. Regards, Sarfraz - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 9:21 AM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 2:13 a.m., ***some text missing*** wrote: Hello Team, I am having error while connecting FTP from Filezilla behind the squid. My Scenario is my client is squid client trying to connect internet FTP on port 21 through FileZilla and from Webbrowser as well, but unable to access from both ways. I have monitored a specific IP in access.log but get no request from particular client. Error received on FileZilla is connection timed out Couldnot connect to Server How have you configured FileZilla to use Squid? Squid current releases only support receiving HTTP traffic. So you need specific configuration in both FileZilla and Squid for this to work. FileZilla: In the menu under Edit-Settings in the configuration UI box under Connection-FTP-Generic proxy selecting the entry HTTP/1.1 using CONNECT method then entering your Squid details. The site manager may also requires passive FTP to be used by the server. Adding to squid.conf this extra line: acl SSL_ports port 20 21 # FTP Amos
Re: [squid-users] IP Address routing through IP Tables
will you please assist to connect Filezilla FTP client behind the squid proxy. I am unable to connect. Regards, Sarfraz Aslam - Original Message - From: Eliezer Croitoru elie...@ngtech.co.il To: squid-users@squid-cache.org squid-users@squid-cache.org Cc: ***some text missing*** shoz...@yahoo.com Sent: Monday, March 17, 2014 9:28 PM Subject: Re: [squid-users] IP Address routing through IP Tables On 17/03/2014 17:53, ***some text missing*** wrote: I am online there with nick name Shozi what is yours? Elico. As I mentioned at the chat WPAD for forward proxy is the best but can be also defined in the browser manually. I was wondering if zentyal do provied WPAD option in their servers. Eliezer
Re: [squid-users] FTP not connected through Squid
On 18/03/2014 7:55 p.m., ***some text missing*** wrote: Still not able to connect. Regards, Sarfraz Strange both software have been working fine for me for months with that exact configuration. Amos
Re: [squid-users] FTP not connected through Squid
I am getting this error in access.log. 0 10.25.40.121 TCP_DENIED/407 1728 CONNECT 115.186.92.227:21 - NONE/- text/html [Host: 115.186.92.227:21\r\nUser-Agent: FileZilla\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid\r\nDate: Tue, 18 Mar 2014 07:06:00 GMT\r\nContent-Type: text/html\r\nContent-Length: 1320\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: Negotiate\r\nX-Cache: MISS from squidkhi1.mailserver.mcb.com.pk\r\nX-Cache-Lookup: NONE from squidkhi1.mailserver.mcb.com.pk:8080\r\nVia: 1.0 squidkhi1.mailserver.mcb.com.pk:8080 (squid)\r\nConnection: close\r\n\r] 1395126365.205 0 10.25.40.121 TCP_DENIED/407 1728 CONNECT 115.186.92.227:21 - NONE/- text/html [Host: 115.186.92.227:21\r\nUser-Agent: FileZilla\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid\r\nDate: Tue, 18 Mar 2014 07:06:05 GMT\r\nContent-Type: text/html\r\nContent-Length: 1320\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: Negotiate\r\nX-Cache: MISS from squidkhi1.mailserver.mcb.com.pk\r\nX-Cache-Lookup: NONE from squidkhi1.mailserver.mcb.com.pk:8080\r\nVia: 1.0 squidkhi1.mailserver.mcb.com.pk:8080 (squid)\r\nConnection: close\r\n\r] Sarfraz - Original Message - From: ***some text missing*** shoz...@yahoo.com To: Amos Jeffries squ...@treenet.co.nz; squid-users@squid-cache.org squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 11:55 AM Subject: Re: [squid-users] FTP not connected through Squid Still not able to connect. Regards, Sarfraz - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 9:21 AM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 2:13 a.m., ***some text missing*** wrote: Hello Team, I am having error while connecting FTP from Filezilla behind the squid. My Scenario is my client is squid client trying to connect internet FTP on port 21 through FileZilla and from Webbrowser as well, but unable to access from both ways. I have monitored a specific IP in access.log but get no request from particular client. Error received on FileZilla is connection timed out Couldnot connect to Server How have you configured FileZilla to use Squid? Squid current releases only support receiving HTTP traffic. So you need specific configuration in both FileZilla and Squid for this to work. FileZilla: In the menu under Edit-Settings in the configuration UI box under Connection-FTP-Generic proxy selecting the entry HTTP/1.1 using CONNECT method then entering your Squid details. The site manager may also requires passive FTP to be used by the server. Adding to squid.conf this extra line: acl SSL_ports port 20 21 # FTP Amos
Re: [squid-users] FTP not connected through Squid
On 18/03/2014 09:06, Amos Jeffries wrote: Strange both software have been working fine for me for months with that exact configuration. Amos for me too... it's another issue of settings or networking. Eliezer
Re: [squid-users] FTP not connected through Squid
On 18/03/2014 8:09 p.m., ***some text missing*** wrote: I am getting this error in access.log. HTTP/1.0 407 Proxy Authentication Required Proxy-Authenticate: Negotiate FileZilla does not support Kerberos authentication. http://trac.filezilla-project.org/ticket/8691 Amos
Re: [squid-users] FTP not connected through Squid
I am now able to connect to FTP site through filezilla by allowing FTP port with CONNECT method but unable to view directory listings. Filezilla Error; 150. Opening binary mode data connection. error. connection timed out access.log; 1395127370.117 20775 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:58682 - NONE/- - [Host: 115.186.92.227:58682\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] 1395127370.117 22121 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] Sarfraz - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: ***some text missing*** shoz...@yahoo.com; squid-users@squid-cache.org squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 12:06 PM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 7:55 p.m., ***some text missing*** wrote: Still not able to connect. Regards, Sarfraz Strange both software have been working fine for me for months with that exact configuration. Amos
[squid-users] FileSystem mount options and other parameters
AFAIK there is no complete guide for using FS types for squid . Historically i am using ReiserFS 3.6 on Ubuntu 12.10 64bit . Here is my /etc/fstab /dev/sda1 /cache1 reiserfs notail,noatime,nodiratime,data=writeback,barrier=none,async,commit=10 0 0 /dev/sdb1 /cache2 reiserfs notail,noatime,nodiratime,data=writeback,barrier=none,async,commit=10 0 0 /dev/sdc1 /cache3 reiserfs notail,noatime,nodiratime,data=writeback,barrier=none,async,commit=10 0 0 and root@cache:~# cat /sys/block/sd*/queue/scheduler noop [deadline] cfq And some references https://reiser4.wiki.kernel.org/index.php/Mount http://doc.opensuse.org/products/draft/SLES/SLES-tuning_sd_draft/cha.tuning.io.html sda id SSD and sdb,sdc are SCSI 19k RPM and i think they should not be same . Note :For people who are not aware , i suggest investigating on these configs because they are very important for performance tuning of cache server . Anybody has suggestions ? 2 more questions . 1 - Why squid does not going to implement its own FS ? even it may based on other filesystems . 2 - Why squid experts does not share their such configs and customizations on wiki ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/FileSystem-mount-options-and-other-parameters-tp4665275.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] FTP not connected through Squid
On 18/03/2014 9:01 p.m., ***some text missing*** wrote: We are using both kerberos and basic authentication mode. I am now able to connect to FTP site through filezilla by allowing FTP port with CONNECT method but unable to view directory listings. below are both errors. Filezilla Error; 150. Opening binary mode data connection. error. connection timed out access.log; 1395127370.117 20775 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:58682 - NONE/- - [Host: 115.186.92.227:58682\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] 1395127370.117 22121 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] Looks like port 20 (ftp-data) was not enough for you. If you can't convince FileZilla to use port 20, you may have to add this to squid.conf: acl SSL_ports port 1024-65535 # FTP data Amos
Re: [squid-users] FTP not connected through Squid
After adding lines in squid.conf as suggested. still unable to retrieve directory listing. access.log 1395132611.648 22122 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nUser-Agent: FileZilla\r\n] [ ] 1395132611.648 20766 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:59953 - NONE/- - [Host: 115.186.92.227:59953\r\nUser-Agent: FileZilla\r\n] []Sarfraz ASlam - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 1:37 PM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 9:01 p.m., ***some text missing*** wrote: We are using both kerberos and basic authentication mode. I am now able to connect to FTP site through filezilla by allowing FTP port with CONNECT method but unable to view directory listings. below are both errors. Filezilla Error; 150. Opening binary mode data connection. error. connection timed out access.log; 1395127370.117 20775 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:58682 - NONE/- - [Host: 115.186.92.227:58682\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] 1395127370.117 22121 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] Looks like port 20 (ftp-data) was not enough for you. If you can't convince FileZilla to use port 20, you may have to add this to squid.conf: acl SSL_ports port 1024-65535 # FTP data Amos
Re: [squid-users] FileSystem mount options and other parameters
On 18/03/2014 9:29 p.m., Omid Kosari wrote: AFAIK there is no complete guide for using FS types for squid . Historically i am using ReiserFS 3.6 on Ubuntu 12.10 64bit . Here is my /etc/fstab /dev/sda1 /cache1 reiserfs notail,noatime,nodiratime,data=writeback,barrier=none,async,commit=10 0 0 /dev/sdb1 /cache2 reiserfs notail,noatime,nodiratime,data=writeback,barrier=none,async,commit=10 0 0 /dev/sdc1 /cache3 reiserfs notail,noatime,nodiratime,data=writeback,barrier=none,async,commit=10 0 0 and root@cache:~# cat /sys/block/sd*/queue/scheduler noop [deadline] cfq And some references https://reiser4.wiki.kernel.org/index.php/Mount http://doc.opensuse.org/products/draft/SLES/SLES-tuning_sd_draft/cha.tuning.io.html sda id SSD and sdb,sdc are SCSI 19k RPM and i think they should not be same . Note :For people who are not aware , i suggest investigating on these configs because they are very important for performance tuning of cache server . Anybody has suggestions ? 2 more questions . 1 - Why squid does not going to implement its own FS ? even it may based on other filesystems . You mean caches like COSS and Rock ? COSS could work on a raw device (at least the 2.7 version could). Rock does not (yet) simply because none has sponsored the work to make it so. 2 - Why squid experts does not share their such configs and customizations on wiki ? Good Question. Instructions on getting access to edit the wiki.squid-cache.org is on the front page in a big highlighted box. Those of us in the dev team with knowledge have already added it, a few others too (http://wiki.squid-cache.org/BestOsForSquid). Amos
Re: [squid-users] FTP not connected through Squid
On 18/03/2014 9:55 p.m., ***some text missing*** wrote: After adding lines in squid.conf as suggested. still unable to retrieve directory listing. Well, I'm not seeing anything else that might be a clue. Except maybe the absence of auth header on the data CONNECT. Though the port 21 CONNECT this time omits one too. You did restart/reconfigure Squid right? Amos access.log 1395132611.648 22122 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nUser-Agent: FileZilla\r\n] [ ] 1395132611.648 20766 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:59953 - NONE/- - [Host: 115.186.92.227:59953\r\nUser-Agent: FileZilla\r\n] []Sarfraz ASlam - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 1:37 PM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 9:01 p.m., ***some text missing*** wrote: We are using both kerberos and basic authentication mode. I am now able to connect to FTP site through filezilla by allowing FTP port with CONNECT method but unable to view directory listings. below are both errors. Filezilla Error; 150. Opening binary mode data connection. error. connection timed out access.log; 1395127370.117 20775 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:58682 - NONE/- - [Host: 115.186.92.227:58682\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] 1395127370.117 22121 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] Looks like port 20 (ftp-data) was not enough for you. If you can't convince FileZilla to use port 20, you may have to add this to squid.conf: acl SSL_ports port 1024-65535 # FTP data Amos
Re: [squid-users] FTP not connected through Squid
Just need to confirm is IP TABLES also causing such type of problem ? Sarfraz - Original Message - From: ***some text missing*** shoz...@yahoo.com To: Amos Jeffries squ...@treenet.co.nz; squid-users@squid-cache.org squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 1:55 PM Subject: Re: [squid-users] FTP not connected through Squid After adding lines in squid.conf as suggested. still unable to retrieve directory listing. access.log 1395132611.648 22122 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nUser-Agent: FileZilla\r\n] [ ] 1395132611.648 20766 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:59953 - NONE/- - [Host: 115.186.92.227:59953\r\nUser-Agent: FileZilla\r\n] []Sarfraz ASlam - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 1:37 PM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 9:01 p.m., ***some text missing*** wrote: We are using both kerberos and basic authentication mode. I am now able to connect to FTP site through filezilla by allowing FTP port with CONNECT method but unable to view directory listings. below are both errors. Filezilla Error; 150. Opening binary mode data connection. error. connection timed out access.log; 1395127370.117 20775 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:58682 - NONE/- - [Host: 115.186.92.227:58682\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] 1395127370.117 22121 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] Looks like port 20 (ftp-data) was not enough for you. If you can't convince FileZilla to use port 20, you may have to add this to squid.conf: acl SSL_ports port 1024-65535 # FTP data Amos
Re: [squid-users] FTP not connected through Squid
yes I did. Sarfraz - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 2:14 PM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 9:55 p.m., ***some text missing*** wrote: After adding lines in squid.conf as suggested. still unable to retrieve directory listing. Well, I'm not seeing anything else that might be a clue. Except maybe the absence of auth header on the data CONNECT. Though the port 21 CONNECT this time omits one too. You did restart/reconfigure Squid right? Amos access.log 1395132611.648 22122 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nUser-Agent: FileZilla\r\n] [ ] 1395132611.648 20766 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:59953 - NONE/- - [Host: 115.186.92.227:59953\r\nUser-Agent: FileZilla\r\n] []Sarfraz ASlam - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 1:37 PM Subject: Re: [squid-users] FTP not connected through Squid On 18/03/2014 9:01 p.m., ***some text missing*** wrote: We are using both kerberos and basic authentication mode. I am now able to connect to FTP site through filezilla by allowing FTP port with CONNECT method but unable to view directory listings. below are both errors. Filezilla Error; 150. Opening binary mode data connection. error. connection timed out access.log; 1395127370.117 20775 10.25.40.121 TCP_MISS/000 0 CONNECT 115.186.92.227:58682 - NONE/- - [Host: 115.186.92.227:58682\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] 1395127370.117 22121 10.25.40.121 TCP_MISS/200 395 CONNECT 115.186.92.227:21 - DIRECT/115.186.92.227 - [Host: 115.186.92.227:21\r\nProxy-Authorization: Basic c2FyZnJhei5hc2xhbUBtY2IuY29tLnBrOlJSb290QEREb21haW4=\r\nUser-Agent: FileZilla\r\n] [] Looks like port 20 (ftp-data) was not enough for you. If you can't convince FileZilla to use port 20, you may have to add this to squid.conf: acl SSL_ports port 1024-65535 # FTP data Amos
[squid-users] Re: how i can replace website source code content !!
To be inserted in squid.conf: --- acl block dstdomain block.lst http_access deny block #Either deny_info BLOCKED block # Create file BLOCKED in squid error message directory, i.e. in #/usr/local/squid/share/errors/en #or #deny_info http://my.domain.com/my_block_page.html block #alternative, but it needs http-server - Edit file block.lst: .twitter.com .facebook.com However, it will still be possible to use https to access facebook etc. So you might consider to forbid https completely. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-i-can-replace-website-source-code-content-tp4665213p4665282.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: FileSystem mount options and other parameters
Thanks for reply . First part of post ignored ? any suggestion about my configs ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/FileSystem-mount-options-and-other-parameters-tp4665275p4665283.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: FileSystem mount options and other parameters
On 18/03/2014 10:53 p.m., Omid Kosari wrote: Thanks for reply . First part of post ignored ? any suggestion about my configs ? Not from me. All the bits I know of are already in there. Amos
[squid-users] separate channels for http and https to the same host
Hi Folks, I have done a good deal of googling and experimenting and I cannot yet make this work. What I am trying to do is as follows. Core server is core.example.com and has Apache running on both http and https ports. The webcache is on www.example.com (and also now ssl.example.com). The two ports on the corer server give different content. There is a bunch of general content on http that does not require authenticated access. There is a bunch of authenticated content on the https port. ie addresses on http://www.exmple.com/... will not be present on https://www.example.com/... and vice versa. The squid cache is operating as a webcache and is listening on both 80 and 443. But the usual result is that all requests to both 80 and 443 on the webcache go either to the core server's port 80 or 443. I cannot seem to make it send port 80 requests on to the core server's port 80 on the core machine and port 443 on the webcache to the core server's port 443. I have it working currently by adding ssl.example.com as a pure ssl address and www.example.com as a pure port 80 address. ie the squid proxy seems to use the hostname alone and does not take any notice of the port number. I'm sure this must be a relatively common layout, so am surprised I haven't seen anything about this online. Thanks in advance for your help Andy M -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/separate-channels-for-http-and-https-to-the-same-host-tp4665285.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] FTP not connected through Squid
lets start from 0 once again. You have filezilla as a client and some remote ftp server. You configure in squid to allow access from the client IP address. You point the client towards squid from a browser and try to browse some web site and only then try to use filezilla client. What is the resulst and steps for each and one of the steps? Take your time with it, it will help to understand the issue. Eliezer On 18/03/2014 11:17, ***some text missing*** wrote: Just need to confirm is IP TABLES also causing such type of problem ? Sarfraz
Re: [squid-users] FTP not connected through Squid
Yes it is good indeed. Details are below. * I have squid on Linux as a forward proxy with 2 NICs 1 connected with local LAN and 2nd with Internet * I configured squid as a forward proxy, not transparent proxy (users manually enter proxy address in there browser to access internet) * I have a requirement to allow access to remote FTP through File Zilla client by using squid proxy. * Now when my client user connect through file zilla by using squid proxy, he is getting error while listing directory, however when user trying to connect same FTP by using ISA firewall client, he is able to access. * I am getting below logs from access.log when Filezilla show error Failed to retrieve directory listing [root@squidkhi1 ~]# tail -f /var/logs/access.log | grep 10.1.40.11 1395158045.715 39655 10.1.40.11 TCP_MISS/000 0 CONNECT 115.186.92.227:65273 - NONE/- - [Host: 115.186.92.227:65273\r\nUser-Agent: FileZilla\r\n] []If any thing confusing you, please let me know.Sarfraz Aslam - Original Message - From: Eliezer Croitoru elie...@ngtech.co.il To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 7:35 PM Subject: Re: [squid-users] FTP not connected through Squid lets start from 0 once again. You have filezilla as a client and some remote ftp server. You configure in squid to allow access from the client IP address. You point the client towards squid from a browser and try to browse some web site and only then try to use filezilla client. What is the resulst and steps for each and one of the steps? Take your time with it, it will help to understand the issue. Eliezer On 18/03/2014 11:17, ***some text missing*** wrote: Just need to confirm is IP TABLES also causing such type of problem ? Sarfraz
Re: [squid-users] FTP not connected through Squid
Try to look at this: www.squid-cache.org/Doc/config/ftp_passive/ the defualt is on so try to change it to off and see what happens. There is a debug section that might help to understand it better but lets try this first. Eliezer On 18/03/2014 17:59, ***some text missing*** wrote: Yes it is good indeed. Details are below. * I have squid on Linux as a forward proxy with 2 NICs 1 connected with local LAN and 2nd with Internet * I configured squid as a forward proxy, not transparent proxy (users manually enter proxy address in there browser to access internet) * I have a requirement to allow access to remote FTP through File Zilla client by using squid proxy. * Now when my client user connect through file zilla by using squid proxy, he is getting error while listing directory, however when user trying to connect same FTP by using ISA firewall client, he is able to access. * I am getting below logs from access.log when Filezilla show error Failed to retrieve directory listing [root@squidkhi1 ~]# tail -f /var/logs/access.log | grep 10.1.40.11 1395158045.715 39655 10.1.40.11 TCP_MISS/000 0 CONNECT 115.186.92.227:65273 - NONE/- - [Host: 115.186.92.227:65273\r\nUser-Agent: FileZilla\r\n] []If any thing confusing you, please let me know.Sarfraz Aslam - Original Message - From: Eliezer Croitoru elie...@ngtech.co.il To: squid-users@squid-cache.org Cc: Sent: Tuesday, March 18, 2014 7:35 PM Subject: Re: [squid-users] FTP not connected through Squid lets start from 0 once again. You have filezilla as a client and some remote ftp server. You configure in squid to allow access from the client IP address. You point the client towards squid from a browser and try to browse some web site and only then try to use filezilla client. What is the resulst and steps for each and one of the steps? Take your time with it, it will help to understand the issue. Eliezer On 18/03/2014 11:17, ***some text missing*** wrote: Just need to confirm is IP TABLES also causing such type of problem ? Sarfraz
[squid-users] Re: separate channels for http and https to the same host
Sorry for answering my own post, but I have found the solution to this problem. So for the benefit of those that might also want to know... cache_peer core.example.com parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=ssl-www.example.com acl wwwssl-name_acl dstdomain www.example.com acl wwwssl-port_acl port 443 http_access allow wwwssl-name_acl wwwssl-port_acl cache_peer_access ssl-www.example.com allow wwwssl-name_acl wwwssl-port_acl cache_peer_access ssl-www.example.com deny all The trick is in the fact that if you supply two acls to a cache_peer_access or http_access command, then the two are logically ANDed. So in the above, the http_access and cache_peer_access both require the requested host to be www.example.com AND port 443. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/separate-channels-for-http-and-https-to-the-same-host-tp4665285p4665289.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] FTP not connected through Squid
Why not use separate ftp proxy? This is not directly related, but good read nevertheless: http://www.openbsd.org/faq/pf/ftp.html -- Marko Cupać
Re: [squid-users] FTP not connected through Squid
On 19/03/2014 5:42 a.m., Eliezer Croitoru wrote: Try to look at this: www.squid-cache.org/Doc/config/ftp_passive/ the defualt is on so try to change it to off and see what happens. There is a debug section that might help to understand it better but lets try this first. Note: only relevant for the browser-squid-FTP connection tests. Amos
Re: [squid-users] Re: separate channels for http and https to the same host
On 19/03/2014 6:28 a.m., admered1 wrote: Sorry for answering my own post, but I have found the solution to this problem. So for the benefit of those that might also want to know... cache_peer core.example.com parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=ssl-www.example.com acl wwwssl-name_acl dstdomain www.example.com acl wwwssl-port_acl port 443 http_access allow wwwssl-name_acl wwwssl-port_acl cache_peer_access ssl-www.example.com allow wwwssl-name_acl wwwssl-port_acl cache_peer_access ssl-www.example.com deny all The trick is in the fact that if you supply two acls to a cache_peer_access or http_access command, then the two are logically ANDed. So in the above, the http_access and cache_peer_access both require the requested host to be www.example.com AND port 443. For the record you can also use proto ACLs with value HTTP or HTTPS. And myportname ACLs with the http_port / https_port name label to identify the traffic. Amos
RE: [squid-users] Can't cache www.peelschools.org
I had upgraded squid to v3.4.4, but still can't access this site. Anyway , thanks you very much. Alfred. -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: 2014年3月18日星期二 13:43 To: squid-users@squid-cache.org Subject: Re: [squid-users] Can't cache www.peelschools.org On 18/03/2014 5:39 p.m., Alfred Ding wrote: Hi, Anyone had met this problem? Squid can't cache www.peelschools.org, but it can cache on MS ISA. My squid version is 3.1.19 on ubuntu 12.1 lts. Thanks much. The URL with no path is a 302 redirection with no cache control heade You will need to upgrade to a later version of Squid with better HTTP/1.1 caching compliance to store that one. Following the redirect the main page URL all have Cache-Control:private meaning This response only allows a private cache to store it. NP: Squid is designed to be used as a *shared* cache. The scripts on those pages all have serious errors in their Vary headers. Which is resulting in random reply being either uncompressed or gzip compressed when they should be the other way around. Some of the page items are also exploded by over 300% when compressed by gzip. Those scripts and other resources on the pages also all suffer from missing mandatory headers in responses to revalidation requests. So whats wrong you ask? Well, every object that might be cached is broken by one header or another. Combined with Squid-3.1 HTTP/1.1 compliance not being very high. I recommend trying a newer Squid version, 3.4.4 is out nowdays with about half again as much HTTP/1.1 capabilities over 3.1. That may help a bit, but I would not hold out much hope for caching that site until its server and/or ASP code is fixed. Amos