Our current configuration: LAN - mostly Win2Kpro machines, a couple of Macs running OS 8.1 - all machines connected thru a Surecom switch to a server running Mandrake 8.2 which controls access to a Sympatico dsl connection, a RAID5 network storage drive and acts somewhat as a primary domain controller using Samba 2.2.3a internet access from a typical machine goes through squid as a standalone (not transparent) proxy on port 8080 (because during certain hours we run DansGuardian but other times not, and it uses that port).The browser is IE (some running 5, some higher versions). PROBLEM IS: when accessing a URL beginning with ftp:// the destination consistently replies with such codes as: 200 ASCII (some server specific comments here) 500 Illegal PORT command 500 unknown command always these 3 error numbers in this order I have tried setting squid.conf manually to forward all ftp requests etc etc all access must go through a proxy (whether squid or some other helper or redirector doesn't matter) to prevent direct access to the assigned IP the server is using and to control access to prohibited sites. Any assistance would be appreciated. Thanks in advance.

I was going to say that maybe the machines are not using the proxy for ftp, and were sending a private ip in the PORT command, but from your description I assume that this is not possible. (Ftp access from behing masquerading without using the masq_ftp module is a common cause for this error as well.) Anyway, the error "illegal PORT command" means that the ftp client (in your case squid) was sending a PORT command with an ip other then the client's real ip, as the ftp server sees it. Example: I connect to an ftp server, and the ftp server sees me as 1.2.3.4. Then, to establish a data connection (for example for a dir list), I send a PORt command. I must use 1.2.3.4 in the PORT command, or else the ftp server would say "illegal PORT command". Squid seems to think its local ip address is something other than what it really is. Possible solutions: Tell squid to use passive ftp mode instead of active, if that's possible (I don't know squid at all). Passive ftp doesn't use the PORT command, and hence the error would be fixed. Or, check the config if there's any setting related to local ip settings, and fix that. If all else fails, you can use a packet sniffer (such as ngrep) to find out what command squid actually sends (and what ip it uses), and see if that gives you any clues. Background info: There are several methods or proxying an ftp connection. The most common is to actually use a http proxy, and make the clients request a ftp:// url from it (I'm assuming that's what happens with squid/ie). In that case, it's definitely the proxy at fault. However, there are other methods, such as using a SOCKS proxy (or http CONNECT method), in which case the client/browser would be at fault. Yet other methods are commonly used by ftp progs, for example using an ftp-like proxy protocol, in which case it's hard to tell whose fault it is. Using passive ftp might be a solution in that case as well.