Hi, I'm currently testing Squid on FreeBSD 5.3 to see if it could replace our good old MS Proxy 2.0 (and mspclient)
Everything seems to work without problem in web browsers (http and ftp) with ntlm auth. But I'm trying to connect through filezilla and have a strange (for me) result : Status: Connecting to ftp.abcdef.be ... Status: Connected with ftp.abcdef.be. Waiting for welcome message... Response: 220 ftp.abcdef.be NcFTPd Server (licensed copy) ready. Command: USER xxxxxxxxx Response: 331 User xxxxxxxxx okay, need password. Command: PASS ******** Response: 230-You are user #3 of 50 simultaneous users allowed. Response: 230- Response: 230 Restricted user logged in. Command: FEAT Response: 211-Extensions supported: Response: CLNT Response: MDTM Response: MLST type*;size*;modify*;UNIX.mode*;UNIX.owner;UNIX.uid;UNIX.group;UNIX.gid;uniqu e Response: PASV Response: REST STREAM Response: SIZE Response: TVFS Response: Compliance Level: 19981201 (IETF mlst-05) Response: 211 End. Command: SYST Response: 215 UNIX Type: L8 Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is cwd. Command: PASV Response: 227 Entering Passive Mode (213,186,59,46,166,82) Command: TYPE A Response: 200 Type okay. Command: LIST Error: Proxy request failed, can't connect through proxy server Error: Transfer channel can't be opened. Reason: An established connection was aborted by the software in your host machine. Error: Could not retrieve directory listing And here is my squid.conf : # TAG: hierarchy_stoplist hierarchy_stoplist cgi-bin ? # TAG: no_cache acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 8 MB cache_dir ufs /usr/local/squid/cache 100 16 256 auth_param ntlm use_ntlm_negotiate off auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/local/libexec/squid/wbinfo_group.pl #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl ssl port 443 563 acl ftp port 21 acl http_https port 80 443 acl CONNECT method CONNECT acl web_surfer external nt_group web_surfer acl ftp_users external nt_group ftp_users acl denied_url dstdomain "/usr/local/etc/squid/denied_url.txt" #acl FTP_proto proto FTP http_access deny denied_url http_access allow CONNECT ftp http_access allow CONNECT ssl http_access deny CONNECT http_access allow manager localhost http_access deny manager http_access allow http_https web_surfer http_access allow ftp ftp_users http_access deny all http_reply_access allow all icp_access allow all #always_direct allow FTP_proto #always_direct deny all # cache_effective_user squid cache_effective_user squid cache_effective_group squid Thank u in advance for ur advices ! Laurent Brichet
