At 10:31 PM 5/02/2001, you wrote:
Ftp will only work as ftp over http (e.g. the ftp your browser uses)
This is only partially correct. It is actually not possible to transparently redirect ftp due to the number of ports it uses. You can transparently proxy ftp, but not with squid. The only transparent ftp proxy that currently works on Linux (that I know of) is the one in the TIS Firewall Toolkit (http://www.tis.com) (This is the same one that is in gauntlet firewall on solaris) TIS has a very restrictive liscence, basically you have to be an educational institution, or you have to buy gauntlet. You may wish to wait for SuSE 7.1 with kernel 2.4.x with all the netfilter and iptables stuff as it is much more powerful. I had a long talk to Rusty and a one of the other Linux firewall people at http://linux.conf.au and Rusty is talking about adding some transparent application level proxies to netfilter, but this probably will not happen for 6 months. (Rusty is the guy who wrote IPCHAINS as well as NETFILTER and IPTABLES and all the associated kernel bells and whistles) I hope he does do this in the near future, as it will mean linux has something that NO other OS does except Solaris with the addition of Gauntlet. (I have offered to do the documentation of some of this stuff for him, so you can be sure that I'll let you know when it happens :-) So, to clarify, you CAN transparently redirect ftp over http by virtue that it is a http stream, however the only way to make you browser do ftp over http instead of normal ftp is to tell it that you have a proxy, which sorta defeats the purpose of transparent redirection. Sorry to give you the bad news... This is all in the squid doco if you feel like reading up on it more.. Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com