• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 403
  • Last Modified:

Configure Squid for FTP and PCA

Hi,

I set up a linux/squid box as a proxy, sitting between a windows network and an internet router.  I can browse the internet just fine.  But, we cannot use FTP or pcAnywhere now.

I need to set up things so that:

(1) PCs can connect to the internet via FTP, and

(2) users can connect to their PCs to/from home using pcAnywhere? Previously, we had 4 users connecting with pcAnywhere.  PCs have pcAnywhere configured with a unique set of ports (5631/5632, 5633/5634, 5635/5636, etc).  The router is configured to forward these ports to the IPs of the respective PCs.

Mark
0
msibley
Asked:
msibley
  • 4
  • 3
  • 2
  • +1
1 Solution
 
alextoftCommented:
Sounds rather like you've got a routing issue going on. I'm going to take a guess that your squid has 2 network cards in, 1 connected to the router, and 1 to the rest of your network? If that's the case then it's probably a routing thing, ie. your squid box will proxy between interfaces for http requests, but it has no idea what to do with direct socket connections. What address ranges is everything using? If everything's on the same subnet you might just need to switch on IP Forwarding, make the squid box the default gateway for the clients, and the router the default gateway for the squid box.

As regards the incoming connections, you might need to add an additional static route. Would really help to know what addresses you're using in order to deal with any NATting.

My quick and easy solution to these types of scenarios is just to use IPcop. It's stupidly simple to setup, and will do everything you need to do.

0
 
msibleyAuthor Commented:
OK, here's a little more info on the box.

2 NICs: eth1 = 192.168.1.102 (connected to network); eth2 = 192.168.1.110 (connected to router/internet).

The IPs and ports (TCP/UDP?) for the boxes using pcAnywhere:
192.168.1.20  5631/5632
192.168.1.53  5633/5634
192.168.1.57  5635/5636
192.168.1.30  5637/5638

Range is 192.168.1.0 to 192.168.1.255
Same subnet

IPcop looks interesting, but looks like I'd have to completely rebuild the box.  I've already setup the box with ubuntu and squid.

BTW, I got FTP working by specifying the proxy in my FTP client (duh).  My main issue now is getting pcAnywhere to work.

Mark
0
 
rindiCommented:
Regarding the FTP problem, your users should be able use a setting like "Passive mode" in their ftp client and then they should be able to connect. If pcAnywhere works through a proxy server I don't know, but probably not.

http://www.ipanywhere.com/faq.php#ipA19
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
alextoftCommented:
Yeah, that'll work for ftp. Squid will happily proxy it. rindi- if there's no routing between the interface on the box you won't get a direct socket, period.

As regards the PCA, you'll definitely need IP_FORWARDING (or routing) enabled on your Ubuntu box. Not having a shell in front of me of a machine I don't mind messing up, I won't even begin to guess the syntax as they're so easy to get wrong, but a couple of iptables rules something along the lines of

"if incoming packet on interface eth2 has destination port 5630-5640 forward via interface eth1"
"if incoming packet on interface eth1 has source port 5630-5640 forward via interface eth2"

There used to be a REALLY good rule generator online, but I'm damned if I can find it anymore.

0
 
msibleyAuthor Commented:
I'm going to need some specific steps...

Mark
0
 
alextoftCommented:
Heh, yeah I'd ask for the same. If someone else doesn't reply before I get chance to play with a dev machine I'll figure it out later...
0
 
ranadastidarCommented:
try to configure squid in transparent mode, if u dont know how to configure on transparent mode then visit this link


http://www.linuxsolved.com/forums/ftopic115.html
0
 
msibleyAuthor Commented:
The instructions at the above link tell me to create rc.nat and put it in /etc/rc.d/.  I don't have /etc/rc.d/.  There is /etc/init.d/ or /etc/rc0.d, /etc/rc1.d, /etc/rc2.d, etc.
0
 
ranadastidarCommented:
u just save the file at /etc

and then change the file permission to excutable mode

and then excute that script

after successful execution , just save with this command service iptables save
0
 
rindiCommented:
Put it in /etc/init.d, and then make symlinks to that script in the /etc/rc.x folders, where the x stands for the runlevel inside which you want the script to startup automatically. This would usually be rc.3 and rc.5. Use an S for the first letter in the symlink, this stands for start. Follow that with 2 digits, where the larger the number, the later the script is run (00 starts earlier, 99 starts last), ie S44Filename.
0
 
msibleyAuthor Commented:
Sorry to be so long in closing the question.  Thanks to all for your input.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now