Search squid archive

Re: Fwd: Squid and FTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On 14/04/2012 08:34, Colin Coe wrote:
On Thu, Apr 5, 2012 at 10:07 PM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx>  wrote:
On 05/04/2012 16:21, Colin Coe wrote:

On Thu, Apr 5, 2012 at 8:32 PM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx>
  wrote:

On 05/04/2012 14:51, Colin Coe wrote:
<SNIP>


OK, I did
export ftp_proxy=http://benpxy1p:3128
wget ftp://ftp2.bom.gov.au/anon/gen/fwo
--2012-04-05 19:43:38--  ftp://ftp2.bom.gov.au/anon/gen/fwo
Resolving benpxy1p... 172.22.106.10
Connecting to benpxy1p|172.22.106.10|:3128... connected.
Proxy request sent, awaiting response... ^C

An entry appeared in access.log only after I hit ^C.

Changing ftp_proxy to ftp://benpxy1p:3128 did not change anything.

CC

well if a access_log entry appears it means that the client is contacting
the squid server.
did you notice that the size of this list\dir is about 1.8 MB?
take something simple such as:
ftp://ftp.freebsd.org/pub
it should be about 2.9Kb.
then if it didnt go within 10 secs try using without upper stream proxys.
maybe something is setup wrong on the cache_peer.
there are options to debug with a lot of output from squid that can
simplify
the problem.
but i would go to minimum settings and up.
use only one proxy and without a name.
just use the ip for the cache_peer acls.
you can use the debug sections:
http://wiki.squid-cache.org/KnowledgeBase/DebugSections
to make more use of it.
use like this:
debug_options ALL,1 section,verbosity_level
debug_options ALL,1 9,6

there are couple of sections that will provide you with more network
layer
info that will help you find the source of the problem.

to see the log tail the cahce.log file.

well i gave you kind of the worst case scenario i could think of.
if you need more help i'm here.

Regards,
Eliezer


As a test I pointed the client at the corporate proxy.

# export ftp_proxy=http://172.22.0.7:221
# wget ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
--2012-04-05 20:43:53--  ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
Connecting to 172.22.0.7:221... connected.
Proxy request sent, awaiting response... 200 No headers, assuming HTTP/0.9
Length: unspecified
Saving to: “IDY02128.dat”

    [
                                                             <=>
] 232         --.-K/s   in 2m 0s

2012-04-05 20:45:52 (1.94 B/s) - “IDY02128.dat” saved [232]

It took a while but it definitely works.  I added the debug lines to
the squid.conf (and restarted).  When pointing the client at the squid
server (for doing the FTP), there were no additional lines logged in
either cache.log or access.log.

Again, doing a tcpdump on the squid server shows the client _is_
connecting to the squid server.

CC


as i was saying...it's not about if it's connecting to the squid server but
what happens from squid to the world.
try to disable the cache_peer settings on squid...
try to use squid as regular proxy without going to the parent bluecoat and
see how it works.
just to see if you do have any problem on squid settings that are not
related to the cache_peer settings.

as you know i and many more people are using squid for ftp and it works with
no problem.

i cant point exactly about the point of failure in your setup but one thing
i do know..
i am using 3 cache peers and it works excellent for me.
just for you i will put a setup to see how my basic settings for squid works
with a parent proxy. (it will take some time )

most likely that if in any point you see access log entry it means that you
are not configuring something right on your squid.

try the next:
in hosts file add the entry:
172.22.0.7      ftp_proxy
172.22.0.7      http_proxy

then in squid.conf add:
cache_peer ftp_proxy parent 221 0 no-query no-digest proxy-only
cache_peer_access ftp_proxy allow ftp_ports
cache_peer_access ftp_proxy deny all

cache_peer http_proxy parent 8200 0 no-query no-digest proxy-only
cache_peer_access http_proxy deny ftp
cache_peer_access http_proxy allow all

#remove the :
#always_direct allow Dev
#always_direct allow Prod

#and add only:
never_direct allow all



Regards,
Eliezer


Hi Eliezer (and thanks for your patience)

I think the problem has been with the BlueCoat the whole time.  The
BlueCoat admin has setup a service account for me and I've configured
squid so that all FTP requests are served through the cache_parent
hard coded with the service account details.

Its working now so were going to leave it like this.

Thanks again for your help and patience.

CC

i'm happy you solved the problem.
if you need something always glad to help.

Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il


[Linux Audio Users]     [Photo]     [Yosemite News]     [Samba]     [Video Projectors]     [Video Devices]     [Big List of Linux Books]     [LCD TVs]     [Webcams]     [Linux USB]

  Powered by Linux