- FTP no Proxy
+ Responder ao Tópico
-
FTP no Proxy
Boa tarde,
Estou com o utilizando o Squid com Dansguardian para controle de conteúdo dos usuários da minha rede, porém o proxy está fazendo apenas conexões por HTTP. Quando vamos baixar de endereços que começam por FTP://, não exibe a página ou faz download de arquivos com 0 kb.
O proxy é transparente, mas se eu colocar as configurações de proxy no navegador, aí então faz download de url com FTP://. Existe uma regra no meu iptables que redireciona todo o tráfego da porta 21 para a porta 8080 (Dansguardian/Squid).
O que fazer para todo o FTP passar automáticamente pelo meu proxy?
-
-
Verifica se o acl safe_ports pro ftp existe, e tenta usar essa linha aqui ó:
ftp_user [email protected]
-
Meu Squid.conf
#############################
### Administracao ###
#############################
visible_hostname infracache
coredump_dir /var/cache/squid
http_port 3128 transparent
cache_mgr [email protected]
request_body_max_size 45 MB
request_header_max_size 10000 KB
ie_refresh on
cache_mem 100 MB
cache_dir ufs /var/cache/squid 300 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
##############################
###### ACL ######
##############################
acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.1.0/255.255.255.0
acl abre_porta port 80 8080 21 22 443
acl bloq_conteudo urlpath_regex \.torrent$
acl sites_bloqueados dstdomain -i "/etc/squid/acl/sites_bloqueados"
acl FTP proto FTP
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
###############################
### Aplica as ACLs ###
###############################
###############################
http_access deny !Safe_ports
http_access allow abre_porta
http_access allow lan
http_access deny bloq_conteudo
http_access deny sites_bloqueados
http_access deny all
# allow direct ftp, all other redirect to parent
always_direct allow FTP
-
Na parte de "Aplica ACL´s" adicionei a linha:
ftp_user [email protected]
Não resolveu ...
-
Depois de ler alguns fóruns, mudei meu squid.conf para:
#############################
### Administracao ###
#############################
visible_hostname infracache
coredump_dir /var/cache/squid
http_port 3128 transparent
cache_mgr [email protected]
request_body_max_size 45 MB
request_header_max_size 10000 KB
ie_refresh on
cache_mem 100 MB
cache_dir ufs /var/cache/squid 300 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
# Parametros de FTP
ftp_user [email protected]
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
##############################
###### ACL ######
##############################
acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.1.0/255.255.255.0
acl abre_porta port 80 8080 22
acl bloq_conteudo urlpath_regex \.torrent$
acl sites_bloqueados dstdomain -i "/etc/squid/acl/sites_bloqueados"
acl FTP proto FTP
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
###############################
### Aplica as ACLs ###
###############################
http_access deny !Safe_ports
http_access allow abre_porta
http_access allow lan
http_access deny bloq_conteudo
http_access deny sites_bloqueados
# http_access deny all
# always_direct ftp, all other redirect to parent
always_direct allow FTP
ftp_user [email protected]
Até agora nada.
Última edição por brunosimoes; 01-02-2010 às 14:47.
-
Resolvi no fim das contas dando bypass no proxy.
Não é o ideal, algem sabe como faço pra deixar funcionando?