FTP no Proxy

[brunosimoes]

Boa tarde,


Estou com o utilizando o Squid com Dansguardian para controle de conteúdo dos usuários da minha rede, porém o proxy está fazendo apenas conexões por HTTP. Quando vamos baixar de endereços que começam por FTP://, não exibe a página ou faz download de arquivos com 0 kb.

O proxy é transparente, mas se eu colocar as configurações de proxy no navegador, aí então faz download de url com FTP://. Existe uma regra no meu iptables que redireciona todo o tráfego da porta 21 para a porta 8080 (Dansguardian/Squid).

O que fazer para todo o FTP passar automáticamente pelo meu proxy?

[brunosimoes]

Hoje fui tentar baixar drivers da HP no seguintes endereços:

HP LaserJet 1010 Printer series - Fazer o download de drivers e software - HP Centro de Suporte Empresarial

HP LaserJet 1010 Printer series - Fazer o download de drivers e software - HP Centro de Suporte Empresarial

Chega um arquivo vazio, ou nem chega a baixar. Como posso corrigir isso?

[timidboy]

Verifica se o acl safe_ports pro ftp existe, e tenta usar essa linha aqui ó:

ftp_user [email protected]

[brunosimoes]

Meu Squid.conf

#############################
### Administracao ###
#############################

visible_hostname infracache
coredump_dir /var/cache/squid
http_port 3128 transparent
cache_mgr [email protected]
request_body_max_size 45 MB
request_header_max_size 10000 KB
ie_refresh on
cache_mem 100 MB
cache_dir ufs /var/cache/squid 300 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

##############################
###### ACL ######
##############################

acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.1.0/255.255.255.0
acl abre_porta port 80 8080 21 22 443
acl bloq_conteudo urlpath_regex \.torrent$
acl sites_bloqueados dstdomain -i "/etc/squid/acl/sites_bloqueados"
acl FTP proto FTP
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT

###############################
### Aplica as ACLs ###
###############################

###############################

http_access deny !Safe_ports
http_access allow abre_porta
http_access allow lan
http_access deny bloq_conteudo
http_access deny sites_bloqueados
http_access deny all
# allow direct ftp, all other redirect to parent
always_direct allow FTP

[brunosimoes]

Na parte de "Aplica ACL´s" adicionei a linha:
ftp_user [email protected]

Não resolveu ...

[brunosimoes]

Depois de ler alguns fóruns, mudei meu squid.conf para:

#############################
### Administracao ###
#############################

visible_hostname infracache
coredump_dir /var/cache/squid
http_port 3128 transparent
cache_mgr [email protected]
request_body_max_size 45 MB
request_header_max_size 10000 KB
ie_refresh on
cache_mem 100 MB
cache_dir ufs /var/cache/squid 300 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# Parametros de FTP

ftp_user [email protected]
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on

##############################
###### ACL ######
##############################

acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.1.0/255.255.255.0
acl abre_porta port 80 8080 22
acl bloq_conteudo urlpath_regex \.torrent$
acl sites_bloqueados dstdomain -i "/etc/squid/acl/sites_bloqueados"
acl FTP proto FTP
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT

###############################
### Aplica as ACLs ###
###############################

http_access deny !Safe_ports
http_access allow abre_porta
http_access allow lan
http_access deny bloq_conteudo
http_access deny sites_bloqueados
# http_access deny all
# always_direct ftp, all other redirect to parent
always_direct allow FTP
ftp_user [email protected]

Até agora nada.

[brunosimoes]

Resolvi no fim das contas dando bypass no proxy.
Não é o ideal, algem sabe como faço pra deixar funcionando?