| tornado 2004-09-22, 10:26 pm |
| Hello all,
We have smoothwall as our firewall. I am also using it as
proxy in a transperant mode. I have a problem on my hand. I want to
deny all the ftp requests
from the our network. I have also configured ACL's accordingly. But,
to my amazement it simply doesnt seem to work. I can still access any
ftp site eg: ftp://kernel.org in a browser as well as from command
line !!
Here is a part of acl's:
acl badfiles url_regex -i "/var/smoothwall/proxy/badfiles"
acl mgmt src "/var/smoothwall/proxy/mgmt_adds"
acl FTP proto FTP
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 445 443 441 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # smoothwall http
acl Safe_ports port 445 443 441 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access deny FTP
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny badfiles !mgmt
http_access allow localnet
http_access deny all
I really dont understand what i am doing wrong or silly !
Any kind of help will be appreciated.
Thanks.
|