[squid-users] squid ftp-proxy

Amos Jeffries squid3 at treenet.co.nz
Sat Apr 9 04:37:22 UTC 2016


On 5/04/2016 9:08 p.m., Axel.Eberhardt at t-systems.com wrote:
> Hello,
> 
> Maybe someone can give me a hint :-)
> 
> I try to enable the Native ftp proxying.
> The documentation I have found is:
> http://wiki.squid-cache.org/Features/FtpRelay
> 
> But there is no example for this. Also in the Mail Archives I was not able to find a hint.
> 
> I have configured the ftp proxy with parameter:
> 	ftp_port 21
> 

AFAIK that port is intended either for use as above when the Squid IP
address or hostname is given to the client FTP tool as the FTP server
IP/host.
 Or when intercepting port 21 traffic - with the 'intercept' option on
the port config line.

It is still a new / experimental and rarely used feature so YMMV.



> Version:
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> squid -v
> Squid Cache: Version 3.5.15
> Service Name: squid
> configure options:  '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--verbose' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam,fake' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,LDAP_group,delayer,file_user
ip,SQL_session,unix_group,session,time_quota' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--enable-ecap' '--without-nettle' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune
=generic -fPIC' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> 
> Now my problem.
> 
> I am able to connect via ftp client to the squid.
> Also the login will be correct:	
> 	example:  anonymous at ftp.informatik.rwth-aachen.de
> 	
> But after a command which use a data channel the connection fails:
> 	421 Service not available, remote server has closed connection
> 
> 
> I try a tcpdump but I cannot find a failure. 
> The only different between a native ftp session and a connection over the squid is a missing TCP ACK after the last ftp data package. 
> 

Um, missing ACK on which of the four connections involved?
  and from which of the three software involved?

Amos



More information about the squid-users mailing list