FTP through Squid….



  • We have setup the squid proxy for LAN users Internet access where NO direct Internet access is allowed (NAT).

    It works fine for the LAN users to access Internet / FTP through IE / Firefox with proxy enabled.

    The problem is that the LAN user cannot access any FTP server through FTP client such as FlashFXP, CuteFTP, CoreFTP, ….with proxy enabled. ( Http / Site / User method /....)

    The error from the client is that Access Denied. Access Control Configuration prevents your request from being allowed at this time....

    As the FTP access is possible through browser and we have no access control rules was set, what's the problem?

    We have read the post and docs for setting up ftp sever / proxy / dual wan ftp issue / ... which may not applied to this situation.

    Would anybody throw us some light?

    Thanks and Regards,
    Alpha



  • Unless you have redirected port 21 to the squid service, FTP isn't being passed through squid.  It is instead using the FTP proxy that is written into pfsense.  Go to your interface setups and tinker with the 'userland FTP Proxy' setting.  For us, it works when it is disabled on the WAN and LAN.  Try different combinations and see how you do.



  • Sounds like your clientapps are not configured to use a proxy. Also firefox and IE do passive ftp by default, where some pure ftp apps use active by default. Try with passive mode and see if that helps.



  • Actually, we have try to disable the userland FTP proxy setting, and start pftpx as FTP forwarding proxy.
    With redirecting all 21 incoming traffic to the pftpx (8021), it works but it's already a NAT config which means that the internal machine must have the gateway point to the pfsense machine.

    The FTP client are configured to use Proxy and passive mode, the connection works with other Proxy server on the same LAN (not pfsense squid) . The problem is that Squid do not accept FTP connection from ftp clients.

    For a non-NAT environment, pfSense would be better to have proxy servers for different protocol such as http / nntp / ftp /…


Locked