FTP through proxy problems - Squid (centos)

I am trying to work with a software vendor to set up software that uploads specific data via FTP to their facility.
This is coming from a satellite facility that connects through a proxy (Squid) located at our main location.
We have been troubleshooting in Filezilla to make the connection, but are not progressing well.
Below is the connection log in Filezilla.
The vendor has suggested that I add their IP address to Squid to allow two way communication.
Is this correct and if it is, how do I add it?
I am a novice at configuring Squid and I have spent time googling it, but I have not had much luck.
FileZilla log:

Status:            Connecting to 64.38.XXX.XX through proxy
Status:            Connecting to 11.30.XX.X:8080...
Status:            Connection with proxy established, performing handshake...
Response:      Proxy reply: HTTP/1.1 200 Connection established
Status:            Connection established, waiting for welcome message...
Response:      220 Microsoft FTP Service
Command:      USER zaesftpuser
Response:      331 Password required for zaesftpuser.
Command:      PASS ****
Response:      230 User logged in.
Command:      OPTS UFT8 ON
Response:      200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status:            Connected
Status:            Retrieving directory listing...
Command:      PWD
Response:      257 "/" is current directory
Command:      TYPE I
Response:      200 Type set to I.
Command:      PASV
Response:      227 Entering Passive Mode (64,38.XXX.XXX.201,156)
Command:      LIST
Status:            Connecting to 11.30.XX.X:8080...
Status:            Connecting with proxy established, performing handshake...
Response:      150 Opening BINARY mode data connection.
Response:      Proxy reply: HTTP/1.1 403 Forbidden
Error:            Proxy handshake failed: ECONNRESET - Connection reset by peer
Error:            Connection timed out
Error:            Failed to retrieve directory listing

Any help would be appreciated.
Steve
RSchalhoubAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

samriCommented:
I just ran a quick search, and havent tested this;

add the following in the squid.conf

acl SSL_ports port 443 21   # in my default squid.conf only port 443 is in.  just add 21
acl ftp proto FTP
http_access allow ftp


give it a shot.
0
RSchalhoubAuthor Commented:
Thank you for the reply.
i already have this in my Squid.conf

We probably have been looking in the same places.

Thanks,
Steve
0
Nick UpsonPrincipal Operations EngineerCommented:
when ftp starts passive mode, the data connection is shifted to a random port number, the firewall & proxy need to handle this
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

RSchalhoubAuthor Commented:
NickUpson
Is there anyway I can know what these ports are and allow them in Squid?

When ftp'ing from the main facility there is no problem.  No proxy there so i think the firewall is ok.

Steve
0
Nick UpsonPrincipal Operations EngineerCommented:
0
gheistCommented:
You need to add all ports > 1024 to SSL ACL to allow FTP passive mode to work via HTTP CONNECT.
0
RSchalhoubAuthor Commented:
Should I add something like this to my squid.conf:

acl SSL_ports port 1024-65535
0
gheistCommented:
21 1024-65535 443
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.