+ Responder ao Tópico



  1. #1

    Padrão FTP no Proxy

    Boa tarde,


    Estou com o utilizando o Squid com Dansguardian para controle de conteúdo dos usuários da minha rede, porém o proxy está fazendo apenas conexões por HTTP. Quando vamos baixar de endereços que começam por FTP://, não exibe a página ou faz download de arquivos com 0 kb.

    O proxy é transparente, mas se eu colocar as configurações de proxy no navegador, aí então faz download de url com FTP://. Existe uma regra no meu iptables que redireciona todo o tráfego da porta 21 para a porta 8080 (Dansguardian/Squid).

    O que fazer para todo o FTP passar automáticamente pelo meu proxy?

  2. #2



  3. #3

    Padrão

    Verifica se o acl safe_ports pro ftp existe, e tenta usar essa linha aqui ó:

    ftp_user [email protected]

  4. #4

    Padrão

    Meu Squid.conf

    #############################
    ### Administracao ###
    #############################

    visible_hostname infracache
    coredump_dir /var/cache/squid
    http_port 3128 transparent
    cache_mgr [email protected]
    request_body_max_size 45 MB
    request_header_max_size 10000 KB
    ie_refresh on
    cache_mem 100 MB
    cache_dir ufs /var/cache/squid 300 32 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log

    ##############################
    ###### ACL ######
    ##############################

    acl all src 0.0.0.0/0.0.0.0
    acl lan src 192.168.1.0/255.255.255.0
    acl abre_porta port 80 8080 21 22 443
    acl bloq_conteudo urlpath_regex \.torrent$
    acl sites_bloqueados dstdomain -i "/etc/squid/acl/sites_bloqueados"
    acl FTP proto FTP
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT

    ###############################
    ### Aplica as ACLs ###
    ###############################

    ###############################

    http_access deny !Safe_ports
    http_access allow abre_porta
    http_access allow lan
    http_access deny bloq_conteudo
    http_access deny sites_bloqueados
    http_access deny all
    # allow direct ftp, all other redirect to parent
    always_direct allow FTP



  5. #5

    Padrão

    Na parte de "Aplica ACL´s" adicionei a linha:
    ftp_user [email protected]

    Não resolveu ...

  6. #6

    Padrão

    Depois de ler alguns fóruns, mudei meu squid.conf para:

    #############################
    ### Administracao ###
    #############################

    visible_hostname infracache
    coredump_dir /var/cache/squid
    http_port 3128 transparent
    cache_mgr [email protected]
    request_body_max_size 45 MB
    request_header_max_size 10000 KB
    ie_refresh on
    cache_mem 100 MB
    cache_dir ufs /var/cache/squid 300 32 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log

    # Parametros de FTP

    ftp_user [email protected]
    ftp_list_width 32
    ftp_passive on
    ftp_sanitycheck on
    ftp_telnet_protocol on


    ##############################
    ###### ACL ######
    ##############################

    acl all src 0.0.0.0/0.0.0.0
    acl lan src 192.168.1.0/255.255.255.0
    acl abre_porta port 80 8080 22
    acl bloq_conteudo urlpath_regex \.torrent$
    acl sites_bloqueados dstdomain -i "/etc/squid/acl/sites_bloqueados"
    acl FTP proto FTP
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT

    ###############################
    ### Aplica as ACLs ###
    ###############################

    http_access deny !Safe_ports
    http_access allow abre_porta
    http_access allow lan
    http_access deny bloq_conteudo
    http_access deny sites_bloqueados
    # http_access deny all
    # always_direct ftp, all other redirect to parent
    always_direct allow FTP
    ftp_user [email protected]

    Até agora nada.
    Última edição por brunosimoes; 01-02-2010 às 14:47.



  7. #7

    Padrão

    Resolvi no fim das contas dando bypass no proxy.
    Não é o ideal, algem sabe como faço pra deixar funcionando?