Solved

FTP through proxy problems - Squid (centos)

Posted on 2014-09-12
8
2,776 Views
Last Modified: 2014-09-15
I am trying to work with a software vendor to set up software that uploads specific data via FTP to their facility.
This is coming from a satellite facility that connects through a proxy (Squid) located at our main location.
We have been troubleshooting in Filezilla to make the connection, but are not progressing well.
Below is the connection log in Filezilla.
The vendor has suggested that I add their IP address to Squid to allow two way communication.
Is this correct and if it is, how do I add it?
I am a novice at configuring Squid and I have spent time googling it, but I have not had much luck.
FileZilla log:

Status:            Connecting to 64.38.XXX.XX through proxy
Status:            Connecting to 11.30.XX.X:8080...
Status:            Connection with proxy established, performing handshake...
Response:      Proxy reply: HTTP/1.1 200 Connection established
Status:            Connection established, waiting for welcome message...
Response:      220 Microsoft FTP Service
Command:      USER zaesftpuser
Response:      331 Password required for zaesftpuser.
Command:      PASS ****
Response:      230 User logged in.
Command:      OPTS UFT8 ON
Response:      200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status:            Connected
Status:            Retrieving directory listing...
Command:      PWD
Response:      257 "/" is current directory
Command:      TYPE I
Response:      200 Type set to I.
Command:      PASV
Response:      227 Entering Passive Mode (64,38.XXX.XXX.201,156)
Command:      LIST
Status:            Connecting to 11.30.XX.X:8080...
Status:            Connecting with proxy established, performing handshake...
Response:      150 Opening BINARY mode data connection.
Response:      Proxy reply: HTTP/1.1 403 Forbidden
Error:            Proxy handshake failed: ECONNRESET - Connection reset by peer
Error:            Connection timed out
Error:            Failed to retrieve directory listing

Any help would be appreciated.
Steve
0
Comment
Question by:RSchalhoub
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 15

Expert Comment

by:samri
ID: 40319362
I just ran a quick search, and havent tested this;

add the following in the squid.conf

acl SSL_ports port 443 21   # in my default squid.conf only port 443 is in.  just add 21
acl ftp proto FTP
http_access allow ftp


give it a shot.
0
 

Author Comment

by:RSchalhoub
ID: 40319400
Thank you for the reply.
i already have this in my Squid.conf

We probably have been looking in the same places.

Thanks,
Steve
0
 
LVL 19

Accepted Solution

by:
NickUpson earned 250 total points
ID: 40319480
when ftp starts passive mode, the data connection is shifted to a random port number, the firewall & proxy need to handle this
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 

Author Comment

by:RSchalhoub
ID: 40319553
NickUpson
Is there anyway I can know what these ports are and allow them in Squid?

When ftp'ing from the main facility there is no problem.  No proxy there so i think the firewall is ok.

Steve
0
 
LVL 19

Expert Comment

by:NickUpson
ID: 40319594
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40319809
You need to add all ports > 1024 to SSL ACL to allow FTP passive mode to work via HTTP CONNECT.
0
 

Author Comment

by:RSchalhoub
ID: 40319835
Should I add something like this to my squid.conf:

acl SSL_ports port 1024-65535
0
 
LVL 62

Expert Comment

by:gheist
ID: 40319850
21 1024-65535 443
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question