Re: Fwd: Squid and FTP

[Eliezer Croitoru <eliezer@xxxxxxxxxxxx>]

On 14/04/2012 08:34, Colin Coe wrote:
> On Thu, Apr 5, 2012 at 10:07 PM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx>  wrote:
> > On 05/04/2012 16:21, Colin Coe wrote:
> > > On Thu, Apr 5, 2012 at 8:32 PM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx>
> > >   wrote:
> > > > On 05/04/2012 14:51, Colin Coe wrote:
> > > > <SNIP>
> > > >
> > > >
> > > > > OK, I did
> > > > > export ftp_proxy=http://benpxy1p:3128
> > > > > wget ftp://ftp2.bom.gov.au/anon/gen/fwo
> > > > > --2012-04-05 19:43:38--  ftp://ftp2.bom.gov.au/anon/gen/fwo
> > > > > Resolving benpxy1p... 172.22.106.10
> > > > > Connecting to benpxy1p|172.22.106.10|:3128... connected.
> > > > > Proxy request sent, awaiting response... ^C
> > > > >
> > > > > An entry appeared in access.log only after I hit ^C.
> > > > >
> > > > > Changing ftp_proxy to ftp://benpxy1p:3128 did not change anything.
> > > > >
> > > > > CC
> > > > well if a access_log entry appears it means that the client is contacting
> > > > the squid server.
> > > > did you notice that the size of this list\dir is about 1.8 MB?
> > > > take something simple such as:
> > > > ftp://ftp.freebsd.org/pub
> > > > it should be about 2.9Kb.
> > > > then if it didnt go within 10 secs try using without upper stream proxys.
> > > > maybe something is setup wrong on the cache_peer.
> > > > there are options to debug with a lot of output from squid that can
> > > > simplify
> > > > the problem.
> > > > but i would go to minimum settings and up.
> > > > use only one proxy and without a name.
> > > > just use the ip for the cache_peer acls.
> > > > you can use the debug sections:
> > > > http://wiki.squid-cache.org/KnowledgeBase/DebugSections
> > > > to make more use of it.
> > > > use like this:
> > > > debug_options ALL,1 section,verbosity_level
> > > > debug_options ALL,1 9,6
> > > >
> > > > there are couple of sections that will provide you with more network
> > > > layer
> > > > info that will help you find the source of the problem.
> > > >
> > > > to see the log tail the cahce.log file.
> > > >
> > > > well i gave you kind of the worst case scenario i could think of.
> > > > if you need more help i'm here.
> > > >
> > > > Regards,
> > > > Eliezer
> > >
> > > As a test I pointed the client at the corporate proxy.
> > >
> > > # export ftp_proxy=http://172.22.0.7:221
> > > # wget ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
> > > --2012-04-05 20:43:53--  ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
> > > Connecting to 172.22.0.7:221... connected.
> > > Proxy request sent, awaiting response... 200 No headers, assuming HTTP/0.9
> > > Length: unspecified
> > > Saving to: “IDY02128.dat”
> > >
> > >     [
> > >                                                              <=>
> > > ] 232         --.-K/s   in 2m 0s
> > >
> > > 2012-04-05 20:45:52 (1.94 B/s) - “IDY02128.dat” saved [232]
> > >
> > > It took a while but it definitely works.  I added the debug lines to
> > > the squid.conf (and restarted).  When pointing the client at the squid
> > > server (for doing the FTP), there were no additional lines logged in
> > > either cache.log or access.log.
> > >
> > > Again, doing a tcpdump on the squid server shows the client _is_
> > > connecting to the squid server.
> > >
> > > CC
> >
> >
> > as i was saying...it's not about if it's connecting to the squid server but
> > what happens from squid to the world.
> > try to disable the cache_peer settings on squid...
> > try to use squid as regular proxy without going to the parent bluecoat and
> > see how it works.
> > just to see if you do have any problem on squid settings that are not
> > related to the cache_peer settings.
> >
> > as you know i and many more people are using squid for ftp and it works with
> > no problem.
> >
> > i cant point exactly about the point of failure in your setup but one thing
> > i do know..
> > i am using 3 cache peers and it works excellent for me.
> > just for you i will put a setup to see how my basic settings for squid works
> > with a parent proxy. (it will take some time )
> >
> > most likely that if in any point you see access log entry it means that you
> > are not configuring something right on your squid.
> >
> > try the next:
> > in hosts file add the entry:
> > 172.22.0.7      ftp_proxy
> > 172.22.0.7      http_proxy
> >
> > then in squid.conf add:
> > cache_peer ftp_proxy parent 221 0 no-query no-digest proxy-only
> > cache_peer_access ftp_proxy allow ftp_ports
> > cache_peer_access ftp_proxy deny all
> >
> > cache_peer http_proxy parent 8200 0 no-query no-digest proxy-only
> > cache_peer_access http_proxy deny ftp
> > cache_peer_access http_proxy allow all
> >
> > #remove the :
> > #always_direct allow Dev
> > #always_direct allow Prod
> >
> > #and add only:
> > never_direct allow all
> >
> >
> >
> > Regards,
> > Eliezer
>
> Hi Eliezer (and thanks for your patience)
>
> I think the problem has been with the BlueCoat the whole time.  The
> BlueCoat admin has setup a service account for me and I've configured
> squid so that all FTP requests are served through the cache_parent
> hard coded with the service account details.
>
> Its working now so were going to leave it like this.
>
> Thanks again for your help and patience.
>
> CC
i'm happy you solved the problem.
if you need something always glad to help.

Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il