Sorry to be pain in the arse but this still doesn't work.
I've open port 20 and 21 (TCP) and forward this to anoter mandrake box with
proFTPd (IP 192.168.0.251) to set FTP in active mode.
I've also open 80 and forward it to another machine with apache (IP
192.168.0.23) this works fine and doesn't affect the proxy.
But as soon as I open port 21 the internet connection is broken. Altough I
can see in /var/squid/log/access.log that people are trying to connect but
they can't get anywhere.
Basically the browser says Web page found... but just doesn't display it.
after a long while it eventually time out. All the other things seems to
work (FTP, POP, etc... just HTTP is broken).
I can open other ports and the thing just works fine but not port 21.
I've attached my config (the one you get by doing backup) if that help.
Even if the actual service i.e. proFTPd is not running or the machine is not
powerup the proxy refuse to display the pages if I've got port 21 open, so I
don't think is something to do with proFTPd.
Also I was trying to change apache port on the second machine (192.168.0.23)
to use 81 instead and then open port 81 on SNF but this wouldn't work either
(I've tried 8080, 79, and other numbers but it seems to me that I can only
reach my internal web server from outside if it is setup on port 80 (I've
tried to access locally using port 81 and this worked fine). That's a shame
since I'd like to be able to open several web servers.
BTW: when you say open all high ports what do you actually mean? have I got
to manually open all ports above 1024?
Thanks
Gael
Hello there,
here are two points of view for the ftp connections with a firewall:
- open tcp ports 21 (control) *and* 20 (data) in
incoming traffic on the
firewall to allow active ftp from the clients
- open tcp port 21 and all high ports ( 1024) on the
firewall to allow
passive clients
I have set here squid in transparent mode and the I did a
port forwarding
of ftp to some internal ftp server using proftpd.
with ncftp or lftp lftp clients, connect and then type : set
passive off
(ncftp), or set ftp:passive-mode off and then you will be
able to connect ...
squid and ftp port-forwarding work together ...
SystemName=firewall
DomainName=dummyDomain.com
DNSPrimaryIP=62.128.xxx.xxx
DNSSecondaryIP=
AdminInterface=eth0
FullAdminName=admin
ChangeAdminPasswd='set: change-password.pl'
CurrentMirror=ftp://ftp.stealth.net/pub/mirrors/ftp.mandrake.com/Mandrake/updates
PackagesList=squid
OfficialList='get: mirrors.pl'
PackagesToUpdate='get: packages_to_update.pl'
PackagesToDownload='get: download_packages.pl'
PackagesToInstall='get: rpm-install.pl'
PackageDescription='get: show_description.pl'
DHCPClient=dhcp-client
DHCPServer=off
DHCPInterface=eth0
DHCPServerEnd=254
DHCPServerStart=65
DHCP_LEASE_DEFAULT=21600
DHCP_LEASE_MAX=43200
DNS_SERVER_DYN_UPDATE=Y
DNS_UPDATER_SECRET=Y
SYSLOGLocal=yes
SYSLOGTargetServer=
SYSLOGTargetServerLevel=
SYSLOGTty=tty12
SYSLOGTtyLevel=alert
PreludeState=off
SnortState=off
SnortLogs='get: snortsnarf.sh'
MessagesLogs='get: logs.pl'
DynDnsAccount=dnsaccount
DynDnsPassword=dnspassword
DynDnsService=off
DNSServer=off
TimeZoneList='get: timezone.pl tzlist'
Zone=GMT
ChangeDate='set: date.pl $md5 '
NTPServer=
ServicesList='get: services.pl list'
ServiceStatus='get: services.pl status'
ServiceRestart='set: services.pl restart'
ServiceReload='set: services.pl reload'
ServiceStart='set: services.pl start'
ServiceStop='set: services.pl stop'
ServiceRemove='set: services.pl remove'
ServiceAdd='set: services.pl add'
SquidServer=transparent
SquidParents=N
SquidPort=3328
SquidCacheDir=/var/spool/squid
SquidCacheSize=100
SquidWarningMesage=A HREF=mailto:[EMAIL PROTECTED]Mail to Admin/A
SquidWarningMesagePosition=Bottom
[EMAIL PROTECTED]
SquidRedirector=squidGuard
SquidAnonymizer=Y
SquidGuardAddPrivilegedIp='set: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/privilegedsource/ips -a '
SquidGuardDeletePrivilegedIp='set: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/privilegedsource/ips -d'
SquidGuardPrivilegedIpsList='get: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/privilegedsource/ips -l'
SquidGuardAddBannedIp='set: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/bannedsource/ips -a '
SquidGuardDeleteBannedIp='set: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/bannedsource/ips -d'
SquidGuardBannedIpsList='get: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/bannedsource/ips -l'
SquidGuardAddLansourceNetworkMask='set: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/lansource/lan -a '
SquidGuardDeleteLansourceNetworkMask='set: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/lansource/lan -d'
SquidGuardLansourceNetworkMasksList='get: squidGuard_manage.pl $md5
/usr/share/squidGuard-1.1.4/db/lansource/lan -l'
SquidGuardAddBanneddestinationUrl='set: squidGuard_manage.pl $md5