Step by Step Enable FTP on Squid Proxy in Linux Fedora 10.

 

   The step by step below show the configuration need to be done to allow or enable FTP on Squid Proxy.  You may need to open and edit squid.conf the Squid configuration file, that locate under /etc/squid/ directory.  Choose your best editor and start edit squid.conf configuration file to enable FTP through Squid proxy.  The configuration below is tested on Linux Fedora 10 with Squid Proxy server (version SQUID 3 STABLE13) installed.

 

Step to enable FTP on SQUID proxy.

 

1.  Open and edit squid.conf (Squid configuration) file:

 

Example:- Open and edit squid configuration file using vi editor.

[root@fedora10 ~]# vi /etc/squid/squid.conf

 

or use gedit, the graphical text editor to edit squid configuration file on Gnome desktop.

[root@fedora10 ~]# gedit /etc/squid/squid.conf &

 

2.  Edit acl and add the FTP port 21 in SSL_ports so that the acl configuration line would look like "acl SSL_ports port 443 21"

 

#  TAG: acl

#     Defining an Access List

=============================

#Default:

# acl all src all

#

#Recommended minimum configuration:

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

#

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8   # RFC1918 possible internal network

acl localnet src 172.16.0.0/12      # RFC1918 possible internal network

acl localnet src 192.168.0.0/16     # RFC1918 possible internal network

#

acl SSL_ports port 443 21             <------ put port 21 here

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443       # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210       # wais

acl Safe_ports port 1025-65535      # unregistered ports

acl Safe_ports port 280       # http-mgmt

acl Safe_ports port 488       # gss-http

acl Safe_ports port 591       # filemaker

acl Safe_ports port 777       # multiling http

acl CONNECT method CONNECT

 

#  TAG: http_access

#     Allowing or Denying access based on defined access lists

 

2.  Then find and add forward FTP request directly, to allow / enable FTP request on Squid proxy from our network client. The squid.conf configuration below show the example of the configuration need to be done on the squid configuration file.

 

#  TAG: always_direct

#     Usage: always_direct allow|deny [!]aclname ...

#

#     Here you can use ACL elements to specify requests which should

#     ALWAYS be forwarded by Squid to the origin servers without using

#     any peers.  For example, to always directly forward requests for

#     local servers ignoring any parents or siblings you may have use

#     something like:

#

#           acl local-servers dstdomain my.domain.net

#           always_direct allow local-servers

#

#     To always forward FTP requests directly, use

#

#           acl FTP proto FTP

#           always_direct allow FTP

#

#     NOTE: There is a similar, but opposite option named

#     'never_direct'.  You need to be aware that "always_direct deny

#     foo" is NOT the same thing as "never_direct allow foo".  You

#     may need to use a deny rule to exclude a more-specific case of

#     some other rule.  Example:

#

#           acl local-external dstdomain external.foo.net

#           acl local-servers dstdomain  .foo.net

#           always_direct deny local-external

#           always_direct allow local-servers

#

#     NOTE: If your goal is to make the client forward the request

#     directly to the origin server bypassing Squid then this needs

#     to be done in the client configuration. Squid configuration

#     can only tell Squid how Squid should fetch the object.

#

#     NOTE: This directive is not related to caching. The replies

#     is cached as usual even if you use always_direct. To not cache

#     the replies see no_cache.

#

#     This option replaces some v1.1 options such as local_domain

#     and local_ip.

#

#Default:

acl FTP proto FTP

always_direct allow FTP

 

3.  Recheck the configuration and then save squid configuration file to apply changes.

 

4.  Reload squid configuration, or restart the squid proxy server to apply the changes.

to Reload squid configuration file, no need if you intent to stop and start Squid proxy.

[root@fedora10 ~]# service squid reload

[root@fedora10 ~]#

 

Stop and Start Squid proxy server.

[root@fedora10 ~]# service squid stop

Stopping squid: ................                           [  OK  ]

[root@fedora10 ~]#

 

[root@fedora10 ~]# service squid start

Starting squid: .                                          [  OK  ]

[root@fedora10 ~]#

 

5.  Now its time to test FTP connection through Squid proxy, point client browser url to FTP server as show on example below and hit enter key.  If you cannot see the index list as figure below, recheck squid configuration setting again.  Happy FTP :-)

 

ftp site example:

 

Keywords: squid ftp, ftp through squid proxy, squid proxy ftp, configure squid ftp, squid enable ftp, squid allow ftp, enable ftp squid, allow ftp squid