Step by Step Enable FTP on Squid Proxy in Linux Fedora 10

 

Step by Step Enable FTP on Squid Proxy in Linux Fedora 10.

 

   The step by step below show the configuration need to be done to allow or enable FTP on Squid Proxy.  You may need to open and edit squid.conf the Squid configuration file, that locate under /etc/squid/ directory.  Choose your best editor and start edit squid.conf configuration file to enable FTP through Squid proxy.  The configuration below is tested on Linux Fedora 10 with Squid Proxy server (version SQUID 3 STABLE13) installed.

 

Step to enable FTP on SQUID proxy.

 

1.  Open and edit squid.conf (Squid configuration) file:

 

Example:- Open and edit squid configuration file using vi editor.

Open and edit squid configuration file using vi editor.

[root@fedora10 ~]# vi /etc/squid/squid.conf

 

or use gedit, the graphical text editor to edit squid configuration file on Gnome desktop.

Use gedit, the graphical text editor to edit squid configuration file on Gnome desktop.

[root@fedora10 ~]# gedit /etc/squid/squid.conf &

 

2.  Edit acl and add the FTP port 21 in SSL_ports so that the acl configuration line would look like "acl SSL_ports port 443 21"

 

TAG: acl

#     Defining an Access List

=============================

#Default:

# acl all src all

#

#Recommended minimum configuration:

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

#

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8   # RFC1918 possible internal network

acl localnet src 172.16.0.0/12      # RFC1918 possible internal network

acl localnet src 192.168.0.0/16     # RFC1918 possible internal network

#

acl SSL_ports port 443 21             <------ put port 21 here

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443       # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210       # wais

acl Safe_ports port 1025-65535      # unregistered ports

acl Safe_ports port 280       # http-mgmt

acl Safe_ports port 488       # gss-http

acl Safe_ports port 591       # filemaker

acl Safe_ports port 777       # multiling http

acl CONNECT method CONNECT

 

#  TAG: http_access

#     Allowing or Denying access based on defined access lists

 

2.  Then find and add forward FTP request directly, to allow / enable FTP request on Squid proxy from our network client. The squid.conf configuration below show the example of the configuration need to be done on the squid configuration file.

 

#  TAG: always_direct

#     Usage: always_direct allow|deny [!]aclname ...

#

#     Here you can use ACL elements to specify requests which should

#     ALWAYS be forwarded by Squid to the origin servers without using

#     any peers.  For example, to always directly forward requests for

#     local servers ignoring any parents or siblings you may have use

#     something like:

#

#           acl local-servers dstdomain my.domain.net

#           always_direct allow local-servers

#

#     To always forward FTP requests directly, use

#

#           acl FTP proto FTP

#           always_direct allow FTP

#

#     NOTE: There is a similar, but opposite option named

#     'never_direct'.  You need to be aware that "always_direct deny

#     foo" is NOT the same thing as "never_direct allow foo".  You

#     may need to use a deny rule to exclude a more-specific case of

#     some other rule.  Example:

#

#           acl local-external dstdomain external.foo.net

#           acl local-servers dstdomain  .foo.net

#           always_direct deny local-external

#           always_direct allow local-servers

#

#     NOTE: If your goal is to make the client forward the request

#     directly to the origin server bypassing Squid then this needs

#     to be done in the client configuration. Squid configuration

#     can only tell Squid how Squid should fetch the object.

#

#     NOTE: This directive is not related to caching. The replies

#     is cached as usual even if you use always_direct. To not cache

#     the replies see no_cache.

#

#     This option replaces some v1.1 options such as local_domain

#     and local_ip.

#

#Default:

acl FTP proto FTP

always_direct allow FTP

 

3.  Recheck the configuration and then save squid configuration file to apply changes.

 

4.  Reload squid configuration, or restart the squid proxy server to apply the changes.

start and stop squid to enable squid FTP

to Reload squid configuration file, no need if you intent to stop and start Squid proxy.

[root@fedora10 ~]# service squid reload

[root@fedora10 ~]#

 

Stop and Start Squid proxy server.

[root@fedora10 ~]# service squid stop

Stopping squid: ................                           [  OK  ]

[root@fedora10 ~]#

 

[root@fedora10 ~]# service squid start

Starting squid: .                                          [  OK  ]

[root@fedora10 ~]#

 

5.  Now its time to test FTP connection through Squid proxy, point client browser url to FTP server as show on example below and hit enter key.  If you cannot see the index list as figure below, recheck squid configuration setting again.  Happy FTP :-)

 

test FTP connection through Squid proxy, point client browser url to FTP server

ftp site example: ftp://mirror.pacific.net.au/linux/fedora/linux

 

Keywords: squid ftp, ftp through squid proxy, squid proxy ftp, configure squid ftp, squid enable ftp, squid allow ftp, enable ftp squid, allow ftp squid  

 

6 comments

6
Aug

not working!!!!!!!

hey dude

this solution is not working its giving following error

ERROR
The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: ftp://mirror.pacific.net.au/linux/fedora/linux

Connection to 61.8.0.17 failed.

The system returned: (110) Connection timed out

The remote host or network may be down. Please try the request again.

Your cache administrator is root.

Generated Fri, 06 Aug 2010 09:19:20 GMT by localhost.localdomain (squid/3.0.STABLE10)

9
Aug

Probably port 21 is missing.

Probably port 21 is missing. Add it to the list: 20 21 443

27
Jun

squid proxy configuration with SECURE ftp

Hi,

I found the article very informative; have not tried it though;

Your article explains configuration changes to allow users to access FTP sites.

I want to allow access to Secure FTP (port 22); would the above steps suffice ?

My OS is Red Hat Linux v5

thank you.

5
Dec

GOOD ! Excellent and very easy to set it up !!

Hi,
Thanks a lot for the trick.
A great solution that requires none additional application than squid.
It works very well on my ubuntu LTS proxies (8.04 and 10.04).
Regards.

22
Nov

I can't upload any files?

Thank you for the useful information. It worked for viewing and downloading the files , but how do yo UPLOAD a file to the remote server using the browser? I tried to drag and drop but It also didn't work.

Thank you from Quito-Ecuador

Regards
Ronald R

22
Nov

Using a username and pasword: ftp://username:passwd@IP

I tried logging in with a username and password using ftp://username:passwd@IP syntax in the browser. I can log on and view the files, but I can't UPLOAD any Files.

Thank you for the information