[Shorewall-users] FTP Transparent Proxy from Local To Net Through DMZ

Eduardo Ferreira duda at icatu.com.br
Tue Feb 22 09:08:59 PST 2005


Tom Eastep wrote on 22/02/2005 13:55:32:
> Gary Buckmaster wrote:
> > It doesn't?  Since when?  I'm using squid to transparently proxy (and
> > cache) ftp and http requests without any trouble.
> >
> 
> I'm confused -- from the Squid FAQ:
> ------------------------------------------------------------------------
> 12.17 Can I make my regular FTP clients use a Squid cache?
> 
> Nope, its not possible. Squid only accepts HTTP requests. It speaks FTP
> on the server-side, but not on the client-side.
> 
> The very cool wget will download FTP URLs via Squid (and probably any
> other proxy cache).
> 
-------------------------------------------------------------------------
> 
> -Tom
Tom, 

if I start my browser in any internal workstation, enter 
ftp://ftp.mozilla.org/ in its address bar, I get this piece of tcpdump in 
the external interface of my firewall/proxy (I lost the first few 
packets):

[root at fwdmzatt shorewall]# tcpdump -i eth0 host ftp.mozilla.org
tcpdump: listening on eth0
14:03:30.126483 ns02.icatu.com.br.knetd > mozilla.cs.utah.edu.ftp: R 
3257707667:3257707667(0) ack 2104517053 win 0 (DF) [tos 0x10]
14:03:33.051899 ns02.icatu.com.br.2055 > mozilla.cs.utah.edu.ftp: P 
3935811836:3935811842(6) ack 2102765020 win 64199 (DF) [tos 0x10]
14:03:33.238423 mozilla.cs.utah.edu.ftp > ns02.icatu.com.br.2055: P 
1:15(14) ack 6 win 5840 (DF)
14:03:33.239799 ns02.icatu.com.br.2055 > mozilla.cs.utah.edu.ftp: P 
6:17(11) ack 15 win 64185 (DF) [tos 0x10]
14:03:33.425845 mozilla.cs.utah.edu.ftp > ns02.icatu.com.br.2055: P 
15:52(37) ack 17 win 5840 (DF)
14:03:33.426732 ns02.icatu.com.br.2055 > mozilla.cs.utah.edu.ftp: P 
17:25(8) ack 52 win 64148 (DF) [tos 0x10]

hence, squid can proxy ftp - at least here...

cheers
________________________
Eduardo Ferreira
Icatu Holding S.A.
Supervisor de TI
(5521) 3804-8606 


More information about the Shorewall-users mailing list